1 /* Reconstruct an ELF file by reading the segments out of remote memory.
2 Copyright (C) 2005-2011, 2014, 2015 Red Hat, Inc.
3 This file is part of elfutils.
4
5 This file is free software; you can redistribute it and/or modify
6 it under the terms of either
7
8 * the GNU Lesser General Public License as published by the Free
9 Software Foundation; either version 3 of the License, or (at
10 your option) any later version
11
12 or
13
14 * the GNU General Public License as published by the Free
15 Software Foundation; either version 2 of the License, or (at
16 your option) any later version
17
18 or both in parallel, as here.
19
20 elfutils is distributed in the hope that it will be useful, but
21 WITHOUT ANY WARRANTY; without even the implied warranty of
22 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23 General Public License for more details.
24
25 You should have received copies of the GNU General Public License and
26 the GNU Lesser General Public License along with this program. If
27 not, see <http://www.gnu.org/licenses/>. */
28
29 #include <config.h>
30 #include "../libelf/libelfP.h"
31 #undef _
32
33 #include "libdwflP.h"
34
35 #include <gelf.h>
36 #include <sys/types.h>
37 #include <stdbool.h>
38 #include <stdlib.h>
39 #include <string.h>
40
41 /* Reconstruct an ELF file by reading the segments out of remote memory
42 based on the ELF file header at EHDR_VMA and the ELF program headers it
43 points to. If not null, *LOADBASEP is filled in with the difference
44 between the addresses from which the segments were read, and the
45 addresses the file headers put them at.
46
47 The function READ_MEMORY is called to copy at least MINREAD and at most
48 MAXREAD bytes from the remote memory at target address ADDRESS into the
49 local buffer at DATA; it should return -1 for errors (with code in
50 `errno'), 0 if it failed to read at least MINREAD bytes due to EOF, or
51 the number of bytes read if >= MINREAD. ARG is passed through.
52
53 PAGESIZE is the minimum page size and alignment used for the PT_LOAD
54 segments. */
55
56 Elf *
elf_from_remote_memory(GElf_Addr ehdr_vma,GElf_Xword pagesize,GElf_Addr * loadbasep,ssize_t (* read_memory)(void * arg,void * data,GElf_Addr address,size_t minread,size_t maxread),void * arg)57 elf_from_remote_memory (GElf_Addr ehdr_vma,
58 GElf_Xword pagesize,
59 GElf_Addr *loadbasep,
60 ssize_t (*read_memory) (void *arg, void *data,
61 GElf_Addr address,
62 size_t minread,
63 size_t maxread),
64 void *arg)
65 {
66 /* We might have to reserve some memory for the phdrs. Set to NULL
67 here so we can always safely free it. */
68 void *phdrsp = NULL;
69
70 /* First read in the file header and check its sanity. */
71
72 const size_t initial_bufsize = 256;
73 unsigned char *buffer = malloc (initial_bufsize);
74 if (unlikely (buffer == NULL))
75 {
76 no_memory:
77 __libdwfl_seterrno (DWFL_E_NOMEM);
78 return NULL;
79 }
80
81 ssize_t nread = (*read_memory) (arg, buffer, ehdr_vma,
82 sizeof (Elf32_Ehdr), initial_bufsize);
83 if (nread <= 0)
84 {
85 read_error:
86 free (buffer);
87 free (phdrsp);
88 __libdwfl_seterrno (nread < 0 ? DWFL_E_ERRNO : DWFL_E_TRUNCATED);
89 return NULL;
90 }
91
92 if (memcmp (buffer, ELFMAG, SELFMAG) != 0)
93 {
94 bad_elf:
95 free (buffer);
96 free (phdrsp);
97 __libdwfl_seterrno (DWFL_E_BADELF);
98 return NULL;
99 }
100
101 /* Extract the information we need from the file header. */
102
103 union
104 {
105 Elf32_Ehdr e32;
106 Elf64_Ehdr e64;
107 } ehdr;
108 Elf_Data xlatefrom =
109 {
110 .d_type = ELF_T_EHDR,
111 .d_buf = buffer,
112 .d_version = EV_CURRENT,
113 };
114 Elf_Data xlateto =
115 {
116 .d_type = ELF_T_EHDR,
117 .d_buf = &ehdr,
118 .d_size = sizeof ehdr,
119 .d_version = EV_CURRENT,
120 };
121
122 GElf_Off phoff;
123 uint_fast16_t phnum;
124 uint_fast16_t phentsize;
125 GElf_Off shdrs_end;
126
127 switch (buffer[EI_CLASS])
128 {
129 case ELFCLASS32:
130 xlatefrom.d_size = sizeof (Elf32_Ehdr);
131 if (elf32_xlatetom (&xlateto, &xlatefrom, buffer[EI_DATA]) == NULL)
132 {
133 libelf_error:
134 __libdwfl_seterrno (DWFL_E_LIBELF);
135 return NULL;
136 }
137 phoff = ehdr.e32.e_phoff;
138 phnum = ehdr.e32.e_phnum;
139 phentsize = ehdr.e32.e_phentsize;
140 if (phentsize != sizeof (Elf32_Phdr) || phnum == 0)
141 goto bad_elf;
142 /* NOTE if the number of sections is > 0xff00 then e_shnum
143 is zero and the actual number would come from the section
144 zero sh_size field. We ignore this here because getting shdrs
145 is just a nice bonus (see below where we trim the last phdrs
146 PT_LOAD segment). */
147 shdrs_end = ehdr.e32.e_shoff + ehdr.e32.e_shnum * ehdr.e32.e_shentsize;
148 break;
149
150 case ELFCLASS64:
151 xlatefrom.d_size = sizeof (Elf64_Ehdr);
152 if (elf64_xlatetom (&xlateto, &xlatefrom, buffer[EI_DATA]) == NULL)
153 goto libelf_error;
154 phoff = ehdr.e64.e_phoff;
155 phnum = ehdr.e64.e_phnum;
156 phentsize = ehdr.e64.e_phentsize;
157 if (phentsize != sizeof (Elf64_Phdr) || phnum == 0)
158 goto bad_elf;
159 /* See the NOTE above for shdrs_end and ehdr.e32.e_shnum. */
160 shdrs_end = ehdr.e64.e_shoff + ehdr.e64.e_shnum * ehdr.e64.e_shentsize;
161 break;
162
163 default:
164 goto bad_elf;
165 }
166
167
168 /* The file header tells where to find the program headers.
