summaryrefslogtreecommitdiffstats
path: root/src/shared/elf-util.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-10 20:49:52 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-10 20:49:52 +0000
commit55944e5e40b1be2afc4855d8d2baf4b73d1876b5 (patch)
tree33f869f55a1b149e9b7c2b7e201867ca5dd52992 /src/shared/elf-util.c
parentInitial commit. (diff)
downloadsystemd-55944e5e40b1be2afc4855d8d2baf4b73d1876b5.tar.xz
systemd-55944e5e40b1be2afc4855d8d2baf4b73d1876b5.zip
Adding upstream version 255.4.upstream/255.4
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/shared/elf-util.c')
-rw-r--r--src/shared/elf-util.c899
1 files changed, 899 insertions, 0 deletions
diff --git a/src/shared/elf-util.c b/src/shared/elf-util.c
new file mode 100644
index 0000000..24ed16e
--- /dev/null
+++ b/src/shared/elf-util.c
@@ -0,0 +1,899 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#if HAVE_ELFUTILS
+
+#include <dwarf.h>
+#include <elfutils/libdwelf.h>
+#include <elfutils/libdwfl.h>
+#include <libelf.h>
+#include <sys/prctl.h>
+#include <sys/resource.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "alloc-util.h"
+#include "dlfcn-util.h"
+#include "elf-util.h"
+#include "errno-util.h"
+#include "escape.h"
+#include "fileio.h"
+#include "fd-util.h"
+#include "format-util.h"
+#include "hexdecoct.h"
+#include "io-util.h"
+#include "macro.h"
+#include "memstream-util.h"
+#include "process-util.h"
+#include "rlimit-util.h"
+#include "string-util.h"
+
+#define FRAMES_MAX 64
+#define THREADS_MAX 64
+#define ELF_PACKAGE_METADATA_ID 0xcafe1a7e
+
+/* The amount of data we're willing to write to each of the output pipes. */
+#define COREDUMP_PIPE_MAX (1024*1024U)
+
+static void *dw_dl = NULL;
+static void *elf_dl = NULL;
+
+/* libdw symbols */
+Dwarf_Attribute *(*sym_dwarf_attr_integrate)(Dwarf_Die *, unsigned int, Dwarf_Attribute *);
+const char *(*sym_dwarf_diename)(Dwarf_Die *);
+const char *(*sym_dwarf_formstring)(Dwarf_Attribute *);
+int (*sym_dwarf_getscopes)(Dwarf_Die *, Dwarf_Addr, Dwarf_Die **);
+int (*sym_dwarf_getscopes_die)(Dwarf_Die *, Dwarf_Die **);
+Elf *(*sym_dwelf_elf_begin)(int);
+#if HAVE_DWELF_ELF_E_MACHINE_STRING
+const char *(*sym_dwelf_elf_e_machine_string)(int);
+#endif
+ssize_t (*sym_dwelf_elf_gnu_build_id)(Elf *, const void **);
+int (*sym_dwarf_tag)(Dwarf_Die *);
+Dwfl_Module *(*sym_dwfl_addrmodule)(Dwfl *, Dwarf_Addr);
+Dwfl *(*sym_dwfl_begin)(const Dwfl_Callbacks *);
+int (*sym_dwfl_build_id_find_elf)(Dwfl_Module *, void **, const char *, Dwarf_Addr, char **, Elf **);
+int (*sym_dwfl_core_file_attach)(Dwfl *, Elf *);
+int (*sym_dwfl_core_file_report)(Dwfl *, Elf *, const char *);
+void (*sym_dwfl_end)(Dwfl *);
+const char *(*sym_dwfl_errmsg)(int);
+int (*sym_dwfl_errno)(void);
+bool (*sym_dwfl_frame_pc)(Dwfl_Frame *, Dwarf_Addr *, bool *);
+ptrdiff_t (*sym_dwfl_getmodules)(Dwfl *, int (*)(Dwfl_Module *, void **, const char *, Dwarf_Addr, void *), void *, ptrdiff_t);
+int (*sym_dwfl_getthreads)(Dwfl *, int (*)(Dwfl_Thread *, void *), void *);
+Dwarf_Die *(*sym_dwfl_module_addrdie)(Dwfl_Module *, Dwarf_Addr, Dwarf_Addr *);
+const char *(*sym_dwfl_module_addrname)(Dwfl_Module *, GElf_Addr);
+int (*sym_dwfl_module_build_id)(Dwfl_Module *, const unsigned char **, GElf_Addr *);
+Elf *(*sym_dwfl_module_getelf)(Dwfl_Module *, GElf_Addr *);
+const char *(*sym_dwfl_module_info)(Dwfl_Module *, void ***, Dwarf_Addr *, Dwarf_Addr *, Dwarf_Addr *, Dwarf_Addr *, const char **, const char **);
