Eric Lee / smarc-fsl-linux-kernel

Blame view

fs/binfmt_aout.c 8.28 KB

09c434b8a Thomas Gleixner treewide: Add SPD...	1	// SPDX-License-Identifier: GPL-2.0-only
1da177e4c Linus Torvalds Linux-2.6.12-rc2	2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23	/* * linux/fs/binfmt_aout.c * * Copyright (C) 1991, 1992, 1996 Linus Torvalds */ #include <linux/module.h> #include <linux/time.h> #include <linux/kernel.h> #include <linux/mm.h> #include <linux/mman.h> #include <linux/a.out.h> #include <linux/errno.h> #include <linux/signal.h> #include <linux/string.h> #include <linux/fs.h> #include <linux/file.h> #include <linux/stat.h> #include <linux/fcntl.h> #include <linux/ptrace.h> #include <linux/user.h>
1da177e4c Linus Torvalds Linux-2.6.12-rc2	24 25 26	#include <linux/binfmts.h> #include <linux/personality.h> #include <linux/init.h>
088e7af73 Daisuke HATAYAMA coredump: move du...	27	#include <linux/coredump.h>
5a0e3ad6a Tejun Heo include cleanup: ...	28	#include <linux/slab.h>
68db0cf10 Ingo Molnar sched/headers: Pr...	29	#include <linux/sched/task_stack.h>
1da177e4c Linus Torvalds Linux-2.6.12-rc2	30
7c0f6ba68 Linus Torvalds Replace <asm/uacc...	31	#include <linux/uaccess.h>
1da177e4c Linus Torvalds Linux-2.6.12-rc2	32	#include <asm/cacheflush.h>
71613c3b8 Al Viro get rid of pt_reg...	33	static int load_aout_binary(struct linux_binprm *);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	34	static int load_aout_library(struct file*);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	35
046d662f4 Alex Kelly coredump: make co...	36 37 38 39	static struct linux_binfmt aout_format = { .module = THIS_MODULE, .load_binary = load_aout_binary, .load_shlib = load_aout_library,
046d662f4 Alex Kelly coredump: make co...	40 41 42 43 44 45 46 47	}; #define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE) static int set_brk(unsigned long start, unsigned long end) { start = PAGE_ALIGN(start); end = PAGE_ALIGN(end);
5d22fc25d Linus Torvalds mm: remove more I...	48 49	if (end > start) return vm_brk(start, end - start);
046d662f4 Alex Kelly coredump: make co...	50 51	return 0; }
1da177e4c Linus Torvalds Linux-2.6.12-rc2	52 53 54 55 56 57 58 59 60 61 62 63 64 65 66	/* * create_aout_tables() parses the env- and arg-strings in new user * memory and creates the pointer tables from them, and puts their * addresses on the "stack", returning the new stack pointer value. / static unsigned long __user create_aout_tables(char __user p, struct linux_binprm bprm) { char __user * __user argv; char __user __user envp; unsigned long __user sp; int argc = bprm->argc; int envc = bprm->envc; sp = (void __user )((-(unsigned long)sizeof(char )) & (unsigned long) p);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	67 68 69 70 71 72	#ifdef __alpha__ /* whee.. test-programs are so much fun. */ put_user(0, --sp); put_user(0, --sp); if (bprm->loader) { put_user(0, --sp);
17580d7f2 Al Viro sanitize ifdefs i...	73	put_user(1003, --sp);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	74	put_user(bprm->loader, --sp);
17580d7f2 Al Viro sanitize ifdefs i...	75	put_user(1002, --sp);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	76 77	} put_user(bprm->exec, --sp);
17580d7f2 Al Viro sanitize ifdefs i...	78	put_user(1001, --sp);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	79 80 81 82 83	#endif sp -= envc+1; envp = (char __user * __user ) sp; sp -= argc+1; argv = (char __user __user *) sp;
17580d7f2 Al Viro sanitize ifdefs i...	84	#ifndef __alpha__
