ia64/xen-unstable

view old/xenolinux-2.4.16-sparse/fs/exec.c @ 235:d7d0a23b2e07

bitkeeper revision 1.93 (3e5a4e6bkPheUp3x1uufN2MS3LAB7A)

Latest and Greatest version of XenoLinux based on the Linux-2.4.21-pre4
kernel.
author iap10@labyrinth.cl.cam.ac.uk
date Mon Feb 24 16:55:07 2003 +0000 (2003-02-24)
parents
children
line source
1 /*
2 * linux/fs/exec.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
7 /*
8 * #!-checking implemented by tytso.
9 */
10 /*
11 * Demand-loading implemented 01.12.91 - no need to read anything but
12 * the header into memory. The inode of the executable is put into
13 * "current->executable", and page faults do the actual loading. Clean.
14 *
15 * Once more I can proudly say that linux stood up to being changed: it
16 * was less than 2 hours work to get demand-loading completely implemented.
17 *
18 * Demand loading changed July 1993 by Eric Youngdale. Use mmap instead,
19 * current->executable is only used by the procfs. This allows a dispatch
20 * table to check for several different types of binary formats. We keep
21 * trying until we recognize the file or we run out of supported binary
22 * formats.
23 */
25 #include <linux/config.h>
26 #include <linux/slab.h>
27 #include <linux/file.h>
28 #include <linux/mman.h>
29 #include <linux/a.out.h>
30 #include <linux/stat.h>
31 #include <linux/fcntl.h>
32 #include <linux/smp_lock.h>
33 #include <linux/init.h>
34 #include <linux/pagemap.h>
35 #include <linux/highmem.h>
36 #include <linux/spinlock.h>
37 #include <linux/personality.h>
38 #define __NO_VERSION__
39 #include <linux/module.h>
41 #include <asm/uaccess.h>
42 #include <asm/pgalloc.h>
43 #include <asm/mmu_context.h>
45 #ifdef CONFIG_KMOD
46 #include <linux/kmod.h>
47 #endif
49 int core_uses_pid;
51 static struct linux_binfmt *formats;
52 static rwlock_t binfmt_lock = RW_LOCK_UNLOCKED;
54 int register_binfmt(struct linux_binfmt * fmt)
55 {
56 struct linux_binfmt ** tmp = &formats;
58 if (!fmt)
59 return -EINVAL;
60 if (fmt->next)
61 return -EBUSY;
62 write_lock(&binfmt_lock);
63 while (*tmp) {
64 if (fmt == *tmp) {
65 write_unlock(&binfmt_lock);
66 return -EBUSY;
67 }
68 tmp = &(*tmp)->next;
69 }
70 fmt->next = formats;
71 formats = fmt;
72 write_unlock(&binfmt_lock);
73 return 0;
74 }
76 int unregister_binfmt(struct linux_binfmt * fmt)
77 {
78 struct linux_binfmt ** tmp = &formats;
80 write_lock(&binfmt_lock);
81 while (*tmp) {
82 if (fmt == *tmp) {
83 *tmp = fmt->next;
84 write_unlock(&binfmt_lock);
85 return 0;
86 }
87 tmp = &(*tmp)->next;
88 }
89 write_unlock(&binfmt_lock);
90 return -EINVAL;
91 }
93 static inline void put_binfmt(struct linux_binfmt * fmt)
94 {
95 if (fmt->module)
96 __MOD_DEC_USE_COUNT(fmt->module);
97 }
99 /*
100 * Note that a shared library must be both readable and executable due to
101 * security reasons.
102 *
103 * Also note that we take the address to load from from the file itself.
