user_ns: get rid of duplicate code in net_ctl_permissions
[linux-2.6.git] / fs / binfmt_aout.c
blob0e7a6f81ae36c0d9b57b36550ea58705675bd9f1
1 /*
2 * linux/fs/binfmt_aout.c
4 * Copyright (C) 1991, 1992, 1996 Linus Torvalds
5 */
7 #include <linux/module.h>
9 #include <linux/time.h>
10 #include <linux/kernel.h>
11 #include <linux/mm.h>
12 #include <linux/mman.h>
13 #include <linux/a.out.h>
14 #include <linux/errno.h>
15 #include <linux/signal.h>
16 #include <linux/string.h>
17 #include <linux/fs.h>
18 #include <linux/file.h>
19 #include <linux/stat.h>
20 #include <linux/fcntl.h>
21 #include <linux/ptrace.h>
22 #include <linux/user.h>
23 #include <linux/binfmts.h>
24 #include <linux/personality.h>
25 #include <linux/init.h>
26 #include <linux/coredump.h>
27 #include <linux/slab.h>
29 #include <asm/uaccess.h>
30 #include <asm/cacheflush.h>
31 #include <asm/a.out-core.h>
33 static int load_aout_binary(struct linux_binprm *, struct pt_regs * regs);
34 static int load_aout_library(struct file*);
36 #ifdef CONFIG_COREDUMP
38 * Routine writes a core dump image in the current directory.
39 * Currently only a stub-function.
41 * Note that setuid/setgid files won't make a core-dump if the uid/gid
42 * changed due to the set[u|g]id. It's enforced by the "current->mm->dumpable"
43 * field, which also makes sure the core-dumps won't be recursive if the
44 * dumping of the process results in another error..
46 static int aout_core_dump(struct coredump_params *cprm)
48 struct file *file = cprm->file;
49 mm_segment_t fs;
50 int has_dumped = 0;
51 void __user *dump_start;
52 int dump_size;
53 struct user dump;
54 #ifdef __alpha__
55 # define START_DATA(u) ((void __user *)u.start_data)
56 #else
57 # define START_DATA(u) ((void __user *)((u.u_tsize << PAGE_SHIFT) + \
58 u.start_code))
59 #endif
60 # define START_STACK(u) ((void __user *)u.start_stack)
62 fs = get_fs();
63 set_fs(KERNEL_DS);
64 has_dumped = 1;
65 current->flags |= PF_DUMPCORE;
66 strncpy(dump.u_comm, current->comm, sizeof(dump.u_comm));
67 dump.u_ar0 = offsetof(struct user, regs);
68 dump.signal = cprm->siginfo->si_signo;
69 aout_dump_thread(cprm->regs, &dump);
71 /* If the size of the dump file exceeds the rlimit, then see what would happen
72 if we wrote the stack, but not the data area. */
73 if ((dump.u_dsize + dump.u_ssize+1) * PAGE_SIZE > cprm->limit)
74 dump.u_dsize = 0;
76 /* Make sure we have enough room to write the stack and data areas. */
77 if ((dump.u_ssize + 1) * PAGE_SIZE > cprm->limit)
78 dump.u_ssize = 0;
80 /* make sure we actually have a data and stack area to dump */
81 set_fs(USER_DS);
82 if (!access_ok(VERIFY_READ, START_DATA(dump), dump.u_dsize << PAGE_SHIFT))
83 dump.u_dsize = 0;
84 if (!access_ok(VERIFY_READ, START_STACK(dump), dump.u_ssize << PAGE_SHIFT))
85 dump.u_ssize = 0;
87 set_fs(KERNEL_DS);
88 /* struct user */
89 if (!dump_write(file, &dump, sizeof(dump)))
90 goto end_coredump;
91 /* Now dump all of the user data. Include malloced stuff as well */
92 if (!dump_seek(cprm->file, PAGE_SIZE - sizeof(dump)))
93 goto end_coredump;
94 /* now we start writing out the user space info */
95 set_fs(USER_DS);
96 /* Dump the data area */
97 if (dump.u_dsize != 0) {
98 dump_start = START_DATA(dump);
99 dump_size = dump.u_dsize << PAGE_SHIFT;
