fs/exec.c
9279 /*
9280 * linux/fs/exec.c
9281 *
9282 * Copyright (C) 1991, 1992 Linus Torvalds
9283 */
9284
9285 /*
9286 * #!-checking implemented by tytso.
9287 */
9288 /* Demand-loading implemented 01.12.91 - no need to read
9289 * anything but the header into memory. The inode of the
9290 * executable is put into "current->executable", and page
9291 * faults do the actual loading. Clean.
9292 *
9293 * Once more I can proudly say that linux stood up to
9294 * being changed: it was less than 2 hours work to get
9295 * demand-loading completely implemented.
9296 *
9297 * Demand loading changed July 1993 by Eric Youngdale.
9298 * Use mmap instead, current->executable is only used by
9299 * the procfs. This allows a dispatch table to check for
9300 * several different types of binary formats. We keep
9301 * trying until we recognize the file or we run out of
9302 * supported binary formats. */
9303
9304 #include <linux/config.h>
9305 #include <linux/slab.h>
9306 #include <linux/file.h>
9307 #include <linux/mman.h>
9308 #include <linux/a.out.h>
9309 #include <linux/stat.h>
9310 #include <linux/fcntl.h>
9311 #include <linux/user.h>
9312 #include <linux/smp_lock.h>
9313 #include <linux/init.h>
9314
9315 #include <asm/uaccess.h>
9316 #include <asm/pgtable.h>
9317 #include <asm/mmu_context.h>
9318
9319 #ifdef CONFIG_KMOD
9320 #include <linux/kmod.h>
9321 #endif
9322
9323 /* Here are the actual binaries that will be accepted:
9324 * add more with "register_binfmt()" if using modules...
9325 *
9326 * These are defined again for the 'real' modules if you
9327 * are using a module definition for these routines. */
9328
9329 static struct linux_binfmt *formats =
9330 (struct linux_binfmt *) NULL;
9331
9332 void __init binfmt_setup(void)
9333 {
9334 #ifdef CONFIG_BINFMT_MISC
9335 init_misc_binfmt();
9336 #endif
9337
9338 #ifdef CONFIG_BINFMT_ELF
9339 init_elf_binfmt();
9340 #endif
9341
9342 #ifdef CONFIG_BINFMT_ELF32
9343 init_elf32_binfmt();
9344 #endif
9345
9346 #ifdef CONFIG_BINFMT_AOUT
9347 init_aout_binfmt();
9348 #endif
9349
9350 #ifdef CONFIG_BINFMT_AOUT32
9351 init_aout32_binfmt();
9352 #endif
9353
9354 #ifdef CONFIG_BINFMT_JAVA
9355 init_java_binfmt();
9356 #endif
9357
9358 #ifdef CONFIG_BINFMT_EM86
9359 init_em86_binfmt();
9360 #endif
9361
9362 /* This cannot be configured out of the kernel */
9363 init_script_binfmt();
9364 }
9365
9366 int register_binfmt(struct linux_binfmt * fmt)
9367 {
9368 struct linux_binfmt ** tmp = &formats;
9369
9370 if (!fmt)
9371 return -EINVAL;
9372 if (fmt->next)
9373 return -EBUSY;
9374 while (*tmp) {
9375 if (fmt == *tmp)
9376 return -EBUSY;
9377 tmp = &(*tmp)->next;
9378 }
9379 fmt->next = formats;
9380 formats = fmt;
9381 return 0;
9382 }
9383
9384 #ifdef CONFIG_MODULES
9385 int unregister_binfmt(struct linux_binfmt * fmt)
9386 {
9387 struct linux_binfmt ** tmp = &formats;
9388
9389 while (*tmp) {
9390 if (fmt == *tmp) {
9391 *tmp = fmt->next;
9392 return 0;
9393 }
9394 tmp = &(*tmp)->next;
9395 }
9396 return -EINVAL;
9397 }
9398 #endif /* CONFIG_MODULES */
9399
9400 /* N.B. Error returns must be < 0 */
9401 int open_dentry(struct dentry * dentry, int mode)
9402 {
9403 struct inode * inode = dentry->d_inode;
9404 struct file * f;
9405 int fd, error;
9406
9407 error = -EINVAL;
9408 if (!inode->i_op || !inode->i_op->default_file_ops)
9409 goto out;
9410 fd = get_unused_fd();
9411 if (fd >= 0) {
9412 error = -ENFILE;
9413 f = get_empty_filp();
9414 if (!f)
9415 goto out_fd;
9416 f->f_flags = mode;
9417 f->f_mode = (mode+1) & O_ACCMODE;
9418 f->f_dentry = dentry;
9419 f->f_pos = 0;
9420 f->f_reada = 0;
9421 f->f_op = inode->i_op->default_file_ops;
9422 if (f->f_op->open) {
9423 error = f->f_op->open(inode,f);
9424 if (error)
9425 goto out_filp;
9426 }
9427 fd_install(fd, f);
9428 dget(dentry);
9429 }
9430 return fd;
9431
9432 out_filp:
9433 if (error > 0)
9434 error = -EIO;
9435 put_filp(f);
9436 out_fd:
9437 put_unused_fd(fd);
9438 out:
9439 return error;
9440 }
9441
9442 /* Note that a shared library must be both readable and
9443 * executable due to security reasons.
