1/* 2 * linux/fs/exec.c 3 * 4 * Copyright (C) 1991, 1992 Linus Torvalds 5 */ 6 7/* 8 * #!-checking implemented by tytso. 9 */ 10/* 11 * Demand-loading implemented 01.12.91 - no need to read anything but 12 * the header into memory. The inode of the executable is put into 13 * "current->executable", and page faults do the actual loading. Clean. 14 * 15 * Once more I can proudly say that linux stood up to being changed: it 16 * was less than 2 hours work to get demand-loading completely implemented. 17 * 18 * Demand loading changed July 1993 by Eric Youngdale. Use mmap instead, 19 * current->executable is only used by the procfs. This allows a dispatch 20 * table to check for several different types of binary formats. We keep 21 * trying until we recognize the file or we run out of supported binary 22 * formats. 23 */ 24 25#include <linux/slab.h> 26#include <linux/file.h> 27#include <linux/fdtable.h> 28#include <linux/mm.h> 29#include <linux/vmacache.h> 30#include <linux/stat.h> 31#include <linux/fcntl.h> 32#include <linux/swap.h> 33#include <linux/string.h> 34#include <linux/init.h> 35#include <linux/pagemap.h> 36#include <linux/perf_event.h> 37#include <linux/highmem.h> 38#include <linux/spinlock.h> 39#include <linux/key.h> 40#include <linux/personality.h> 41#include <linux/binfmts.h> 42#include <linux/utsname.h> 43#include <linux/pid_namespace.h> 44#include <linux/module.h> 45#include <linux/namei.h> 46#include <linux/mount.h> 47#include <linux/security.h> 48#include <linux/syscalls.h> 49#include <linux/tsacct_kern.h> 50#include <linux/cn_proc.h> 51#include <linux/audit.h> 52#include <linux/tracehook.h> 53#include <linux/kmod.h> 54#include <linux/fsnotify.h> 55#include <linux/fs_struct.h> 56#include <linux/pipe_fs_i.h> 57#include <linux/oom.h> 58#include <linux/compat.h> 59 60#include <asm/uaccess.h> 61#include <asm/mmu_context.h> 62#include <asm/tlb.h> 63 64#include <trace/events/task.h> 65#include "internal.h" 66 67#include <trace/events/sched.h> 68 69intsuid_dumpable = 0; 70 71staticLIST_HEAD(formats); 72staticDEFINE_RWLOCK(binfmt_lock); 73 74void__register_binfmt(structlinux_binfmt *fmt, intinsert) 75{ 76BUG_ON(!fmt); 77 if (WARN_ON(!fmt->load_binary)) 78 return; 79write_lock(&binfmt_lock); 80insert ?list_add(&fmt->lh, &formats) : 81list_add_tail(&fmt->lh, &formats); 82write_unlock(&binfmt_lock); 83} 84 85EXPORT_SYMBOL(__register_binfmt); 86 87voidunregister_binfmt(structlinux_binfmt *fmt) 88{ 89write_lock(&binfmt_lock); 90list_del(&fmt->lh); 91write_unlock(&binfmt_lock); 92} 93 94EXPORT_SYMBOL(unregister_binfmt); 95 96staticinline voidput_binfmt(structlinux_binfmt *fmt) 97{ 98module_put(fmt->module); 99} 100 101#ifdefCONFIG_USELIB 102/* 103 * Note that a shared library must be both readable and executable due to 104 * security reasons. 105 * 106 * Also note that we take the address to load from from the file itself. 107 */ 108SYSCALL_DEFINE1(uselib, const char__user *,library) 109{ 110 structlinux_binfmt *fmt; 111 structfile *file; 112 structfilename *tmp =getname(library); 113 interror =PTR_ERR(tmp); 114 static const structopen_flagsuselib_flags = { 115 .open_flag =O_LARGEFILE |O_RDONLY |__FMODE_EXEC, 116 .acc_mode =MAY_READ |MAY_EXEC |MAY_OPEN, 117 .intent =LOOKUP_OPEN, 118 .lookup_flags =LOOKUP_FOLLOW, 119 }; 120 121 if (IS_ERR(tmp)) 122 gotoout; 123 124file =do_filp_open(AT_FDCWD,tmp, &uselib_flags); 125putname(tmp); 126error =PTR_ERR(file); 127 if (IS_ERR(file)) 128 gotoout; 129 130error = -EINVAL; 131 if (!S_ISREG(file_inode(file)->i_mode)) 132 gotoexit; 133 134error = -EACCES; 135 if (file->f_path.mnt->mnt_flags &MNT_NOEXEC) 136 gotoexit; 137 138fsnotify_open(file); 139 140error = -ENOEXEC; 141 142read_lock(&binfmt_lock); 143list_for_each_entry(fmt, &formats,lh) { 144 if (!fmt->load_shlib) 145 continue; 146 if (!try_module_get(fmt->module)) 147 continue; 148read_unlock(&binfmt_lock); 149error =fmt->load_shlib(file); 150read_lock(&binfmt_lock); 151put_binfmt(fmt); 152 if (error != -ENOEXEC) 153 break; 154 } 155read_unlock(&binfmt_lock); 156exit: 157fput(file); 158out: 159 returnerror; 160} 161#endif/* #ifdef CONFIG_USELIB */ 162 163#ifdefCONFIG_MMU 164/* 165 * The nascent bprm->mm is not visible until exec_mmap() but it can 166 * use a lot of memory, account these pages in current->mm temporary 167 * for oom_badness()->get_mm_rss(). Once exec succeeds or fails, we 168 * change the counter back via acct_arg_size(0). 169 */ 170static voidacct_arg_size(structlinux_binprm *bprm, unsigned longpages) 171{ 172 structmm_struct *mm =current->mm; 173 longdiff = (long)(pages -bprm->vma_pages); 174 175 if (!mm || !diff) 176 return; 177 178bprm->vma_pages =pages; 179add_mm_counter(mm,MM_ANONPAGES,diff); 180} 181 182static structpage *get_arg_page(structlinux_binprm *bprm, unsigned longpos, 183 intwrite) 184{ 185 structpage *page; 186 intret; 187 188#ifdefCONFIG_STACK_GROWSUP 189 if (write) { 190ret =expand_downwards(bprm->vma,pos); 191 if (ret < 0) 192 returnNULL; 193 } 194#endif 195ret =get_user_pages(current,bprm->mm,pos, 196 1,write, 1, &page,NULL); 197 if (ret <= 0) 198 returnNULL; 199 200 if (write) { 201 unsigned longsize =bprm->vma->vm_end -bprm->vma->vm_start; 202 structrlimit *rlim; 203 204acct_arg_size(bprm,size /PAGE_SIZE); 205 206/* 207 * We've historically supported up to 32 pages (ARG_MAX) 208 * of argument strings even with small stacks 209 */ 210 if (size <=ARG_MAX) 211 returnpage; 212 213/* 214 * Limit to 1/4-th the stack size for the argv+env strings. 