Blame view
fs/binfmt_aout.c
8.31 KB
09c434b8a
|
1 |
// SPDX-License-Identifier: GPL-2.0-only |
1da177e4c
|
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
/* * linux/fs/binfmt_aout.c * * Copyright (C) 1991, 1992, 1996 Linus Torvalds */ #include <linux/module.h> #include <linux/time.h> #include <linux/kernel.h> #include <linux/mm.h> #include <linux/mman.h> #include <linux/a.out.h> #include <linux/errno.h> #include <linux/signal.h> #include <linux/string.h> #include <linux/fs.h> #include <linux/file.h> #include <linux/stat.h> #include <linux/fcntl.h> #include <linux/ptrace.h> #include <linux/user.h> |
1da177e4c
|
24 25 26 |
#include <linux/binfmts.h> #include <linux/personality.h> #include <linux/init.h> |
088e7af73
|
27 |
#include <linux/coredump.h> |
5a0e3ad6a
|
28 |
#include <linux/slab.h> |
68db0cf10
|
29 |
#include <linux/sched/task_stack.h> |
1da177e4c
|
30 |
|
7c0f6ba68
|
31 |
#include <linux/uaccess.h> |
1da177e4c
|
32 |
#include <asm/cacheflush.h> |
71613c3b8
|
33 |
static int load_aout_binary(struct linux_binprm *); |
1da177e4c
|
34 |
static int load_aout_library(struct file*); |
1da177e4c
|
35 |
|
046d662f4
|
36 37 38 39 |
static struct linux_binfmt aout_format = { .module = THIS_MODULE, .load_binary = load_aout_binary, .load_shlib = load_aout_library, |
046d662f4
|
40 41 42 43 44 45 46 47 |
}; #define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE) static int set_brk(unsigned long start, unsigned long end) { start = PAGE_ALIGN(start); end = PAGE_ALIGN(end); |
5d22fc25d
|
48 49 |
if (end > start) return vm_brk(start, end - start); |
046d662f4
|
50 51 |
return 0; } |
1da177e4c
|
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
/* * create_aout_tables() parses the env- and arg-strings in new user * memory and creates the pointer tables from them, and puts their * addresses on the "stack", returning the new stack pointer value. */ static unsigned long __user *create_aout_tables(char __user *p, struct linux_binprm * bprm) { char __user * __user *argv; char __user * __user *envp; unsigned long __user *sp; int argc = bprm->argc; int envc = bprm->envc; sp = (void __user *)((-(unsigned long)sizeof(char *)) & (unsigned long) p); |
1da177e4c
|
67 68 69 70 71 72 |
#ifdef __alpha__ /* whee.. test-programs are so much fun. */ put_user(0, --sp); put_user(0, --sp); if (bprm->loader) { put_user(0, --sp); |
17580d7f2
|
73 |
put_user(1003, --sp); |
1da177e4c
|
74 |
put_user(bprm->loader, --sp); |
17580d7f2
|
75 |
put_user(1002, --sp); |
1da177e4c
|
76 77 |
} put_user(bprm->exec, --sp); |
17580d7f2
|
78 |
put_user(1001, --sp); |
1da177e4c
|
79 80 81 82 83 |
#endif sp -= envc+1; envp = (char __user * __user *) sp; sp -= argc+1; argv = (char __user * __user *) sp; |
17580d7f2
|
84 |
#ifndef __alpha__ |
1da177e4c
|
85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 |
put_user((unsigned long) envp,--sp); put_user((unsigned long) argv,--sp); #endif put_user(argc,--sp); current->mm->arg_start = (unsigned long) p; while (argc-->0) { char c; put_user(p,argv++); do { get_user(c,p++); } while (c); } put_user(NULL,argv); current->mm->arg_end = current->mm->env_start = (unsigned long) p; while (envc-->0) { char c; put_user(p,envp++); do { get_user(c,p++); } while (c); } put_user(NULL,envp); current->mm->env_end = (unsigned long) p; return sp; } /* * These are the functions used to load a.out style executables and shared * libraries. There is no binary dependent code anywhere else. */ |
71613c3b8
|
115 |
static int load_aout_binary(struct linux_binprm * bprm) |
1da177e4c
|
116 |
{ |
71613c3b8
|
117 |
struct pt_regs *regs = current_pt_regs(); |
1da177e4c
|
118 119 120 121 122 123 124 125 126 127 |