9444 *
9445 * Also note that we take the address to load from from
9446 * the file itself. */
9447 asmlinkage int sys_uselib(const char * library)
9448 {
9449 int fd, retval;
9450 struct file * file;
9451 struct linux_binfmt * fmt;
9452
9453 lock_kernel();
9454 fd = sys_open(library, 0, 0);
9455 retval = fd;
9456 if (fd < 0)
9457 goto out;
9458 file = fget(fd);
9459 retval = -ENOEXEC;
9460 if (file && file->f_dentry &&
9461 file->f_op && file->f_op->read) {
9462 for (fmt = formats ; fmt ; fmt = fmt->next) {
9463 int (*fn)(int) = fmt->load_shlib;
9464 if (!fn)
9465 continue;
9466 /* N.B. Should use file instead of fd */
9467 retval = fn(fd);
9468 if (retval != -ENOEXEC)
9469 break;
9470 }
9471 }
9472 fput(file);
9473 sys_close(fd);
9474 out:
9475 unlock_kernel();
9476 return retval;
9477 }
9478
9479 /* count() counts the number of arguments/envelopes */
9480 static int count(char ** argv)
9481 {
9482 int i = 0;
9483
9484 if (argv != NULL) {
9485 for (;;) {
9486 char * p;
9487 int error;
9488
9489 error = get_user(p,argv);
9490 if (error)
9491 return error;
9492 if (!p)
9493 break;
9494 argv++;
9495 i++;
9496 }
9497 }
9498 return i;
9499 }
9500
9501 /* 'copy_string()' copies argument/envelope strings from
9502 * user memory to free pages in kernel mem. These are in
9503 * a format ready to be put directly into the top of new
9504 * user memory.
9505 *
9506 * Modified by TYT, 11/24/91 to add the from_kmem
9507 * argument, which specifies whether the string and the
9508 * string array are from user or kernel segments:
9509 *
9510 * from_kmem argv * argv **
9511 * 0 user space user space
9512 * 1 kernel space user space
9513 * 2 kernel space kernel space
9514 *
9515 * We do this by playing games with the fs segment
9516 * register. Since it is expensive to load a segment
9517 * register, we try to avoid calling set_fs() unless we
9518 * absolutely have to. */
9519 unsigned long copy_strings(
9520 int argc,char ** argv,
9521 unsigned long *page, unsigned long p, int from_kmem)
9522 {
9523 char *str;
9524 mm_segment_t old_fs;
9525
9526 if (!p)
9527 return 0; /* bullet-proofing */
9528 old_fs = get_fs();
9529 if (from_kmem==2)
9530 set_fs(KERNEL_DS);
9531 while (argc-- > 0) {
9532 int len;
9533 unsigned long pos;
9534
9535 if (from_kmem == 1)
9536 set_fs(KERNEL_DS);
9537 get_user(str, argv+argc);
9538 if (!str)
9539 panic("VFS: argc is wrong");
9540 if (from_kmem == 1)
9541 set_fs(old_fs);
9542 len = strlen_user(str); /* includes the '\0' */
9543 if (p < len) { /* this shouldn't happen - 128kB */
9544 set_fs(old_fs);
9545 return 0;
9546 }
9547 p -= len;
9548 pos = p;
9549 while (len) {
9550 char *pag;
9551 int offset, bytes_to_copy;
9552
9553 offset = pos % PAGE_SIZE;
9554 if (!(pag = (char *) page[pos/PAGE_SIZE]) &&
9555 !(pag = (char *) page[pos/PAGE_SIZE] =
9556 (unsigned long *) get_free_page(GFP_USER))) {
9557 if (from_kmem==2)
9558 set_fs(old_fs);
9559 return 0;
9560 }
9561 bytes_to_copy = PAGE_SIZE - offset;
9562 if (bytes_to_copy > len)
9563 bytes_to_copy = len;