215 * This ensures that: 216 * - the remaining binfmt code will not run out of stack space, 217 * - the program will have a reasonable amount of stack left 218 * to work from. 219 */ 220rlim =current->signal->rlim; 221 if (size >ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur) / 4) { 222put_page(page); 223 returnNULL; 224 } 225 } 226 227 returnpage; 228} 229 230static voidput_arg_page(structpage *page) 231{ 232put_page(page); 233} 234 235static voidfree_arg_page(structlinux_binprm *bprm, inti) 236{ 237} 238 239static voidfree_arg_pages(structlinux_binprm *bprm) 240{ 241} 242 243static voidflush_arg_page(structlinux_binprm *bprm, unsigned longpos, 244 structpage *page) 245{ 246flush_cache_page(bprm->vma,pos,page_to_pfn(page)); 247} 248 249static int__bprm_mm_init(structlinux_binprm *bprm) 250{ 251 interr; 252 structvm_area_struct *vma =NULL; 253 structmm_struct *mm =bprm->mm; 254 255bprm->vma =vma =kmem_cache_zalloc(vm_area_cachep,GFP_KERNEL); 256 if (!vma) 257 return -ENOMEM; 258 259down_write(&mm->mmap_sem); 260vma->vm_mm =mm; 261 262/* 263 * Place the stack at the largest stack address the architecture 264 * supports. Later, we'll move this to an appropriate place. We don't 265 * use STACK_TOP because that can depend on attributes which aren't 266 * configured yet. 267 */ 268BUILD_BUG_ON(VM_STACK_FLAGS &VM_STACK_INCOMPLETE_SETUP); 269vma->vm_end =STACK_TOP_MAX; 270vma->vm_start =vma->vm_end -PAGE_SIZE; 271vma->vm_flags =VM_SOFTDIRTY |VM_STACK_FLAGS |VM_STACK_INCOMPLETE_SETUP; 272vma->vm_page_prot =vm_get_page_prot(vma->vm_flags); 273INIT_LIST_HEAD(&vma->anon_vma_chain); 274 275err =insert_vm_struct(mm,vma); 276 if (err) 277 gotoerr; 278 279mm->stack_vm =mm->total_vm = 1; 280arch_bprm_mm_init(mm,vma); 281up_write(&mm->mmap_sem); 282bprm->p =vma->vm_end - sizeof(void *); 283 return 0; 284err: 285up_write(&mm->mmap_sem); 286bprm->vma =NULL; 287kmem_cache_free(vm_area_cachep,vma); 288 returnerr; 289} 290 291staticboolvalid_arg_len(structlinux_binprm *bprm, longlen) 292{ 293 returnlen <=MAX_ARG_STRLEN; 294} 295 296#else 297 298staticinline voidacct_arg_size(structlinux_binprm *bprm, unsigned longpages) 299{ 300} 301 302static structpage *get_arg_page(structlinux_binprm *bprm, unsigned longpos, 303 intwrite) 304{ 305 structpage *page; 306 307page =bprm->page[pos /PAGE_SIZE]; 308 if (!page &&write) { 309page =alloc_page(GFP_HIGHUSER|__GFP_ZERO); 310 if (!page) 311 returnNULL; 312bprm->page[pos /PAGE_SIZE] =page; 313 } 314 315 returnpage; 316} 317 318static voidput_arg_page(structpage *page) 319{ 320} 321 322static voidfree_arg_page(structlinux_binprm *bprm, inti) 323{ 324 if (bprm->page[i]) { 325__free_page(bprm->page[i]); 326bprm->page[i] =NULL; 327 } 328} 329 330static voidfree_arg_pages(structlinux_binprm *bprm) 331{ 332 inti; 333 334 for (i = 0;i <MAX_ARG_PAGES;i++) 335free_arg_page(bprm,i); 336} 337 338static voidflush_arg_page(structlinux_binprm *bprm, unsigned longpos, 339 structpage *page) 340{ 341} 342 343static int__bprm_mm_init(structlinux_binprm *bprm) 344{ 345bprm->p =PAGE_SIZE *MAX_ARG_PAGES - sizeof(void *); 346 return 0; 347} 348 349staticboolvalid_arg_len(structlinux_binprm *bprm, longlen) 350{ 351 returnlen <=bprm->p; 352} 353 354#endif/* CONFIG_MMU */ 355 356/* 357 * Create a new mm_struct and populate it with a temporary stack 358 * vm_area_struct. We don't have enough context at this point to set the stack 359 * flags, permissions, and offset, so we use temporary values. We'll update 360 * them later in setup_arg_pages(). 361 */ 362static intbprm_mm_init(structlinux_binprm *bprm) 363{ 364 interr; 365 structmm_struct *mm =NULL; 366 367bprm->mm =mm =mm_alloc(); 368err = -ENOMEM; 369 if (!mm) 370 gotoerr; 371 372err =__bprm_mm_init(bprm); 373 if (err) 374 gotoerr; 375 376 return 0; 377 378err: 379 if (mm) { 380bprm->mm =NULL; 381mmdrop(mm); 382 } 383 384 returnerr; 385} 386 387structuser_arg_ptr { 388#ifdefCONFIG_COMPAT 389boolis_compat; 390#endif 391 union { 392 const char__user *const__user *native; 393#ifdefCONFIG_COMPAT 394 constcompat_uptr_t__user *compat; 395#endif 396 }ptr; 397}; 398 399static const char__user *get_user_arg_ptr(structuser_arg_ptrargv, intnr) 400{ 401 const char__user *native; 402 403#ifdefCONFIG_COMPAT 404 if (unlikely(argv.is_compat)) { 405compat_uptr_tcompat; 406 407 if (get_user(compat,argv.ptr.compat +nr)) 408 returnERR_PTR(-EFAULT); 409 410 returncompat_ptr(compat); 411 } 412#endif 413 414 if (get_user(native,argv.ptr.native +nr)) 415 returnERR_PTR(-EFAULT); 416 417 returnnative; 418} 419 420/* 421 * count() counts the number of strings in array ARGV. 422 */ 423static intcount(structuser_arg_ptrargv, intmax) 424{ 425 inti = 0; 426 427 if (argv.ptr.native !