104 */
105 asmlinkage long sys_uselib(const char * library)
106 {
107 struct file * file;
108 struct nameidata nd;
109 int error;
111 error = user_path_walk(library, &nd);
112 if (error)
113 goto out;
115 error = -EINVAL;
116 if (!S_ISREG(nd.dentry->d_inode->i_mode))
117 goto exit;
119 error = permission(nd.dentry->d_inode, MAY_READ | MAY_EXEC);
120 if (error)
121 goto exit;
123 file = dentry_open(nd.dentry, nd.mnt, O_RDONLY);
124 error = PTR_ERR(file);
125 if (IS_ERR(file))
126 goto out;
128 error = -ENOEXEC;
129 if(file->f_op && file->f_op->read) {
130 struct linux_binfmt * fmt;
132 read_lock(&binfmt_lock);
133 for (fmt = formats ; fmt ; fmt = fmt->next) {
134 if (!fmt->load_shlib)
135 continue;
136 if (!try_inc_mod_count(fmt->module))
137 continue;
138 read_unlock(&binfmt_lock);
139 error = fmt->load_shlib(file);
140 read_lock(&binfmt_lock);
141 put_binfmt(fmt);
142 if (error != -ENOEXEC)
143 break;
144 }
145 read_unlock(&binfmt_lock);
146 }
147 fput(file);
148 out:
149 return error;
150 exit:
151 path_release(&nd);
152 goto out;
153 }
155 /*
156 * count() counts the number of arguments/envelopes
157 */
158 static int count(char ** argv, int max)
159 {
160 int i = 0;
162 if (argv != NULL) {
163 for (;;) {
164 char * p;
166 if (get_user(p, argv))
167 return -EFAULT;
168 if (!p)
169 break;
170 argv++;
171 if(++i > max)
172 return -E2BIG;
173 }
174 }
175 return i;
176 }
178 /*
179 * 'copy_strings()' copies argument/envelope strings from user
180 * memory to free pages in kernel mem. These are in a format ready
181 * to be put directly into the top of new user memory.
182 */
183 int copy_strings(int argc,char ** argv, struct linux_binprm *bprm)
184 {
185 while (argc-- > 0) {
186 char *str;
187 int len;
188 unsigned long pos;
190 if (get_user(str, argv+argc) || !(len = strnlen_user(str, bprm->p)))
191 return -EFAULT;
192 if (bprm->p < len)
193 return -E2BIG;
195 bprm->p -= len;
196 /* XXX: add architecture specific overflow check here. */
198 pos = bprm->p;
199 while (len > 0) {
200 char *kaddr;
201 int i, new, err;
202 struct page *page;
203 int offset, bytes_to_copy;
205 offset = pos % PAGE_SIZE;
206 i = pos/PAGE_SIZE;
207 page = bprm->page[i];
208 new = 0;
209 if (!page) {
210 page = alloc_page(GFP_HIGHUSER);
211 bprm->page[i] = page;
212 if (!page)
213 return -ENOMEM;
214 new = 1;
215 }
216 kaddr = kmap(page);
218 if (new && offset)
219 memset(kaddr, 0, offset);
220 bytes_to_copy = PAGE_SIZE - offset;
221 if (bytes_to_copy > len) {
222 bytes_to_copy = len;
223 if (new)
224 memset(kaddr+offset+len, 0, PAGE_SIZE-offset-len);
225 }
226 err = copy_from_user(kaddr + offset, str, bytes_to_copy);
227 kunmap(page);
229 if (err)
230 return -EFAULT;
232 pos += bytes_to_copy;
233 str += bytes_to_copy;
234 len -= bytes_to_copy;
235 }
236 }
237 return 0;
238 }
240 /*
241 * Like copy_strings, but get argv and its values from kernel memory.
242 */
243 int copy_strings_kernel(int argc,char ** argv, struct linux_binprm *bprm)
244 {
245 int r;
246 mm_segment_t oldfs = get_fs();
247 set_fs(KERNEL_DS);
248 r = copy_strings(argc, argv, bprm);
249 set_fs(oldfs);
250 return r;
251 }
253 /*
254 * This routine is used to map in a page into an address space: needed by
255 * execve() for the initial stack and environment pages.
256 *
257 * tsk->mmap_sem is held for writing.
