How programs get run: ELF binaries (2015)

Summary

February 4, 2015 This article was contributed by David Drysdale The previous article in this series described the general mechanisms that the Linux kernel has for executing programs as a result of a user-space call to execve(). However, the particular format handlers described in that article each deferred the process of execution to an inner call to search_binary_handler(). That recursion almost always ends with the invocation of an ELF binary program, which is the subject of this article. The ELF format The ELF (Executable and Linkable Format) format is the main binary format in use on modern Linux systems, and support for it is implemented in the file fs/binfmt_elf.c. It's also a slightly complicated format for the kernel to handle; the main load_elf_binary() function spans over 400 lines, and the ELF support code is more than four times as big as the code that supports the old a.out format. An ELF file for an executable program (rather than a shared library or an object file) must always contain a program header table near the start of the file, after the ELF header; each entry in this table provides information that is needed to run the program. The kernel only really cares about three types of program header entries. The first type is the PT_LOAD segment, which describes areas of the new program's running memory. This includes code and data sections that come from the executable file, together with the size of a BSS section. The BSS will be filled with zeroes (thus only its length needs to be stored in the executable file). The second entry of interest is a PT_INTERP entry, which identifies the run-time linker needed to assemble the complete program; for the time being, we'll assume a statically linked ELF binary and return to dynamic linking later. Finally, the kernel also gets a single bit of information from a PT_GNU_STACK entry, if present, which indicates whether the program's stack should be made executable or not. (This article only focuses on what's ne...