cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

kexec_elf.c (11691B)

      1// SPDX-License-Identifier: GPL-2.0-only
      2/*
      3 * Load ELF vmlinux file for the kexec_file_load syscall.
      4 *
      5 * Copyright (C) 2004  Adam Litke (agl@us.ibm.com)
      6 * Copyright (C) 2004  IBM Corp.
      7 * Copyright (C) 2005  R Sharada (sharada@in.ibm.com)
      8 * Copyright (C) 2006  Mohan Kumar M (mohan@in.ibm.com)
      9 * Copyright (C) 2016  IBM Corporation
     10 *
     11 * Based on kexec-tools' kexec-elf-exec.c and kexec-elf-ppc64.c.
     12 * Heavily modified for the kernel by
     13 * Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>.
     14 */
     15
     16#define pr_fmt(fmt)	"kexec_elf: " fmt
     17
     18#include <linux/elf.h>
     19#include <linux/kexec.h>
     20#include <linux/module.h>
     21#include <linux/slab.h>
     22#include <linux/types.h>
     23
     24static inline bool elf_is_elf_file(const struct elfhdr *ehdr)
     25{
     26	return memcmp(ehdr->e_ident, ELFMAG, SELFMAG) == 0;
     27}
     28
     29static uint64_t elf64_to_cpu(const struct elfhdr *ehdr, uint64_t value)
     30{
     31	if (ehdr->e_ident[EI_DATA] == ELFDATA2LSB)
     32		value = le64_to_cpu(value);
     33	else if (ehdr->e_ident[EI_DATA] == ELFDATA2MSB)
     34		value = be64_to_cpu(value);
     35
     36	return value;
     37}
     38
     39static uint32_t elf32_to_cpu(const struct elfhdr *ehdr, uint32_t value)
     40{
     41	if (ehdr->e_ident[EI_DATA] == ELFDATA2LSB)
     42		value = le32_to_cpu(value);
     43	else if (ehdr->e_ident[EI_DATA] == ELFDATA2MSB)
     44		value = be32_to_cpu(value);
     45
     46	return value;
     47}
     48
     49static uint16_t elf16_to_cpu(const struct elfhdr *ehdr, uint16_t value)
     50{
     51	if (ehdr->e_ident[EI_DATA] == ELFDATA2LSB)
     52		value = le16_to_cpu(value);
     53	else if (ehdr->e_ident[EI_DATA] == ELFDATA2MSB)
     54		value = be16_to_cpu(value);
     55
     56	return value;
     57}
     58
     59/**
     60 * elf_is_ehdr_sane - check that it is safe to use the ELF header
     61 * @buf_len:	size of the buffer in which the ELF file is loaded.
     62 */
     63static bool elf_is_ehdr_sane(const struct elfhdr *ehdr, size_t buf_len)
     64{
     65	if (ehdr->e_phnum > 0 && ehdr->e_phentsize != sizeof(struct elf_phdr)) {
     66		pr_debug("Bad program header size.\n");
     67		return false;
     68	} else if (ehdr->e_shnum > 0 &&
     69		   ehdr->e_shentsize != sizeof(struct elf_shdr)) {
     70		pr_debug("Bad section header size.\n");
     71		return false;
     72	} else if (ehdr->e_ident[EI_VERSION] != EV_CURRENT ||
     73		   ehdr->e_version != EV_CURRENT) {
     74		pr_debug("Unknown ELF version.\n");
     75		return false;
     76	}
     77
     78	if (ehdr->e_phoff > 0 && ehdr->e_phnum > 0) {
     79		size_t phdr_size;
     80
     81		/*
     82		 * e_phnum is at most 65535 so calculating the size of the
     83		 * program header cannot overflow.
     84		 */
     85		phdr_size = sizeof(struct elf_phdr) * ehdr->e_phnum;
     86
     87		/* Sanity check the program header table location. */
     88		if (ehdr->e_phoff + phdr_size < ehdr->e_phoff) {
     89			pr_debug("Program headers at invalid location.\n");
     90			return false;
     91		} else if (ehdr->e_phoff + phdr_size > buf_len) {
     92			pr_debug("Program headers truncated.\n");
     93			return false;
     94		}
     95	}
     96
     97	if (ehdr->e_shoff > 0 && ehdr->e_shnum > 0) {
     98		size_t shdr_size;
     99
    100		/*
    101		 * e_shnum is at most 65536 so calculating
    102		 * the size of the section header cannot overflow.