100 if (!dump_write(file, dump_start, dump_size))
101 goto end_coredump;
103 /* Now prepare to dump the stack area */
104 if (dump.u_ssize != 0) {
105 dump_start = START_STACK(dump);
106 dump_size = dump.u_ssize << PAGE_SHIFT;
107 if (!dump_write(file, dump_start, dump_size))
108 goto end_coredump;
110 end_coredump:
111 set_fs(fs);
112 return has_dumped;
114 #else
115 #define aout_core_dump NULL
116 #endif
118 static struct linux_binfmt aout_format = {
119 .module = THIS_MODULE,
120 .load_binary = load_aout_binary,
121 .load_shlib = load_aout_library,
122 .core_dump = aout_core_dump,
123 .min_coredump = PAGE_SIZE
126 #define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)
128 static int set_brk(unsigned long start, unsigned long end)
130 start = PAGE_ALIGN(start);
131 end = PAGE_ALIGN(end);
132 if (end > start) {
133 unsigned long addr;
134 addr = vm_brk(start, end - start);
135 if (BAD_ADDR(addr))
136 return addr;
138 return 0;
142 * create_aout_tables() parses the env- and arg-strings in new user
143 * memory and creates the pointer tables from them, and puts their
144 * addresses on the "stack", returning the new stack pointer value.
146 static unsigned long __user *create_aout_tables(char __user *p, struct linux_binprm * bprm)
148 char __user * __user *argv;
149 char __user * __user *envp;
150 unsigned long __user *sp;
151 int argc = bprm->argc;
152 int envc = bprm->envc;
154 sp = (void __user *)((-(unsigned long)sizeof(char *)) & (unsigned long) p);
155 #ifdef __alpha__
156 /* whee.. test-programs are so much fun. */
157 put_user(0, --sp);
158 put_user(0, --sp);
159 if (bprm->loader) {
160 put_user(0, --sp);
161 put_user(1003, --sp);
162 put_user(bprm->loader, --sp);
163 put_user(1002, --sp);
165 put_user(bprm->exec, --sp);
166 put_user(1001, --sp);
167 #endif
168 sp -= envc+1;
169 envp = (char __user * __user *) sp;
170 sp -= argc+1;
171 argv = (char __user * __user *) sp;
172 #ifndef __alpha__
173 put_user((unsigned long) envp,--sp);
174 put_user((unsigned long) argv,--sp);
175 #endif
176 put_user(argc,--sp);
177 current->mm->arg_start = (unsigned long) p;
178 while (argc-->0) {
179 char c;
180 put_user(p,argv++);
181 do {
182 get_user(c,p++);
183 } while (c);
185 put_user(NULL,argv);
186 current->mm->arg_end = current->mm->env_start = (unsigned long) p;
187 while (envc-->0) {
188 char c;
189 put_user(p,envp++);
190 do {
191 get_user(c,p++);
192 } while (c);
194 put_user(NULL,envp);
195 current->mm->env_end = (unsigned long) p;
196 return sp;
200 * These are the functions used to load a.out style executables and shared
201 * libraries. There is no binary dependent code anywhere else.
204 static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
206 struct exec ex;
207 unsigned long error;
208 unsigned long fd_offset;
209 unsigned long rlim;
210 int retval;
212 ex = *((struct exec *) bprm->buf); /* exec-header */
213 if ((N_MAGIC(ex) != ZMAGIC && N_MAGIC(ex) != OMAGIC &&
214 N_MAGIC(ex) != QMAGIC && N_MAGIC(ex) != NMAGIC) ||
215 N_TRSIZE(ex) || N_DRSIZE(ex) ||
216 i_size_read(bprm->file->f_path.dentry->d_inode) < ex.a_text+ex.a_data+N_SYMSIZE(ex)+N_TXTOFF(ex)) {
217 return -ENOEXEC;
221 * Requires a mmap handler. This prevents people from using a.out
222 * as part of an exploit attack against /proc-related vulnerabilities.
