File: /usr/src/linux/fs/exec.c
1 /*
2 * linux/fs/exec.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7 /*
8 * #!-checking implemented by tytso.
9 */
10 /*
11 * Demand-loading implemented 01.12.91 - no need to read anything but
12 * the header into memory. The inode of the executable is put into
13 * "current->executable", and page faults do the actual loading. Clean.
14 *
15 * Once more I can proudly say that linux stood up to being changed: it
16 * was less than 2 hours work to get demand-loading completely implemented.
17 *
18 * Demand loading changed July 1993 by Eric Youngdale. Use mmap instead,
19 * current->executable is only used by the procfs. This allows a dispatch
20 * table to check for several different types of binary formats. We keep
21 * trying until we recognize the file or we run out of supported binary
22 * formats.
23 */
24
25 #include <linux/config.h>
26 #include <linux/slab.h>
27 #include <linux/file.h>
28 #include <linux/mman.h>
29 #include <linux/a.out.h>
30 #include <linux/stat.h>
31 #include <linux/fcntl.h>
32 #include <linux/smp_lock.h>
33 #include <linux/init.h>
34 #include <linux/pagemap.h>
35 #include <linux/highmem.h>
36 #include <linux/spinlock.h>
37 #include <linux/personality.h>
38 #define __NO_VERSION__
39 #include <linux/module.h>
40
41 #include <asm/uaccess.h>
42 #include <asm/pgalloc.h>
43 #include <asm/mmu_context.h>
44
45 #ifdef CONFIG_KMOD
46 #include <linux/kmod.h>
47 #endif
48
49 int core_uses_pid;
50
51 static struct linux_binfmt *formats;
52 static rwlock_t binfmt_lock = RW_LOCK_UNLOCKED;
53
54 int register_binfmt(struct linux_binfmt * fmt)
55 {
56 struct linux_binfmt ** tmp = &formats;
57
58 if (!fmt)
59 return -EINVAL;
60 if (fmt->next)
61 return -EBUSY;
62 write_lock(&binfmt_lock);
63 while (*tmp) {
64 if (fmt == *tmp) {
65 write_unlock(&binfmt_lock);
66 return -EBUSY;
67 }
68 tmp = &(*tmp)->next;
69 }
70 fmt->next = formats;
71 formats = fmt;
72 write_unlock(&binfmt_lock);
73 return 0;
74 }
75
76 int unregister_binfmt(struct linux_binfmt * fmt)
77 {
78 struct linux_binfmt ** tmp = &formats;
79
80 write_lock(&binfmt_lock);
81 while (*tmp) {
82 if (fmt == *tmp) {
83 *tmp = fmt->next;
84 write_unlock(&binfmt_lock);
85 return 0;
86 }
87 tmp = &(*tmp)->next;
88 }
89 write_unlock(&binfmt_lock);
90 return -EINVAL;
91 }
92
93 static inline void put_binfmt(struct linux_binfmt * fmt)
94 {
95 if (fmt->module)
96 __MOD_DEC_USE_COUNT(fmt->module);
97 }
98
99 /*
100 * Note that a shared library must be both readable and executable due to
101 * security reasons.
102 *
103 * Also note that we take the address to load from from the file itself.
104 */
105 asmlinkage long sys_uselib(const char * library)
106 {
107 struct file * file;
108 struct nameidata nd;
109 int error;
110
111 error = user_path_walk(library, &nd);
112 if (error)
113 goto out;
114
115 error = -EINVAL;
116 if (!S_ISREG(nd.dentry->d_inode->i_mode))
117 goto exit;
118
119 error = permission(nd.dentry->d_inode, MAY_READ | MAY_EXEC);
120 if (error)
121 goto exit;
122
123 file = dentry_open(nd.dentry, nd.mnt, O_RDONLY);
124 error = PTR_ERR(file);
125 if (IS_ERR(file))
126 goto out;
127
128 error = -ENOEXEC;
129 if(file->f_op && file->f_op->read) {
130 struct linux_binfmt * fmt;
131
132 read_lock(&binfmt_lock);
133 for (fmt = formats ; fmt ; fmt = fmt->next) {
134 if (!fmt->load_shlib)
135 continue;
136 if (!try_inc_mod_count(fmt->module))
137 continue;
138 read_unlock(&binfmt_lock);
139 error = fmt->load_shlib(file);
140 read_lock(&binfmt_lock);
141 put_binfmt(fmt);
142 if (error != -ENOEXEC)
143 break;
144 }
145 read_unlock(&binfmt_lock);
146 }
147 fput(file);
148 out:
149 return error;
150 exit:
151 path_release(&nd);
152 goto out;
153 }
154
155 /*
156 * count() counts the number of arguments/envelopes
157 */
158 static int count(char ** argv, int max)
159 {
160 int i = 0;
161
162 if (argv != NULL) {
163 for (;;) {
164 char * p;
165
166 if (get_user(p, argv))
167 return -EFAULT;
168 if (!p)
169 break;
170 argv++;
171 if(++i > max)
172 return -E2BIG;
173 }
174 }
175 return i;
176 }
177
178 /*
179 * 'copy_strings()' copies argument/envelope strings from user
180 * memory to free pages in kernel mem. These are in a format ready
181 * to be put directly into the top of new user memory.