169 These are what we use to actually choose what to read. */
170
171 xlatefrom.d_type = xlateto.d_type = ELF_T_PHDR;
172 xlatefrom.d_size = phnum * phentsize;
173
174 if ((size_t) nread >= phoff + phnum * phentsize)
175 /* We already have all the phdrs from the initial read. */
176 xlatefrom.d_buf = buffer + phoff;
177 else
178 {
179 /* Read in the program headers. */
180
181 if (initial_bufsize < (size_t)phnum * phentsize)
182 {
183 unsigned char *newbuf = realloc (buffer, phnum * phentsize);
184 if (newbuf == NULL)
185 {
186 free (buffer);
187 free (phdrsp);
188 goto no_memory;
189 }
190 buffer = newbuf;
191 }
192 nread = (*read_memory) (arg, buffer, ehdr_vma + phoff,
193 phnum * phentsize, phnum * phentsize);
194 if (nread <= 0)
195 goto read_error;
196
197 xlatefrom.d_buf = buffer;
198 }
199
200 bool class32 = ehdr.e32.e_ident[EI_CLASS] == ELFCLASS32;
201 size_t phdr_size = class32 ? sizeof (Elf32_Phdr) : sizeof (Elf64_Phdr);
202 if (unlikely (phnum > SIZE_MAX / phdr_size))
203 {
204 free (buffer);
205 goto no_memory;
206 }
207 const size_t phdrsp_bytes = phnum * phdr_size;
208 phdrsp = malloc (phdrsp_bytes);
209 if (unlikely (phdrsp == NULL))
210 {
211 free (buffer);
212 goto no_memory;
213 }
214
215 xlateto.d_buf = phdrsp;
216 xlateto.d_size = phdrsp_bytes;
217
218 /* Scan for PT_LOAD segments to find the total size of the file image. */
219 size_t contents_size = 0;
220 GElf_Off segments_end = 0;
221 GElf_Off segments_end_mem = 0;
222 GElf_Addr loadbase = ehdr_vma;
223 bool found_base = false;
224 Elf32_Phdr (*p32)[phnum] = phdrsp;
225 Elf64_Phdr (*p64)[phnum] = phdrsp;
226 switch (ehdr.e32.e_ident[EI_CLASS])
227 {
228 /* Sanity checks segments and calculates segment_end,
229 segments_end, segments_end_mem and loadbase (if not
230 found_base yet). Returns true if sanity checking failed,
231 false otherwise. */
232 inline bool handle_segment (GElf_Addr vaddr, GElf_Off offset,
233 GElf_Xword filesz, GElf_Xword memsz)
234 {
235 /* Sanity check the segment load aligns with the pagesize. */
236 if (((vaddr - offset) & (pagesize - 1)) != 0)
237 return true;
238
239 GElf_Off segment_end = ((offset + filesz + pagesize - 1)
240 & -pagesize);
241
242 if (segment_end > (GElf_Off) contents_size)
243 contents_size = segment_end;
244
245 if (!found_base && (offset & -pagesize) == 0)
246 {
247 loadbase = ehdr_vma - (vaddr & -pagesize);
248 found_base = true;
249 }
250
251 segments_end = offset + filesz;
252 segments_end_mem = offset + memsz;
253 return false;
254 }
255
256 case ELFCLASS32:
257 if (elf32_xlatetom (&xlateto, &xlatefrom,
258 ehdr.e32.e_ident[EI_DATA]) == NULL)
259 goto libelf_error;
260 for (uint_fast16_t i = 0; i < phnum; ++i)
261 if ((*p32)[i].p_type == PT_LOAD)
262 if (handle_segment ((*p32)[i].p_vaddr, (*p32)[i].p_offset,
263 (*p32)[i].p_filesz, (*p32)[i].p_memsz))
264 goto bad_elf;
265 break;
266
267 case ELFCLASS64:
268 if (elf64_xlatetom (&xlateto, &xlatefrom,
269 ehdr.e64.e_ident[EI_DATA]) == NULL)
270 goto libelf_error;
271 for (uint_fast16_t i = 0; i < phnum; ++i)
272 if ((*p64)[i].p_type == PT_LOAD)
273 if (handle_segment ((*p64)[i].p_vaddr, (*p64)[i].p_offset,
274 (*p64)[i].p_filesz, (*p64)[i].p_memsz))
275 goto bad_elf;
276 break;
277
278 default:
279 abort ();
280 break;
281 }
282
283 /* Trim the last segment so we don't bother with zeros in the last page
284 that are off the end of the file. However, if the extra bit in that