struct exec ex; unsigned long error; unsigned long fd_offset; unsigned long rlim; int retval; ex = *((struct exec *) bprm->buf); /* exec-header */ if ((N_MAGIC(ex) != ZMAGIC && N_MAGIC(ex) != OMAGIC && N_MAGIC(ex) != QMAGIC && N_MAGIC(ex) != NMAGIC) || N_TRSIZE(ex) || N_DRSIZE(ex) || |
496ad9aa8
|
128 |
i_size_read(file_inode(bprm->file)) < ex.a_text+ex.a_data+N_SYMSIZE(ex)+N_TXTOFF(ex)) { |
1da177e4c
|
129 130 |
return -ENOEXEC; } |
8454aeef6
|
131 132 133 134 |
/* * Requires a mmap handler. This prevents people from using a.out * as part of an exploit attack against /proc-related vulnerabilities. */ |
72c2d5319
|
135 |
if (!bprm->file->f_op->mmap) |
8454aeef6
|
136 |
return -ENOEXEC; |
1da177e4c
|
137 138 139 140 141 142 |
fd_offset = N_TXTOFF(ex); /* Check initial limits. This avoids letting people circumvent * size limits imposed on them by creating programs with large * arrays in the data or bss. */ |
d554ed895
|
143 |
rlim = rlimit(RLIMIT_DATA); |
1da177e4c
|
144 145 146 147 148 149 150 151 152 153 154 |
if (rlim >= RLIM_INFINITY) rlim = ~0; if (ex.a_data + ex.a_bss > rlim) return -ENOMEM; /* Flush all traces of the currently running executable */ retval = flush_old_exec(bprm); if (retval) return retval; /* OK, This is the point of no return */ |
17580d7f2
|
155 |
#ifdef __alpha__ |
1da177e4c
|
156 |
SET_AOUT_PERSONALITY(bprm, ex); |
1da177e4c
|
157 158 159 |
#else set_personality(PER_LINUX); #endif |
221af7f87
|
160 |
setup_new_exec(bprm); |
1da177e4c
|
161 162 163 164 165 166 167 |
current->mm->end_code = ex.a_text + (current->mm->start_code = N_TXTADDR(ex)); current->mm->end_data = ex.a_data + (current->mm->start_data = N_DATADDR(ex)); current->mm->brk = ex.a_bss + (current->mm->start_brk = N_BSSADDR(ex)); |
1da177e4c
|
168 |
|
6414fa6a1
|
169 |
retval = setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT); |
19d860a14
|
170 |
if (retval < 0) |
6414fa6a1
|
171 |
return retval; |
6414fa6a1
|
172 |
|
a6f76f23d
|
173 |
install_exec_creds(bprm); |
1da177e4c
|
174 175 176 177 178 179 |
if (N_MAGIC(ex) == OMAGIC) { unsigned long text_addr, map_size; loff_t pos; text_addr = N_TXTADDR(ex); |
fe30af971
|
180 |
#ifdef __alpha__ |
1da177e4c
|
181 182 183 184 185 186 |
pos = fd_offset; map_size = ex.a_text+ex.a_data + PAGE_SIZE - 1; #else pos = 32; map_size = ex.a_text+ex.a_data; #endif |
e4eb1ff61
|
187 |
error = vm_brk(text_addr & PAGE_MASK, map_size); |
5d22fc25d
|
188 |
if (error) |
1da177e4c
|
189 |
return error; |
1da177e4c
|
190 |
|
3dc20cb28
|
191 192 |
error = read_code(bprm->file, text_addr, pos, ex.a_text+ex.a_data); |
19d860a14
|
193 |
if ((signed long)error < 0) |
1da177e4c
|
194 |
return error; |
1da177e4c
|
195 |
} else { |
1da177e4c
|
196 |
if ((ex.a_text & 0xfff || ex.a_data & 0xfff) && |
2e50b6ccd
|
197 |
(N_MAGIC(ex) != NMAGIC) && printk_ratelimit()) |
1da177e4c
|
198 199 200 |
{ printk(KERN_NOTICE "executable not page aligned "); |
1da177e4c
|
201 |
} |
2e50b6ccd
|
202 |
if ((fd_offset & ~PAGE_MASK) != 0 && printk_ratelimit()) |
1da177e4c
|
203 204 |
{ printk(KERN_WARNING |
a455589f1
|
205 206 207 |
"fd_offset is not page aligned. Please convert program: %pD ", bprm->file); |
1da177e4c
|
208 209 210 |
} if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) { |
864778b15
|
211 |
error = vm_brk(N_TXTADDR(ex), ex.a_text+ex.a_data); |
5d22fc25d
|
212 |
if (error) |
864778b15
|
213 |
return error; |
3dc20cb28
|
214 215 |
read_code(bprm->file, N_TXTADDR(ex), fd_offset, ex.a_text + ex.a_data); |
1da177e4c
|
216 217 |
goto beyond_if; } |
6be5ceb02
|
218 |
error = vm_mmap(bprm->file, N_TXTADDR(ex), ex.a_text, |
1da177e4c
|
219 220 221 |
PROT_READ | PROT_EXEC, MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE, fd_offset); |
1da177e4c
|
222 |
|
19d860a14
|
223 |