+int (*sym_dwfl_offline_section_address)(Dwfl_Module *, void **, const char *, Dwarf_Addr, const char *, GElf_Word, const GElf_Shdr *, Dwarf_Addr *);
+int (*sym_dwfl_report_end)(Dwfl *, int (*)(Dwfl_Module *, void *, const char *, Dwarf_Addr, void *), void *);
+int (*sym_dwfl_standard_find_debuginfo)(Dwfl_Module *, void **, const char *, Dwarf_Addr, const char *, const char *, GElf_Word, char **);
+int (*sym_dwfl_thread_getframes)(Dwfl_Thread *, int (*)(Dwfl_Frame *, void *), void *);
+pid_t (*sym_dwfl_thread_tid)(Dwfl_Thread *);
+
+/* libelf symbols */
+Elf *(*sym_elf_begin)(int, Elf_Cmd, Elf *);
+int (*sym_elf_end)(Elf *);
+Elf_Data *(*sym_elf_getdata_rawchunk)(Elf *, int64_t, size_t, Elf_Type);
+GElf_Ehdr *(*sym_gelf_getehdr)(Elf *, GElf_Ehdr *);
+int (*sym_elf_getphdrnum)(Elf *, size_t *);
+const char *(*sym_elf_errmsg)(int);
+int (*sym_elf_errno)(void);
+Elf *(*sym_elf_memory)(char *, size_t);
+unsigned int (*sym_elf_version)(unsigned int);
+GElf_Phdr *(*sym_gelf_getphdr)(Elf *, int, GElf_Phdr *);
+size_t (*sym_gelf_getnote)(Elf_Data *, size_t, GElf_Nhdr *, size_t *, size_t *);
+
+int dlopen_dw(void) {
+ int r;
+
+ r = dlopen_many_sym_or_warn(
+ &dw_dl, "libdw.so.1", LOG_DEBUG,
+ DLSYM_ARG(dwarf_getscopes),
+ DLSYM_ARG(dwarf_getscopes_die),
+ DLSYM_ARG(dwarf_tag),
+ DLSYM_ARG(dwarf_attr_integrate),
+ DLSYM_ARG(dwarf_formstring),
+ DLSYM_ARG(dwarf_diename),
+ DLSYM_ARG(dwelf_elf_gnu_build_id),
+ DLSYM_ARG(dwelf_elf_begin),
+#if HAVE_DWELF_ELF_E_MACHINE_STRING
+ DLSYM_ARG(dwelf_elf_e_machine_string),
+#endif
+ DLSYM_ARG(dwfl_addrmodule),
+ DLSYM_ARG(dwfl_frame_pc),
+ DLSYM_ARG(dwfl_module_addrdie),
+ DLSYM_ARG(dwfl_module_addrname),
+ DLSYM_ARG(dwfl_module_info),
+ DLSYM_ARG(dwfl_module_build_id),
+ DLSYM_ARG(dwfl_module_getelf),
+ DLSYM_ARG(dwfl_begin),
+ DLSYM_ARG(dwfl_core_file_report),
+ DLSYM_ARG(dwfl_report_end),
+ DLSYM_ARG(dwfl_getmodules),
+ DLSYM_ARG(dwfl_core_file_attach),
+ DLSYM_ARG(dwfl_end),
+ DLSYM_ARG(dwfl_errmsg),
+ DLSYM_ARG(dwfl_errno),
+ DLSYM_ARG(dwfl_build_id_find_elf),
+ DLSYM_ARG(dwfl_standard_find_debuginfo),
+ DLSYM_ARG(dwfl_thread_tid),
+ DLSYM_ARG(dwfl_thread_getframes),
+ DLSYM_ARG(dwfl_getthreads),
+ DLSYM_ARG(dwfl_offline_section_address));
+ if (r <= 0)
+ return r;
+
+ return 1;
+}
+
+int dlopen_elf(void) {
+ int r;
+
+ r = dlopen_many_sym_or_warn(
+ &elf_dl, "libelf.so.1", LOG_DEBUG,
+ DLSYM_ARG(elf_begin),
+ DLSYM_ARG(elf_end),
+ DLSYM_ARG(elf_getphdrnum),
+ DLSYM_ARG(elf_getdata_rawchunk),
+ DLSYM_ARG(elf_errmsg),
+ DLSYM_ARG(elf_errno),
+ DLSYM_ARG(elf_memory),
+ DLSYM_ARG(elf_version),
+ DLSYM_ARG(gelf_getehdr),
+ DLSYM_ARG(gelf_getphdr),
+ DLSYM_ARG(gelf_getnote));
+ if (r <= 0)
+ return r;
+
+ return 1;
+}
+
+typedef struct StackContext {
+ MemStream m;
+ Dwfl *dwfl;
+ Elf *elf;
+ unsigned n_thread;
+ unsigned n_frame;
+ JsonVariant **package_metadata;
+ Set **modules;
+} StackContext;
+
+static void stack_context_done(StackContext *c) {
+ assert(c);
+
+ memstream_done(&c->m);
+
+ if (c->dwfl) {
+ sym_dwfl_end(c->dwfl);
+ c->dwfl = NULL;
+ }
+
+ if (c->elf) {
+ sym_elf_end(c->elf);
+ c->elf = NULL;
+ }
+}
+
+DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(Elf *, sym_elf_end, NULL);
+
+static int frame_callback(Dwfl_Frame *frame, void *userdata) {
+ StackContext *c = ASSERT_PTR(userdata);
+ Dwarf_Addr pc, pc_adjusted;
