Blame view
fs/binfmt_aout.c
10.7 KB
1da177e4c Linux-2.6.12-rc2 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
/* * linux/fs/binfmt_aout.c * * Copyright (C) 1991, 1992, 1996 Linus Torvalds */ #include <linux/module.h> #include <linux/time.h> #include <linux/kernel.h> #include <linux/mm.h> #include <linux/mman.h> #include <linux/a.out.h> #include <linux/errno.h> #include <linux/signal.h> #include <linux/string.h> #include <linux/fs.h> #include <linux/file.h> #include <linux/stat.h> #include <linux/fcntl.h> #include <linux/ptrace.h> #include <linux/user.h> |
1da177e4c Linux-2.6.12-rc2 |
23 24 25 |
#include <linux/binfmts.h> #include <linux/personality.h> #include <linux/init.h> |
088e7af73 coredump: move du... |
26 |
#include <linux/coredump.h> |
5a0e3ad6a include cleanup: ... |
27 |
#include <linux/slab.h> |
1da177e4c Linux-2.6.12-rc2 |
28 |
|
1da177e4c Linux-2.6.12-rc2 |
29 30 |
#include <asm/uaccess.h> #include <asm/cacheflush.h> |
7fa303150 aout: suppress A.... |
31 |
#include <asm/a.out-core.h> |
1da177e4c Linux-2.6.12-rc2 |
32 |
|
71613c3b8 get rid of pt_reg... |
33 |
static int load_aout_binary(struct linux_binprm *); |
1da177e4c Linux-2.6.12-rc2 |
34 |
static int load_aout_library(struct file*); |
1da177e4c Linux-2.6.12-rc2 |
35 |
|
046d662f4 coredump: make co... |
36 |
#ifdef CONFIG_COREDUMP |
1da177e4c Linux-2.6.12-rc2 |
37 |
/* |
1da177e4c Linux-2.6.12-rc2 |
38 39 40 41 42 43 44 45 |
* Routine writes a core dump image in the current directory. * Currently only a stub-function. * * Note that setuid/setgid files won't make a core-dump if the uid/gid * changed due to the set[u|g]id. It's enforced by the "current->mm->dumpable" * field, which also makes sure the core-dumps won't be recursive if the * dumping of the process results in another error.. */ |
f6151dfea mm: introduce cor... |
46 |
static int aout_core_dump(struct coredump_params *cprm) |
1da177e4c Linux-2.6.12-rc2 |
47 48 49 |
{ mm_segment_t fs; int has_dumped = 0; |
7731d9a5d fs/binfmt_aout.c:... |
50 51 |
void __user *dump_start; int dump_size; |
1da177e4c Linux-2.6.12-rc2 |
52 |
struct user dump; |
17580d7f2 sanitize ifdefs i... |
53 |
#ifdef __alpha__ |
7731d9a5d fs/binfmt_aout.c:... |
54 |
# define START_DATA(u) ((void __user *)u.start_data) |
17580d7f2 sanitize ifdefs i... |
55 |
#else |
7731d9a5d fs/binfmt_aout.c:... |
56 57 |
# define START_DATA(u) ((void __user *)((u.u_tsize << PAGE_SHIFT) + \ u.start_code)) |
1da177e4c Linux-2.6.12-rc2 |
58 |
#endif |
7731d9a5d fs/binfmt_aout.c:... |
59 |
# define START_STACK(u) ((void __user *)u.start_stack) |
1da177e4c Linux-2.6.12-rc2 |
60 61 62 63 |
fs = get_fs(); set_fs(KERNEL_DS); has_dumped = 1; |
1da177e4c Linux-2.6.12-rc2 |
64 |
strncpy(dump.u_comm, current->comm, sizeof(dump.u_comm)); |
6e16d89bc Sanitize the type... |
65 |
dump.u_ar0 = offsetof(struct user, regs); |
5ab1c309b coredump: pass si... |
66 |