224 if (!bprm->file->f_op || !bprm->file->f_op->mmap)
225 return -ENOEXEC;
227 fd_offset = N_TXTOFF(ex);
229 /* Check initial limits. This avoids letting people circumvent
230 * size limits imposed on them by creating programs with large
231 * arrays in the data or bss.
233 rlim = rlimit(RLIMIT_DATA);
234 if (rlim >= RLIM_INFINITY)
235 rlim = ~0;
236 if (ex.a_data + ex.a_bss > rlim)
237 return -ENOMEM;
239 /* Flush all traces of the currently running executable */
240 retval = flush_old_exec(bprm);
241 if (retval)
242 return retval;
244 /* OK, This is the point of no return */
245 #ifdef __alpha__
246 SET_AOUT_PERSONALITY(bprm, ex);
247 #else
248 set_personality(PER_LINUX);
249 #endif
250 setup_new_exec(bprm);
252 current->mm->end_code = ex.a_text +
253 (current->mm->start_code = N_TXTADDR(ex));
254 current->mm->end_data = ex.a_data +
255 (current->mm->start_data = N_DATADDR(ex));
256 current->mm->brk = ex.a_bss +
257 (current->mm->start_brk = N_BSSADDR(ex));
258 current->mm->free_area_cache = current->mm->mmap_base;
259 current->mm->cached_hole_size = 0;
261 retval = setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT);
262 if (retval < 0) {
263 /* Someone check-me: is this error path enough? */
264 send_sig(SIGKILL, current, 0);
265 return retval;
268 install_exec_creds(bprm);
270 if (N_MAGIC(ex) == OMAGIC) {
271 unsigned long text_addr, map_size;
272 loff_t pos;
274 text_addr = N_TXTADDR(ex);
276 #ifdef __alpha__
277 pos = fd_offset;
278 map_size = ex.a_text+ex.a_data + PAGE_SIZE - 1;
279 #else
280 pos = 32;
281 map_size = ex.a_text+ex.a_data;
282 #endif
283 error = vm_brk(text_addr & PAGE_MASK, map_size);
284 if (error != (text_addr & PAGE_MASK)) {
285 send_sig(SIGKILL, current, 0);
286 return error;
289 error = bprm->file->f_op->read(bprm->file,
290 (char __user *)text_addr,
291 ex.a_text+ex.a_data, &pos);
292 if ((signed long)error < 0) {
293 send_sig(SIGKILL, current, 0);
294 return error;
297 flush_icache_range(text_addr, text_addr+ex.a_text+ex.a_data);
298 } else {
299 if ((ex.a_text & 0xfff || ex.a_data & 0xfff) &&
300 (N_MAGIC(ex) != NMAGIC) && printk_ratelimit())
302 printk(KERN_NOTICE "executable not page aligned\n");
305 if ((fd_offset & ~PAGE_MASK) != 0 && printk_ratelimit())
307 printk(KERN_WARNING
308 "fd_offset is not page aligned. Please convert program: %s\n",
309 bprm->file->f_path.dentry->d_name.name);
312 if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) {
313 loff_t pos = fd_offset;
314 vm_brk(N_TXTADDR(ex), ex.a_text+ex.a_data);
315 bprm->file->f_op->read(bprm->file,
316 (char __user *)N_TXTADDR(ex),
317 ex.a_text+ex.a_data, &pos);
318 flush_icache_range((unsigned long) N_TXTADDR(ex),
319 (unsigned long) N_TXTADDR(ex) +
320 ex.a_text+ex.a_data);
321 goto beyond_if;
324 error = vm_mmap(bprm->file, N_TXTADDR(ex), ex.a_text,
325 PROT_READ | PROT_EXEC,
326 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE,
327 fd_offset);
329 if (error != N_TXTADDR(ex)) {
330 send_sig(SIGKILL, current, 0);
331 return error;
334 error = vm_mmap(bprm->file, N_DATADDR(ex), ex.a_data,