258 */
259 void put_dirty_page(struct task_struct * tsk, struct page *page, unsigned long address)
260 {
261 pgd_t * pgd;
262 pmd_t * pmd;
263 pte_t * pte;
265 if (page_count(page) != 1)
266 printk(KERN_ERR "mem_map disagrees with %p at %08lx\n", page, address);
267 pgd = pgd_offset(tsk->mm, address);
269 spin_lock(&tsk->mm->page_table_lock);
270 pmd = pmd_alloc(tsk->mm, pgd, address);
271 if (!pmd)
272 goto out;
273 pte = pte_alloc(tsk->mm, pmd, address);
274 if (!pte)
275 goto out;
276 if (!pte_none(*pte))
277 goto out;
278 lru_cache_add(page);
279 flush_dcache_page(page);
280 flush_page_to_ram(page);
281 set_pte(pte, pte_mkdirty(pte_mkwrite(mk_pte(page, PAGE_COPY))));
282 XENO_flush_page_update_queue();
283 tsk->mm->rss++;
284 spin_unlock(&tsk->mm->page_table_lock);
286 /* no need for flush_tlb */
287 return;
288 out:
289 spin_unlock(&tsk->mm->page_table_lock);
290 __free_page(page);
291 force_sig(SIGKILL, tsk);
292 return;
293 }
295 int setup_arg_pages(struct linux_binprm *bprm)
296 {
297 unsigned long stack_base;
298 struct vm_area_struct *mpnt;
299 int i;
301 stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE;
303 bprm->p += stack_base;
304 if (bprm->loader)
305 bprm->loader += stack_base;
306 bprm->exec += stack_base;
308 mpnt = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
309 if (!mpnt)
310 return -ENOMEM;
312 down_write(&current->mm->mmap_sem);
313 {
314 mpnt->vm_mm = current->mm;
315 mpnt->vm_start = PAGE_MASK & (unsigned long) bprm->p;
316 mpnt->vm_end = STACK_TOP;
317 mpnt->vm_page_prot = PAGE_COPY;
318 mpnt->vm_flags = VM_STACK_FLAGS;
319 mpnt->vm_ops = NULL;
320 mpnt->vm_pgoff = 0;
321 mpnt->vm_file = NULL;
322 mpnt->vm_private_data = (void *) 0;
323 insert_vm_struct(current->mm, mpnt);
324 current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
325 }
327 for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
328 struct page *page = bprm->page[i];
329 if (page) {
330 bprm->page[i] = NULL;
331 put_dirty_page(current,page,stack_base);
332 }
333 stack_base += PAGE_SIZE;
334 }
335 up_write(&current->mm->mmap_sem);
337 return 0;
338 }
340 struct file *open_exec(const char *name)
341 {
342 struct nameidata nd;
343 struct inode *inode;
344 struct file *file;
345 int err = 0;
347 if (path_init(name, LOOKUP_FOLLOW|LOOKUP_POSITIVE, &nd))
348 err = path_walk(name, &nd);
349 file = ERR_PTR(err);
350 if (!err) {
351 inode = nd.dentry->d_inode;
352 file = ERR_PTR(-EACCES);
353 if (!(nd.mnt->mnt_flags & MNT_NOEXEC) &&
354 S_ISREG(inode->i_mode)) {
355 int err = permission(inode, MAY_EXEC);
356 if (!err && !(inode->i_mode & 0111))
357 err = -EACCES;
358 file = ERR_PTR(err);
359 if (!err) {
360 file = dentry_open(nd.dentry, nd.mnt, O_RDONLY);
361 if (!IS_ERR(file)) {
362 err = deny_write_access(file);
363 if (err) {
364 fput(file);
365 file = ERR_PTR(err);
366 }
367 }
368 out:
369 return file;
370 }
371 }
372 path_release(&nd);
373 }
374 goto out;
375 }
377 int kernel_read(struct file *file, unsigned long offset,
378 char * addr, unsigned long count)
379 {
380 mm_segment_t old_fs;
381 loff_t pos = offset;
382 int result = -ENOSYS;
384 if (!file->f_op->read)
385 goto fail;
386 old_fs = get_fs();
387 set_fs(get_ds());
388 result = file->f_op->read(file, addr, count, &pos);
389 set_fs(old_fs);
390 fail:
391 return result;
392 }
394 static int exec_mmap(void)
395 {
396 struct mm_struct * mm, * old_mm;
398 old_mm = current->mm;
399 if (old_mm && atomic_read(&old_mm->mm_users) == 1) {
400 mm_release();
401 exit_mmap(old_mm);
402 return 0;
403 }
405 mm = mm_alloc();
406 if (mm) {
407 struct mm_struct *active_mm;
409 if (init_new_context(current, mm)) {
410 mmdrop(mm);
411 return -ENOMEM;
412 }
414 /* Add it to the list of mm's */
415 spin_lock(&mmlist_lock);
416 list_add(&mm->mmlist, &init_mm.mmlist);
417 mmlist_nr++;
418 spin_unlock(&mmlist_lock);
420 task_lock(current);
421 active_mm = current->active_mm;
422 current->mm = mm;
423 current->active_mm = mm;
424 task_unlock(current);
425 activate_mm(active_mm, mm);
426 mm_release();
427 if (old_mm) {
428 if (active_mm != old_mm) BUG();
429 mmput(old_mm);
430 return 0;
431 }
432 mmdrop(active_mm);
433 return 0;
434 }
435 return -ENOMEM;
436 }
438 /*
439 * This function makes sure the current process has its own signal table,
440 * so that flush_signal_handlers can later reset the handlers without
441 * disturbing other processes. (Other processes might share the signal
442 * table via the CLONE_SIGNAL option to clone().)