dump.signal = cprm->siginfo->si_signo; |
f6151dfea mm: introduce cor... |
67 |
aout_dump_thread(cprm->regs, &dump); |
1da177e4c Linux-2.6.12-rc2 |
68 69 70 |
/* If the size of the dump file exceeds the rlimit, then see what would happen if we wrote the stack, but not the data area. */ |
f6151dfea mm: introduce cor... |
71 |
if ((dump.u_dsize + dump.u_ssize+1) * PAGE_SIZE > cprm->limit) |
1da177e4c Linux-2.6.12-rc2 |
72 |
dump.u_dsize = 0; |
1da177e4c Linux-2.6.12-rc2 |
73 74 |
/* Make sure we have enough room to write the stack and data areas. */ |
f6151dfea mm: introduce cor... |
75 |
if ((dump.u_ssize + 1) * PAGE_SIZE > cprm->limit) |
1da177e4c Linux-2.6.12-rc2 |
76 |
dump.u_ssize = 0; |
1da177e4c Linux-2.6.12-rc2 |
77 78 79 |
/* make sure we actually have a data and stack area to dump */ set_fs(USER_DS); |
7731d9a5d fs/binfmt_aout.c:... |
80 |
if (!access_ok(VERIFY_READ, START_DATA(dump), dump.u_dsize << PAGE_SHIFT)) |
1da177e4c Linux-2.6.12-rc2 |
81 |
dump.u_dsize = 0; |
7731d9a5d fs/binfmt_aout.c:... |
82 |
if (!access_ok(VERIFY_READ, START_STACK(dump), dump.u_ssize << PAGE_SHIFT)) |
1da177e4c Linux-2.6.12-rc2 |
83 |
dump.u_ssize = 0; |
1da177e4c Linux-2.6.12-rc2 |
84 85 86 |
set_fs(KERNEL_DS); /* struct user */ |
43a5d548e aout: switch to d... |
87 |
if (!dump_emit(cprm, &dump, sizeof(dump))) |
088e7af73 coredump: move du... |
88 |
goto end_coredump; |
1da177e4c Linux-2.6.12-rc2 |
89 |
/* Now dump all of the user data. Include malloced stuff as well */ |
9b56d5438 dump_skip(): dump... |
90 |
if (!dump_skip(cprm, PAGE_SIZE - sizeof(dump))) |
05f47fda9 coredump: unify d... |
91 |
goto end_coredump; |
1da177e4c Linux-2.6.12-rc2 |
92 93 94 95 96 |
/* now we start writing out the user space info */ set_fs(USER_DS); /* Dump the data area */ if (dump.u_dsize != 0) { dump_start = START_DATA(dump); |
1da177e4c Linux-2.6.12-rc2 |
97 |
dump_size = dump.u_dsize << PAGE_SHIFT; |
43a5d548e aout: switch to d... |
98 |
if (!dump_emit(cprm, dump_start, dump_size)) |
088e7af73 coredump: move du... |
99 |
goto end_coredump; |
1da177e4c Linux-2.6.12-rc2 |
100 101 102 103 |
} /* Now prepare to dump the stack area */ if (dump.u_ssize != 0) { dump_start = START_STACK(dump); |
1da177e4c Linux-2.6.12-rc2 |
104 |
dump_size = dump.u_ssize << PAGE_SHIFT; |
43a5d548e aout: switch to d... |
105 |
if (!dump_emit(cprm, dump_start, dump_size)) |
088e7af73 coredump: move du... |
106 |
goto end_coredump; |
1da177e4c Linux-2.6.12-rc2 |
107 |
} |
1da177e4c Linux-2.6.12-rc2 |
108 109 110 111 |
end_coredump: set_fs(fs); return has_dumped; } |
046d662f4 coredump: make co... |
112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 |
#else #define aout_core_dump NULL #endif static struct linux_binfmt aout_format = { .module = THIS_MODULE, .load_binary = load_aout_binary, .load_shlib = load_aout_library, .core_dump = aout_core_dump, .min_coredump = PAGE_SIZE }; #define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE) static int set_brk(unsigned long start, unsigned long end) { start = PAGE_ALIGN(start); end = PAGE_ALIGN(end); |