335 PROT_READ | PROT_WRITE | PROT_EXEC,
336 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE,
337 fd_offset + ex.a_text);
338 if (error != N_DATADDR(ex)) {
339 send_sig(SIGKILL, current, 0);
340 return error;
343 beyond_if:
344 set_binfmt(&aout_format);
346 retval = set_brk(current->mm->start_brk, current->mm->brk);
347 if (retval < 0) {
348 send_sig(SIGKILL, current, 0);
349 return retval;
352 current->mm->start_stack =
353 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm);
354 #ifdef __alpha__
355 regs->gp = ex.a_gpvalue;
356 #endif
357 start_thread(regs, ex.a_entry, current->mm->start_stack);
358 return 0;
361 static int load_aout_library(struct file *file)
363 struct inode * inode;
364 unsigned long bss, start_addr, len;
365 unsigned long error;
366 int retval;
367 struct exec ex;
369 inode = file->f_path.dentry->d_inode;
371 retval = -ENOEXEC;
372 error = kernel_read(file, 0, (char *) &ex, sizeof(ex));
373 if (error != sizeof(ex))
374 goto out;
376 /* We come in here for the regular a.out style of shared libraries */
377 if ((N_MAGIC(ex) != ZMAGIC && N_MAGIC(ex) != QMAGIC) || N_TRSIZE(ex) ||
378 N_DRSIZE(ex) || ((ex.a_entry & 0xfff) && N_MAGIC(ex) == ZMAGIC) ||
379 i_size_read(inode) < ex.a_text+ex.a_data+N_SYMSIZE(ex)+N_TXTOFF(ex)) {
380 goto out;
384 * Requires a mmap handler. This prevents people from using a.out
385 * as part of an exploit attack against /proc-related vulnerabilities.
387 if (!file->f_op || !file->f_op->mmap)
388 goto out;
390 if (N_FLAGS(ex))
391 goto out;
393 /* For QMAGIC, the starting address is 0x20 into the page. We mask
394 this off to get the starting address for the page */
396 start_addr = ex.a_entry & 0xfffff000;
398 if ((N_TXTOFF(ex) & ~PAGE_MASK) != 0) {
399 loff_t pos = N_TXTOFF(ex);
401 if (printk_ratelimit())
403 printk(KERN_WARNING
404 "N_TXTOFF is not page aligned. Please convert library: %s\n",
405 file->f_path.dentry->d_name.name);
407 vm_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss);
409 file->f_op->read(file, (char __user *)start_addr,
410 ex.a_text + ex.a_data, &pos);
411 flush_icache_range((unsigned long) start_addr,
412 (unsigned long) start_addr + ex.a_text + ex.a_data);
414 retval = 0;
415 goto out;
417 /* Now use mmap to map the library into memory. */
418 error = vm_mmap(file, start_addr, ex.a_text + ex.a_data,
419 PROT_READ | PROT_WRITE | PROT_EXEC,
420 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
421 N_TXTOFF(ex));
422 retval = error;
423 if (error != start_addr)
424 goto out;
426 len = PAGE_ALIGN(ex.a_text + ex.a_data);
427 bss = ex.a_text + ex.a_data + ex.a_bss;
428 if (bss > len) {
429 error = vm_brk(start_addr + len, bss - len);
430 retval = error;
431 if (error != start_addr + len)
432 goto out;
434 retval = 0;
435 out:
436 return retval;
439 static int __init init_aout_binfmt(void)
441 register_binfmt(&aout_format);
442 return 0;
445 static void __exit exit_aout_binfmt(void)
447 unregister_binfmt(&aout_format);
450 core_initcall(init_aout_binfmt);
451 module_exit(exit_aout_binfmt);
452 MODULE_LICENSE("GPL");