182 */
183 int copy_strings(int argc,char ** argv, struct linux_binprm *bprm)
184 {
185 while (argc-- > 0) {
186 char *str;
187 int len;
188 unsigned long pos;
189
190 if (get_user(str, argv+argc) || !(len = strnlen_user(str, bprm->p)))
191 return -EFAULT;
192 if (bprm->p < len)
193 return -E2BIG;
194
195 bprm->p -= len;
196 /* XXX: add architecture specific overflow check here. */
197
198 pos = bprm->p;
199 while (len > 0) {
200 char *kaddr;
201 int i, new, err;
202 struct page *page;
203 int offset, bytes_to_copy;
204
205 offset = pos % PAGE_SIZE;
206 i = pos/PAGE_SIZE;
207 page = bprm->page[i];
208 new = 0;
209 if (!page) {
210 page = alloc_page(GFP_HIGHUSER);
211 bprm->page[i] = page;
212 if (!page)
213 return -ENOMEM;
214 new = 1;
215 }
216 kaddr = kmap(page);
217
218 if (new && offset)
219 memset(kaddr, 0, offset);
220 bytes_to_copy = PAGE_SIZE - offset;
221 if (bytes_to_copy > len) {
222 bytes_to_copy = len;
223 if (new)
224 memset(kaddr+offset+len, 0, PAGE_SIZE-offset-len);
225 }
226 err = copy_from_user(kaddr + offset, str, bytes_to_copy);
227 kunmap(page);
228
229 if (err)
230 return -EFAULT;
231
232 pos += bytes_to_copy;
233 str += bytes_to_copy;
234 len -= bytes_to_copy;
235 }
236 }
237 return 0;
238 }
239
240 /*
241 * Like copy_strings, but get argv and its values from kernel memory.
242 */
243 int copy_strings_kernel(int argc,char ** argv, struct linux_binprm *bprm)
244 {
245 int r;
246 mm_segment_t oldfs = get_fs();
247 set_fs(KERNEL_DS);
248 r = copy_strings(argc, argv, bprm);
249 set_fs(oldfs);
250 return r;
251 }
252
253 /*
254 * This routine is used to map in a page into an address space: needed by
255 * execve() for the initial stack and environment pages.
256 *
257 * tsk->mmap_sem is held for writing.