5d22fc25d mm: remove more I... |
130 131 |
if (end > start) return vm_brk(start, end - start); |
046d662f4 coredump: make co... |
132 133 |
return 0; } |
1da177e4c Linux-2.6.12-rc2 |
134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 |
/* * create_aout_tables() parses the env- and arg-strings in new user * memory and creates the pointer tables from them, and puts their * addresses on the "stack", returning the new stack pointer value. */ static unsigned long __user *create_aout_tables(char __user *p, struct linux_binprm * bprm) { char __user * __user *argv; char __user * __user *envp; unsigned long __user *sp; int argc = bprm->argc; int envc = bprm->envc; sp = (void __user *)((-(unsigned long)sizeof(char *)) & (unsigned long) p); |
1da177e4c Linux-2.6.12-rc2 |
149 150 151 152 153 154 |
#ifdef __alpha__ /* whee.. test-programs are so much fun. */ put_user(0, --sp); put_user(0, --sp); if (bprm->loader) { put_user(0, --sp); |
17580d7f2 sanitize ifdefs i... |
155 |
put_user(1003, --sp); |
1da177e4c Linux-2.6.12-rc2 |
156 |
put_user(bprm->loader, --sp); |
17580d7f2 sanitize ifdefs i... |
157 |
put_user(1002, --sp); |
1da177e4c Linux-2.6.12-rc2 |
158 159 |
} put_user(bprm->exec, --sp); |
17580d7f2 sanitize ifdefs i... |
160 |
put_user(1001, --sp); |
1da177e4c Linux-2.6.12-rc2 |
161 162 163 164 165 |
#endif sp -= envc+1; envp = (char __user * __user *) sp; sp -= argc+1; argv = (char __user * __user *) sp; |
17580d7f2 sanitize ifdefs i... |
166 |
#ifndef __alpha__ |
1da177e4c Linux-2.6.12-rc2 |
167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 |
put_user((unsigned long) envp,--sp); put_user((unsigned long) argv,--sp); #endif put_user(argc,--sp); current->mm->arg_start = (unsigned long) p; while (argc-->0) { char c; put_user(p,argv++); do { get_user(c,p++); } while (c); } put_user(NULL,argv); current->mm->arg_end = current->mm->env_start = (unsigned long) p; while (envc-->0) { char c; put_user(p,envp++); do { get_user(c,p++); } while (c); } put_user(NULL,envp); current->mm->env_end = (unsigned long) p; return sp; } /* * These are the functions used to load a.out style executables and shared * libraries. There is no binary dependent code anywhere else. */ |
71613c3b8 get rid of pt_reg... |
197 |
static int load_aout_binary(struct linux_binprm * bprm) |
1da177e4c Linux-2.6.12-rc2 |
198 |
{ |
71613c3b8 get rid of pt_reg... |
199 |
struct pt_regs *regs = current_pt_regs(); |
1da177e4c Linux-2.6.12-rc2 |
200 201 202 203 204 205 206 207 208 209 |
struct exec ex; unsigned long error; unsigned long fd_offset; unsigned long rlim; int retval; ex = *((struct exec *) bprm->buf); /* exec-header */ if ((N_MAGIC(ex) != ZMAGIC && N_MAGIC(ex) != OMAGIC && N_MAGIC(ex) != QMAGIC && N_MAGIC(ex) != NMAGIC) || N_TRSIZE(ex) || N_DRSIZE(ex) || |