9564 copy_from_user(pag + offset, str, bytes_to_copy);
9565 pos += bytes_to_copy;
9566 str += bytes_to_copy;
9567 len -= bytes_to_copy;
9568 }
9569 }
9570 if (from_kmem==2)
9571 set_fs(old_fs);
9572 return p;
9573 }
9574
9575 unsigned long setup_arg_pages(unsigned long p,
9576 struct linux_binprm * bprm)
9577 {
9578 unsigned long stack_base;
9579 struct vm_area_struct *mpnt;
9580 int i;
9581
9582 stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE;
9583
9584 p += stack_base;
9585 if (bprm->loader)
9586 bprm->loader += stack_base;
9587 bprm->exec += stack_base;
9588
9589 mpnt = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
9590 if (mpnt) {
9591 mpnt->vm_mm = current->mm;
9592 mpnt->vm_start = PAGE_MASK & (unsigned long) p;
9593 mpnt->vm_end = STACK_TOP;
9594 mpnt->vm_page_prot = PAGE_COPY;
9595 mpnt->vm_flags = VM_STACK_FLAGS;
9596 mpnt->vm_ops = NULL;
9597 mpnt->vm_offset = 0;
9598 mpnt->vm_file = NULL;
9599 mpnt->vm_pte = 0;
9600 insert_vm_struct(current->mm, mpnt);
9601 current->mm->total_vm =
9602 (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
9603 }
9604
9605 for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
9606 if (bprm->page[i]) {
9607 current->mm->rss++;
9608 put_dirty_page(current,bprm->page[i],stack_base);
9609 }
9610 stack_base += PAGE_SIZE;
9611 }
9612 return p;
9613 }
9614
9615 /* Read in the complete executable. This is used for "-N"
9616 * files that aren't on a block boundary, and for files
9617 * on filesystems without bmap support. */
9618 int read_exec(
9619 struct dentry *dentry, unsigned long offset,
9620 char * addr, unsigned long count, int to_kmem)
9621 {
9622 struct file file;
9623 struct inode * inode = dentry->d_inode;
9624 int result = -ENOEXEC;
9625
9626 if (!inode->i_op || !inode->i_op->default_file_ops)
9627 goto end_readexec;
9628 if (init_private_file(&file, dentry, 1))
9629 goto end_readexec;
9630 if (!file.f_op->read)
9631 goto close_readexec;
9632 if (file.f_op->llseek) {
9633 if (file.f_op->llseek(&file,offset,0) != offset)
9634 goto close_readexec;
9635 } else
9636 file.f_pos = offset;
9637 if (to_kmem) {
9638 mm_segment_t old_fs = get_fs();
9639 set_fs(get_ds());
9640 result =
9641 file.f_op->read(&file, addr, count, &file.f_pos);
9642 set_fs(old_fs);
9643 } else {
9644 result = verify_area(VERIFY_WRITE, addr, count);
9645 if (result)
9646 goto close_readexec;
9647 result =
9648 file.f_op->read(&file, addr, count, &file.f_pos);
9649 }
9650 close_readexec:
9651 if (file.f_op->release)
9652 file.f_op->release(inode,&file);
9653 end_readexec:
9654 return result;
9655 }
9656
9657 static int exec_mmap(void)
9658 {
9659 struct mm_struct * mm, * old_mm;
9660 int retval, nr;
9661
9662 if (atomic_read(¤t->mm->count) == 1) {
9663 flush_cache_mm(current->mm);
9664 mm_release();
9665 release_segments(current->mm);
9666 exit_mmap(current->mm);
9667 flush_tlb_mm(current->mm);
9668 return 0;
9669 }
9670
9671 retval = -ENOMEM;
9672 mm = mm_alloc();
9673 if (!mm)
9674 goto fail_nomem;
9675
9676 mm->cpu_vm_mask = (1UL << smp_processor_id());