258 */
259 void put_dirty_page(struct task_struct * tsk, struct page *page, unsigned long address)
260 {
261 pgd_t * pgd;
262 pmd_t * pmd;
263 pte_t * pte;
264
265 if (page_count(page) != 1)
266 printk(KERN_ERR "mem_map disagrees with %p at %08lx\n", page, address);
267 pgd = pgd_offset(tsk->mm, address);
268
269 spin_lock(&tsk->mm->page_table_lock);
270 pmd = pmd_alloc(tsk->mm, pgd, address);
271 if (!pmd)
272 goto out;
273 pte = pte_alloc(tsk->mm, pmd, address);
274 if (!pte)
275 goto out;
276 if (!pte_none(*pte))
277 goto out;
278 flush_dcache_page(page);
279 flush_page_to_ram(page);
280 set_pte(pte, pte_mkdirty(pte_mkwrite(mk_pte(page, PAGE_COPY))));
281 tsk->mm->rss++;
282 spin_unlock(&tsk->mm->page_table_lock);
283
284 /* no need for flush_tlb */
285 return;
286 out:
287 spin_unlock(&tsk->mm->page_table_lock);
288 __free_page(page);
289 force_sig(SIGKILL, tsk);
290 return;
291 }
292
293 int setup_arg_pages(struct linux_binprm *bprm)
294 {
295 unsigned long stack_base;
296 struct vm_area_struct *mpnt;
297 int i;
298
299 stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE;
300
301 bprm->p += stack_base;
302 if (bprm->loader)
303 bprm->loader += stack_base;
304 bprm->exec += stack_base;
305
306 mpnt = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
307 if (!mpnt)
308 return -ENOMEM;
309
310 down_write(¤t->mm->mmap_sem);
311 {
312 mpnt->vm_mm = current->mm;
313 mpnt->vm_start = PAGE_MASK & (unsigned long) bprm->p;
314 mpnt->vm_end = STACK_TOP;
315 mpnt->vm_page_prot = PAGE_COPY;
316 mpnt->vm_flags = VM_STACK_FLAGS;
317 mpnt->vm_ops = NULL;
318 mpnt->vm_pgoff = 0;
319 mpnt->vm_file = NULL;
320 mpnt->vm_private_data = (void *) 0;
321 insert_vm_struct(current->mm, mpnt);
322 current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
323 }
324
325 for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
326 struct page *page = bprm->page[i];
327 if (page) {
328 bprm->page[i] = NULL;
329 put_dirty_page(current,page,stack_base);
330 }
331 stack_base += PAGE_SIZE;
332 }
333 up_write(¤t->mm->mmap_sem);
334
335 return 0;
336 }
337
338 struct file *open_exec(const char *name)
339 {
340 struct nameidata nd;
341 struct inode *inode;
342 struct file *file;
343 int err = 0;
344
345 if (path_init(name, LOOKUP_FOLLOW|LOOKUP_POSITIVE, &nd))
346 err = path_walk(name, &nd);
347 file = ERR_PTR(err);
348 if (!err) {
349 inode = nd.dentry->d_inode;
350 file = ERR_PTR(-EACCES);
351 if (!(nd.mnt->mnt_flags & MNT_NOEXEC) &&
352 S_ISREG(inode->i_mode)) {
353 int err = permission(inode, MAY_EXEC);
354 if (!err && !(inode->i_mode & 0111))
355 err = -EACCES;
356 file = ERR_PTR(err);
357 if (!err) {
358 file = dentry_open(nd.dentry, nd.mnt, O_RDONLY);
359 if (!IS_ERR(file)) {
360 err = deny_write_access(file);
361 if (err) {
362 fput(file);
363 file = ERR_PTR(err);
364 }
365 }
366 out:
367 return file;
368 }
369 }
370 path_release(&nd);
371 }
372 goto out;
373 }
374
375 int kernel_read(struct file *file, unsigned long offset,
376 char * addr, unsigned long count)
377 {
378 mm_segment_t old_fs;
379 loff_t pos = offset;
380 int result = -ENOSYS;
381
382 if (!file->f_op->read)
383 goto fail;
384 old_fs = get_fs();
385 set_fs(get_ds());
386 result = file->f_op->read(file, addr, count, &pos);
387 set_fs(old_fs);
388 fail:
389 return result;
390 }
391
392 static int exec_mmap(void)
393 {
394 struct mm_struct * mm, * old_mm;
395
396 old_mm = current->mm;
397 if (old_mm && atomic_read(&old_mm->mm_users) == 1) {
398 mm_release();
399 exit_mmap(old_mm);
400 return 0;
401 }
402
403 mm = mm_alloc();
404 if (mm) {
405 struct mm_struct *active_mm;
406
407 if (init_new_context(current, mm)) {
408 mmdrop(mm);
409 return -ENOMEM;
410 }
411
412 /* Add it to the list of mm's */
413 spin_lock(&mmlist_lock);
414 list_add(&mm->mmlist, &init_mm.mmlist);
415 mmlist_nr++;
416 spin_unlock(&mmlist_lock);
417
418 task_lock(current);
419 active_mm = current->active_mm;
420 current->mm = mm;
421 current->active_mm = mm;
422 task_unlock(current);
423 activate_mm(active_mm, mm);
424 mm_release();
425 if (old_mm) {
426 if (active_mm != old_mm) BUG();
427 mmput(old_mm);
428 return 0;
429 }
430 mmdrop(active_mm);
431 return 0;
432 }
433 return -ENOMEM;
434 }
435
436 /*
437 * This function makes sure the current process has its own signal table,
438 * so that flush_signal_handlers can later reset the handlers without
439 * disturbing other processes. (Other processes might share the signal
440 * table via the CLONE_SIGNAL option to clone().)