496ad9aa8 new helper: file_... |
210 |
i_size_read(file_inode(bprm->file)) < ex.a_text+ex.a_data+N_SYMSIZE(ex)+N_TXTOFF(ex)) { |
1da177e4c Linux-2.6.12-rc2 |
211 212 |
return -ENOEXEC; } |
8454aeef6 [PATCH] Require m... |
213 214 215 216 |
/* * Requires a mmap handler. This prevents people from using a.out * as part of an exploit attack against /proc-related vulnerabilities. */ |
72c2d5319 file->f_op is nev... |
217 |
if (!bprm->file->f_op->mmap) |
8454aeef6 [PATCH] Require m... |
218 |
return -ENOEXEC; |
1da177e4c Linux-2.6.12-rc2 |
219 220 221 222 223 224 |
fd_offset = N_TXTOFF(ex); /* Check initial limits. This avoids letting people circumvent * size limits imposed on them by creating programs with large * arrays in the data or bss. */ |
d554ed895 fs: use rlimit he... |
225 |
rlim = rlimit(RLIMIT_DATA); |
1da177e4c Linux-2.6.12-rc2 |
226 227 228 229 230 231 232 233 234 235 236 |
if (rlim >= RLIM_INFINITY) rlim = ~0; if (ex.a_data + ex.a_bss > rlim) return -ENOMEM; /* Flush all traces of the currently running executable */ retval = flush_old_exec(bprm); if (retval) return retval; /* OK, This is the point of no return */ |
17580d7f2 sanitize ifdefs i... |
237 |
#ifdef __alpha__ |
1da177e4c Linux-2.6.12-rc2 |
238 |
SET_AOUT_PERSONALITY(bprm, ex); |
1da177e4c Linux-2.6.12-rc2 |
239 240 241 |
#else set_personality(PER_LINUX); #endif |
221af7f87 Split 'flush_old_... |
242 |
setup_new_exec(bprm); |
1da177e4c Linux-2.6.12-rc2 |
243 244 245 246 247 248 249 |
current->mm->end_code = ex.a_text + (current->mm->start_code = N_TXTADDR(ex)); current->mm->end_data = ex.a_data + (current->mm->start_data = N_DATADDR(ex)); current->mm->brk = ex.a_bss + (current->mm->start_brk = N_BSSADDR(ex)); |
1da177e4c Linux-2.6.12-rc2 |
250 |
|
6414fa6a1 aout: move setup_... |
251 |
retval = setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT); |
19d860a14 handle suicide on... |
252 |
if (retval < 0) |
6414fa6a1 aout: move setup_... |
253 |
return retval; |
6414fa6a1 aout: move setup_... |
254 |
|
a6f76f23d CRED: Make execve... |
255 |
install_exec_creds(bprm); |
1da177e4c Linux-2.6.12-rc2 |
256 257 258 259 260 261 |
if (N_MAGIC(ex) == OMAGIC) { unsigned long text_addr, map_size; loff_t pos; text_addr = N_TXTADDR(ex); |
fe30af971 remove the rudime... |
262 |
#ifdef __alpha__ |
1da177e4c Linux-2.6.12-rc2 |
263 264 265 266 267 268 |
pos = fd_offset; map_size = ex.a_text+ex.a_data + PAGE_SIZE - 1; #else pos = 32; map_size = ex.a_text+ex.a_data; #endif |
e4eb1ff61 VM: add "vm_brk()... |
269 |
error = vm_brk(text_addr & PAGE_MASK, map_size); |
5d22fc25d mm: remove more I... |
270 |
if (error) |
1da177e4c Linux-2.6.12-rc2 |
271 |
return error; |
1da177e4c Linux-2.6.12-rc2 |
272 |
|
3dc20cb28 new helper: read_... |
273 274 |
error = read_code(bprm->file, text_addr, pos, ex.a_text+ex.a_data); |