=NULL) { 428 for (;;) { 429 const char__user *p =get_user_arg_ptr(argv,i); 430 431 if (!p) 432 break; 433 434 if (IS_ERR(p)) 435 return -EFAULT; 436 437 if (i >=max) 438 return -E2BIG; 439 ++i; 440 441 if (fatal_signal_pending(current)) 442 return -ERESTARTNOHAND; 443cond_resched(); 444 } 445 } 446 returni; 447} 448 449/* 450 * 'copy_strings()' copies argument/environment strings from the old 451 * processes's memory to the new process's stack. The call to get_user_pages() 452 * ensures the destination page is created and not swapped out. 453 */ 454static intcopy_strings(intargc, structuser_arg_ptrargv, 455 structlinux_binprm *bprm) 456{ 457 structpage *kmapped_page =NULL; 458 char *kaddr =NULL; 459 unsigned longkpos = 0; 460 intret; 461 462 while (argc-- > 0) { 463 const char__user *str; 464 intlen; 465 unsigned longpos; 466 467ret = -EFAULT; 468str =get_user_arg_ptr(argv,argc); 469 if (IS_ERR(str)) 470 gotoout; 471 472len =strnlen_user(str,MAX_ARG_STRLEN); 473 if (!len) 474 gotoout; 475 476ret = -E2BIG; 477 if (!valid_arg_len(bprm,len)) 478 gotoout; 479 480/* We're going to work our way backwords. */ 481pos =bprm->p; 482str +=len; 483bprm->p -=len; 484 485 while (len > 0) { 486 intoffset,bytes_to_copy; 487 488 if (fatal_signal_pending(current)) { 489ret = -ERESTARTNOHAND; 490 gotoout; 491 } 492cond_resched(); 493 494offset =pos %PAGE_SIZE; 495 if (offset == 0) 496offset =PAGE_SIZE; 497 498bytes_to_copy =offset; 499 if (bytes_to_copy >len) 500bytes_to_copy =len; 501 502offset -=bytes_to_copy; 503pos -=bytes_to_copy; 504str -=bytes_to_copy; 505len -=bytes_to_copy; 506 507 if (!kmapped_page ||kpos != (pos &PAGE_MASK)) { 508 structpage *page; 509 510page =get_arg_page(bprm,pos, 1); 511 if (!page) { 512ret = -E2BIG; 513 gotoout; 514 } 515 516 if (kmapped_page) { 517flush_kernel_dcache_page(kmapped_page); 518kunmap(kmapped_page); 519put_arg_page(kmapped_page); 520 } 521kmapped_page =page; 522kaddr =kmap(kmapped_page); 523kpos =pos &PAGE_MASK; 524flush_arg_page(bprm,kpos,kmapped_page); 525 } 526 if (copy_from_user(kaddr+offset,str,bytes_to_copy)) { 527ret = -EFAULT; 528 gotoout; 529 } 530 } 531 } 532ret = 0; 533out: 534 if (kmapped_page) { 535flush_kernel_dcache_page(kmapped_page); 536kunmap(kmapped_page); 537put_arg_page(kmapped_page); 538 } 539 returnret; 540} 541 542/* 543 * Like copy_strings, but get argv and its values from kernel memory. 544 */ 545intcopy_strings_kernel(intargc, const char *const *__argv, 546 structlinux_binprm *bprm) 547{ 548 intr; 549mm_segment_toldfs =get_fs(); 550 structuser_arg_ptrargv = { 551 .ptr.native = (const char__user *const__user *)__argv, 552 }; 553 554set_fs(KERNEL_DS); 555r =copy_strings(argc,argv,bprm); 556set_fs(oldfs); 557 558 returnr; 559} 560EXPORT_SYMBOL(copy_strings_kernel); 561 562#ifdefCONFIG_MMU 563 564/* 565 * During bprm_mm_init(), we create a temporary stack at STACK_TOP_MAX. Once 566 * the binfmt code determines where the new stack should reside, we shift it to 567 * its final location. The process proceeds as follows: 568 * 569 * 1) Use shift to calculate the new vma endpoints. 570 * 2) Extend vma to cover both the old and new ranges. This ensures the 571 * arguments passed to subsequent functions are consistent. 572 * 3) Move vma's page tables to the new range. 573 * 4) Free up any cleared pgd range. 574 * 5) Shrink the vma to cover only the new range. 575 */ 576static intshift_arg_pages(structvm_area_struct *vma, unsigned longshift) 577{ 578 structmm_struct *mm =vma->vm_mm; 579 unsigned longold_start =vma->vm_start; 580 unsigned longold_end =vma->vm_end; 581 unsigned longlength =old_end -old_start; 582 unsigned longnew_start =old_start -shift; 583 unsigned longnew_end =old_end -shift; 584 structmmu_gathertlb; 585 586BUG_ON(new_start >new_end); 587 588/* 589 * ensure there are no vmas between where we want to go 590 * and where we are 591 */ 592 if (vma !=find_vma(mm,new_start)) 593 return -EFAULT; 594 595/* 596 * cover the whole range: [new_start, old_end) 597 */ 598 if (vma_adjust(vma,new_start,old_end,vma->vm_pgoff,NULL)) 599 return -ENOMEM; 600 601/* 602 * move the page tables downwards, on failure we rely on 603 * process cleanup to remove whatever mess we made. 604 */ 605 if (length !=move_page_tables(vma,old_start, 606vma,new_start,length,false)) 607 return -ENOMEM; 608 609lru_add_drain(); 610tlb_gather_mmu(&tlb,mm,old_start,old_end); 611 if (new_end >old_start) { 612/* 613 * when the old and new regions overlap clear from new_end. 614 */ 615free_pgd_range(&tlb,new_end,old_end,new_end, 616vma->vm_next ?vma->vm_next->vm_start :USER_PGTABLES_CEILING); 617 } else { 618/* 619 * otherwise, clean from old_start; this is done to not touch 620 * the address space in [new_end, old_start) some architectures 621 * have constraints on va-space that make this illegal (IA64) - 622 * for the others its just a little faster. 623 */ 624free_pgd_range(&tlb,old_start,old_end,new_end, 625vma->vm_next ?vma->vm_next->vm_start :USER_PGTABLES_CEILING); 626 } 627tlb_finish_mmu(&tlb,old_start,old_end); 628 629/* 630 * Shrink the vma to just the new range. Always succeeds. 631 */ 632vma_adjust(vma,new_start,new_end,vma->vm_pgoff,NULL); 633 634 return 0; 635} 636 637/* 638 * Finalizes the stack vm_area_struct. The flags and permissions are updated, 639 * the stack is optionally relocated, and some extra space is added. 640 */ 641intsetup_arg_pages(structlinux_binprm *bprm, 642 unsigned longstack_top, 643 intexecutable_stack) 644{ 645 unsigned longret; 646 unsigned longstack_shift; 647 structmm_struct *mm =current->mm; 648 structvm_area_struct *vma =bprm->vma; 649 structvm_area_struct *prev =NULL; 650 unsigned longvm_flags; 651 unsigned longstack_base; 652 unsigned longstack_size; 653 unsigned longstack_expand; 654 unsigned longrlim_stack; 655 656#ifdefCONFIG_STACK_GROWSUP 657/* Limit stack size */ 658stack_base =rlimit_max(RLIMIT_STACK); 659 if (stack_base >STACK_SIZE_MAX) 660stack_base =STACK_SIZE_MAX; 661 662/* Make sure we didn't let the argument array grow too large. */ 663 if (vma->vm_end -vma->vm_start >stack_base) 664 return -ENOMEM; 665 666stack_base =PAGE_ALIGN(stack_top -stack_base); 667 668stack_shift =vma->vm_start -stack_base; 669mm->arg_start =bprm->p -stack_shift; 670bprm->p =vma->vm_end -stack_shift; 671#else 672stack_top =arch_align_stack(stack_top); 673stack_top =PAGE_ALIGN(stack_top); 674 675 if (unlikely(stack_top <mmap_min_addr) || 676unlikely(vma->vm_end -vma->vm_start >=stack_top -mmap_min_addr)) 677 return -ENOMEM; 678 679stack_shift =vma->vm_end -stack_top; 680 681bprm->p -=stack_shift; 682mm->arg_start =bprm->p; 683#endif 684 685 if (bprm->loader) 686bprm->loader -=stack_shift; 687bprm->exec -=stack_shift; 688 689down_write(&mm->mmap_sem); 690vm_flags =VM_STACK_FLAGS; 691 692/* 693 * Adjust stack execute permissions; explicitly enable for 694 * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone 695 * (arch default) otherwise. 