441 */
442
443 static inline int make_private_signals(void)
444 {
445 struct signal_struct * newsig;
446
447 if (atomic_read(¤t->sig->count) <= 1)
448 return 0;
449 newsig = kmem_cache_alloc(sigact_cachep, GFP_KERNEL);
450 if (newsig == NULL)
451 return -ENOMEM;
452 spin_lock_init(&newsig->siglock);
453 atomic_set(&newsig->count, 1);
454 memcpy(newsig->action, current->sig->action, sizeof(newsig->action));
455 spin_lock_irq(¤t->sigmask_lock);
456 current->sig = newsig;
457 spin_unlock_irq(¤t->sigmask_lock);
458 return 0;
459 }
460
461 /*
462 * If make_private_signals() made a copy of the signal table, decrement the
463 * refcount of the original table, and free it if necessary.
464 * We don't do that in make_private_signals() so that we can back off
465 * in flush_old_exec() if an error occurs after calling make_private_signals().
466 */
467
468 static inline void release_old_signals(struct signal_struct * oldsig)
469 {
470 if (current->sig == oldsig)
471 return;
472 if (atomic_dec_and_test(&oldsig->count))
473 kmem_cache_free(sigact_cachep, oldsig);
474 }
475
476 /*
477 * These functions flushes out all traces of the currently running executable
478 * so that a new one can be started
479 */
480
481 static inline void flush_old_files(struct files_struct * files)
482 {
483 long j = -1;
484
485 write_lock(&files->file_lock);
486 for (;;) {
487 unsigned long set, i;
488
489 j++;
490 i = j * __NFDBITS;
491 if (i >= files->max_fds || i >= files->max_fdset)
492 break;
493 set = files->close_on_exec->fds_bits[j];
494 if (!set)
495 continue;
496 files->close_on_exec->fds_bits[j] = 0;
497 write_unlock(&files->file_lock);
498 for ( ; set ; i++,set >>= 1) {
499 if (set & 1) {
500 sys_close(i);
501 }
502 }
503 write_lock(&files->file_lock);
504
505 }
506 write_unlock(&files->file_lock);
507 }
508
509 /*
510 * An execve() will automatically "de-thread" the process.
511 * Note: we don't have to hold the tasklist_lock to test
512 * whether we migth need to do this. If we're not part of
513 * a thread group, there is no way we can become one
514 * dynamically. And if we are, we only need to protect the
515 * unlink - even if we race with the last other thread exit,
516 * at worst the list_del_init() might end up being a no-op.
517 */
518 static inline void de_thread(struct task_struct *tsk)
519 {
520 if (!list_empty(&tsk->thread_group)) {
521 write_lock_irq(&tasklist_lock);
522 list_del_init(&tsk->thread_group);
523 write_unlock_irq(&tasklist_lock);
524 }
525
526 /* Minor oddity: this might stay the same. */
527 tsk->tgid = tsk->pid;
528 }
529
530 int flush_old_exec(struct linux_binprm * bprm)
531 {
532 char * name;
533 int i, ch, retval;
534 struct signal_struct * oldsig;
535
536 /*
537 * Make sure we have a private signal table
538 */
539 oldsig = current->sig;
540 retval = make_private_signals();
541 if (retval) goto flush_failed;
542
543 /*
544 * Release all of the old mmap stuff
545 */
546 retval = exec_mmap();
547 if (retval) goto mmap_failed;
548
549 /* This is the point of no return */
550 release_old_signals(oldsig);
551
552 current->sas_ss_sp = current->sas_ss_size = 0;
553
554 if (current->euid == current->uid && current->egid == current->gid)
555 current->mm->dumpable = 1;
556 name = bprm->filename;
557 for (i=0; (ch = *(name++)) != '\0';) {
558 if (ch == '/')
559 i = 0;
560 else
561 if (i < 15)
562 current->comm[i++] = ch;
563 }
564 current->comm[i] = '\0';
565
566 flush_thread();
567
568 de_thread(current);
569
570 if (bprm->e_uid != current->euid || bprm->e_gid != current->egid ||
571 permission(bprm->file->f_dentry->d_inode,MAY_READ))
572 current->mm->dumpable = 0;
573
574 /* An exec changes our domain. We are no longer part of the thread
575 group */
576
577 current->self_exec_id++;
578
579 flush_signal_handlers(current);
580 flush_old_files(current->files);
581
582 return 0;
583
584 mmap_failed:
585 flush_failed:
586 spin_lock_irq(¤t->sigmask_lock);
587 if (current->sig != oldsig) {
588 kfree(current->sig);
589 current->sig = oldsig;
590 }
591 spin_unlock_irq(¤t->sigmask_lock);
592 return retval;
593 }
594
595 /*
596 * We mustn't allow tracing of suid binaries, unless
597 * the tracer has the capability to trace anything..