1da177e4c Linus Torvalds Linux-2.6.12-rc2	85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114	put_user((unsigned long) envp,--sp); put_user((unsigned long) argv,--sp); #endif put_user(argc,--sp); current->mm->arg_start = (unsigned long) p; while (argc-->0) { char c; put_user(p,argv++); do { get_user(c,p++); } while (c); } put_user(NULL,argv); current->mm->arg_end = current->mm->env_start = (unsigned long) p; while (envc-->0) { char c; put_user(p,envp++); do { get_user(c,p++); } while (c); } put_user(NULL,envp); current->mm->env_end = (unsigned long) p; return sp; } /* * These are the functions used to load a.out style executables and shared * libraries. There is no binary dependent code anywhere else. */
71613c3b8 Al Viro get rid of pt_reg...	115	static int load_aout_binary(struct linux_binprm * bprm)
1da177e4c Linus Torvalds Linux-2.6.12-rc2	116	{
71613c3b8 Al Viro get rid of pt_reg...	117	struct pt_regs *regs = current_pt_regs();
1da177e4c Linus Torvalds Linux-2.6.12-rc2	118 119 120 121 122 123 124 125 126 127	struct exec ex; unsigned long error; unsigned long fd_offset; unsigned long rlim; int retval; ex = ((struct exec ) bprm->buf); /* exec-header */ if ((N_MAGIC(ex) != ZMAGIC && N_MAGIC(ex) != OMAGIC && N_MAGIC(ex) != QMAGIC && N_MAGIC(ex) != NMAGIC) \|\| N_TRSIZE(ex) \|\| N_DRSIZE(ex) \|\|
496ad9aa8 Al Viro new helper: file_...	128	i_size_read(file_inode(bprm->file)) < ex.a_text+ex.a_data+N_SYMSIZE(ex)+N_TXTOFF(ex)) {
1da177e4c Linus Torvalds Linux-2.6.12-rc2	129 130	return -ENOEXEC; }
8454aeef6 Eugene Teo [PATCH] Require m...	131 132 133 134	/* * Requires a mmap handler. This prevents people from using a.out * as part of an exploit attack against /proc-related vulnerabilities. */
72c2d5319 Al Viro file->f_op is nev...	135	if (!bprm->file->f_op->mmap)
8454aeef6 Eugene Teo [PATCH] Require m...	136	return -ENOEXEC;
1da177e4c Linus Torvalds Linux-2.6.12-rc2	137 138 139 140 141 142	fd_offset = N_TXTOFF(ex); /* Check initial limits. This avoids letting people circumvent * size limits imposed on them by creating programs with large * arrays in the data or bss. */
d554ed895 Jiri Slaby fs: use rlimit he...	143	rlim = rlimit(RLIMIT_DATA);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	144 145 146 147 148 149	if (rlim >= RLIM_INFINITY) rlim = ~0; if (ex.a_data + ex.a_bss > rlim) return -ENOMEM; /* Flush all traces of the currently running executable */
2388777a0 Eric W. Biederman exec: Rename flus...	150	retval = begin_new_exec(bprm);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	151 152 153 154	if (retval) return retval; /* OK, This is the point of no return */
17580d7f2 Al Viro sanitize ifdefs i...	155	#ifdef __alpha__
1da177e4c Linus Torvalds Linux-2.6.12-rc2	156	SET_AOUT_PERSONALITY(bprm, ex);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	157 158 159	#else set_personality(PER_LINUX); #endif
221af7f87 Linus Torvalds Split 'flush_old_...	160	setup_new_exec(bprm);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	161 162 163 164 165 166 167	current->mm->end_code = ex.a_text + (current->mm->start_code = N_TXTADDR(ex)); current->mm->end_data = ex.a_data + (current->mm->start_data = N_DATADDR(ex)); current->mm->brk = ex.a_bss + (current->mm->start_brk = N_BSSADDR(ex));
1da177e4c Linus Torvalds Linux-2.6.12-rc2	168
6414fa6a1 Al Viro aout: move setup_...	169	retval = setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT);
19d860a14 Al Viro handle suicide on...	170	if (retval < 0)
6414fa6a1 Al Viro aout: move setup_...	171	return retval;
6414fa6a1 Al Viro aout: move setup_...	172
1da177e4c Linus Torvalds Linux-2.6.12-rc2	173 174 175 176 177 178	if (N_MAGIC(ex) == OMAGIC) { unsigned long text_addr, map_size; loff_t pos; text_addr = N_TXTADDR(ex);