9677 mm->total_vm = 0;
9678 mm->rss = 0;
9679 /* Make sure we have a private ldt if needed ... */
9680 nr = current->tarray_ptr - &task[0];
9681 copy_segments(nr, current, mm);
9682
9683 old_mm = current->mm;
9684 current->mm = mm;
9685 retval = new_page_tables(current);
9686 if (retval)
9687 goto fail_restore;
9688 activate_context(current);
9689 up(&mm->mmap_sem);
9690 mm_release();
9691 mmput(old_mm);
9692 return 0;
9693
9694 /* Failure ... restore the prior mm_struct. */
9695 fail_restore:
9696 /* The pgd belongs to the parent ... don't free it! */
9697 mm->pgd = NULL;
9698 current->mm = old_mm;
9699 /* restore the ldt for this task */
9700 copy_segments(nr, current, NULL);
9701 mmput(mm);
9702
9703 fail_nomem:
9704 return retval;
9705 }
9706
9707 /* This function makes sure the current process has its
9708 * own signal table, so that flush_signal_handlers can
9709 * later reset the handlers without disturbing other
9710 * processes. (Other processes might share the signal
9711 * table via the CLONE_SIGHAND option to clone().) */
9712
9713 static inline int make_private_signals(void)
9714 {
9715 struct signal_struct * newsig;
9716
9717 if (atomic_read(¤t->sig->count) <= 1)
9718 return 0;
9719 newsig = kmalloc(sizeof(*newsig), GFP_KERNEL);
9720 if (newsig == NULL)
9721 return -ENOMEM;
9722 spin_lock_init(&newsig->siglock);
9723 atomic_set(&newsig->count, 1);
9724 memcpy(newsig->action, current->sig->action,
9725 sizeof(newsig->action));
9726 current->sig = newsig;
9727 return 0;
9728 }
9729
9730 /* If make_private_signals() made a copy of the signal
9731 * table, decrement the refcount of the original table,
9732 * and free it if necessary. We don't do that in
9733 * make_private_signals() so that we can back off in
9734 * flush_old_exec() if an error occurs after calling
9735 * make_private_signals(). */
9736 static inline void release_old_signals(
9737 struct signal_struct * oldsig)
9738 {
9739 if (current->sig == oldsig)
9740 return;
9741 if (atomic_dec_and_test(&oldsig->count))
9742 kfree(oldsig);
9743 }
9744
9745 /* These functions flushes out all traces of the
9746 * currently running executable so that a new one can be
9747 * started */
9748 static inline void flush_old_files(
9749 struct files_struct * files)
9750 {
9751 unsigned long j;
9752
9753 j = 0;
9754 for (;;) {
9755 unsigned long set, i;
9756
9757 i = j * __NFDBITS;
9758 if (i >= files->max_fds)
9759 break;
9760 set = files->close_on_exec.fds_bits[j];
9761 files->close_on_exec.fds_bits[j] = 0;
9762 j++;
9763 for ( ; set ; i++,set >>= 1) {
9764 if (set & 1)
9765 sys_close(i);
9766 }
9767 }
9768 }
9769
9770 int flush_old_exec(struct linux_binprm * bprm)
9771 {
9772 char * name;
9773 int i, ch, retval;
9774 struct signal_struct * oldsig;
9775
9776 /* Make sure we have a private signal table */
9777 oldsig = current->sig;
9778 retval = make_private_signals();
9779 if (retval) goto flush_failed;
9780
9781 /* Release all of the old mmap stuff */
9782 retval = exec_mmap();
9783 if (retval) goto mmap_failed;