598 */
599 static inline int must_not_trace_exec(struct task_struct * p)
600 {
601 return (p->ptrace & PT_PTRACED) && !(p->ptrace & PT_PTRACE_CAP);
602 }
603
604 /*
605 * Fill the binprm structure from the inode.
606 * Check permissions, then read the first 128 (BINPRM_BUF_SIZE) bytes
607 */
608 int prepare_binprm(struct linux_binprm *bprm)
609 {
610 int mode;
611 struct inode * inode = bprm->file->f_dentry->d_inode;
612
613 mode = inode->i_mode;
614 /*
615 * Check execute perms again - if the caller has CAP_DAC_OVERRIDE,
616 * vfs_permission lets a non-executable through
617 */
618 if (!(mode & 0111)) /* with at least _one_ execute bit set */
619 return -EACCES;
620 if (bprm->file->f_op == NULL)
621 return -EACCES;
622
623 bprm->e_uid = current->euid;
624 bprm->e_gid = current->egid;
625
626 if(!(bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID)) {
627 /* Set-uid? */
628 if (mode & S_ISUID)
629 bprm->e_uid = inode->i_uid;
630
631 /* Set-gid? */
632 /*
633 * If setgid is set but no group execute bit then this
634 * is a candidate for mandatory locking, not a setgid
635 * executable.
636 */
637 if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))
638 bprm->e_gid = inode->i_gid;
639 }
640
641 /* We don't have VFS support for capabilities yet */
642 cap_clear(bprm->cap_inheritable);
643 cap_clear(bprm->cap_permitted);
644 cap_clear(bprm->cap_effective);
645
646 /* To support inheritance of root-permissions and suid-root
647 * executables under compatibility mode, we raise all three
648 * capability sets for the file.
649 *
650 * If only the real uid is 0, we only raise the inheritable
651 * and permitted sets of the executable file.
652 */
653
654 if (!issecure(SECURE_NOROOT)) {
655 if (bprm->e_uid == 0 || current->uid == 0) {
656 cap_set_full(bprm->cap_inheritable);
657 cap_set_full(bprm->cap_permitted);
658 }
659 if (bprm->e_uid == 0)
660 cap_set_full(bprm->cap_effective);
661 }
662
663 memset(bprm->buf,0,BINPRM_BUF_SIZE);
664 return kernel_read(bprm->file,0,bprm->buf,BINPRM_BUF_SIZE);
665 }
666
667 /*
668 * This function is used to produce the new IDs and capabilities
669 * from the old ones and the file's capabilities.
670 *
671 * The formula used for evolving capabilities is:
672 *
673 * pI' = pI
674 * (***) pP' = (fP & X) | (fI & pI)
675 * pE' = pP' & fE [NB. fE is 0 or ~0]
676 *
677 * I=Inheritable, P=Permitted, E=Effective // p=process, f=file
678 * ' indicates post-exec(), and X is the global 'cap_bset'.
