Blame view
fs/binfmt_aout.c
8.31 KB
09c434b8a treewide: Add SPD... |
1 |
// SPDX-License-Identifier: GPL-2.0-only |
1da177e4c Linux-2.6.12-rc2 |
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
/* * linux/fs/binfmt_aout.c * * Copyright (C) 1991, 1992, 1996 Linus Torvalds */ #include <linux/module.h> #include <linux/time.h> #include <linux/kernel.h> #include <linux/mm.h> #include <linux/mman.h> #include <linux/a.out.h> #include <linux/errno.h> #include <linux/signal.h> #include <linux/string.h> #include <linux/fs.h> #include <linux/file.h> #include <linux/stat.h> #include <linux/fcntl.h> #include <linux/ptrace.h> #include <linux/user.h> |
1da177e4c Linux-2.6.12-rc2 |
24 25 26 |
#include <linux/binfmts.h> #include <linux/personality.h> #include <linux/init.h> |
088e7af73 coredump: move du... |
27 |
#include <linux/coredump.h> |
5a0e3ad6a include cleanup: ... |
28 |
#include <linux/slab.h> |
68db0cf10 sched/headers: Pr... |
29 |
#include <linux/sched/task_stack.h> |
1da177e4c Linux-2.6.12-rc2 |
30 |
|
7c0f6ba68 Replace <asm/uacc... |
31 |
#include <linux/uaccess.h> |
1da177e4c Linux-2.6.12-rc2 |
32 |
#include <asm/cacheflush.h> |
71613c3b8 get rid of pt_reg... |
33 |
static int load_aout_binary(struct linux_binprm *); |
1da177e4c Linux-2.6.12-rc2 |
34 |
static int load_aout_library(struct file*); |
1da177e4c Linux-2.6.12-rc2 |
35 |
|
046d662f4 coredump: make co... |
36 37 38 39 |
static struct linux_binfmt aout_format = { .module = THIS_MODULE, .load_binary = load_aout_binary, .load_shlib = load_aout_library, |
046d662f4 coredump: make co... |
40 41 42 43 44 45 46 47 |
}; #define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE) static int set_brk(unsigned long start, unsigned long end) { start = PAGE_ALIGN(start); end = PAGE_ALIGN(end); |
5d22fc25d mm: remove more I... |
48 49 |
if (end > start) return vm_brk(start, end - start); |
046d662f4 coredump: make co... |
50 51 |
return 0; } |
1da177e4c Linux-2.6.12-rc2 |
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
/* * create_aout_tables() parses the env- and arg-strings in new user * memory and creates the pointer tables from them, and puts their * addresses on the "stack", returning the new stack pointer value. */ static unsigned long __user *create_aout_tables(char __user *p, struct linux_binprm * bprm) { char __user * __user *argv; char __user * __user *envp; unsigned long __user *sp; int argc = bprm->argc; int envc = bprm->envc; sp = (void __user *)((-(unsigned long)sizeof(char *)) & (unsigned long) p); |
1da177e4c Linux-2.6.12-rc2 |
67 68 69 70 71 72 |
#ifdef __alpha__ /* whee.. test-programs are so much fun. */ put_user(0, --sp); put_user(0, --sp); if (bprm->loader) { put_user(0, --sp); |
17580d7f2 sanitize ifdefs i... |
73 |
put_user(1003, --sp); |
1da177e4c Linux-2.6.12-rc2 |
74 |
put_user(bprm->loader, --sp); |
17580d7f2 sanitize ifdefs i... |
75 |
put_user(1002, --sp); |
1da177e4c Linux-2.6.12-rc2 |
76 77 |
} put_user(bprm->exec, --sp); |
17580d7f2 sanitize ifdefs i... |
78 |
put_user(1001, --sp); |
1da177e4c Linux-2.6.12-rc2 |
79 80 81 82 83 |
#endif sp -= envc+1; envp = (char __user * __user *) sp; sp -= argc+1; argv = (char __user * __user *) sp; |
17580d7f2 sanitize ifdefs i... |
84 |
#ifndef __alpha__ |
1da177e4c Linux-2.6.12-rc2 |
85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 |