443 */
445 static inline int make_private_signals(void)
446 {
447 struct signal_struct * newsig;
449 if (atomic_read(&current->sig->count) <= 1)
450 return 0;
451 newsig = kmem_cache_alloc(sigact_cachep, GFP_KERNEL);
452 if (newsig == NULL)
453 return -ENOMEM;
454 spin_lock_init(&newsig->siglock);
455 atomic_set(&newsig->count, 1);
456 memcpy(newsig->action, current->sig->action, sizeof(newsig->action));
457 spin_lock_irq(&current->sigmask_lock);
458 current->sig = newsig;
459 spin_unlock_irq(&current->sigmask_lock);
460 return 0;
461 }
463 /*
464 * If make_private_signals() made a copy of the signal table, decrement the
465 * refcount of the original table, and free it if necessary.
466 * We don't do that in make_private_signals() so that we can back off
467 * in flush_old_exec() if an error occurs after calling make_private_signals().
468 */
470 static inline void release_old_signals(struct signal_struct * oldsig)
471 {
472 if (current->sig == oldsig)
473 return;
474 if (atomic_dec_and_test(&oldsig->count))
475 kmem_cache_free(sigact_cachep, oldsig);
476 }
478 /*
479 * These functions flushes out all traces of the currently running executable
480 * so that a new one can be started
481 */
483 static inline void flush_old_files(struct files_struct * files)
484 {
485 long j = -1;
487 write_lock(&files->file_lock);
488 for (;;) {
489 unsigned long set, i;
491 j++;
492 i = j * __NFDBITS;
493 if (i >= files->max_fds || i >= files->max_fdset)
494 break;
495 set = files->close_on_exec->fds_bits[j];
496 if (!set)
497 continue;
498 files->close_on_exec->fds_bits[j] = 0;
499 write_unlock(&files->file_lock);
500 for ( ; set ; i++,set >>= 1) {
501 if (set & 1) {
502 sys_close(i);
503 }
504 }
505 write_lock(&files->file_lock);
507 }
508 write_unlock(&files->file_lock);
509 }
511 /*
512 * An execve() will automatically "de-thread" the process.
513 * Note: we don't have to hold the tasklist_lock to test
514 * whether we migth need to do this. If we're not part of
515 * a thread group, there is no way we can become one
516 * dynamically. And if we are, we only need to protect the
517 * unlink - even if we race with the last other thread exit,
518 * at worst the list_del_init() might end up being a no-op.
519 */
520 static inline void de_thread(struct task_struct *tsk)
521 {
522 if (!list_empty(&tsk->thread_group)) {
523 write_lock_irq(&tasklist_lock);
524 list_del_init(&tsk->thread_group);
525 write_unlock_irq(&tasklist_lock);
526 }
528 /* Minor oddity: this might stay the same. */
529 tsk->tgid = tsk->pid;
530 }
532 int flush_old_exec(struct linux_binprm * bprm)
533 {
534 char * name;
535 int i, ch, retval;
536 struct signal_struct * oldsig;
538 /*
539 * Make sure we have a private signal table
540 */
541 oldsig = current->sig;
542 retval = make_private_signals();
543 if (retval) goto flush_failed;
545 /*
546 * Release all of the old mmap stuff
547 */
548 retval = exec_mmap();
549 if (retval) goto mmap_failed;
551 /* This is the point of no return */
552 release_old_signals(oldsig);
554 current->sas_ss_sp = current->sas_ss_size = 0;
556 if (current->euid == current->uid && current->egid == current->gid)
557 current->mm->dumpable = 1;
558 name = bprm->filename;
559 for (i=0; (ch = *(name++)) != '\0';) {
560 if (ch == '/')
561 i = 0;
562 else
563 if (i < 15)
564 current->comm[i++] = ch;
565 }
566 current->comm[i] = '\0';
568 flush_thread();
570 de_thread(current);
572 if (bprm->e_uid != current->euid || bprm->e_gid != current->egid ||
573 permission(bprm->file->f_dentry->d_inode,MAY_READ))
574 current->mm->dumpable = 0;
576 /* An exec changes our domain. We are no longer part of the thread
577 group */
579 current->self_exec_id++;
581 flush_signal_handlers(current);
582 flush_old_files(current->files);
584 return 0;
586 mmap_failed:
587 flush_failed:
588 spin_lock_irq(&current->sigmask_lock);
589 if (current->sig != oldsig) {
590 kfree(current->sig);
591 current->sig = oldsig;
592 }
593 spin_unlock_irq(&current->sigmask_lock);
594 return retval;
595 }
597 /*
598 * We mustn't allow tracing of suid binaries, unless
599 * the tracer has the capability to trace anything..