+ const char *fname = NULL, *symbol = NULL;
+ Dwfl_Module *module;
+ bool is_activation;
+ uint64_t module_offset = 0;
+
+ assert(frame);
+
+ if (c->n_frame >= FRAMES_MAX)
+ return DWARF_CB_ABORT;
+
+ if (!sym_dwfl_frame_pc(frame, &pc, &is_activation))
+ return DWARF_CB_ABORT;
+
+ pc_adjusted = pc - (is_activation ? 0 : 1);
+
+ module = sym_dwfl_addrmodule(c->dwfl, pc_adjusted);
+ if (module) {
+ Dwarf_Addr start, bias = 0;
+ Dwarf_Die *cudie;
+
+ cudie = sym_dwfl_module_addrdie(module, pc_adjusted, &bias);
+ if (cudie) {
+ _cleanup_free_ Dwarf_Die *scopes = NULL;
+ int n;
+
+ n = sym_dwarf_getscopes(cudie, pc_adjusted - bias, &scopes);
+ if (n > 0)
+ for (Dwarf_Die *s = scopes; s && s < scopes + n; s++) {
+ Dwarf_Attribute *a, space;
+
+ if (!IN_SET(sym_dwarf_tag(s), DW_TAG_subprogram, DW_TAG_inlined_subroutine, DW_TAG_entry_point))
+ continue;
+
+ a = sym_dwarf_attr_integrate(s, DW_AT_MIPS_linkage_name, &space);
+ if (!a)
+ a = sym_dwarf_attr_integrate(s, DW_AT_linkage_name, &space);
+ if (a)
+ symbol = sym_dwarf_formstring(a);
+ if (!symbol)
+ symbol = sym_dwarf_diename(s);
+
+ if (symbol)
+ break;
+ }
+ }
+
+ if (!symbol)
+ symbol = sym_dwfl_module_addrname(module, pc_adjusted);
+
+ fname = sym_dwfl_module_info(module, NULL, &start, NULL, NULL, NULL, NULL, NULL);
+ module_offset = pc - start;
+ }
+
+ if (c->m.f)
+ fprintf(c->m.f, "#%-2u 0x%016" PRIx64 " %s (%s + 0x%" PRIx64 ")\n", c->n_frame, (uint64_t) pc, strna(symbol), strna(fname), module_offset);
+ c->n_frame++;
+
+ return DWARF_CB_OK;
+}
+
+static int thread_callback(Dwfl_Thread *thread, void *userdata) {
+ StackContext *c = ASSERT_PTR(userdata);
+ pid_t tid;
+
+ assert(thread);
+
+ if (c->n_thread >= THREADS_MAX)
+ return DWARF_CB_ABORT;
+
+ if (c->n_thread != 0 && c->m.f)
+ fputc('\n', c->m.f);
+
+ c->n_frame = 0;
+
+ if (c->m.f) {
+ tid = sym_dwfl_thread_tid(thread);
+ fprintf(c->m.f, "Stack trace of thread " PID_FMT ":\n", tid);
+ }
+
+ if (sym_dwfl_thread_getframes(thread, frame_callback, c) < 0)
+ return DWARF_CB_ABORT;
+
+ c->n_thread++;
+
+ return DWARF_CB_OK;
+}
+
+static char* build_package_reference(
+ const char *type,
+ const char *name,
+ const char *version,
+ const char *arch) {
+
+ /* Construct an identifier for a specific version of the package. The syntax is most suitable for
+ * rpm: the resulting string can be used directly in queries and rpm/dnf/yum commands. For dpkg and
+ * other systems, it might not be usable directly, but users should still be able to figure out the
+ * meaning.
+ */
+
+ return strjoin(type ?: "package",
+ " ",
+ name,
+
+ version ? "-" : "",
+ strempty(version),
+
+ /* arch is meaningful even without version, so always print it */
+ arch ? "." : "",
+ strempty(arch));
+}
+
+static void report_module_metadata(StackContext *c, const char *name, JsonVariant *metadata) {
+ assert(c);
+ assert(name);
+
+ if (!c->m.f)
+ return;
+
+ fprintf(c->m.f, "Module %s", name);
+
+ if (metadata) {
+ const char
+ *build_id = json_variant_string(json_variant_by_key(metadata, "buildId")),
+ *type = json_variant_string(json_variant_by_key(metadata, "type")),
+ *package = json_variant_string(json_variant_by_key(metadata, "name")),
+ *version = json_variant_string(json_variant_by_key(metadata, "version")),
+ *arch = json_variant_string(json_variant_by_key(metadata, "architecture"));
+
+ if (package) {
+ /* Version/architecture is only meaningful with a package name.