679 *
680 */
681
682 void compute_creds(struct linux_binprm *bprm)
683 {
684 kernel_cap_t new_permitted, working;
685 int do_unlock = 0;
686
687 new_permitted = cap_intersect(bprm->cap_permitted, cap_bset);
688 working = cap_intersect(bprm->cap_inheritable,
689 current->cap_inheritable);
690 new_permitted = cap_combine(new_permitted, working);
691
692 if (bprm->e_uid != current->uid || bprm->e_gid != current->gid ||
693 !cap_issubset(new_permitted, current->cap_permitted)) {
694 current->mm->dumpable = 0;
695
696 lock_kernel();
697 if (must_not_trace_exec(current)
698 || atomic_read(¤t->fs->count) > 1
699 || atomic_read(¤t->files->count) > 1
700 || atomic_read(¤t->sig->count) > 1) {
701 if(!capable(CAP_SETUID)) {
702 bprm->e_uid = current->uid;
703 bprm->e_gid = current->gid;
704 }
705 if(!capable(CAP_SETPCAP)) {
706 new_permitted = cap_intersect(new_permitted,
707 current->cap_permitted);
708 }
709 }
710 do_unlock = 1;
711 }
712
713
714 /* For init, we want to retain the capabilities set
715 * in the init_task struct. Thus we skip the usual
716 * capability rules */
717 if (current->pid != 1) {
718 current->cap_permitted = new_permitted;
719 current->cap_effective =
720 cap_intersect(new_permitted, bprm->cap_effective);
721 }
722
723 /* AUD: Audit candidate if current->cap_effective is set */
724
725 current->suid = current->euid = current->fsuid = bprm->e_uid;
726 current->sgid = current->egid = current->fsgid = bprm->e_gid;
727
728 if(do_unlock)
729 unlock_kernel();
730 current->keep_capabilities = 0;
731 }
732
733
734 void remove_arg_zero(struct linux_binprm *bprm)
735 {
736 if (bprm->argc) {
737 unsigned long offset;
738 char * kaddr;
739 struct page *page;
740
741 offset = bprm->p % PAGE_SIZE;
742 goto inside;
743
744 while (bprm->p++, *(kaddr+offset++)) {
745 if (offset != PAGE_SIZE)
746 continue;
747 offset = 0;
748 kunmap(page);
749 inside:
750 page = bprm->page[bprm->p/PAGE_SIZE];
751 kaddr = kmap(page);
752 }
753 kunmap(page);
754 bprm->argc--;
755 }
756 }
757
758 /*
759 * cycle the list of binary formats handler, until one recognizes the image
760 */
761 int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)
762 {
763 int try,retval=0;
764 struct linux_binfmt *fmt;
765 #ifdef __alpha__
766 /* handle /sbin/loader.. */
767 {
768 struct exec * eh = (struct exec *) bprm->buf;
769
770 if (!bprm->loader && eh->fh.f_magic == 0x183 &&
771 (eh->fh.f_flags & 0x3000) == 0x3000)
772 {
773 char * dynloader[] = { "/sbin/loader" };
774 struct file * file;
775 unsigned long loader;
776
777 allow_write_access(bprm->file);
778 fput(bprm->file);
779 bprm->file = NULL;
780
781 loader = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
782
783 file = open_exec(dynloader[0]);
784 retval = PTR_ERR(file);
785 if (IS_ERR(file))
786 return retval;
787 bprm->file = file;
788 bprm->loader = loader;
789 retval = prepare_binprm(bprm);
790 if (retval<0)
791 return retval;
792 /* should call search_binary_handler recursively here,
793 but it does not matter */
794 }
795 }
796 #endif
797 /* kernel module loader fixup */
798 /* so we don't try to load run modprobe in kernel space. */
799 set_fs(USER_DS);
800 for (try=0; try<2; try++) {
801 read_lock(&binfmt_lock);
802 for (fmt = formats ; fmt ; fmt = fmt->next) {
803 int (*fn)(struct linux_binprm *, struct pt_regs *) = fmt->load_binary;
804 if (!fn)
805 continue;
806 if (!try_inc_mod_count(fmt->module))
807 continue;
808 read_unlock(&binfmt_lock);
809 retval = fn(bprm, regs);
810 if (retval >= 0) {
811 put_binfmt(fmt);
812 allow_write_access(bprm->file);
813 if (bprm->file)
814 fput(bprm->file);
815 bprm->file = NULL;
816 current->did_exec = 1;
817 return retval;
818 }
819 read_lock(&binfmt_lock);
820 put_binfmt(fmt);
821 if (retval != -ENOEXEC)
822 break;
823 if (!bprm->file) {
824 read_unlock(&binfmt_lock);
825 return retval;
826 }
827 }
828 read_unlock(&binfmt_lock);
829 if (retval != -ENOEXEC) {
830 break;
831 #ifdef CONFIG_KMOD
832 }else{
833 #define printable(c) (((c)=='\t') || ((c)=='\n') || (0x20<=(c) && (c)<=0x7e))
834 char modname[20];
835 if (printable(bprm->buf[0]) &&
836 printable(bprm->buf[1]) &&
837 printable(bprm->buf[2]) &&
838 printable(bprm->buf[3]))
839 break; /* -ENOEXEC */
840 sprintf(modname, "binfmt-%04x", *(unsigned short *)(&bprm->buf[2]));
841 request_module(modname);
842 #endif
843 }
844 }
845 return retval;
846 }
847
848
849 /*
850 * sys_execve() executes a new program.