696 */ 697 if (unlikely(executable_stack ==EXSTACK_ENABLE_X)) 698vm_flags |=VM_EXEC; 699 else if (executable_stack ==EXSTACK_DISABLE_X) 700vm_flags &= ~VM_EXEC; 701vm_flags |=mm->def_flags; 702vm_flags |=VM_STACK_INCOMPLETE_SETUP; 703 704ret =mprotect_fixup(vma, &prev,vma->vm_start,vma->vm_end, 705vm_flags); 706 if (ret) 707 gotoout_unlock; 708BUG_ON(prev !=vma); 709 710/* Move stack pages down in memory. */ 711 if (stack_shift) { 712ret =shift_arg_pages(vma,stack_shift); 713 if (ret) 714 gotoout_unlock; 715 } 716 717/* mprotect_fixup is overkill to remove the temporary stack flags */ 718vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP; 719 720stack_expand = 131072UL;/* randomly 32*4k (or 2*64k) pages */ 721stack_size =vma->vm_end -vma->vm_start; 722/* 723 * Align this down to a page boundary as expand_stack 724 * will align it up. 725 */ 726rlim_stack =rlimit(RLIMIT_STACK) &PAGE_MASK; 727#ifdefCONFIG_STACK_GROWSUP 728 if (stack_size +stack_expand >rlim_stack) 729stack_base =vma->vm_start +rlim_stack; 730 else 731stack_base =vma->vm_end +stack_expand; 732#else 733 if (stack_size +stack_expand >rlim_stack) 734stack_base =vma->vm_end -rlim_stack; 735 else 736stack_base =vma->vm_start -stack_expand; 737#endif 738current->mm->start_stack =bprm->p; 739ret =expand_stack(vma,stack_base); 740 if (ret) 741ret = -EFAULT; 742 743out_unlock: 744up_write(&mm->mmap_sem); 745 returnret; 746} 747EXPORT_SYMBOL(setup_arg_pages); 748 749#endif/* CONFIG_MMU */ 750 751static structfile *do_open_execat(intfd, structfilename *name, intflags) 752{ 753 structfile *file; 754 interr; 755 structopen_flagsopen_exec_flags = { 756 .open_flag =O_LARGEFILE |O_RDONLY |__FMODE_EXEC, 757 .acc_mode =MAY_EXEC |MAY_OPEN, 758 .intent =LOOKUP_OPEN, 759 .lookup_flags =LOOKUP_FOLLOW, 760 }; 761 762 if ((flags & ~(AT_SYMLINK_NOFOLLOW |AT_EMPTY_PATH)) != 0) 763 returnERR_PTR(-EINVAL); 764 if (flags &AT_SYMLINK_NOFOLLOW) 765open_exec_flags.lookup_flags &= ~LOOKUP_FOLLOW; 766 if (flags &AT_EMPTY_PATH) 767open_exec_flags.lookup_flags |=LOOKUP_EMPTY; 768 769file =do_filp_open(fd,name, &open_exec_flags); 770 if (IS_ERR(file)) 771 gotoout; 772 773err = -EACCES; 774 if (!S_ISREG(file_inode(file)->i_mode)) 775 gotoexit; 776 777 if (file->f_path.mnt->mnt_flags &MNT_NOEXEC) 778 gotoexit; 779 780err =deny_write_access(file); 781 if (err) 782 gotoexit; 783 784 if (name->name[0] !='\0') 785fsnotify_open(file); 786 787out: 788 returnfile; 789 790exit: 791fput(file); 792 returnERR_PTR(err); 793} 794 795structfile *open_exec(const char *name) 796{ 797 structfilenametmp = { .name =name }; 798 returndo_open_execat(AT_FDCWD, &tmp, 0); 799} 800EXPORT_SYMBOL(open_exec); 801 802intkernel_read(structfile *file,loff_toffset, 803 char *addr, unsigned longcount) 804{ 805mm_segment_told_fs; 806loff_tpos =offset; 807 intresult; 808 809old_fs =get_fs(); 810set_fs(get_ds()); 811/* The cast to a user pointer is valid due to the set_fs() */ 812result =vfs_read(file, (void__user *)addr,count, &pos); 813set_fs(old_fs); 814 returnresult; 815} 816 817EXPORT_SYMBOL(kernel_read); 818 819ssize_tread_code(structfile *file, unsigned longaddr,loff_tpos,size_tlen) 820{ 821ssize_tres =vfs_read(file, (void__user *)addr,len, &pos); 822 if (res > 0) 823flush_icache_range(addr,addr +len); 824 returnres; 825} 826EXPORT_SYMBOL(read_code); 827 828static intexec_mmap(structmm_struct *mm) 829{ 830 structtask_struct *tsk; 831 structmm_struct *old_mm, *active_mm; 832 833/* Notify parent that we're no longer interested in the old VM */ 834tsk =current; 835old_mm =current->mm; 836mm_release(tsk,old_mm); 837 838 if (old_mm) { 839sync_mm_rss(old_mm); 840/* 841 * Make sure that if there is a core dump in progress 842 * for the old mm, we get out and die instead of going 843 * through with the exec. We must hold mmap_sem around 844 * checking core_state and changing tsk->mm. 845 */ 846down_read(&old_mm->mmap_sem); 847 if (unlikely(old_mm->core_state)) { 848up_read(&old_mm->mmap_sem); 849 return -EINTR; 850 } 851 } 852task_lock(tsk); 853active_mm =tsk->active_mm; 854tsk->mm =mm; 855tsk->active_mm =mm; 856activate_mm(active_mm,mm); 857tsk->mm->vmacache_seqnum = 0; 858vmacache_flush(tsk); 859task_unlock(tsk); 860 if (old_mm) { 861up_read(&old_mm->mmap_sem); 862BUG_ON(active_mm !=old_mm); 863setmax_mm_hiwater_rss(&tsk->signal->maxrss,old_mm); 864mm_update_next_owner(old_mm); 865mmput(old_mm); 866 return 0; 867 } 868mmdrop(active_mm); 869 return 0; 870} 871 872/* 873 * This function makes sure the current process has its own signal table, 874 * so that flush_signal_handlers can later reset the handlers without 875 * disturbing other processes. (Other processes might share the signal 876 * table via the CLONE_SIGHAND option to clone().) 