Before (static executable):
| Elf header Elf32_Ehdr | Pointer to Phdr |
| Program header Elf32_Phdr | PT_PHDR - refers to PHDR itself |
| PT_LOAD - text | |
| PT_LOAD - data+bss | |
| mapped segments | text |
| data |
After:
| New header info
Exec() uses this when the process is run. This is mapped just before the original start of the process. |
Elf header Elf32_Ehdr | Pointer to new Phdr |
| Program header Elf32_Phdr | PT_PHDR | |
| PT_LOAD - text | ||
| PT_LOAD - data+bss | ||
| PT_NOTE - capabilities | ||
| Note data | ||
| padding to page size | ||
| Original header info
This is unchanged and is mapped in the same place in the process address space. |
Elf header Elf32_Ehdr | Elf header Elf32_Ehdr |
| Program header Elf32_Phdr | PT_PHDR | |
| PT_LOAD | ||
| PT_LOAD | ||
What does all this mean? Essentially everything in the executable file is shifted up one page, and the new ELF header and capabilities are slotted in. Everything is the same when the process is run, but the newly inserted headers are mapped just before the start of the original executable. There's no real reason they need to be mapped at all, other than the way that the kernel's ELF exec loader works.
This is a patch for fs/binfmt_elf in 2.2.x kernels. It parses an executable's NOTES section (if any) and extracts capabilities from it. It doesn't actually do anything with the info once its been found.
Comments? Mail me.