19d860a14 handle suicide on... |
275 |
if ((signed long)error < 0) |
1da177e4c Linux-2.6.12-rc2 |
276 |
return error; |
1da177e4c Linux-2.6.12-rc2 |
277 |
} else { |
1da177e4c Linux-2.6.12-rc2 |
278 |
if ((ex.a_text & 0xfff || ex.a_data & 0xfff) && |
2e50b6ccd fs/binfmt_aout.c:... |
279 |
(N_MAGIC(ex) != NMAGIC) && printk_ratelimit()) |
1da177e4c Linux-2.6.12-rc2 |
280 281 282 |
{ printk(KERN_NOTICE "executable not page aligned "); |
1da177e4c Linux-2.6.12-rc2 |
283 |
} |
2e50b6ccd fs/binfmt_aout.c:... |
284 |
if ((fd_offset & ~PAGE_MASK) != 0 && printk_ratelimit()) |
1da177e4c Linux-2.6.12-rc2 |
285 286 |
{ printk(KERN_WARNING |
a455589f1 assorted conversi... |
287 288 289 |
"fd_offset is not page aligned. Please convert program: %pD ", bprm->file); |
1da177e4c Linux-2.6.12-rc2 |
290 291 292 |
} if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) { |
864778b15 mm, aout: handle ... |
293 |
error = vm_brk(N_TXTADDR(ex), ex.a_text+ex.a_data); |
5d22fc25d mm: remove more I... |
294 |
if (error) |
864778b15 mm, aout: handle ... |
295 |
return error; |
3dc20cb28 new helper: read_... |
296 297 |
read_code(bprm->file, N_TXTADDR(ex), fd_offset, ex.a_text + ex.a_data); |
1da177e4c Linux-2.6.12-rc2 |
298 299 |
goto beyond_if; } |
6be5ceb02 VM: add "vm_mmap(... |
300 |
error = vm_mmap(bprm->file, N_TXTADDR(ex), ex.a_text, |
1da177e4c Linux-2.6.12-rc2 |
301 302 303 |
PROT_READ | PROT_EXEC, MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE, fd_offset); |
1da177e4c Linux-2.6.12-rc2 |
304 |
|
19d860a14 handle suicide on... |
305 |
if (error != N_TXTADDR(ex)) |
1da177e4c Linux-2.6.12-rc2 |
306 |
return error; |
1da177e4c Linux-2.6.12-rc2 |
307 |
|
6be5ceb02 VM: add "vm_mmap(... |
308 |
error = vm_mmap(bprm->file, N_DATADDR(ex), ex.a_data, |
1da177e4c Linux-2.6.12-rc2 |
309 310 311 |
PROT_READ | PROT_WRITE | PROT_EXEC, MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE, fd_offset + ex.a_text); |
19d860a14 handle suicide on... |
312 |
if (error != N_DATADDR(ex)) |
1da177e4c Linux-2.6.12-rc2 |
313 |
return error; |
1da177e4c Linux-2.6.12-rc2 |
314 315 316 317 318 |
} beyond_if: set_binfmt(&aout_format); retval = set_brk(current->mm->start_brk, current->mm->brk); |
19d860a14 handle suicide on... |
319 |
if (retval < 0) |
1da177e4c Linux-2.6.12-rc2 |
320 |
return retval; |
1da177e4c Linux-2.6.12-rc2 |
321 |
|
1da177e4c Linux-2.6.12-rc2 |
322 323 324 325 326 327 |
current->mm->start_stack = (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); #ifdef __alpha__ regs->gp = ex.a_gpvalue; #endif start_thread(regs, ex.a_entry, current->mm->start_stack); |
1da177e4c Linux-2.6.12-rc2 |
328 329 330 331 332 333 334 335 336 337 |
return 0; } static int load_aout_library(struct file *file) { struct inode * inode; unsigned long bss, start_addr, len; unsigned long error; int retval; struct exec ex; |
496ad9aa8 new helper: file_... |
338 |