877 */ 878static intde_thread(structtask_struct *tsk) 879{ 880 structsignal_struct *sig =tsk->signal; 881 structsighand_struct *oldsighand =tsk->sighand; 882spinlock_t *lock = &oldsighand->siglock; 883 884 if (thread_group_empty(tsk)) 885 gotono_thread_group; 886 887/* 888 * Kill all other threads in the thread group. 889 */ 890spin_lock_irq(lock); 891 if (signal_group_exit(sig)) { 892/* 893 * Another group action in progress, just 894 * return so that the signal is processed. 895 */ 896spin_unlock_irq(lock); 897 return -EAGAIN; 898 } 899 900sig->group_exit_task =tsk; 901sig->notify_count =zap_other_threads(tsk); 902 if (!thread_group_leader(tsk)) 903sig->notify_count--; 904 905 while (sig->notify_count) { 906__set_current_state(TASK_KILLABLE); 907spin_unlock_irq(lock); 908schedule(); 909 if (unlikely(__fatal_signal_pending(tsk))) 910 gotokilled; 911spin_lock_irq(lock); 912 } 913spin_unlock_irq(lock); 914 915/* 916 * At this point all other threads have exited, all we have to 917 * do is to wait for the thread group leader to become inactive, 918 * and to assume its PID: 919 */ 920 if (!thread_group_leader(tsk)) { 921 structtask_struct *leader =tsk->group_leader; 922 923sig->notify_count = -1;/* for exit_notify() */ 924 for (;;) { 925threadgroup_change_begin(tsk); 926write_lock_irq(&tasklist_lock); 927 if (likely(leader->exit_state)) 928 break; 929__set_current_state(TASK_KILLABLE); 930write_unlock_irq(&tasklist_lock); 931threadgroup_change_end(tsk); 932schedule(); 933 if (unlikely(__fatal_signal_pending(tsk))) 934 gotokilled; 935 } 936 937/* 938 * The only record we have of the real-time age of a 939 * process, regardless of execs it's done, is start_time. 940 * All the past CPU time is accumulated in signal_struct 941 * from sister threads now dead. But in this non-leader 942 * exec, nothing survives from the original leader thread, 943 * whose birth marks the true age of this process now. 944 * When we take on its identity by switching to its PID, we 945 * also take its birthdate (always earlier than our own). 946 */ 947tsk->start_time =leader->start_time; 948tsk->real_start_time =leader->real_start_time; 949 950BUG_ON(!same_thread_group(leader,tsk)); 951BUG_ON(has_group_leader_pid(tsk)); 952/* 953 * An exec() starts a new thread group with the 954 * TGID of the previous thread group. Rehash the 955 * two threads with a switched PID, and release 956 * the former thread group leader: 957 */ 958 959/* Become a process group leader with the old leader's pid. 960 * The old leader becomes a thread of the this thread group. 961 * Note: The old leader also uses this pid until release_task 962 * is called. Odd but simple and correct. 963 */ 964tsk->pid =leader->pid; 965change_pid(tsk,PIDTYPE_PID,task_pid(leader)); 966transfer_pid(leader,tsk,PIDTYPE_PGID); 967transfer_pid(leader,tsk,PIDTYPE_SID); 968 969list_replace_rcu(&leader->tasks, &tsk->tasks); 970list_replace_init(&leader->sibling, &tsk->sibling); 971 972tsk->group_leader =tsk; 973leader->group_leader =tsk; 974 975tsk->exit_signal =SIGCHLD; 976leader->exit_signal = -1; 977 978BUG_ON(leader->exit_state !=EXIT_ZOMBIE); 979leader->exit_state =EXIT_DEAD; 980 981/* 982 * We are going to release_task()->ptrace_unlink() silently, 983 * the tracer can sleep in do_wait(). EXIT_DEAD guarantees 984 * the tracer wont't block again waiting for this thread. 985 */ 986 if (unlikely(leader->ptrace)) 987__wake_up_parent(leader,leader->parent); 988write_unlock_irq(&tasklist_lock); 989threadgroup_change_end(tsk); 990 991release_task(leader); 992 } 993 994sig->group_exit_task =NULL; 995sig->notify_count = 0; 996 997no_thread_group: 998/* we have changed execution domain */ 999tsk->exit_signal =SIGCHLD;10001001exit_itimers(sig);1002flush_itimer_signals();10031004 if (atomic_read(&oldsighand->count) != 1) {1005 structsighand_struct *newsighand;1006/*1007 * This ->sighand is shared with the CLONE_SIGHAND1008 * but not CLONE_THREAD task, switch to the new one.1009 */1010newsighand =kmem_cache_alloc(sighand_cachep,GFP_KERNEL);1011 if (!newsighand)1012 return -ENOMEM;10131014atomic_set(&newsighand->count, 1);1015memcpy(newsighand->action,oldsighand->action,1016 sizeof(newsighand->action));10171018write_lock_irq(&tasklist_lock);1019spin_lock(&oldsighand->siglock);1020rcu_assign_pointer(tsk->sighand,newsighand);1021spin_unlock(&oldsighand->siglock);1022write_unlock_irq(&tasklist_lock);10231024__cleanup_sighand(oldsighand);1025 }10261027BUG_ON(!thread_group_leader(tsk));1028 return 0;10291030killed:1031/* protects against exit_notify() and __exit_signal() */1032read_lock(&tasklist_lock);1033sig->group_exit_task =NULL;1034sig->notify_count = 0;1035read_unlock(&tasklist_lock);1036 return -EAGAIN;1037}10381039char *get_task_comm(char *buf, structtask_struct *tsk)1040{1041/* buf must be at least sizeof(tsk->comm) in size */1042task_lock(tsk);1043strncpy(buf,tsk->comm, sizeof(tsk->comm));1044task_unlock(tsk);1045 returnbuf;1046}1047EXPORT_SYMBOL_GPL(get_task_comm);10481049/*1050 * These functions flushes out all traces of the currently running executable1051 * so that a new one can be started1052 */10531054void__set_task_comm(structtask_struct *tsk, const char *buf,boolexec)1055{1056task_lock(tsk);1057trace_task_rename(tsk,buf);1058strlcpy(tsk->comm,buf, sizeof(tsk->comm));1059task_unlock(tsk);1060perf_event_comm(tsk,exec);1061}10621063intflush_old_exec(structlinux_binprm *bprm)1064{1065 intretval;10661067/*1068 * Make sure we have a private signal table and that1069 * we are unassociated from the previous thread group.1070 */1071retval =de_thread(current);1072 if (retval)1073 gotoout;10741075set_mm_exe_file(bprm->mm,bprm->file);1076/*1077 * Release all of the old mmap stuff1078 */1079acct_arg_size(bprm, 0);1080retval =exec_mmap(bprm->mm);1081 if (retval)1082 gotoout;10831084bprm->mm =NULL;/* We're using it now */10851086set_fs(USER_DS);1087current->flags &= ~(PF_RANDOMIZE |PF_FORKNOEXEC |PF_KTHREAD |1088PF_NOFREEZE |PF_NO_SETAFFINITY);1089flush_thread();1090current->personality &= ~bprm->per_clear;10911092 return 0;10931094out:1095 returnretval;1096}1097EXPORT_SYMBOL(flush_old_exec);10981099voidwould_dump(structlinux_binprm *bprm, structfile *file)1100{1101 if (inode_permission(file_inode(file),MAY_READ) < 0)1102bprm->interp_flags |=BINPRM_FLAGS_ENFORCE_NONDUMP;1103}1104EXPORT_SYMBOL(would_dump);11051106voidsetup_new_exec(structlinux_binprm *bprm)1107{1108arch_pick_mmap_layout(current->mm);11091110/* This is the point of no return */1111current->sas_ss_sp =current->sas_ss_size = 0;11121113 if (uid_eq(current_euid(),current_uid()) &&gid_eq(current_egid(),current_gid()))1114set_dumpable(current->mm,SUID_DUMP_USER);1115 else1116set_dumpable(current->mm,suid_dumpable);11171118perf_event_exec();1119__set_task_comm(current,kbasename(bprm->filename),true);11201121/* Set the new mm task size. We have to do that late because it may1122 * depend on TIF_32BIT which is only updated in flush_thread() on1123 * some architectures like powerpc1124 */1125current->mm->task_size =TASK_SIZE;11261127/* install the new credentials */1128 if (!uid_eq(bprm->cred->uid,current_euid()) ||1129 !gid_eq(bprm->cred->gid,current_egid())) {1130current->pdeath_signal = 0;1131 } else {1132would_dump(bprm,bprm->file);1133 if (bprm->interp_flags &BINPRM_FLAGS_ENFORCE_NONDUMP)1134set_dumpable(current->mm,suid_dumpable);1135 }11361137/* An exec changes our domain. We are no longer part of the thread1138 group */1139current->self_exec_id++;1140flush_signal_handlers(current, 0);1141do_close_on_exec(current->files);1142}1143EXPORT_SYMBOL(setup_new_exec);11441145/*1146 * Prepare credentials and lock ->cred_guard_mutex.1147 * install_exec_creds() commits the new creds and drops the lock.1148 * Or, if exec fails before, free_bprm() should release ->cred and1149 * and unlock.1150 */1151intprepare_bprm_creds(structlinux_binprm *bprm)1152{1153 if (mutex_lock_interruptible(¤t->signal->cred_guard_mutex))1154 return -ERESTARTNOINTR;11551156bprm->cred =prepare_exec_creds();1157 if (likely(bprm->cred))1158 return 0;11591160mutex_unlock(¤t->signal->cred_guard_mutex);1161 return -ENOMEM;1162}11631164static voidfree_bprm(structlinux_binprm *bprm)1165{1166free_arg_pages(bprm);1167 if (bprm->cred) {1168mutex_unlock(¤t->signal->cred_guard_mutex);1169abort_creds(bprm->cred);1170 }1171 if (bprm->file) {1172allow_write_access(bprm->file);1173fput(bprm->file);1174 }1175/* If a binfmt changed the interp, free it. */1176 if (bprm->interp !=bprm->filename)1177kfree(bprm->interp);1178kfree(bprm);1179}11801181intbprm_change_interp(char *interp, structlinux_binprm *bprm)1182{1183/* If a binfmt changed the interp, free it first. */1184 if (bprm->interp !=bprm->filename)1185kfree(bprm->interp);1186bprm->interp =kstrdup(interp,GFP_KERNEL);1187 if (!bprm->interp)1188 return -ENOMEM;1189 return 0;1190}1191EXPORT_SYMBOL(bprm_change_interp);11921193/*1194 * install the new credentials for this executable1195 */1196voidinstall_exec_creds(structlinux_binprm *bprm)1197{1198security_bprm_committing_creds(bprm);11991200commit_creds(bprm->cred);1201bprm->cred =NULL;12021203/*1204 * Disable monitoring for regular users1205 * when executing setuid binaries. Must1206 * wait until new credentials are committed1207 * by commit_creds() above1208 */1209 if (get_dumpable(current->mm) !=SUID_DUMP_USER)1210perf_event_exit_task(current);1211/*1212 * cred_guard_mutex must be held at least to this point to prevent1213 * ptrace_attach() from altering our determination of the task's1214 * credentials; any time after this it may be unlocked.1215 */1216security_bprm_committed_creds(bprm);1217mutex_unlock(¤t->signal->cred_guard_mutex);1218}1219EXPORT_SYMBOL(install_exec_creds);12201221/*1222 * determine how safe it is to execute the proposed program1223 * - the caller must hold ->cred_guard_mutex to protect against1224 * PTRACE_ATTACH or seccomp thread-sync1225 */1226static voidcheck_unsafe_exec(structlinux_binprm *bprm)1227{1228 structtask_struct *p =current, *t;1229 unsignedn_fs;12301231 if (p->ptrace) {1232 if (p->ptrace &PT_PTRACE_CAP)1233bprm->unsafe |=LSM_UNSAFE_PTRACE_CAP;1234 else1235bprm->unsafe |=LSM_UNSAFE_PTRACE;1236 }12371238/*1239 * This isn't strictly necessary, but it makes it harder for LSMs to1240 * mess up.1241 */1242 if (task_no_new_privs(current))1243bprm->unsafe |=LSM_UNSAFE_NO_NEW_PRIVS;12441245t =p;1246n_fs = 1;1247spin_lock(&p->fs->lock);1248rcu_read_lock();1249while_each_thread(p,t) {1250 if (t->fs ==p->fs)1251n_fs++;1252 }1253rcu_read_unlock();12541255 if (p->fs->users >n_fs)1256bprm->unsafe |=LSM_UNSAFE_SHARE;1257 else1258p->fs->in_exec = 1;1259spin_unlock(&p->fs->lock);1260}12611262/*1263 * Fill the binprm structure from the inode.1264 * Check permissions, then read the first 128 (BINPRM_BUF_SIZE) bytes1265 *1266 * This may be called multiple times for binary chains (scripts for example).1267 */1268intprepare_binprm(structlinux_binprm *bprm)1269{1270 structinode *inode =file_inode(bprm->file);1271umode_tmode =inode->i_mode;1272 intretval;127312741275/* clear any previous set[ug]id data from a previous binary */1276bprm->cred->euid =current_euid();1277bprm->cred->egid =current_egid();12781279 if (!