600 */
601 static inline int must_not_trace_exec(struct task_struct * p)
602 {
603 return (p->ptrace & PT_PTRACED) && !(p->ptrace & PT_PTRACE_CAP);
604 }
606 /*
607 * Fill the binprm structure from the inode.
608 * Check permissions, then read the first 128 (BINPRM_BUF_SIZE) bytes
609 */
610 int prepare_binprm(struct linux_binprm *bprm)
611 {
612 int mode;
613 struct inode * inode = bprm->file->f_dentry->d_inode;
615 mode = inode->i_mode;
616 /*
617 * Check execute perms again - if the caller has CAP_DAC_OVERRIDE,
618 * vfs_permission lets a non-executable through
619 */
620 if (!(mode & 0111)) /* with at least _one_ execute bit set */
621 return -EACCES;
622 if (bprm->file->f_op == NULL)
623 return -EACCES;
625 bprm->e_uid = current->euid;
626 bprm->e_gid = current->egid;
628 if(!(bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID)) {
629 /* Set-uid? */
630 if (mode & S_ISUID)
631 bprm->e_uid = inode->i_uid;
633 /* Set-gid? */
634 /*
635 * If setgid is set but no group execute bit then this
636 * is a candidate for mandatory locking, not a setgid
637 * executable.
638 */
639 if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))
640 bprm->e_gid = inode->i_gid;
641 }
643 /* We don't have VFS support for capabilities yet */
644 cap_clear(bprm->cap_inheritable);
645 cap_clear(bprm->cap_permitted);
646 cap_clear(bprm->cap_effective);
648 /* To support inheritance of root-permissions and suid-root
649 * executables under compatibility mode, we raise all three
650 * capability sets for the file.
651 *
652 * If only the real uid is 0, we only raise the inheritable
653 * and permitted sets of the executable file.
654 */
656 if (!issecure(SECURE_NOROOT)) {
657 if (bprm->e_uid == 0 || current->uid == 0) {
658 cap_set_full(bprm->cap_inheritable);
659 cap_set_full(bprm->cap_permitted);
660 }
661 if (bprm->e_uid == 0)
662 cap_set_full(bprm->cap_effective);
663 }
665 memset(bprm->buf,0,BINPRM_BUF_SIZE);
666 return kernel_read(bprm->file,0,bprm->buf,BINPRM_BUF_SIZE);
667 }
669 /*
670 * This function is used to produce the new IDs and capabilities
671 * from the old ones and the file's capabilities.
672 *
673 * The formula used for evolving capabilities is:
674 *
675 * pI' = pI
676 * (***) pP' = (fP & X) | (fI & pI)
677 * pE' = pP' & fE [NB. fE is 0 or ~0]
678 *
679 * I=Inheritable, P=Permitted, E=Effective // p=process, f=file
680 * ' indicates post-exec(), and X is the global 'cap_bset'.