9784
9785 /* This is the point of no return */
9786 release_old_signals(oldsig);
9787
9788 if (current->euid == current->uid &&
9789 current->egid == current->gid)
9790 current->dumpable = 1;
9791 name = bprm->filename;
9792 for (i=0; (ch = *(name++)) != '\0';) {
9793 if (ch == '/')
9794 i = 0;
9795 else
9796 if (i < 15)
9797 current->comm[i++] = ch;
9798 }
9799 current->comm[i] = '\0';
9800
9801 flush_thread();
9802
9803 if (bprm->e_uid != current->euid ||
9804 bprm->e_gid != current->egid ||
9805 permission(bprm->dentry->d_inode,MAY_READ))
9806 current->dumpable = 0;
9807
9808 flush_signal_handlers(current);
9809 flush_old_files(current->files);
9810
9811 return 0;
9812
9813 mmap_failed:
9814 if (current->sig != oldsig)
9815 kfree(current->sig);
9816 flush_failed:
9817 current->sig = oldsig;
9818 return retval;
9819 }
9820
9821 /* We mustn't allow tracing of suid binaries, unless the
9822 * tracer has the capability to trace anything.. */
9823 static inline int
9824 must_not_trace_exec(struct task_struct * p)
9825 {
9826 return (p->flags & PF_PTRACED) &&
9827 !cap_raised(p->p_pptr->cap_effective, CAP_SYS_PTRACE);
9828 }
9829
9830 /* Fill the binprm structure from the inode. Check
9831 * permissions, then read the first 512 bytes */
9832 int prepare_binprm(struct linux_binprm *bprm)
9833 {
9834 int mode;
9835 int retval,id_change,cap_raised;
9836 struct inode * inode = bprm->dentry->d_inode;
9837
9838 mode = inode->i_mode;
9839 if (!S_ISREG(mode)) /* must be regular file */
9840 return -EACCES;
9841 if (!(mode & 0111)) /* with >= 1 execute bit set */
9842 return -EACCES;
9843 if (IS_NOEXEC(inode)) /* FS mustn't be mounted noexec*/
9844 return -EACCES;
9845 if (!inode->i_sb)
9846 return -EACCES;
9847 if ((retval = permission(inode, MAY_EXEC)) != 0)
9848 return retval;
9849 /* better not exec files that are being written to */
9850 if (inode->i_writecount > 0)
9851 return -ETXTBSY;
9852
9853 bprm->e_uid = current->euid;
9854 bprm->e_gid = current->egid;
9855 id_change = cap_raised = 0;
9856
9857 /* Set-uid? */
9858 if (mode & S_ISUID) {
9859 bprm->e_uid = inode->i_uid;
9860 if (bprm->e_uid != current->euid)
9861 id_change = 1;
9862 }
9863
9864 /* Set-gid? */
9865 /* If setgid is set but no group execute bit then this
9866 * is a candidate for mandatory locking, not a setgid
9867 * executable. */
9868 if ((mode & (S_ISGID | S_IXGRP)) ==
9869 (S_ISGID | S_IXGRP)) {
9870 bprm->e_gid = inode->i_gid;
9871 if (!in_group_p(bprm->e_gid))
9872 id_change = 1;
9873 }
9874
9875 /* We don't have VFS support for capabilities yet */
9876 cap_clear(bprm->cap_inheritable);
9877 cap_clear(bprm->cap_permitted);
9878 cap_clear(bprm->cap_effective);
9879
9880 /* To support inheritance of root-permissions and
9881 * suid-root executables under compatibility mode, we
9882 * raise the effective and inherited bitmasks of the
9883 * executable file (translation: we set the executable
9884 * "capability dumb" and set the allowed set to
9885 * maximum). We don't set any forced bits.