(bprm->file->f_path.mnt->mnt_flags &MNT_NOSUID) &&1280 !task_no_new_privs(current) &&1281kuid_has_mapping(bprm->cred->user_ns,inode->i_uid) &&1282kgid_has_mapping(bprm->cred->user_ns,inode->i_gid)) {1283/* Set-uid? */1284 if (mode &S_ISUID) {1285bprm->per_clear |=PER_CLEAR_ON_SETID;1286bprm->cred->euid =inode->i_uid;1287 }12881289/* Set-gid? */1290/*1291 * If setgid is set but no group execute bit then this1292 * is a candidate for mandatory locking, not a setgid1293 * executable.1294 */1295 if ((mode & (S_ISGID |S_IXGRP)) == (S_ISGID |S_IXGRP)) {1296bprm->per_clear |=PER_CLEAR_ON_SETID;1297bprm->cred->egid =inode->i_gid;1298 }1299 }13001301/* fill in binprm security blob */1302retval =security_bprm_set_creds(bprm);1303 if (retval)1304 returnretval;1305bprm->cred_prepared = 1;13061307memset(bprm->buf, 0,BINPRM_BUF_SIZE);1308 returnkernel_read(bprm->file, 0,bprm->buf,BINPRM_BUF_SIZE);1309}13101311EXPORT_SYMBOL(prepare_binprm);13121313/*1314 * Arguments are '\0' separated strings found at the location bprm->p1315 * points to; chop off the first by relocating brpm->p to right after1316 * the first '\0' encountered.1317 */1318intremove_arg_zero(structlinux_binprm *bprm)1319{1320 intret = 0;1321 unsigned longoffset;1322 char *kaddr;1323 structpage *page;13241325 if (!bprm->argc)1326 return 0;13271328 do {1329offset =bprm->p & ~PAGE_MASK;1330page =get_arg_page(bprm,bprm->p, 0);1331 if (!page) {1332ret = -EFAULT;1333 gotoout;1334 }1335kaddr =kmap_atomic(page);13361337 for (;offset <PAGE_SIZE &&kaddr[offset];1338offset++,bprm->p++)1339 ;13401341kunmap_atomic(kaddr);1342put_arg_page(page);13431344 if (offset ==PAGE_SIZE)1345free_arg_page(bprm, (bprm->p >>PAGE_SHIFT) - 1);1346 } while (offset ==PAGE_SIZE);13471348bprm->p++;1349bprm->argc--;1350ret = 0;13511352out:1353 returnret;1354}1355EXPORT_SYMBOL(remove_arg_zero);13561357#defineprintable(c) (((c)=='\t') || ((c)=='\n') || (0x20<=(c) && (c)<=0x7e))1358/*1359 * cycle the list of binary formats handler, until one recognizes the image1360 */1361intsearch_binary_handler(structlinux_binprm *bprm)1362{1363boolneed_retry =IS_ENABLED(CONFIG_MODULES);1364 structlinux_binfmt *fmt;1365 intretval;13661367/* This allows 4 levels of binfmt rewrites before failing hard. */1368 if (bprm->recursion_depth > 5)1369 return -ELOOP;13701371retval =security_bprm_check(bprm);1372 if (retval)1373 returnretval;13741375retval = -ENOENT;1376retry:1377read_lock(&binfmt_lock);1378list_for_each_entry(fmt, &formats,lh) {1379 if (!try_module_get(fmt->module))1380 continue;1381read_unlock(&binfmt_lock);1382bprm->recursion_depth++;1383retval =fmt->load_binary(bprm);1384read_lock(&binfmt_lock);1385put_binfmt(fmt);1386bprm->recursion_depth--;1387 if (retval < 0 && !bprm->mm) {1388/* we got to flush_old_exec() and failed after it */1389read_unlock(&binfmt_lock);1390force_sigsegv(SIGSEGV,current);1391 returnretval;1392 }1393 if (retval != -ENOEXEC || !bprm->file) {1394read_unlock(&binfmt_lock);1395 returnretval;1396 }1397 }1398read_unlock(&binfmt_lock);13991400 if (need_retry) {1401 if (printable(bprm->buf[0]) &&printable(bprm->buf[1]) &&1402printable(bprm->buf[2]) &&printable(bprm->buf[3]))1403 returnretval;1404 if (request_module("binfmt-%04x", *(ushort *)(bprm->buf + 2)) < 0)1405 returnretval;1406need_retry =false;1407 gotoretry;1408 }14091410 returnretval;1411}1412EXPORT_SYMBOL(search_binary_handler);14131414static intexec_binprm(structlinux_binprm *bprm)1415{1416pid_told_pid,old_vpid;1417 intret;14181419/* Need to fetch pid before load_binary changes it */1420old_pid =current->pid;1421rcu_read_lock();1422old_vpid =task_pid_nr_ns(current,task_active_pid_ns(current->parent));1423rcu_read_unlock();14241425ret =search_binary_handler(bprm);1426 if (ret >= 0) {1427audit_bprm(bprm);1428trace_sched_process_exec(current,old_pid,bprm);1429ptrace_event(PTRACE_EVENT_EXEC,old_vpid);1430proc_exec_connector(current);1431 }14321433 returnret;1434}14351436/*1437 * sys_execve() executes a new program.1438 */1439static intdo_execveat_common(intfd, structfilename *filename,1440 structuser_arg_ptrargv,1441 structuser_arg_ptrenvp,1442 intflags)1443{1444 char *pathbuf =NULL;1445 structlinux_binprm *bprm;1446 structfile *file;1447 structfiles_struct *displaced;1448 intretval;14491450 if (IS_ERR(filename))1451 returnPTR_ERR(filename);14521453/*1454 * We move the actual failure in case of RLIMIT_NPROC excess from1455 * set*uid() to execve() because too many poorly written programs1456 * don't check setuid() return code. Here we additionally recheck1457 * whether NPROC limit is still exceeded.1458 */1459 if ((current->flags &PF_NPROC_EXCEEDED) &&1460atomic_read(¤t_user()->processes) >rlimit(RLIMIT_NPROC)) {1461retval = -EAGAIN;1462 gotoout_ret;1463 }14641465/* We're below the limit (still or again), so we don't want to make1466 * further execve() calls fail. */1467current->flags &= ~PF_NPROC_EXCEEDED;14681469retval =unshare_files(&displaced);1470 if (retval)1471 gotoout_ret;14721473retval = -ENOMEM;1474bprm =kzalloc(sizeof(*bprm),GFP_KERNEL);1475 if (!bprm)1476 gotoout_files;14771478retval =prepare_bprm_creds(bprm);1479 if (retval)1480 gotoout_free;14811482check_unsafe_exec(bprm);1483current->in_execve = 1;14841485file =do_open_execat(fd,filename,flags);1486retval =PTR_ERR(file);1487 if (IS_ERR(file))1488 gotoout_unmark;14891490sched_exec();14911492bprm->file =file;1493 if (fd ==AT_FDCWD ||filename->name[0] =='/') {1494bprm->filename =filename->name;1495 } else {1496 if (filename->name[0] =='\0')1497pathbuf =kasprintf(GFP_TEMPORARY,"/dev/fd/%d",fd);1498 else1499pathbuf =kasprintf(GFP_TEMPORARY,"/dev/fd/%d/%s",1500fd,filename->name);1501 if (!pathbuf) {1502retval = -ENOMEM;1503 gotoout_unmark;1504 }1505/*1506 * Record that a name derived from an O_CLOEXEC fd will be1507 * inaccessible after exec. Relies on having exclusive access to1508 * current->files (due to unshare_files above).1509 */1510 if (close_on_exec(fd,rcu_dereference_raw(current->files->fdt)))1511bprm->interp_flags |=BINPRM_FLAGS_PATH_INACCESSIBLE;1512bprm->filename =pathbuf;1513 }1514bprm->interp =bprm->filename;15151516retval =bprm_mm_init(bprm);1517 if (retval)1518 gotoout_unmark;15191520bprm->argc =count(argv,MAX_ARG_STRINGS);1521 if ((retval =bprm->argc) < 0)1522 gotoout;15231524bprm->envc =count(envp,MAX_ARG_STRINGS);1525 if ((retval =bprm->envc) < 0)1526 gotoout;15271528retval =prepare_binprm(bprm);1529 if (retval < 0)1530 gotoout;15311532retval =copy_strings_kernel(1, &bprm->filename,bprm);1533 if (retval < 0)1534 gotoout;15351536bprm->exec =bprm->p;1537retval =copy_strings(bprm->envc,envp,bprm);1538 if (retval < 0)1539 gotoout;15401541retval =copy_strings(bprm->argc,argv,bprm);1542 if (retval < 0)1543 gotoout;15441545retval =exec_binprm(bprm);1546 if (retval < 0)1547 gotoout;15481549/* execve succeeded */1550current->fs->in_exec = 0;1551current->in_execve = 0;1552acct_update_integrals(current);1553task_numa_free(current);1554free_bprm(bprm);1555kfree(pathbuf);1556putname(filename);1557 if (displaced)1558put_files_struct(displaced);1559 returnretval;15601561out:1562 if (bprm->mm) {1563acct_arg_size(bprm, 0);1564mmput(bprm->mm);1565 }15661567out_unmark:1568current->fs->in_exec = 0;1569current->in_execve = 0;15701571out_free:1572free_bprm(bprm);1573kfree(pathbuf);15741575out_files:1576 if (displaced)1577reset_files_struct(displaced);1578out_ret:1579putname(filename);1580 returnretval;1581}15821583intdo_execve(structfilename *filename,1584 const char__user *const__user *__argv,1585 const char__user *const__user *__envp)1586{1587 structuser_arg_ptrargv = { .ptr.native =__argv };1588 structuser_arg_ptrenvp = { .ptr.native =__envp };1589 returndo_execveat_common(AT_FDCWD,filename,argv,envp, 0);1590}15911592intdo_execveat(intfd, structfilename *filename,1593 const char__user *const__user *__argv,1594 const char__user *const__user *__envp,1595 intflags)1596{1597 structuser_arg_ptrargv = { .ptr.native =__argv };1598 structuser_arg_ptrenvp = { .ptr.native =__envp };15991600 returndo_execveat_common(fd,filename,argv,envp,flags);1601}16021603#ifdefCONFIG_COMPAT1604static intcompat_do_execve(structfilename *filename,1605 constcompat_uptr_t__user *__argv,1606 constcompat_uptr_t__user *__envp)1607{1608 structuser_arg_ptrargv = {1609 .is_compat =true,1610 .ptr.compat =__argv,1611 };1612 structuser_arg_ptrenvp = {1613 .is_compat =true,1614 .ptr.compat =__envp,1615 };1616 returndo_execveat_common(AT_FDCWD,filename,argv,envp, 0);1617}16181619static intcompat_do_execveat(intfd, structfilename *filename,1620 constcompat_uptr_t__user *__argv,1621 constcompat_uptr_t__user *__envp,1622 intflags)1623{1624 structuser_arg_ptrargv = {1625 .is_compat =true,1626 .ptr.compat =__argv,1627 };1628 structuser_arg_ptrenvp = {1629 .is_compat =true,1630 .ptr.compat =__envp,1631 };1632 returndo_execveat_common(fd,filename,argv,envp,flags);1633}1634#endif16351636voidset_binfmt(structlinux_binfmt *new)1637{1638 structmm_struct *mm =current->mm;16391640 if (mm->binfmt)1641module_put(mm->binfmt->module);16421643mm->binfmt =new;1644 if (new)1645__module_get(new->module);1646}1647EXPORT_SYMBOL(set_binfmt);16481649/*1650 * set_dumpable stores three-value SUID_DUMP_* into mm->flags.1651 */1652voidset_dumpable(structmm_struct *mm, intvalue)1653{1654 unsigned longold,new;16551656 if (WARN_ON((unsigned)value >SUID_DUMP_ROOT))1657 return;16581659 do {1660old =ACCESS_ONCE(mm->flags);1661new = (old & ~MMF_DUMPABLE_MASK) |value;1662 } while (cmpxchg(&mm->flags,old,new) !=old);1663}16641665SYSCALL_DEFINE3(execve,1666 const char__user *,filename,1667 const char__user *const__user *,argv,1668 const char__user *const__user *,envp)1669{1670 returndo_execve(getname(filename),argv,envp);1671}16721673SYSCALL_DEFINE5(execveat,1674 int,fd, const char__user *,filename,1675 const char__user *const__user *,argv,1676 const char__user *const__user *,envp,1677 int,flags)1678{1679 intlookup_flags = (flags &AT_EMPTY_PATH) ?LOOKUP_EMPTY : 0;16801681 returndo_execveat(fd,1682getname_flags(filename,lookup_flags,NULL),1683argv,envp,flags);1684}16851686#ifdefCONFIG_COMPAT1687COMPAT_SYSCALL_DEFINE3(execve, const char__user *,filename,1688 constcompat_uptr_t__user *,argv,1689 constcompat_uptr_t__user *,envp)1690{1691 returncompat_do_execve(getname(filename),argv,envp);1692}16931694COMPAT_SYSCALL_DEFINE5(execveat, int,fd,1695 const char__user *,filename,1696 constcompat_uptr_t__user *,argv,1697 constcompat_uptr_t__user *,envp,1698 int,flags)1699{1700 intlookup_flags = (flags &AT_EMPTY_PATH) ?LOOKUP_EMPTY : 0;17011702 returncompat_do_execveat(fd,1703getname_flags(filename,lookup_flags,NULL),1704argv,envp,flags);1705}1706#endif1707