681 *
682 */
684 void compute_creds(struct linux_binprm *bprm)
685 {
686 kernel_cap_t new_permitted, working;
687 int do_unlock = 0;
689 new_permitted = cap_intersect(bprm->cap_permitted, cap_bset);
690 working = cap_intersect(bprm->cap_inheritable,
691 current->cap_inheritable);
692 new_permitted = cap_combine(new_permitted, working);
694 if (bprm->e_uid != current->uid || bprm->e_gid != current->gid ||
695 !cap_issubset(new_permitted, current->cap_permitted)) {
696 current->mm->dumpable = 0;
698 lock_kernel();
699 if (must_not_trace_exec(current)
700 || atomic_read(&current->fs->count) > 1
701 || atomic_read(&current->files->count) > 1
702 || atomic_read(&current->sig->count) > 1) {
703 if(!capable(CAP_SETUID)) {
704 bprm->e_uid = current->uid;
705 bprm->e_gid = current->gid;
706 }
707 if(!capable(CAP_SETPCAP)) {
708 new_permitted = cap_intersect(new_permitted,
709 current->cap_permitted);
710 }
711 }
712 do_unlock = 1;
713 }
716 /* For init, we want to retain the capabilities set
717 * in the init_task struct. Thus we skip the usual
718 * capability rules */
719 if (current->pid != 1) {
720 current->cap_permitted = new_permitted;
721 current->cap_effective =
722 cap_intersect(new_permitted, bprm->cap_effective);
723 }
725 /* AUD: Audit candidate if current->cap_effective is set */
727 current->suid = current->euid = current->fsuid = bprm->e_uid;
728 current->sgid = current->egid = current->fsgid = bprm->e_gid;
730 if(do_unlock)
731 unlock_kernel();
732 current->keep_capabilities = 0;
733 }
736 void remove_arg_zero(struct linux_binprm *bprm)
737 {
738 if (bprm->argc) {
739 unsigned long offset;
740 char * kaddr;
741 struct page *page;
743 offset = bprm->p % PAGE_SIZE;
744 goto inside;
746 while (bprm->p++, *(kaddr+offset++)) {
747 if (offset != PAGE_SIZE)
748 continue;
749 offset = 0;
750 kunmap(page);
751 inside:
752 page = bprm->page[bprm->p/PAGE_SIZE];
753 kaddr = kmap(page);
754 }
755 kunmap(page);
756 bprm->argc--;
757 }
758 }
760 /*
761 * cycle the list of binary formats handler, until one recognizes the image
762 */
763 int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)
764 {
765 int try,retval=0;
766 struct linux_binfmt *fmt;
767 #ifdef __alpha__
768 /* handle /sbin/loader.. */
769 {
770 struct exec * eh = (struct exec *) bprm->buf;
772 if (!bprm->loader && eh->fh.f_magic == 0x183 &&
773 (eh->fh.f_flags & 0x3000) == 0x3000)
774 {
775 struct file * file;
776 unsigned long loader;
778 allow_write_access(bprm->file);
779 fput(bprm->file);
780 bprm->file = NULL;
782 loader = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
784 file = open_exec("/sbin/loader");
785 retval = PTR_ERR(file);
786 if (IS_ERR(file))
787 return retval;
789 /* Remember if the application is TASO. */
790 bprm->sh_bang = eh->ah.entry < 0x100000000;
792 bprm->file = file;
793 bprm->loader = loader;
794 retval = prepare_binprm(bprm);
795 if (retval<0)
796 return retval;
797 /* should call search_binary_handler recursively here,
798 but it does not matter */
799 }
800 }
801 #endif
802 /* kernel module loader fixup */
803 /* so we don't try to load run modprobe in kernel space. */
804 set_fs(USER_DS);
805 for (try=0; try<2; try++) {
806 read_lock(&binfmt_lock);
807 for (fmt = formats ; fmt ; fmt = fmt->next) {
808 int (*fn)(struct linux_binprm *, struct pt_regs *) = fmt->load_binary;
809 if (!fn)
810 continue;
811 if (!try_inc_mod_count(fmt->module))
812 continue;
813 read_unlock(&binfmt_lock);
814 retval = fn(bprm, regs);
815 if (retval >= 0) {
816 put_binfmt(fmt);
817 allow_write_access(bprm->file);
818 if (bprm->file)
819 fput(bprm->file);
820 bprm->file = NULL;
821 current->did_exec = 1;
822 return retval;
823 }
824 read_lock(&binfmt_lock);
825 put_binfmt(fmt);
826 if (retval != -ENOEXEC)
827 break;
828 if (!bprm->file) {
829 read_unlock(&binfmt_lock);
830 return retval;
831 }
832 }
833 read_unlock(&binfmt_lock);
834 if (retval != -ENOEXEC) {
835 break;
836 #ifdef CONFIG_KMOD
837 }else{
838 #define printable(c) (((c)=='\t') || ((c)=='\n') || (0x20<=(c) && (c)<=0x7e))
839 char modname[20];
840 if (printable(bprm->buf[0]) &&
841 printable(bprm->buf[1]) &&
842 printable(bprm->buf[2]) &&
843 printable(bprm->buf[3]))
844 break; /* -ENOEXEC */
845 sprintf(modname, "binfmt-%04x", *(unsigned short *)(&bprm->buf[2]));
846 request_module(modname);
847 #endif
848 }
849 }
850 return retval;
851 }
854 /*
855 * sys_execve() executes a new program.