+ * Skip the detailed fields if package is unknown. */
+ _cleanup_free_ char *id = build_package_reference(type, package, version, arch);
+ fprintf(c->m.f, " from %s", strnull(id));
+ }
+
+ if (build_id && !(package && version))
+ fprintf(c->m.f, ", build-id=%s", build_id);
+ }
+
+ fputs("\n", c->m.f);
+}
+
+static int parse_package_metadata(const char *name, JsonVariant *id_json, Elf *elf, bool *ret_interpreter_found, StackContext *c) {
+ bool interpreter_found = false;
+ size_t n_program_headers;
+ int r;
+
+ assert(name);
+ assert(elf);
+ assert(c);
+
+ /* When iterating over PT_LOAD we will visit modules more than once */
+ if (set_contains(*c->modules, name))
+ return 0;
+
+ r = sym_elf_getphdrnum(elf, &n_program_headers);
+ if (r < 0) /* Not the handle we are looking for - that's ok, skip it */
+ return 0;
+
+ /* Iterate over all program headers in that ELF object. These will have been copied by
+ * the kernel verbatim when the core file is generated. */
+ for (size_t i = 0; i < n_program_headers; ++i) {
+ GElf_Phdr mem, *program_header;
+ GElf_Nhdr note_header;
+ Elf_Data *data;
+
+ /* Package metadata is in PT_NOTE headers. */
+ program_header = sym_gelf_getphdr(elf, i, &mem);
+ if (!program_header || (program_header->p_type != PT_NOTE && program_header->p_type != PT_INTERP))
+ continue;
+
+ if (program_header->p_type == PT_INTERP) {
+ interpreter_found = true;
+ continue;
+ }
+
+ /* Fortunately there is an iterator we can use to walk over the
+ * elements of a PT_NOTE program header. We are interested in the
+ * note with type. */
+ data = sym_elf_getdata_rawchunk(elf,
+ program_header->p_offset,
+ program_header->p_filesz,
+ ELF_T_NHDR);
+ if (!data)
+ continue;
+
+ for (size_t note_offset = 0, name_offset, desc_offset;
+ note_offset < data->d_size &&
+ (note_offset = sym_gelf_getnote(data, note_offset, &note_header, &name_offset, &desc_offset)) > 0;) {
+
+ _cleanup_(json_variant_unrefp) JsonVariant *v = NULL, *w = NULL;
+ const char *payload = (const char *)data->d_buf + desc_offset;
+
+ if (note_header.n_namesz == 0 || note_header.n_descsz == 0)
+ continue;
+
+ /* Package metadata might have different owners, but the
+ * magic ID is always the same. */
+ if (note_header.n_type != ELF_PACKAGE_METADATA_ID)
+ continue;
+
+ _cleanup_free_ char *payload_0suffixed = NULL;
+ assert(note_offset > desc_offset);
+ size_t payload_len = note_offset - desc_offset;
+
+ /* If we are lucky and the payload is NUL-padded, we don't need to copy the string.
+ * But if happens to go all the way until the end of the buffer, make a copy. */
+ if (payload[payload_len-1] != '\0') {
+ payload_0suffixed = memdup_suffix0(payload, payload_len);
+ if (!payload_0suffixed)
+ return log_oom();
+ payload = payload_0suffixed;
+ }
+
+ r = json_parse(payload, 0, &v, NULL, NULL);
+ if (r < 0) {
+ _cleanup_free_ char *esc = cescape(payload);
+ return log_error_errno(r, "json_parse on \"%s\" failed: %m", strnull(esc));
+ }
+
+ /* If we have a build-id, merge it in the same JSON object so that it appears all
+ * nicely together in the logs/metadata. */
+ if (id_json) {
+ r = json_variant_merge_object(&v, id_json);
+ if (r < 0)
+ return log_error_errno(r, "json_variant_merge of package meta with buildId failed: %m");
+ }
+
+ /* Pretty-print to the buffer, so that the metadata goes as plaintext in the
+ * journal. */
+ report_module_metadata(c, name, v);
+
+ /* Then we build a new object using the module name as the key, and merge it
+ * with the previous parses, so that in the end it all fits together in a single
+ * JSON blob. */
+ r = json_build(&w, JSON_BUILD_OBJECT(JSON_BUILD_PAIR(name, JSON_BUILD_VARIANT(v))));
+ if (r < 0)
+ return log_error_errno(r, "Failed to build JSON object: %m");
+
+ r = json_variant_merge_object(c->package_metadata, w);
+ if (r < 0)
+ return log_error_errno(r, "json_variant_merge of package meta with buildId failed: %m");
+
+ /* Finally stash the name, so we avoid double visits. */