inode = file_inode(file); |
1da177e4c Linux-2.6.12-rc2 |
339 340 341 342 343 344 345 346 347 348 349 350 |
retval = -ENOEXEC; error = kernel_read(file, 0, (char *) &ex, sizeof(ex)); if (error != sizeof(ex)) goto out; /* We come in here for the regular a.out style of shared libraries */ if ((N_MAGIC(ex) != ZMAGIC && N_MAGIC(ex) != QMAGIC) || N_TRSIZE(ex) || N_DRSIZE(ex) || ((ex.a_entry & 0xfff) && N_MAGIC(ex) == ZMAGIC) || i_size_read(inode) < ex.a_text+ex.a_data+N_SYMSIZE(ex)+N_TXTOFF(ex)) { goto out; } |
8454aeef6 [PATCH] Require m... |
351 352 353 354 |
/* * Requires a mmap handler. This prevents people from using a.out * as part of an exploit attack against /proc-related vulnerabilities. */ |
72c2d5319 file->f_op is nev... |
355 |
if (!file->f_op->mmap) |
8454aeef6 [PATCH] Require m... |
356 |
goto out; |
1da177e4c Linux-2.6.12-rc2 |
357 358 359 360 361 362 363 364 365 |
if (N_FLAGS(ex)) goto out; /* For QMAGIC, the starting address is 0x20 into the page. We mask this off to get the starting address for the page */ start_addr = ex.a_entry & 0xfffff000; if ((N_TXTOFF(ex) & ~PAGE_MASK) != 0) { |
2e50b6ccd fs/binfmt_aout.c:... |
366 |
if (printk_ratelimit()) |
1da177e4c Linux-2.6.12-rc2 |
367 368 |
{ printk(KERN_WARNING |
a455589f1 assorted conversi... |
369 370 371 |
"N_TXTOFF is not page aligned. Please convert library: %pD ", file); |
1da177e4c Linux-2.6.12-rc2 |
372 |
} |
864778b15 mm, aout: handle ... |
373 |
retval = vm_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss); |
5d22fc25d mm: remove more I... |
374 |
if (retval) |
864778b15 mm, aout: handle ... |
375 |
goto out; |
3dc20cb28 new helper: read_... |
376 377 |
read_code(file, start_addr, N_TXTOFF(ex), ex.a_text + ex.a_data); |
1da177e4c Linux-2.6.12-rc2 |
378 379 380 381 |
retval = 0; goto out; } /* Now use mmap to map the library into memory. */ |
6be5ceb02 VM: add "vm_mmap(... |
382 |
error = vm_mmap(file, start_addr, ex.a_text + ex.a_data, |
1da177e4c Linux-2.6.12-rc2 |
383 384 385 |
PROT_READ | PROT_WRITE | PROT_EXEC, MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE, N_TXTOFF(ex)); |
1da177e4c Linux-2.6.12-rc2 |
386 387 388 389 390 391 392 |
retval = error; if (error != start_addr) goto out; len = PAGE_ALIGN(ex.a_text + ex.a_data); bss = ex.a_text + ex.a_data + ex.a_bss; if (bss > len) { |
5d22fc25d mm: remove more I... |
393 394 |
retval = vm_brk(start_addr + len, bss - len); if (retval) |
1da177e4c Linux-2.6.12-rc2 |
395 396 397 398 399 400 401 402 403 |
goto out; } retval = 0; out: return retval; } static int __init init_aout_binfmt(void) { |
8fc3dc5a3 __register_binfmt... |
404 405 |
register_binfmt(&aout_format); return 0; |
1da177e4c Linux-2.6.12-rc2 |
406 407 408 409 410 411 412 413 414 415 |
} static void __exit exit_aout_binfmt(void) { unregister_binfmt(&aout_format); } core_initcall(init_aout_binfmt); module_exit(exit_aout_binfmt); MODULE_LICENSE("GPL"); |