856 */
857 int do_execve(char * filename, char ** argv, char ** envp, struct pt_regs * regs)
858 {
859 struct linux_binprm bprm;
860 struct file *file;
861 int retval;
862 int i;
864 file = open_exec(filename);
866 retval = PTR_ERR(file);
867 if (IS_ERR(file))
868 return retval;
870 bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
871 memset(bprm.page, 0, MAX_ARG_PAGES*sizeof(bprm.page[0]));
873 bprm.file = file;
874 bprm.filename = filename;
875 bprm.sh_bang = 0;
876 bprm.loader = 0;
877 bprm.exec = 0;
878 if ((bprm.argc = count(argv, bprm.p / sizeof(void *))) < 0) {
879 allow_write_access(file);
880 fput(file);
881 return bprm.argc;
882 }
884 if ((bprm.envc = count(envp, bprm.p / sizeof(void *))) < 0) {
885 allow_write_access(file);
886 fput(file);
887 return bprm.envc;
888 }
890 retval = prepare_binprm(&bprm);
891 if (retval < 0)
892 goto out;
894 retval = copy_strings_kernel(1, &bprm.filename, &bprm);
895 if (retval < 0)
896 goto out;
898 bprm.exec = bprm.p;
899 retval = copy_strings(bprm.envc, envp, &bprm);
900 if (retval < 0)
901 goto out;
903 retval = copy_strings(bprm.argc, argv, &bprm);
904 if (retval < 0)
905 goto out;
907 retval = search_binary_handler(&bprm,regs);
908 if (retval >= 0)
909 /* execve success */
910 return retval;
912 out:
913 /* Something went wrong, return the inode and free the argument pages*/
914 allow_write_access(bprm.file);
915 if (bprm.file)
916 fput(bprm.file);
918 for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
919 struct page * page = bprm.page[i];
920 if (page)
921 __free_page(page);
922 }
924 return retval;
925 }
927 void set_binfmt(struct linux_binfmt *new)
928 {
929 struct linux_binfmt *old = current->binfmt;
930 if (new && new->module)
931 __MOD_INC_USE_COUNT(new->module);
932 current->binfmt = new;
933 if (old && old->module)
934 __MOD_DEC_USE_COUNT(old->module);
935 }
937 int do_coredump(long signr, struct pt_regs * regs)
938 {
939 struct linux_binfmt * binfmt;
940 char corename[6+sizeof(current->comm)+10];
941 struct file * file;
942 struct inode * inode;
943 int retval = 0;
945 lock_kernel();
946 binfmt = current->binfmt;
947 if (!binfmt || !binfmt->core_dump)
948 goto fail;
949 if (!current->mm->dumpable)
950 goto fail;
951 current->mm->dumpable = 0;
952 if (current->rlim[RLIMIT_CORE].rlim_cur < binfmt->min_coredump)
953 goto fail;
955 memcpy(corename,"core.", 5);
956 corename[4] = '\0';
957 if (core_uses_pid || atomic_read(&current->mm->mm_users) != 1)
958 sprintf(&corename[4], ".%d", current->pid);
959 file = filp_open(corename, O_CREAT | 2 | O_NOFOLLOW, 0600);
960 if (IS_ERR(file))
961 goto fail;
962 inode = file->f_dentry->d_inode;
963 if (inode->i_nlink > 1)
964 goto close_fail; /* multiple links - don't dump */
965 if (d_unhashed(file->f_dentry))
966 goto close_fail;
968 if (!S_ISREG(inode->i_mode))
969 goto close_fail;
970 if (!file->f_op)
971 goto close_fail;
972 if (!file->f_op->write)
973 goto close_fail;
974 if (do_truncate(file->f_dentry, 0) != 0)
975 goto close_fail;
977 down_read(&current->mm->mmap_sem);
978 retval = binfmt->core_dump(signr, regs, file);
979 up_read(&current->mm->mmap_sem);
981 close_fail:
982 filp_close(file, NULL);
983 fail:
984 unlock_kernel();
985 return retval;
986 }