+ r = set_put_strdup(c->modules, name);
+ if (r < 0)
+ return log_error_errno(r, "set_put_strdup failed: %m");
+
+ if (ret_interpreter_found)
+ *ret_interpreter_found = interpreter_found;
+
+ return 1;
+ }
+ }
+
+ if (ret_interpreter_found)
+ *ret_interpreter_found = interpreter_found;
+
+ /* Didn't find package metadata for this module - that's ok, just go to the next. */
+ return 0;
+}
+
+/* Get the build-id out of an ELF object or a dwarf core module. */
+static int parse_buildid(Dwfl_Module *mod, Elf *elf, const char *name, StackContext *c, JsonVariant **ret_id_json) {
+ _cleanup_(json_variant_unrefp) JsonVariant *id_json = NULL;
+ const unsigned char *id;
+ GElf_Addr id_vaddr;
+ ssize_t id_len;
+ int r;
+
+ assert(mod || elf);
+ assert(name);
+ assert(c);
+
+ if (mod)
+ id_len = sym_dwfl_module_build_id(mod, &id, &id_vaddr);
+ else
+ id_len = sym_dwelf_elf_gnu_build_id(elf, (const void **)&id);
+ if (id_len <= 0) {
+ /* If we don't find a build-id, note it in the journal message, and try
+ * anyway to find the package metadata. It's unlikely to have the latter
+ * without the former, but there's no hard rule. */
+ if (c->m.f)
+ fprintf(c->m.f, "Module %s without build-id.\n", name);
+ } else {
+ /* We will later parse package metadata json and pass it to our caller. Prepare the
+ * build-id in json format too, so that it can be appended and parsed cleanly. It
+ * will then be added as metadata to the journal message with the stack trace. */
+ r = json_build(&id_json, JSON_BUILD_OBJECT(JSON_BUILD_PAIR("buildId", JSON_BUILD_HEX(id, id_len))));
+ if (r < 0)
+ return log_error_errno(r, "json_build on buildId failed: %m");
+ }
+
+ if (ret_id_json)
+ *ret_id_json = TAKE_PTR(id_json);
+
+ return 0;
+}
+
+static int module_callback(Dwfl_Module *mod, void **userdata, const char *name, Dwarf_Addr start, void *arg) {
+ _cleanup_(json_variant_unrefp) JsonVariant *id_json = NULL;
+ StackContext *c = ASSERT_PTR(arg);
+ size_t n_program_headers;
+ GElf_Addr bias;
+ int r;
+ Elf *elf;
+
+ assert(mod);
+
+ if (!name)
+ name = "(unnamed)"; /* For logging purposes */
+
+ /* We are iterating on each "module", which is what dwfl calls ELF objects contained in the
+ * core file, and extracting the build-id first and then the package metadata.
+ * We proceed in a best-effort fashion - not all ELF objects might contain both or either.
+ * The build-id is easy, as libdwfl parses it during the sym_dwfl_core_file_report() call and
+ * stores it separately in an internal library struct. */
+ r = parse_buildid(mod, NULL, name, c, &id_json);
+ if (r < 0)
+ return DWARF_CB_ABORT;
+
+ /* The .note.package metadata is more difficult. From the module, we need to get a reference
+ * to the ELF object first. We might be lucky and just get it from elfutils. */
+ elf = sym_dwfl_module_getelf(mod, &bias);
+ if (elf) {
+ r = parse_package_metadata(name, id_json, elf, NULL, c);
+ if (r < 0)
+ return DWARF_CB_ABORT;
+ if (r > 0)
+ return DWARF_CB_OK;
+ } else
+ elf = c->elf;
+
+ /* We did not get the ELF object, or it's just a reference to the core. That is likely
+ * because we didn't get direct access to the executable, and the version of elfutils does
+ * not yet support parsing it out of the core file directly.
+ * So fallback to manual extraction - get the PT_LOAD section from the core,
+ * and if it's the right one we can interpret it as an Elf object, and parse
+ * its notes manually. */
+
+ r = sym_elf_getphdrnum(elf, &n_program_headers);
+ if (r < 0) {
+ log_warning("Could not parse number of program headers from core file: %s",
+ sym_elf_errmsg(-1)); /* -1 retrieves the most recent error */
+ report_module_metadata(c, name, id_json);
+
+ return DWARF_CB_OK;
+ }
+
+ for (size_t i = 0; i < n_program_headers; ++i) {
+ GElf_Phdr mem, *program_header;
+ Elf_Data *data;
+ GElf_Addr end_of_segment;
+
+ /* The core file stores the ELF files in the PT_LOAD segment. */
+ program_header = sym_gelf_getphdr(elf, i, &mem);