    103		 */
    104		shdr_size = sizeof(struct elf_shdr) * ehdr->e_shnum;
    105
    106		/* Sanity check the section header table location. */
    107		if (ehdr->e_shoff + shdr_size < ehdr->e_shoff) {
    108			pr_debug("Section headers at invalid location.\n");
    109			return false;
    110		} else if (ehdr->e_shoff + shdr_size > buf_len) {
    111			pr_debug("Section headers truncated.\n");
    112			return false;
    113		}
    114	}
    115
    116	return true;
    117}
    118
    119static int elf_read_ehdr(const char *buf, size_t len, struct elfhdr *ehdr)
    120{
    121	struct elfhdr *buf_ehdr;
    122
    123	if (len < sizeof(*buf_ehdr)) {
    124		pr_debug("Buffer is too small to hold ELF header.\n");
    125		return -ENOEXEC;
    126	}
    127
    128	memset(ehdr, 0, sizeof(*ehdr));
    129	memcpy(ehdr->e_ident, buf, sizeof(ehdr->e_ident));
    130	if (!elf_is_elf_file(ehdr)) {
    131		pr_debug("No ELF header magic.\n");
    132		return -ENOEXEC;
    133	}
    134
    135	if (ehdr->e_ident[EI_CLASS] != ELF_CLASS) {
    136		pr_debug("Not a supported ELF class.\n");
    137		return -ENOEXEC;
    138	} else  if (ehdr->e_ident[EI_DATA] != ELFDATA2LSB &&
    139		ehdr->e_ident[EI_DATA] != ELFDATA2MSB) {
    140		pr_debug("Not a supported ELF data format.\n");
    141		return -ENOEXEC;
    142	}
    143
    144	buf_ehdr = (struct elfhdr *) buf;
    145	if (elf16_to_cpu(ehdr, buf_ehdr->e_ehsize) != sizeof(*buf_ehdr)) {
    146		pr_debug("Bad ELF header size.\n");
    147		return -ENOEXEC;
    148	}
    149
    150	ehdr->e_type      = elf16_to_cpu(ehdr, buf_ehdr->e_type);
    151	ehdr->e_machine   = elf16_to_cpu(ehdr, buf_ehdr->e_machine);
    152	ehdr->e_version   = elf32_to_cpu(ehdr, buf_ehdr->e_version);
    153	ehdr->e_flags     = elf32_to_cpu(ehdr, buf_ehdr->e_flags);
    154	ehdr->e_phentsize = elf16_to_cpu(ehdr, buf_ehdr->e_phentsize);
    155	ehdr->e_phnum     = elf16_to_cpu(ehdr, buf_ehdr->e_phnum);
    156	ehdr->e_shentsize = elf16_to_cpu(ehdr, buf_ehdr->e_shentsize);
    157	ehdr->e_shnum     = elf16_to_cpu(ehdr, buf_ehdr->e_shnum);
    158	ehdr->e_shstrndx  = elf16_to_cpu(ehdr, buf_ehdr->e_shstrndx);
    159
    160	switch (ehdr->e_ident[EI_CLASS]) {
    161	case ELFCLASS64:
    162		ehdr->e_entry = elf64_to_cpu(ehdr, buf_ehdr->e_entry);
    163		ehdr->e_phoff = elf64_to_cpu(ehdr, buf_ehdr->e_phoff);
    164		ehdr->e_shoff = elf64_to_cpu(ehdr, buf_ehdr->e_shoff);
    165		break;
    166
    167	case ELFCLASS32:
    168		ehdr->e_entry = elf32_to_cpu(ehdr, buf_ehdr->e_entry);
    169		ehdr->e_phoff = elf32_to_cpu(ehdr, buf_ehdr->e_phoff);
    170		ehdr->e_shoff = elf32_to_cpu(ehdr, buf_ehdr->e_shoff);
    171		break;
    172
    173	default:
    174		pr_debug("Unknown ELF class.\n");
    175		return -EINVAL;
    176	}
    177
    178	return elf_is_ehdr_sane(ehdr, len) ? 0 : -ENOEXEC;
    179}
    180
    181/**
    182 * elf_is_phdr_sane - check that it is safe to use the program header
    183 * @buf_len:	size of the buffer in which the ELF file is loaded.