put_user((unsigned long) envp,--sp); put_user((unsigned long) argv,--sp); #endif put_user(argc,--sp); current->mm->arg_start = (unsigned long) p; while (argc-->0) { char c; put_user(p,argv++); do { get_user(c,p++); } while (c); } put_user(NULL,argv); current->mm->arg_end = current->mm->env_start = (unsigned long) p; while (envc-->0) { char c; put_user(p,envp++); do { get_user(c,p++); } while (c); } put_user(NULL,envp); current->mm->env_end = (unsigned long) p; return sp; } /* * These are the functions used to load a.out style executables and shared * libraries. There is no binary dependent code anywhere else. */ |
71613c3b8 get rid of pt_reg... |
115 |
static int load_aout_binary(struct linux_binprm * bprm) |
1da177e4c Linux-2.6.12-rc2 |
116 |
{ |
71613c3b8 get rid of pt_reg... |
117 |
struct pt_regs *regs = current_pt_regs(); |
1da177e4c Linux-2.6.12-rc2 |
118 119 120 121 122 123 124 125 126 127 |
struct exec ex; unsigned long error; unsigned long fd_offset; unsigned long rlim; int retval; ex = *((struct exec *) bprm->buf); /* exec-header */ if ((N_MAGIC(ex) != ZMAGIC && N_MAGIC(ex) != OMAGIC && N_MAGIC(ex) != QMAGIC && N_MAGIC(ex) != NMAGIC) || N_TRSIZE(ex) || N_DRSIZE(ex) || |
496ad9aa8 new helper: file_... |
128 |
i_size_read(file_inode(bprm->file)) < ex.a_text+ex.a_data+N_SYMSIZE(ex)+N_TXTOFF(ex)) { |
1da177e4c Linux-2.6.12-rc2 |
129 130 |
return -ENOEXEC; } |
8454aeef6 [PATCH] Require m... |
131 132 133 134 |
/* * Requires a mmap handler. This prevents people from using a.out * as part of an exploit attack against /proc-related vulnerabilities. */ |
72c2d5319 file->f_op is nev... |
135 |
if (!bprm->file->f_op->mmap) |
8454aeef6 [PATCH] Require m... |
136 |
return -ENOEXEC; |
1da177e4c Linux-2.6.12-rc2 |
137 138 139 140 141 142 |
fd_offset = N_TXTOFF(ex); /* Check initial limits. This avoids letting people circumvent * size limits imposed on them by creating programs with large * arrays in the data or bss. */ |
d554ed895 fs: use rlimit he... |
143 |
rlim = rlimit(RLIMIT_DATA); |
1da177e4c Linux-2.6.12-rc2 |
144 145 146 147 148 149 150 151 152 153 154 |
if (rlim >= RLIM_INFINITY) rlim = ~0; if (ex.a_data + ex.a_bss > rlim) return -ENOMEM; /* Flush all traces of the currently running executable */ retval = flush_old_exec(bprm); if (retval) return retval; /* OK, This is the point of no return */ |
17580d7f2 sanitize ifdefs i... |
155 |
#ifdef __alpha__ |
1da177e4c Linux-2.6.12-rc2 |
156 |
SET_AOUT_PERSONALITY(bprm, ex); |
1da177e4c Linux-2.6.12-rc2 |
157 158 159 |
#else set_personality(PER_LINUX); #endif |
221af7f87 Split 'flush_old_... |
160 |
setup_new_exec(bprm); |
1da177e4c Linux-2.6.12-rc2 |
161 162 163 164 165 166 167 |
current->mm->end_code = ex.a_text + (current->mm->start_code = N_TXTADDR(ex)); current->mm->end_data = ex.a_data + (current->mm->start_data = N_DATADDR(ex)); current->mm->brk = ex.a_bss + (current->mm->start_brk = N_BSSADDR(ex)); |
1da177e4c Linux-2.6.12-rc2 |
168 |
|
6414fa6a1 aout: move setup_... |
169 |
retval = setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT); |
19d860a14 handle suicide on... |
170 |
if (retval < 0) |
6414fa6a1 aout: move setup_... |
171 |
return retval; |
6414fa6a1 aout: move setup_... |
172 |
|
a6f76f23d CRED: Make execve... |
173 |
install_exec_creds(bprm); |
1da177e4c Linux-2.6.12-rc2 |
174 175 176 177 178 179 |