+ if (!program_header || program_header->p_type != PT_LOAD)
+ continue;
+
+ /* Check that the end of segment is a valid address. */
+ if (__builtin_add_overflow(program_header->p_vaddr, program_header->p_memsz, &end_of_segment)) {
+ log_error("Abort due to corrupted core dump, end of segment address %#zx + %#zx overflows", (size_t)program_header->p_vaddr, (size_t)program_header->p_memsz);
+ return DWARF_CB_ABORT;
+ }
+
+ /* This PT_LOAD segment doesn't contain the start address, so it can't be the module we are looking for. */
+ if (start < program_header->p_vaddr || start >= end_of_segment)
+ continue;
+
+ /* Now get a usable Elf reference, and parse the notes from it. */
+ data = sym_elf_getdata_rawchunk(elf,
+ program_header->p_offset,
+ program_header->p_filesz,
+ ELF_T_NHDR);
+ if (!data)
+ continue;
+
+ _cleanup_(sym_elf_endp) Elf *memelf = sym_elf_memory(data->d_buf, data->d_size);
+ if (!memelf)
+ continue;
+ r = parse_package_metadata(name, id_json, memelf, NULL, c);
+ if (r < 0)
+ return DWARF_CB_ABORT;
+ if (r > 0)
+ break;
+ }
+
+ return DWARF_CB_OK;
+}
+
+static int parse_core(int fd, const char *executable, char **ret, JsonVariant **ret_package_metadata) {
+
+ const Dwfl_Callbacks callbacks = {
+ .find_elf = sym_dwfl_build_id_find_elf,
+ .section_address = sym_dwfl_offline_section_address,
+ .find_debuginfo = sym_dwfl_standard_find_debuginfo,
+ };
+
+ _cleanup_(json_variant_unrefp) JsonVariant *package_metadata = NULL;
+ _cleanup_set_free_ Set *modules = NULL;
+ _cleanup_(stack_context_done) StackContext c = {
+ .package_metadata = &package_metadata,
+ .modules = &modules,
+ };
+ int r;
+
+ assert(fd >= 0);
+
+ if (lseek(fd, 0, SEEK_SET) < 0)
+ return log_warning_errno(errno, "Failed to seek to beginning of the core file: %m");
+
+ if (ret && !memstream_init(&c.m))
+ return log_oom();
+
+ sym_elf_version(EV_CURRENT);
+
+ c.elf = sym_elf_begin(fd, ELF_C_READ_MMAP, NULL);
+ if (!c.elf)
+ return log_warning_errno(SYNTHETIC_ERRNO(EINVAL), "Could not parse core file, elf_begin() failed: %s", sym_elf_errmsg(sym_elf_errno()));
+
+ c.dwfl = sym_dwfl_begin(&callbacks);
+ if (!c.dwfl)
+ return log_warning_errno(SYNTHETIC_ERRNO(EINVAL), "Could not parse core file, dwfl_begin() failed: %s", sym_dwfl_errmsg(sym_dwfl_errno()));
+
+ if (sym_dwfl_core_file_report(c.dwfl, c.elf, executable) < 0)
+ return log_warning_errno(SYNTHETIC_ERRNO(EINVAL), "Could not parse core file, dwfl_core_file_report() failed: %s", sym_dwfl_errmsg(sym_dwfl_errno()));
+
+ if (sym_dwfl_report_end(c.dwfl, NULL, NULL) != 0)
+ return log_warning_errno(SYNTHETIC_ERRNO(EINVAL), "Could not parse core file, dwfl_report_end() failed: %s", sym_dwfl_errmsg(sym_dwfl_errno()));
+
+ if (sym_dwfl_getmodules(c.dwfl, &module_callback, &c, 0) < 0)
+ return log_warning_errno(SYNTHETIC_ERRNO(EINVAL), "Could not parse core file, dwfl_getmodules() failed: %s", sym_dwfl_errmsg(sym_dwfl_errno()));
+
+ if (sym_dwfl_core_file_attach(c.dwfl, c.elf) < 0)
+ return log_warning_errno(SYNTHETIC_ERRNO(EINVAL), "Could not parse core file, dwfl_core_file_attach() failed: %s", sym_dwfl_errmsg(sym_dwfl_errno()));
+
+ if (sym_dwfl_getthreads(c.dwfl, thread_callback, &c) < 0)
+ return log_warning_errno(SYNTHETIC_ERRNO(EINVAL), "Could not parse core file, dwfl_getthreads() failed: %s", sym_dwfl_errmsg(sym_dwfl_errno()));
+
+ if (ret) {
+ r = memstream_finalize(&c.m, ret, NULL);
+ if (r < 0)
+ return log_warning_errno(r, "Could not parse core file, flushing file buffer failed: %m");
+ }
+
+ if (ret_package_metadata)
+ *ret_package_metadata = TAKE_PTR(package_metadata);
+
+ return 0;
+}
+
+static int parse_elf(int fd, const char *executable, char **ret, JsonVariant **ret_package_metadata) {
+ _cleanup_(json_variant_unrefp) JsonVariant *package_metadata = NULL, *elf_metadata = NULL;
+ _cleanup_set_free_ Set *modules = NULL;
+ _cleanup_(stack_context_done) StackContext c = {
+ .package_metadata = &package_metadata,
+ .modules = &modules,
+ };
+ const char *elf_type;
+ GElf_Ehdr elf_header;