if (error != N_TXTADDR(ex)) |
1da177e4c
|
224 |
return error; |
1da177e4c
|
225 |
|
6be5ceb02
|
226 |
error = vm_mmap(bprm->file, N_DATADDR(ex), ex.a_data, |
1da177e4c
|
227 228 229 |
PROT_READ | PROT_WRITE | PROT_EXEC, MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE, fd_offset + ex.a_text); |
19d860a14
|
230 |
if (error != N_DATADDR(ex)) |
1da177e4c
|
231 |
return error; |
1da177e4c
|
232 233 234 235 236 |
} beyond_if: set_binfmt(&aout_format); retval = set_brk(current->mm->start_brk, current->mm->brk); |
19d860a14
|
237 |
if (retval < 0) |
1da177e4c
|
238 |
return retval; |
1da177e4c
|
239 |
|
1da177e4c
|
240 241 242 243 244 |
current->mm->start_stack = (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); #ifdef __alpha__ regs->gp = ex.a_gpvalue; #endif |
b83838313
|
245 |
finalize_exec(bprm); |
1da177e4c
|
246 |
start_thread(regs, ex.a_entry, current->mm->start_stack); |
1da177e4c
|
247 248 249 250 251 252 253 254 255 256 |
return 0; } static int load_aout_library(struct file *file) { struct inode * inode; unsigned long bss, start_addr, len; unsigned long error; int retval; struct exec ex; |
bdd1d2d3d
|
257 |
loff_t pos = 0; |
1da177e4c
|
258 |
|
496ad9aa8
|
259 |
inode = file_inode(file); |
1da177e4c
|
260 261 |
retval = -ENOEXEC; |
bdd1d2d3d
|
262 |
error = kernel_read(file, &ex, sizeof(ex), &pos); |
1da177e4c
|
263 264 265 266 267 268 269 270 271 |
if (error != sizeof(ex)) goto out; /* We come in here for the regular a.out style of shared libraries */ if ((N_MAGIC(ex) != ZMAGIC && N_MAGIC(ex) != QMAGIC) || N_TRSIZE(ex) || N_DRSIZE(ex) || ((ex.a_entry & 0xfff) && N_MAGIC(ex) == ZMAGIC) || i_size_read(inode) < ex.a_text+ex.a_data+N_SYMSIZE(ex)+N_TXTOFF(ex)) { goto out; } |
8454aeef6
|
272 273 274 275 |
/* * Requires a mmap handler. This prevents people from using a.out * as part of an exploit attack against /proc-related vulnerabilities. */ |
72c2d5319
|
276 |
if (!file->f_op->mmap) |
8454aeef6
|
277 |
goto out; |
1da177e4c
|
278 279 280 281 282 283 284 285 286 |
if (N_FLAGS(ex)) goto out; /* For QMAGIC, the starting address is 0x20 into the page. We mask this off to get the starting address for the page */ start_addr = ex.a_entry & 0xfffff000; if ((N_TXTOFF(ex) & ~PAGE_MASK) != 0) { |
2e50b6ccd
|
287 |
if (printk_ratelimit()) |
1da177e4c
|
288 289 |
{ printk(KERN_WARNING |
a455589f1
|
290 291 292 |
"N_TXTOFF is not page aligned. Please convert library: %pD ", file); |
1da177e4c
|
293 |
} |
864778b15
|
294 |
retval = vm_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss); |
5d22fc25d
|
295 |
if (retval) |
864778b15
|
296 |
goto out; |
3dc20cb28
|
297 298 |
read_code(file, start_addr, N_TXTOFF(ex), ex.a_text + ex.a_data); |
1da177e4c
|
299 300 301 302 |
retval = 0; goto out; } /* Now use mmap to map the library into memory. */ |
6be5ceb02
|
303 |
error = vm_mmap(file, start_addr, ex.a_text + ex.a_data, |
1da177e4c
|
304 305 306 |
PROT_READ | PROT_WRITE | PROT_EXEC, MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE, N_TXTOFF(ex)); |
1da177e4c
|
307 308 309 310 311 312 313 |
retval = error; if (error != start_addr) goto out; len = PAGE_ALIGN(ex.a_text + ex.a_data); bss = ex.a_text + ex.a_data + ex.a_bss; if (bss > len) { |
5d22fc25d
|
314 315 |
retval = vm_brk(start_addr + len, bss - len); if (retval) |
1da177e4c
|
316 317 318 319 320 321 322 323 324 |
goto out; } retval = 0; out: return retval; } static int __init init_aout_binfmt(void) { |
8fc3dc5a3
|
325 326 |
register_binfmt(&aout_format); return 0; |
1da177e4c
|
327 328 329 330 331 332 333 334 335 336 |
} static void __exit exit_aout_binfmt(void) { unregister_binfmt(&aout_format); } core_initcall(init_aout_binfmt); module_exit(exit_aout_binfmt); MODULE_LICENSE("GPL"); |