if (N_MAGIC(ex) == OMAGIC) { unsigned long text_addr, map_size; loff_t pos; text_addr = N_TXTADDR(ex); |
fe30af971 remove the rudime... |
180 |
#ifdef __alpha__ |
1da177e4c Linux-2.6.12-rc2 |
181 182 183 184 185 186 |
pos = fd_offset; map_size = ex.a_text+ex.a_data + PAGE_SIZE - 1; #else pos = 32; map_size = ex.a_text+ex.a_data; #endif |
e4eb1ff61 VM: add "vm_brk()... |
187 |
error = vm_brk(text_addr & PAGE_MASK, map_size); |
5d22fc25d mm: remove more I... |
188 |
if (error) |
1da177e4c Linux-2.6.12-rc2 |
189 |
return error; |
1da177e4c Linux-2.6.12-rc2 |
190 |
|
3dc20cb28 new helper: read_... |
191 192 |
error = read_code(bprm->file, text_addr, pos, ex.a_text+ex.a_data); |
19d860a14 handle suicide on... |
193 |
if ((signed long)error < 0) |
1da177e4c Linux-2.6.12-rc2 |
194 |
return error; |
1da177e4c Linux-2.6.12-rc2 |
195 |
} else { |
1da177e4c Linux-2.6.12-rc2 |
196 |
if ((ex.a_text & 0xfff || ex.a_data & 0xfff) && |
2e50b6ccd fs/binfmt_aout.c:... |
197 |
(N_MAGIC(ex) != NMAGIC) && printk_ratelimit()) |
1da177e4c Linux-2.6.12-rc2 |
198 199 200 |
{ printk(KERN_NOTICE "executable not page aligned "); |
1da177e4c Linux-2.6.12-rc2 |
201 |
} |
2e50b6ccd fs/binfmt_aout.c:... |
202 |
if ((fd_offset & ~PAGE_MASK) != 0 && printk_ratelimit()) |
1da177e4c Linux-2.6.12-rc2 |
203 204 |
{ printk(KERN_WARNING |
a455589f1 assorted conversi... |
205 206 207 |
"fd_offset is not page aligned. Please convert program: %pD ", bprm->file); |
1da177e4c Linux-2.6.12-rc2 |
208 209 210 |
} if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) { |
864778b15 mm, aout: handle ... |
211 |
error = vm_brk(N_TXTADDR(ex), ex.a_text+ex.a_data); |
5d22fc25d mm: remove more I... |
212 |
if (error) |
864778b15 mm, aout: handle ... |
213 |
return error; |
3dc20cb28 new helper: read_... |
214 215 |
read_code(bprm->file, N_TXTADDR(ex), fd_offset, ex.a_text + ex.a_data); |
1da177e4c Linux-2.6.12-rc2 |
216 217 |
goto beyond_if; } |
6be5ceb02 VM: add "vm_mmap(... |
218 |
error = vm_mmap(bprm->file, N_TXTADDR(ex), ex.a_text, |
1da177e4c Linux-2.6.12-rc2 |
219 220 221 |
PROT_READ | PROT_EXEC, MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE, fd_offset); |
1da177e4c Linux-2.6.12-rc2 |
222 |
|
19d860a14 handle suicide on... |
223 |
if (error != N_TXTADDR(ex)) |
1da177e4c Linux-2.6.12-rc2 |
224 |
return error; |
1da177e4c Linux-2.6.12-rc2 |
225 |
|
6be5ceb02 VM: add "vm_mmap(... |
226 |
error = vm_mmap(bprm->file, N_DATADDR(ex), ex.a_data, |
1da177e4c Linux-2.6.12-rc2 |
227 228 229 |
PROT_READ | PROT_WRITE | PROT_EXEC, MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE, fd_offset + ex.a_text); |
19d860a14 handle suicide on... |
230 |
if (error != N_DATADDR(ex)) |
1da177e4c Linux-2.6.12-rc2 |
231 |
return error; |
1da177e4c Linux-2.6.12-rc2 |
232 233 234 235 236 |
} beyond_if: set_binfmt(&aout_format); retval = set_brk(current->mm->start_brk, current->mm->brk); |
19d860a14 handle suicide on... |
237 |
if (retval < 0) |
1da177e4c Linux-2.6.12-rc2 |
238 |
return retval; |
1da177e4c Linux-2.6.12-rc2 |
239 |
|
1da177e4c Linux-2.6.12-rc2 |
240 241 242 243 244 |
current->mm->start_stack = (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); #ifdef __alpha__ regs->gp = ex.a_gpvalue; #endif |
b83838313 exec: introduce f... |
245 |
finalize_exec(bprm); |
1da177e4c Linux-2.6.12-rc2 |
246 |
start_thread(regs, ex.a_entry, current->mm->start_stack); |