+ int r;
+
+ assert(fd >= 0);
+
+ if (lseek(fd, 0, SEEK_SET) < 0)
+ return log_warning_errno(errno, "Failed to seek to beginning of the ELF file: %m");
+
+ if (ret && !memstream_init(&c.m))
+ return log_oom();
+
+ sym_elf_version(EV_CURRENT);
+
+ c.elf = sym_elf_begin(fd, ELF_C_READ_MMAP, NULL);
+ if (!c.elf)
+ return log_warning_errno(SYNTHETIC_ERRNO(EINVAL), "Could not parse ELF file, elf_begin() failed: %s", sym_elf_errmsg(sym_elf_errno()));
+
+ if (!sym_gelf_getehdr(c.elf, &elf_header))
+ return log_warning_errno(SYNTHETIC_ERRNO(EINVAL), "Could not parse ELF file, gelf_getehdr() failed: %s", sym_elf_errmsg(sym_elf_errno()));
+
+ if (elf_header.e_type == ET_CORE) {
+ _cleanup_free_ char *out = NULL;
+
+ r = parse_core(fd, executable, ret ? &out : NULL, &package_metadata);
+ if (r < 0)
+ return log_warning_errno(r, "Failed to inspect core file: %m");
+
+ if (out)
+ fprintf(c.m.f, "%s", out);
+
+ elf_type = "coredump";
+ } else {
+ _cleanup_(json_variant_unrefp) JsonVariant *id_json = NULL;
+ const char *e = executable ?: "(unnamed)";
+ bool interpreter_found = false;
+
+ r = parse_buildid(NULL, c.elf, e, &c, &id_json);
+ if (r < 0)
+ return log_warning_errno(r, "Failed to parse build-id of ELF file: %m");
+
+ r = parse_package_metadata(e, id_json, c.elf, &interpreter_found, &c);
+ if (r < 0)
+ return log_warning_errno(r, "Failed to parse package metadata of ELF file: %m");
+
+ /* If we found a build-id and nothing else, return at least that. */
+ if (!package_metadata && id_json) {
+ r = json_build(&package_metadata, JSON_BUILD_OBJECT(JSON_BUILD_PAIR(e, JSON_BUILD_VARIANT(id_json))));
+ if (r < 0)
+ return log_warning_errno(r, "Failed to build JSON object: %m");
+ }
+
+ if (interpreter_found)
+ elf_type = "executable";
+ else
+ elf_type = "library";
+ }
+
+ /* Note that e_type is always DYN for both executables and libraries, so we can't tell them apart from the header,
+ * but we will search for the PT_INTERP section when parsing the metadata. */
+ r = json_build(&elf_metadata, JSON_BUILD_OBJECT(JSON_BUILD_PAIR("elfType", JSON_BUILD_STRING(elf_type))));
+ if (r < 0)
+ return log_warning_errno(r, "Failed to build JSON object: %m");
+
+#if HAVE_DWELF_ELF_E_MACHINE_STRING
+ const char *elf_architecture = sym_dwelf_elf_e_machine_string(elf_header.e_machine);
+ if (elf_architecture) {
+ _cleanup_(json_variant_unrefp) JsonVariant *json_architecture = NULL;
+
+ r = json_build(&json_architecture,
+ JSON_BUILD_OBJECT(JSON_BUILD_PAIR("elfArchitecture", JSON_BUILD_STRING(elf_architecture))));
+ if (r < 0)
+ return log_warning_errno(r, "Failed to build JSON object: %m");
+
+ r = json_variant_merge_object(&elf_metadata, json_architecture);
+ if (r < 0)
+ return log_warning_errno(r, "Failed to merge JSON objects: %m");
+
+ if (ret)
+ fprintf(c.m.f, "ELF object binary architecture: %s\n", elf_architecture);
+ }
+#endif
+
+ /* We always at least have the ELF type, so merge that (and possibly the arch). */
+ r = json_variant_merge_object(&elf_metadata, package_metadata);
+ if (r < 0)
+ return log_warning_errno(r, "Failed to merge JSON objects: %m");
+
+ if (ret) {
+ r = memstream_finalize(&c.m, ret, NULL);
+ if (r < 0)
+ return log_warning_errno(r, "Could not parse ELF file, flushing file buffer failed: %m");
+ }
+
+ if (ret_package_metadata)
+ *ret_package_metadata = TAKE_PTR(elf_metadata);
+
+ return 0;
+}
+
+int parse_elf_object(int fd, const char *executable, bool fork_disable_dump, char **ret, JsonVariant **ret_package_metadata) {
+ _cleanup_close_pair_ int error_pipe[2] = EBADF_PAIR,
+ return_pipe[2] = EBADF_PAIR,
+ json_pipe[2] = EBADF_PAIR;
+ _cleanup_(json_variant_unrefp) JsonVariant *package_metadata = NULL;
+ _cleanup_free_ char *buf = NULL;
+ int r;
+
+ assert(fd >= 0);
+
+ r = dlopen_dw();
+ if (r < 0)
+ return r;
+
+ r = dlopen_elf();
+ if (r < 0)
+ return r;
+
+ r = RET_NERRNO(pipe2(error_pipe, O_CLOEXEC|O_NONBLOCK));
+ if (r < 0)
+ return r;
+
+ if (ret) {