9886 *
9887 * If only the real uid is 0, we only raise the
9888 * inheritable bitmask of the executable file
9889 * (translation: we set the allowed set to maximum and
9890 * the application to "capability smart"). */
9891
9892 if (!issecure(SECURE_NOROOT)) {
9893 if (bprm->e_uid == 0 || current->uid == 0)
9894 cap_set_full(bprm->cap_inheritable);
9895 if (bprm->e_uid == 0)
9896 cap_set_full(bprm->cap_effective);
9897 }
9898
9899 /* Only if pP' is _not_ a subset of pP, do we consider
9900 * there has been a capability related "change of
9901 * capability". In such cases, we need to check that
9902 * the elevation of privilege does not go against other
9903 * system constraints. The new Permitted set is
9904 * defined below -- see (***). */
9905 {
9906 kernel_cap_t working =
9907 cap_combine(bprm->cap_permitted,
9908 cap_intersect(bprm->cap_inheritable,
9909 current->cap_inheritable));
9910 if (!cap_issubset(working, current->cap_permitted)) {
9911 cap_raised = 1;
9912 }
9913 }
9914
9915 if (id_change || cap_raised) {
9916 /* We can't suid-execute if we're sharing parts of
9917 * the executable or if we're being traced (or if
9918 * suid execs are not allowed) (current->mm->count
9919 * > 1 is ok, as we'll get a new mm anyway) */
9920 if (IS_NOSUID(inode)
9921 || must_not_trace_exec(current)
9922 || (atomic_read(¤t->fs->count) > 1)
9923 || (atomic_read(¤t->sig->count) > 1)
9924 || (atomic_read(¤t->files->count) > 1)) {
9925 if (id_change && !capable(CAP_SETUID))
9926 return -EPERM;
9927 if (cap_raised && !capable(CAP_SETPCAP))
9928 return -EPERM;
9929 }
9930 }
9931
9932 memset(bprm->buf,0,sizeof(bprm->buf));
9933 return read_exec(bprm->dentry,0,bprm->buf,128,1);
9934 }
9935
9936 /* This function is used to produce the new IDs and
9937 * capabilities from the old ones and the file's
9938 * capabilities. The formula used for evolving
9939 * capabilities is:
9940 *
9941 * pI' = pI
9942 * (***) pP' = fP | (fI & pI)
9943 * pE' = pP' & fE [NB. fE is 0 or ~0]
9944 *
9945 * I=Inheritable, P=Permitted, E=Effective // p=process,
9946 * // f=file; ' indicates post-exec(). */
9947
9948 void compute_creds(struct linux_binprm *bprm)
9949 {
9950 int new_permitted = cap_t(bprm->cap_permitted) |
9951 (cap_t(bprm->cap_inheritable) &
9952 cap_t(current->cap_inheritable));
9953
9954 /* For init, we want to retain the capabilities set
9955 * in the init_task struct. Thus we skip the usual
9956 * capability rules */
9957 if (current->pid != 1) {
9958 cap_t(current->cap_permitted) = new_permitted;
9959 cap_t(current->cap_effective) = new_permitted &
9960 cap_t(bprm->cap_effective);
9961 }
9962
9963 /* AUD: Audit candidate if current->cap_effective is
9964 * set */
9965
9966 current->suid =
9967 current->euid = current->fsuid = bprm->e_uid;
9968 current->sgid =
9969 current->egid = current->fsgid = bprm->e_gid;
9970 if (current->euid != current->uid ||
9971 current->egid != current->gid ||
9972 !cap_issubset(new_permitted,
9973 current->cap_permitted))
9974 current->dumpable = 0;
9975 }
9976
9977
9978 void remove_arg_zero(struct linux_binprm *bprm)
9979 {
9980 if (bprm->argc) {
9981 unsigned long offset;
9982 char * page;
9983 offset = bprm->p % PAGE_SIZE;
9984 page = (char*)bprm->page[bprm->p/PAGE_SIZE];
9985 while(bprm->p++,*(page+offset++))
9986 if(offset==PAGE_SIZE){
9987 offset=0;
9988 page = (char*)bprm->page[bprm->p/PAGE_SIZE];
9989 }
9990 bprm->argc--;
9991 }
9992 }
9993
9994 /* cycle the list of binary formats handler, until one
9995 * recognizes the image */
9996 int search_binary_handler(struct linux_binprm *bprm,
9997 struct pt_regs *regs)
9998 {
9999 int try,retval=0;
10000 struct linux_binfmt *fmt;
10001 #ifdef __alpha__