851 */
852 int do_execve(char * filename, char ** argv, char ** envp, struct pt_regs * regs)
853 {
854 struct linux_binprm bprm;
855 struct file *file;
856 int retval;
857 int i;
858
859 file = open_exec(filename);
860
861 retval = PTR_ERR(file);
862 if (IS_ERR(file))
863 return retval;
864
865 bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
866 memset(bprm.page, 0, MAX_ARG_PAGES*sizeof(bprm.page[0]));
867
868 bprm.file = file;
869 bprm.filename = filename;
870 bprm.sh_bang = 0;
871 bprm.loader = 0;
872 bprm.exec = 0;
873 if ((bprm.argc = count(argv, bprm.p / sizeof(void *))) < 0) {
874 allow_write_access(file);
875 fput(file);
876 return bprm.argc;
877 }
878
879 if ((bprm.envc = count(envp, bprm.p / sizeof(void *))) < 0) {
880 allow_write_access(file);
881 fput(file);
882 return bprm.envc;
883 }
884
885 retval = prepare_binprm(&bprm);
886 if (retval < 0)
887 goto out;
888
889 retval = copy_strings_kernel(1, &bprm.filename, &bprm);
890 if (retval < 0)
891 goto out;
892
893 bprm.exec = bprm.p;
894 retval = copy_strings(bprm.envc, envp, &bprm);
895 if (retval < 0)
896 goto out;
897
898 retval = copy_strings(bprm.argc, argv, &bprm);
899 if (retval < 0)
900 goto out;
901
902 retval = search_binary_handler(&bprm,regs);
903 if (retval >= 0)
904 /* execve success */
905 return retval;
906
907 out:
908 /* Something went wrong, return the inode and free the argument pages*/
909 allow_write_access(bprm.file);
910 if (bprm.file)
911 fput(bprm.file);
912
913 for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
914 struct page * page = bprm.page[i];
915 if (page)
916 __free_page(page);
917 }
918
919 return retval;
920 }
921
922 void set_binfmt(struct linux_binfmt *new)
923 {
924 struct linux_binfmt *old = current->binfmt;
925 if (new && new->module)
926 __MOD_INC_USE_COUNT(new->module);
927 current->binfmt = new;
928 if (old && old->module)
929 __MOD_DEC_USE_COUNT(old->module);
930 }
931
932 int do_coredump(long signr, struct pt_regs * regs)
933 {
934 struct linux_binfmt * binfmt;
935 char corename[6+sizeof(current->comm)+10];
936 struct file * file;
937 struct inode * inode;
938 int retval = 0;
939
940 lock_kernel();
941 binfmt = current->binfmt;
942 if (!binfmt || !binfmt->core_dump)
943 goto fail;
944 if (!current->mm->dumpable)
945 goto fail;
946 current->mm->dumpable = 0;
947 if (current->rlim[RLIMIT_CORE].rlim_cur < binfmt->min_coredump)
948 goto fail;
949
950 memcpy(corename,"core.", 5);
951 corename[4] = '\0';
952 if (core_uses_pid || atomic_read(¤t->mm->mm_users) != 1)
953 sprintf(&corename[4], ".%d", current->pid);
954 file = filp_open(corename, O_CREAT | 2 | O_NOFOLLOW, 0600);
955 if (IS_ERR(file))
956 goto fail;
957 inode = file->f_dentry->d_inode;
958 if (inode->i_nlink > 1)
959 goto close_fail; /* multiple links - don't dump */
960 if (d_unhashed(file->f_dentry))
961 goto close_fail;
962
963 if (!S_ISREG(inode->i_mode))
964 goto close_fail;
965 if (!file->f_op)
966 goto close_fail;
967 if (!file->f_op->write)
968 goto close_fail;
969 if (do_truncate(file->f_dentry, 0) != 0)
970 goto close_fail;
971
972 down_read(¤t->mm->mmap_sem);
973 retval = binfmt->core_dump(signr, regs, file);
974 up_read(¤t->mm->mmap_sem);
975
976 close_fail:
977 filp_close(file, NULL);
978 fail:
979 unlock_kernel();
980 return retval;
981 }
982