+ r = RET_NERRNO(pipe2(return_pipe, O_CLOEXEC|O_NONBLOCK));
+ if (r < 0)
+ return r;
+ }
+
+ if (ret_package_metadata) {
+ r = RET_NERRNO(pipe2(json_pipe, O_CLOEXEC|O_NONBLOCK));
+ if (r < 0)
+ return r;
+ }
+
+ /* Parsing possibly malformed data is crash-happy, so fork. In case we crash,
+ * the core file will not be lost, and the messages will still be attached to
+ * the journal. Reading the elf object might be slow, but it still has an upper
+ * bound since the core files have an upper size limit. It's also not doing any
+ * system call or interacting with the system in any way, besides reading from
+ * the file descriptor and writing into these four pipes. */
+ r = safe_fork_full("(sd-parse-elf)",
+ NULL,
+ (int[]){ fd, error_pipe[1], return_pipe[1], json_pipe[1] },
+ 4,
+ FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE|FORK_NEW_USERNS|FORK_WAIT|FORK_REOPEN_LOG,
+ NULL);
+ if (r < 0) {
+ if (r == -EPROTO) { /* We should have the errno from the child, but don't clobber original error */
+ int e, k;
+
+ k = read(error_pipe[0], &e, sizeof(e));
+ if (k < 0 && errno != EAGAIN) /* Pipe is non-blocking, EAGAIN means there's nothing */
+ return -errno;
+ if (k == sizeof(e))
+ return e; /* propagate error sent to us from child */
+ if (k != 0)
+ return -EIO;
+ }
+
+ return r;
+ }
+ if (r == 0) {
+ /* We want to avoid loops, given this can be called from systemd-coredump */
+ if (fork_disable_dump) {
+ r = RET_NERRNO(prctl(PR_SET_DUMPABLE, 0));
+ if (r < 0)
+ goto child_fail;
+ }
+
+ r = parse_elf(fd, executable, ret ? &buf : NULL, ret_package_metadata ? &package_metadata : NULL);
+ if (r < 0)
+ goto child_fail;
+
+ if (buf) {
+ size_t len = strlen(buf);
+
+ if (len > COREDUMP_PIPE_MAX) {
+ /* This is iffy. A backtrace can be a few hundred kilobytes, but too much is
+ * too much. Let's log a warning and ignore the rest. */
+ log_warning("Generated backtrace is %zu bytes (more than the limit of %u bytes), backtrace will be truncated.",
+ len, COREDUMP_PIPE_MAX);
+ len = COREDUMP_PIPE_MAX;
+ }
+
+ /* Bump the space for the returned string.
+ * Failure is ignored, because partial output is still useful. */
+ (void) fcntl(return_pipe[1], F_SETPIPE_SZ, len);
+
+ r = loop_write(return_pipe[1], buf, len);
+ if (r == -EAGAIN)
+ log_warning("Write failed, backtrace will be truncated.");
+ else if (r < 0)
+ goto child_fail;
+
+ return_pipe[1] = safe_close(return_pipe[1]);
+ }
+
+ if (package_metadata) {
+ _cleanup_fclose_ FILE *json_out = NULL;
+
+ /* Bump the space for the returned string. We don't know how much space we'll need in
+ * advance, so we'll just try to write as much as possible and maybe fail later. */
+ (void) fcntl(json_pipe[1], F_SETPIPE_SZ, COREDUMP_PIPE_MAX);
+
+ json_out = take_fdopen(&json_pipe[1], "w");
+ if (!json_out) {
+ r = -errno;
+ goto child_fail;
+ }
+
+ r = json_variant_dump(package_metadata, JSON_FORMAT_FLUSH, json_out, NULL);
+ if (r < 0)
+ log_warning_errno(r, "Failed to write JSON package metadata, ignoring: %m");
+ }
+
+ _exit(EXIT_SUCCESS);
+
+ child_fail:
+ (void) write(error_pipe[1], &r, sizeof(r));
+ _exit(EXIT_FAILURE);
+ }
+
+ error_pipe[1] = safe_close(error_pipe[1]);
+ return_pipe[1] = safe_close(return_pipe[1]);
+ json_pipe[1] = safe_close(json_pipe[1]);
+
+ if (ret) {
+ _cleanup_fclose_ FILE *in = NULL;
+
+ in = take_fdopen(&return_pipe[0], "r");
+ if (!in)
+ return -errno;
+
+ r = read_full_stream(in, &buf, NULL);
+ if (r < 0)
+ return r;
+ }
+
+ if (ret_package_metadata) {
+ _cleanup_fclose_ FILE *json_in = NULL;
+
+ json_in = take_fdopen(&json_pipe[0], "r");
+ if (!json_in)
+ return -errno;
+
+ r = json_parse_file(json_in, NULL, 0, &package_metadata, NULL, NULL);
+ if (r < 0 && r != -ENODATA) /* ENODATA: json was empty, so we got nothing, but that's ok */
+ log_warning_errno(r, "Failed to read or parse json metadata, ignoring: %m");
+ }
+
+ if (ret)
+ *ret = TAKE_PTR(buf);
+ if (ret_package_metadata)
+ *ret_package_metadata = TAKE_PTR(package_metadata);
+
+ return 0;
+}
+
+#endif