285 page includes the section headers and the memory isn't extended (which
286 might indicate it will have been reused otherwise), keep them. */
287 if ((GElf_Off) contents_size > segments_end
288 && (GElf_Off) contents_size >= shdrs_end
289 && segments_end == segments_end_mem)
290 {
291 contents_size = segments_end;
292 if ((GElf_Off) contents_size < shdrs_end)
293 contents_size = shdrs_end;
294 }
295 else
296 contents_size = segments_end;
297
298 free (buffer);
299
300 /* Now we know the size of the whole image we want read in. */
301 buffer = calloc (1, contents_size);
302 if (buffer == NULL)
303 {
304 free (phdrsp);
305 goto no_memory;
306 }
307
308 switch (ehdr.e32.e_ident[EI_CLASS])
309 {
310 /* Reads the given segment. Returns true if reading fails,
311 false otherwise. */
312 inline bool handle_segment (GElf_Addr vaddr, GElf_Off offset,
313 GElf_Xword filesz)
314 {
315 GElf_Off start = offset & -pagesize;
316 GElf_Off end = (offset + filesz + pagesize - 1) & -pagesize;
317 if (end > (GElf_Off) contents_size)
318 end = contents_size;
319 nread = (*read_memory) (arg, buffer + start,
320 (loadbase + vaddr) & -pagesize,
321 end - start, end - start);
322 return nread <= 0;
323 }
324
325 case ELFCLASS32:
326 for (uint_fast16_t i = 0; i < phnum; ++i)
327 if ((*p32)[i].p_type == PT_LOAD)
328 if (handle_segment ((*p32)[i].p_vaddr, (*p32)[i].p_offset,
329 (*p32)[i].p_filesz))
330 goto read_error;
331
332 /* If the segments visible in memory didn't include the section
333 headers, then clear them from the file header. */
334 if (contents_size < shdrs_end)
335 {
336 ehdr.e32.e_shoff = 0;
337 ehdr.e32.e_shnum = 0;
338 ehdr.e32.e_shstrndx = 0;
339 }
340
341 /* This will normally have been in the first PT_LOAD segment. But it
342 conceivably could be missing, and we might have just changed it. */
343 xlatefrom.d_type = xlateto.d_type = ELF_T_EHDR;
344 xlatefrom.d_size = xlateto.d_size = sizeof ehdr.e32;
345 xlatefrom.d_buf = &ehdr.e32;
346 xlateto.d_buf = buffer;
347 if (elf32_xlatetof (&xlateto, &xlatefrom,
348 ehdr.e32.e_ident[EI_DATA]) == NULL)
349 goto libelf_error;
350 break;
351
352 case ELFCLASS64:
353 for (uint_fast16_t i = 0; i < phnum; ++i)
354 if ((*p64)[i].p_type == PT_LOAD)
355 if (handle_segment ((*p64)[i].p_vaddr, (*p64)[i].p_offset,
356 (*p64)[i].p_filesz))
357 goto read_error;
358
359 /* If the segments visible in memory didn't include the section
360 headers, then clear them from the file header. */
361 if (contents_size < shdrs_end)
362 {
363 ehdr.e64.e_shoff = 0;
364 ehdr.e64.e_shnum = 0;
365 ehdr.e64.e_shstrndx = 0;
366 }
367
368 /* This will normally have been in the first PT_LOAD segment. But it
369 conceivably could be missing, and we might have just changed it. */
370 xlatefrom.d_type = xlateto.d_type = ELF_T_EHDR;
371 xlatefrom.d_size = xlateto.d_size = sizeof ehdr.e64;
372 xlatefrom.d_buf = &ehdr.e64;
373 xlateto.d_buf = buffer;
374 if (elf64_xlatetof (&xlateto, &xlatefrom,
375 ehdr.e64.e_ident[EI_DATA]) == NULL)
376 goto libelf_error;
377 break;
378
379 default:
380 abort ();
381 break;
382 }
383
384 free (phdrsp);
385 phdrsp = NULL;
386
387 /* Now we have the image. Open libelf on it. */
388
389 Elf *elf = elf_memory ((char *) buffer, contents_size);
390 if (elf == NULL)
391 {
392 free (buffer);
393 goto libelf_error;
394 }
395
396 elf->flags |= ELF_F_MALLOCED;
397 if (loadbasep != NULL)
398 *loadbasep = loadbase;
399 return elf;
400 }
401