fe30af971 Al Viro remove the rudime...	179	#ifdef __alpha__
1da177e4c Linus Torvalds Linux-2.6.12-rc2	180 181 182 183 184 185	pos = fd_offset; map_size = ex.a_text+ex.a_data + PAGE_SIZE - 1; #else pos = 32; map_size = ex.a_text+ex.a_data; #endif
e4eb1ff61 Linus Torvalds VM: add "vm_brk()...	186	error = vm_brk(text_addr & PAGE_MASK, map_size);
5d22fc25d Linus Torvalds mm: remove more I...	187	if (error)
1da177e4c Linus Torvalds Linux-2.6.12-rc2	188	return error;
1da177e4c Linus Torvalds Linux-2.6.12-rc2	189
3dc20cb28 Al Viro new helper: read_...	190 191	error = read_code(bprm->file, text_addr, pos, ex.a_text+ex.a_data);
19d860a14 Al Viro handle suicide on...	192	if ((signed long)error < 0)
1da177e4c Linus Torvalds Linux-2.6.12-rc2	193	return error;
1da177e4c Linus Torvalds Linux-2.6.12-rc2	194	} else {
1da177e4c Linus Torvalds Linux-2.6.12-rc2	195	if ((ex.a_text & 0xfff \|\| ex.a_data & 0xfff) &&
2e50b6ccd S.Çağlar Onur fs/binfmt_aout.c:...	196	(N_MAGIC(ex) != NMAGIC) && printk_ratelimit())
1da177e4c Linus Torvalds Linux-2.6.12-rc2	197 198 199	{ printk(KERN_NOTICE "executable not page aligned ");
1da177e4c Linus Torvalds Linux-2.6.12-rc2	200	}
2e50b6ccd S.Çağlar Onur fs/binfmt_aout.c:...	201	if ((fd_offset & ~PAGE_MASK) != 0 && printk_ratelimit())
1da177e4c Linus Torvalds Linux-2.6.12-rc2	202 203	{ printk(KERN_WARNING
a455589f1 Al Viro assorted conversi...	204 205 206	"fd_offset is not page aligned. Please convert program: %pD ", bprm->file);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	207 208 209	} if (!bprm->file->f_op->mmap\|\|((fd_offset & ~PAGE_MASK) != 0)) {
864778b15 Michal Hocko mm, aout: handle ...	210	error = vm_brk(N_TXTADDR(ex), ex.a_text+ex.a_data);
5d22fc25d Linus Torvalds mm: remove more I...	211	if (error)
864778b15 Michal Hocko mm, aout: handle ...	212	return error;
3dc20cb28 Al Viro new helper: read_...	213 214	read_code(bprm->file, N_TXTADDR(ex), fd_offset, ex.a_text + ex.a_data);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	215 216	goto beyond_if; }
6be5ceb02 Linus Torvalds VM: add "vm_mmap(...	217	error = vm_mmap(bprm->file, N_TXTADDR(ex), ex.a_text,
1da177e4c Linus Torvalds Linux-2.6.12-rc2	218 219 220	PROT_READ \| PROT_EXEC, MAP_FIXED \| MAP_PRIVATE \| MAP_DENYWRITE \| MAP_EXECUTABLE, fd_offset);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	221
19d860a14 Al Viro handle suicide on...	222	if (error != N_TXTADDR(ex))
1da177e4c Linus Torvalds Linux-2.6.12-rc2	223	return error;
1da177e4c Linus Torvalds Linux-2.6.12-rc2	224
6be5ceb02 Linus Torvalds VM: add "vm_mmap(...	225	error = vm_mmap(bprm->file, N_DATADDR(ex), ex.a_data,
1da177e4c Linus Torvalds Linux-2.6.12-rc2	226 227 228	PROT_READ \| PROT_WRITE \| PROT_EXEC, MAP_FIXED \| MAP_PRIVATE \| MAP_DENYWRITE \| MAP_EXECUTABLE, fd_offset + ex.a_text);
19d860a14 Al Viro handle suicide on...	229	if (error != N_DATADDR(ex))
1da177e4c Linus Torvalds Linux-2.6.12-rc2	230	return error;
1da177e4c Linus Torvalds Linux-2.6.12-rc2	231 232 233 234 235	} beyond_if: set_binfmt(&aout_format); retval = set_brk(current->mm->start_brk, current->mm->brk);
19d860a14 Al Viro handle suicide on...	236	if (retval < 0)
1da177e4c Linus Torvalds Linux-2.6.12-rc2	237	return retval;
1da177e4c Linus Torvalds Linux-2.6.12-rc2	238
1da177e4c Linus Torvalds Linux-2.6.12-rc2	239 240 241 242 243	current->mm->start_stack = (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); #ifdef __alpha__ regs->gp = ex.a_gpvalue; #endif