    184 */
    185static bool elf_is_phdr_sane(const struct elf_phdr *phdr, size_t buf_len)
    186{
    187
    188	if (phdr->p_offset + phdr->p_filesz < phdr->p_offset) {
    189		pr_debug("ELF segment location wraps around.\n");
    190		return false;
    191	} else if (phdr->p_offset + phdr->p_filesz > buf_len) {
    192		pr_debug("ELF segment not in file.\n");
    193		return false;
    194	} else if (phdr->p_paddr + phdr->p_memsz < phdr->p_paddr) {
    195		pr_debug("ELF segment address wraps around.\n");
    196		return false;
    197	}
    198
    199	return true;
    200}
    201
    202static int elf_read_phdr(const char *buf, size_t len,
    203			 struct kexec_elf_info *elf_info,
    204			 int idx)
    205{
    206	/* Override the const in proghdrs, we are the ones doing the loading. */
    207	struct elf_phdr *phdr = (struct elf_phdr *) &elf_info->proghdrs[idx];
    208	const struct elfhdr *ehdr = elf_info->ehdr;
    209	const char *pbuf;
    210	struct elf_phdr *buf_phdr;
    211
    212	pbuf = buf + elf_info->ehdr->e_phoff + (idx * sizeof(*buf_phdr));
    213	buf_phdr = (struct elf_phdr *) pbuf;
    214
    215	phdr->p_type   = elf32_to_cpu(elf_info->ehdr, buf_phdr->p_type);
    216	phdr->p_flags  = elf32_to_cpu(elf_info->ehdr, buf_phdr->p_flags);
    217
    218	switch (ehdr->e_ident[EI_CLASS]) {
    219	case ELFCLASS64:
    220		phdr->p_offset = elf64_to_cpu(ehdr, buf_phdr->p_offset);
    221		phdr->p_paddr  = elf64_to_cpu(ehdr, buf_phdr->p_paddr);
    222		phdr->p_vaddr  = elf64_to_cpu(ehdr, buf_phdr->p_vaddr);
    223		phdr->p_filesz = elf64_to_cpu(ehdr, buf_phdr->p_filesz);
    224		phdr->p_memsz  = elf64_to_cpu(ehdr, buf_phdr->p_memsz);
    225		phdr->p_align  = elf64_to_cpu(ehdr, buf_phdr->p_align);
    226		break;
    227
    228	case ELFCLASS32:
    229		phdr->p_offset = elf32_to_cpu(ehdr, buf_phdr->p_offset);
    230		phdr->p_paddr  = elf32_to_cpu(ehdr, buf_phdr->p_paddr);
    231		phdr->p_vaddr  = elf32_to_cpu(ehdr, buf_phdr->p_vaddr);
    232		phdr->p_filesz = elf32_to_cpu(ehdr, buf_phdr->p_filesz);
    233		phdr->p_memsz  = elf32_to_cpu(ehdr, buf_phdr->p_memsz);
    234		phdr->p_align  = elf32_to_cpu(ehdr, buf_phdr->p_align);
    235		break;
    236
    237	default:
    238		pr_debug("Unknown ELF class.\n");
    239		return -EINVAL;
    240	}
    241
    242	return elf_is_phdr_sane(phdr, len) ? 0 : -ENOEXEC;
    243}
    244
    245/**
    246 * elf_read_phdrs - read the program headers from the buffer
    247 *
    248 * This function assumes that the program header table was checked for sanity.
    249 * Use elf_is_ehdr_sane() if it wasn't.
    250 */
    251static int elf_read_phdrs(const char *buf, size_t len,
    252			  struct kexec_elf_info *elf_info)
    253{
    254	size_t phdr_size, i;
    255	const struct elfhdr *ehdr = elf_info->ehdr;
    256
    257	/*
    258	 * e_phnum is at most 65535 so calculating the size of the
    259	 * program header cannot overflow.
    260	 */
    261	phdr_size = sizeof(struct elf_phdr) * ehdr->e_phnum;
    262
    263	elf_info->proghdrs = kzalloc(phdr_size, GFP_KERNEL);
    264	if (!elf_info->proghdrs)
    265		return -ENOMEM;
    266
    267	for (i = 0; i < ehdr->e_phnum; i++) {
    268		int ret;
    269
    270		ret = elf_read_phdr(buf, len, elf_info, i);
    271		if (ret) {
    272			kfree(elf_info->proghdrs);
    273			elf_info->proghdrs = NULL;
    274			return ret;
    275		}
    276	}
    277
    278	return 0;
    279}
    280
    281/**
    282 * elf_read_from_buffer - read ELF file and sets up ELF header and ELF info
    283 * @buf:	Buffer to read ELF file from.
    284 * @len:	Size of @buf.
    285 * @ehdr:	Pointer to existing struct which will be populated.
    286 * @elf_info:	Pointer to existing struct which will be populated.
    287 *
    288 * This function allows reading ELF files with different byte order than
    289 * the kernel, byte-swapping the fields as needed.
    290 *
    291 * Return:
    292 * On success returns 0, and the caller should call
    293 * kexec_free_elf_info(elf_info) to free the memory allocated for the section
    294 * and program headers.
