How programs get run: ELF binaries (2015)
6 months ago
- #Kernel
- #ELF
- #Linux
- ELF (Executable and Linkable Format) is the main binary format used on modern Linux systems.
- The kernel's ELF support is implemented in `fs/binfmt_elf.c` and is more complex than support for older formats like `a.out`.
- An ELF file for an executable must contain a program header table after the ELF header, with entries needed to run the program.
- The kernel primarily cares about three types of program header entries: PT_LOAD (memory segments), PT_INTERP (runtime linker), and PT_GNU_STACK (stack executability).
- Loading an ELF binary involves `load_elf_binary()`, which checks the ELF header, processes program headers, and initializes the new program's attributes.
- The process includes setting up virtual memory, credentials, and the stack, with randomization for security.
- Dynamically linked programs use a runtime linker specified by PT_INTERP, which is loaded into memory similarly to the main program.
- The kernel supports 32-bit binaries on 64-bit systems via `compat_binfmt_elf.c`, which redirects functions to 32-bit compatibility versions.
- The `execve()` system call is central to program execution on Linux, with the kernel handling ELF complexity to load segments and invoke the runtime linker.