10002 /* handle /sbin/loader.. */
10003 {
10004 struct exec * eh = (struct exec *) bprm->buf;
10005 struct linux_binprm bprm_loader;
10006
10007 if (!bprm->loader && eh->fh.f_magic == 0x183 &&
10008 (eh->fh.f_flags & 0x3000) == 0x3000)
10009 {
10010 int i;
10011 char * dynloader[] = { "/sbin/loader" };
10012 struct dentry * dentry;
10013
10014 dput(bprm->dentry);
10015 bprm->dentry = NULL;
10016
10017 bprm_loader.p = PAGE_SIZE * MAX_ARG_PAGES
10018 - sizeof(void *);
10019 for (i=0 ; i<MAX_ARG_PAGES ; i++)/* clear pg-tbl */
10020 bprm_loader.page[i] = 0;
10021
10022 dentry = open_namei(dynloader[0], 0, 0);
10023 retval = PTR_ERR(dentry);
10024 if (IS_ERR(dentry))
10025 return retval;
10026 bprm->dentry = dentry;
10027 bprm->loader = bprm_loader.p;
10028 retval = prepare_binprm(bprm);
10029 if (retval<0)
10030 return retval;
10031 /* should call search_binary_handler recursively
10032 * here, but it does not matter */
10033 }
10034 }
10035 #endif
10036 for (try=0; try<2; try++) {
10037 for (fmt = formats ; fmt ; fmt = fmt->next) {
10038 int (*fn)(struct linux_binprm *, struct pt_regs *)
10039 = fmt->load_binary;
10040 if (!fn)
10041 continue;
10042 retval = fn(bprm, regs);
10043 if (retval >= 0) {
10044 if (bprm->dentry)
10045 dput(bprm->dentry);
10046 bprm->dentry = NULL;
10047 current->did_exec = 1;
10048 return retval;
10049 }
10050 if (retval != -ENOEXEC)
10051 break;
10052 /* We don't have the dentry anymore */
10053 if (!bprm->dentry)
10054 return retval;
10055 }
10056 if (retval != -ENOEXEC) {
10057 break;
10058 #ifdef CONFIG_KMOD
10059 } else {
10060 #define printable(c) \
10061 (((c)=='\t') || ((c)=='\n') || (0x20<=(c) && (c)<=0x7e))
10062 char modname[20];
10063 if (printable(bprm->buf[0]) &&
10064 printable(bprm->buf[1]) &&
10065 printable(bprm->buf[2]) &&
10066 printable(bprm->buf[3]))
10067 break; /* -ENOEXEC */
10068 sprintf(modname, "binfmt-%04x",
10069 *(unsigned short *)(&bprm->buf[2]));
10070 request_module(modname);
10071 #endif
10072 }
10073 }
10074 return retval;
10075 }
10076
10077
10078 /* sys_execve() executes a new program. */
10079 int do_execve(char * filename, char ** argv,
10080 char ** envp, struct pt_regs * regs)
10081 {
10082 struct linux_binprm bprm;
10083 struct dentry * dentry;
10084 int retval;
10085 int i;
10086
10087 bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
10088 for (i=0 ; i<MAX_ARG_PAGES ; i++) /* clear pg-tbl */
10089 bprm.page[i] = 0;
10090
10091 dentry = open_namei(filename, 0, 0);
10092 retval = PTR_ERR(dentry);
10093 if (IS_ERR(dentry))
10094 return retval;
10095
10096 bprm.dentry = dentry;
10097 bprm.filename = filename;
10098 bprm.sh_bang = 0;
10099 bprm.java = 0;
10100 bprm.loader = 0;
10101 bprm.exec = 0;
10102 if ((bprm.argc = count(argv)) < 0) {
10103 dput(dentry);
10104 return bprm.argc;
10105 }
10106
10107 if ((bprm.envc = count(envp)) < 0) {
10108 dput(dentry);
10109 return bprm.envc;
10110 }
10111
10112 retval = prepare_binprm(&bprm);
10113
10114 if (retval >= 0) {
10115 bprm.p = copy_strings(1, &bprm.filename, bprm.page,
10116 bprm.p, 2);
10117 bprm.exec = bprm.p;
10118 bprm.p = copy_strings(bprm.envc,envp,bprm.page,
10119 bprm.p,0);
10120 bprm.p = copy_strings(bprm.argc,argv,bprm.page,
10121 bprm.p,0);
10122 if (!bprm.p)
10123 retval = -E2BIG;
10124 }
10125
10126 if (retval >= 0)
10127 retval = search_binary_handler(&bprm,regs);
10128 if (retval >= 0)
10129 /* execve success */
10130 return retval;
10131
10132 /* Something went wrong, return the inode and free the
10133 * argument pages*/
10134 if (bprm.dentry)
10135 dput(bprm.dentry);
10136
10137 for (i=0 ; i<MAX_ARG_PAGES ; i++)
10138 free_page(bprm.page[i]);
10139
10140 return retval;
10141 }
Сайт управляется системой
uCoz