b83838313 Kees Cook exec: introduce f...	244	finalize_exec(bprm);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	245	start_thread(regs, ex.a_entry, current->mm->start_stack);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	246 247 248 249 250 251 252 253 254 255	return 0; } static int load_aout_library(struct file file) { struct inode inode; unsigned long bss, start_addr, len; unsigned long error; int retval; struct exec ex;
bdd1d2d3d Christoph Hellwig fs: fix kernel_re...	256	loff_t pos = 0;
1da177e4c Linus Torvalds Linux-2.6.12-rc2	257
496ad9aa8 Al Viro new helper: file_...	258	inode = file_inode(file);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	259 260	retval = -ENOEXEC;
bdd1d2d3d Christoph Hellwig fs: fix kernel_re...	261	error = kernel_read(file, &ex, sizeof(ex), &pos);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	262 263 264 265 266 267 268 269 270	if (error != sizeof(ex)) goto out; /* We come in here for the regular a.out style of shared libraries */ if ((N_MAGIC(ex) != ZMAGIC && N_MAGIC(ex) != QMAGIC) \|\| N_TRSIZE(ex) \|\| N_DRSIZE(ex) \|\| ((ex.a_entry & 0xfff) && N_MAGIC(ex) == ZMAGIC) \|\| i_size_read(inode) < ex.a_text+ex.a_data+N_SYMSIZE(ex)+N_TXTOFF(ex)) { goto out; }
8454aeef6 Eugene Teo [PATCH] Require m...	271 272 273 274	/* * Requires a mmap handler. This prevents people from using a.out * as part of an exploit attack against /proc-related vulnerabilities. */
72c2d5319 Al Viro file->f_op is nev...	275	if (!file->f_op->mmap)
8454aeef6 Eugene Teo [PATCH] Require m...	276	goto out;
1da177e4c Linus Torvalds Linux-2.6.12-rc2	277 278 279 280 281 282 283 284 285	if (N_FLAGS(ex)) goto out; /* For QMAGIC, the starting address is 0x20 into the page. We mask this off to get the starting address for the page */ start_addr = ex.a_entry & 0xfffff000; if ((N_TXTOFF(ex) & ~PAGE_MASK) != 0) {
2e50b6ccd S.Çağlar Onur fs/binfmt_aout.c:...	286	if (printk_ratelimit())
1da177e4c Linus Torvalds Linux-2.6.12-rc2	287 288	{ printk(KERN_WARNING
a455589f1 Al Viro assorted conversi...	289 290 291	"N_TXTOFF is not page aligned. Please convert library: %pD ", file);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	292	}
864778b15 Michal Hocko mm, aout: handle ...	293	retval = vm_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss);
5d22fc25d Linus Torvalds mm: remove more I...	294	if (retval)
864778b15 Michal Hocko mm, aout: handle ...	295	goto out;
3dc20cb28 Al Viro new helper: read_...	296 297	read_code(file, start_addr, N_TXTOFF(ex), ex.a_text + ex.a_data);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	298 299 300 301	retval = 0; goto out; } /* Now use mmap to map the library into memory. */
6be5ceb02 Linus Torvalds VM: add "vm_mmap(...	302	error = vm_mmap(file, start_addr, ex.a_text + ex.a_data,
1da177e4c Linus Torvalds Linux-2.6.12-rc2	303 304 305	PROT_READ \| PROT_WRITE \| PROT_EXEC, MAP_FIXED \| MAP_PRIVATE \| MAP_DENYWRITE, N_TXTOFF(ex));
1da177e4c Linus Torvalds Linux-2.6.12-rc2	306 307 308 309 310 311 312	retval = error; if (error != start_addr) goto out; len = PAGE_ALIGN(ex.a_text + ex.a_data); bss = ex.a_text + ex.a_data + ex.a_bss; if (bss > len) {
5d22fc25d Linus Torvalds mm: remove more I...	313 314	retval = vm_brk(start_addr + len, bss - len); if (retval)
1da177e4c Linus Torvalds Linux-2.6.12-rc2	315 316 317 318 319 320 321 322 323	goto out; } retval = 0; out: return retval; } static int __init init_aout_binfmt(void) {
8fc3dc5a3 Al Viro __register_binfmt...	324 325	register_binfmt(&aout_format); return 0;
1da177e4c Linus Torvalds Linux-2.6.12-rc2	326 327 328 329 330 331 332 333 334 335	} static void __exit exit_aout_binfmt(void) { unregister_binfmt(&aout_format); } core_initcall(init_aout_binfmt); module_exit(exit_aout_binfmt); MODULE_LICENSE("GPL");