1da177e4c Linux-2.6.12-rc2 |
247 248 249 250 251 252 253 254 255 256 |
return 0; } static int load_aout_library(struct file *file) { struct inode * inode; unsigned long bss, start_addr, len; unsigned long error; int retval; struct exec ex; |
bdd1d2d3d fs: fix kernel_re... |
257 |
loff_t pos = 0; |
1da177e4c Linux-2.6.12-rc2 |
258 |
|
496ad9aa8 new helper: file_... |
259 |
inode = file_inode(file); |
1da177e4c Linux-2.6.12-rc2 |
260 261 |
retval = -ENOEXEC; |
bdd1d2d3d fs: fix kernel_re... |
262 |
error = kernel_read(file, &ex, sizeof(ex), &pos); |
1da177e4c Linux-2.6.12-rc2 |
263 264 265 266 267 268 269 270 271 |
if (error != sizeof(ex)) goto out; /* We come in here for the regular a.out style of shared libraries */ if ((N_MAGIC(ex) != ZMAGIC && N_MAGIC(ex) != QMAGIC) || N_TRSIZE(ex) || N_DRSIZE(ex) || ((ex.a_entry & 0xfff) && N_MAGIC(ex) == ZMAGIC) || i_size_read(inode) < ex.a_text+ex.a_data+N_SYMSIZE(ex)+N_TXTOFF(ex)) { goto out; } |
8454aeef6 [PATCH] Require m... |
272 273 274 275 |
/* * Requires a mmap handler. This prevents people from using a.out * as part of an exploit attack against /proc-related vulnerabilities. */ |
72c2d5319 file->f_op is nev... |
276 |
if (!file->f_op->mmap) |
8454aeef6 [PATCH] Require m... |
277 |
goto out; |
1da177e4c Linux-2.6.12-rc2 |
278 279 280 281 282 283 284 285 286 |
if (N_FLAGS(ex)) goto out; /* For QMAGIC, the starting address is 0x20 into the page. We mask this off to get the starting address for the page */ start_addr = ex.a_entry & 0xfffff000; if ((N_TXTOFF(ex) & ~PAGE_MASK) != 0) { |
2e50b6ccd fs/binfmt_aout.c:... |
287 |
if (printk_ratelimit()) |
1da177e4c Linux-2.6.12-rc2 |
288 289 |
{ printk(KERN_WARNING |
a455589f1 assorted conversi... |
290 291 292 |
"N_TXTOFF is not page aligned. Please convert library: %pD ", file); |
1da177e4c Linux-2.6.12-rc2 |
293 |
} |
864778b15 mm, aout: handle ... |
294 |
retval = vm_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss); |
5d22fc25d mm: remove more I... |
295 |
if (retval) |
864778b15 mm, aout: handle ... |
296 |
goto out; |
3dc20cb28 new helper: read_... |
297 298 |
read_code(file, start_addr, N_TXTOFF(ex), ex.a_text + ex.a_data); |
1da177e4c Linux-2.6.12-rc2 |
299 300 301 302 |
retval = 0; goto out; } /* Now use mmap to map the library into memory. */ |
6be5ceb02 VM: add "vm_mmap(... |
303 |
error = vm_mmap(file, start_addr, ex.a_text + ex.a_data, |
1da177e4c Linux-2.6.12-rc2 |
304 305 306 |
PROT_READ | PROT_WRITE | PROT_EXEC, MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE, N_TXTOFF(ex)); |
1da177e4c Linux-2.6.12-rc2 |
307 308 309 310 311 312 313 |
retval = error; if (error != start_addr) goto out; len = PAGE_ALIGN(ex.a_text + ex.a_data); bss = ex.a_text + ex.a_data + ex.a_bss; if (bss > len) { |
5d22fc25d mm: remove more I... |
314 315 |
retval = vm_brk(start_addr + len, bss - len); if (retval) |
1da177e4c Linux-2.6.12-rc2 |
316 317 318 319 320 321 322 323 324 |
goto out; } retval = 0; out: return retval; } static int __init init_aout_binfmt(void) { |
8fc3dc5a3 __register_binfmt... |
325 326 |
register_binfmt(&aout_format); return 0; |
1da177e4c Linux-2.6.12-rc2 |
327 328 329 330 331 332 333 334 335 336 |
} static void __exit exit_aout_binfmt(void) { unregister_binfmt(&aout_format); } core_initcall(init_aout_binfmt); module_exit(exit_aout_binfmt); MODULE_LICENSE("GPL"); |