    295 */
    296static int elf_read_from_buffer(const char *buf, size_t len,
    297				struct elfhdr *ehdr,
    298				struct kexec_elf_info *elf_info)
    299{
    300	int ret;
    301
    302	ret = elf_read_ehdr(buf, len, ehdr);
    303	if (ret)
    304		return ret;
    305
    306	elf_info->buffer = buf;
    307	elf_info->ehdr = ehdr;
    308	if (ehdr->e_phoff > 0 && ehdr->e_phnum > 0) {
    309		ret = elf_read_phdrs(buf, len, elf_info);
    310		if (ret)
    311			return ret;
    312	}
    313	return 0;
    314}
    315
    316/**
    317 * kexec_free_elf_info - free memory allocated by elf_read_from_buffer
    318 */
    319void kexec_free_elf_info(struct kexec_elf_info *elf_info)
    320{
    321	kfree(elf_info->proghdrs);
    322	memset(elf_info, 0, sizeof(*elf_info));
    323}
    324/**
    325 * kexec_build_elf_info - read ELF executable and check that we can use it
    326 */
    327int kexec_build_elf_info(const char *buf, size_t len, struct elfhdr *ehdr,
    328			       struct kexec_elf_info *elf_info)
    329{
    330	int i;
    331	int ret;
    332
    333	ret = elf_read_from_buffer(buf, len, ehdr, elf_info);
    334	if (ret)
    335		return ret;
    336
    337	/* Big endian vmlinux has type ET_DYN. */
    338	if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) {
    339		pr_err("Not an ELF executable.\n");
    340		goto error;
    341	} else if (!elf_info->proghdrs) {
    342		pr_err("No ELF program header.\n");
    343		goto error;
    344	}
    345
    346	for (i = 0; i < ehdr->e_phnum; i++) {
    347		/*
    348		 * Kexec does not support loading interpreters.
    349		 * In addition this check keeps us from attempting
    350		 * to kexec ordinay executables.
    351		 */
    352		if (elf_info->proghdrs[i].p_type == PT_INTERP) {
    353			pr_err("Requires an ELF interpreter.\n");
    354			goto error;
    355		}
    356	}
    357
    358	return 0;
    359error:
    360	kexec_free_elf_info(elf_info);
    361	return -ENOEXEC;
    362}
    363
    364
    365int kexec_elf_probe(const char *buf, unsigned long len)
    366{
    367	struct elfhdr ehdr;
    368	struct kexec_elf_info elf_info;
    369	int ret;
    370
    371	ret = kexec_build_elf_info(buf, len, &ehdr, &elf_info);
    372	if (ret)
    373		return ret;
    374
    375	kexec_free_elf_info(&elf_info);
    376
    377	return elf_check_arch(&ehdr) ? 0 : -ENOEXEC;
    378}
    379
    380/**
    381 * kexec_elf_load - load ELF executable image
    382 * @lowest_load_addr:	On return, will be the address where the first PT_LOAD
    383 *			section will be loaded in memory.
    384 *
    385 * Return:
    386 * 0 on success, negative value on failure.
    387 */
    388int kexec_elf_load(struct kimage *image, struct elfhdr *ehdr,
    389			 struct kexec_elf_info *elf_info,
    390			 struct kexec_buf *kbuf,
    391			 unsigned long *lowest_load_addr)
    392{
    393	unsigned long lowest_addr = UINT_MAX;
    394	int ret;
    395	size_t i;
    396
    397	/* Read in the PT_LOAD segments. */
    398	for (i = 0; i < ehdr->e_phnum; i++) {
    399		unsigned long load_addr;
    400		size_t size;
    401		const struct elf_phdr *phdr;
    402
    403		phdr = &elf_info->proghdrs[i];
    404		if (phdr->p_type != PT_LOAD)
    405			continue;
    406
    407		size = phdr->p_filesz;
    408		if (size > phdr->p_memsz)
    409			size = phdr->p_memsz;
    410
    411		kbuf->buffer = (void *) elf_info->buffer + phdr->p_offset;
    412		kbuf->bufsz = size;
    413		kbuf->memsz = phdr->p_memsz;
    414		kbuf->buf_align = phdr->p_align;
    415		kbuf->buf_min = phdr->p_paddr;
    416		kbuf->mem = KEXEC_BUF_MEM_UNKNOWN;
    417		ret = kexec_add_buffer(kbuf);
    418		if (ret)
    419			goto out;
    420		load_addr = kbuf->mem;
    421
    422		if (load_addr < lowest_addr)
    423			lowest_addr = load_addr;
    424	}
    425
    426	*lowest_load_addr = lowest_addr;
    427	ret = 0;
    428 out:
    429	return ret;
    430}