Lines Matching refs:bprm
77 static int bprm_creds_from_file(struct linux_binprm *bprm);
185 static void acct_arg_size(struct linux_binprm *bprm, unsigned long pages) in acct_arg_size() argument
188 long diff = (long)(pages - bprm->vma_pages); in acct_arg_size()
193 bprm->vma_pages = pages; in acct_arg_size()
197 static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, in get_arg_page() argument
206 ret = expand_downwards(bprm->vma, pos); in get_arg_page()
219 mmap_read_lock(bprm->mm); in get_arg_page()
220 ret = get_user_pages_remote(bprm->mm, pos, 1, gup_flags, in get_arg_page()
222 mmap_read_unlock(bprm->mm); in get_arg_page()
227 acct_arg_size(bprm, vma_pages(bprm->vma)); in get_arg_page()
237 static void free_arg_pages(struct linux_binprm *bprm) in free_arg_pages() argument
241 static void flush_arg_page(struct linux_binprm *bprm, unsigned long pos, in flush_arg_page() argument
244 flush_cache_page(bprm->vma, pos, page_to_pfn(page)); in flush_arg_page()
247 static int __bprm_mm_init(struct linux_binprm *bprm) in __bprm_mm_init() argument
251 struct mm_struct *mm = bprm->mm; in __bprm_mm_init()
253 bprm->vma = vma = vm_area_alloc(mm); in __bprm_mm_init()
281 bprm->p = vma->vm_end - sizeof(void *); in __bprm_mm_init()
286 bprm->vma = NULL; in __bprm_mm_init()
291 static bool valid_arg_len(struct linux_binprm *bprm, long len) in valid_arg_len() argument
298 static inline void acct_arg_size(struct linux_binprm *bprm, unsigned long pages) in acct_arg_size() argument
302 static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, in get_arg_page() argument
307 page = bprm->page[pos / PAGE_SIZE]; in get_arg_page()
312 bprm->page[pos / PAGE_SIZE] = page; in get_arg_page()
322 static void free_arg_page(struct linux_binprm *bprm, int i) in free_arg_page() argument
324 if (bprm->page[i]) { in free_arg_page()
325 __free_page(bprm->page[i]); in free_arg_page()
326 bprm->page[i] = NULL; in free_arg_page()
330 static void free_arg_pages(struct linux_binprm *bprm) in free_arg_pages() argument
335 free_arg_page(bprm, i); in free_arg_pages()
338 static void flush_arg_page(struct linux_binprm *bprm, unsigned long pos, in flush_arg_page() argument
343 static int __bprm_mm_init(struct linux_binprm *bprm) in __bprm_mm_init() argument
345 bprm->p = PAGE_SIZE * MAX_ARG_PAGES - sizeof(void *); in __bprm_mm_init()
349 static bool valid_arg_len(struct linux_binprm *bprm, long len) in valid_arg_len() argument
351 return len <= bprm->p; in valid_arg_len()
362 static int bprm_mm_init(struct linux_binprm *bprm) in bprm_mm_init() argument
367 bprm->mm = mm = mm_alloc(); in bprm_mm_init()
374 bprm->rlim_stack = current->signal->rlim[RLIMIT_STACK]; in bprm_mm_init()
377 err = __bprm_mm_init(bprm); in bprm_mm_init()
385 bprm->mm = NULL; in bprm_mm_init()
471 static int bprm_stack_limits(struct linux_binprm *bprm) in bprm_stack_limits() argument
484 limit = min(limit, bprm->rlim_stack.rlim_cur / 4); in bprm_stack_limits()
503 ptr_size = (max(bprm->argc, 1) + bprm->envc) * sizeof(void *); in bprm_stack_limits()
508 bprm->argmin = bprm->p - limit; in bprm_stack_limits()
518 struct linux_binprm *bprm) in copy_strings() argument
540 if (!valid_arg_len(bprm, len)) in copy_strings()
544 pos = bprm->p; in copy_strings()
546 bprm->p -= len; in copy_strings()
548 if (bprm->p < bprm->argmin) in copy_strings()
577 page = get_arg_page(bprm, pos, 1); in copy_strings()
591 flush_arg_page(bprm, kpos, kmapped_page); in copy_strings()
612 int copy_string_kernel(const char *arg, struct linux_binprm *bprm) in copy_string_kernel() argument
615 unsigned long pos = bprm->p; in copy_string_kernel()
619 if (!valid_arg_len(bprm, len)) in copy_string_kernel()
624 bprm->p -= len; in copy_string_kernel()
625 if (IS_ENABLED(CONFIG_MMU) && bprm->p < bprm->argmin) in copy_string_kernel()
637 page = get_arg_page(bprm, pos, 1); in copy_string_kernel()
640 flush_arg_page(bprm, pos & PAGE_MASK, page); in copy_string_kernel()
650 struct linux_binprm *bprm) in copy_strings_kernel() argument
653 int ret = copy_string_kernel(argv[argc], bprm); in copy_strings_kernel()
745 int setup_arg_pages(struct linux_binprm *bprm, in setup_arg_pages() argument
752 struct vm_area_struct *vma = bprm->vma; in setup_arg_pages()
763 stack_base = bprm->rlim_stack.rlim_max; in setup_arg_pages()
777 mm->arg_start = bprm->p - stack_shift; in setup_arg_pages()
778 bprm->p = vma->vm_end - stack_shift; in setup_arg_pages()
789 bprm->p -= stack_shift; in setup_arg_pages()
790 mm->arg_start = bprm->p; in setup_arg_pages()
793 if (bprm->loader) in setup_arg_pages()
794 bprm->loader -= stack_shift; in setup_arg_pages()
795 bprm->exec -= stack_shift; in setup_arg_pages()
825 bprm->file); in setup_arg_pages()
844 rlim_stack = bprm->rlim_stack.rlim_cur & PAGE_MASK; in setup_arg_pages()
856 current->mm->start_stack = bprm->p; in setup_arg_pages()
873 int transfer_args_to_stack(struct linux_binprm *bprm, in transfer_args_to_stack() argument
879 stop = bprm->p >> PAGE_SHIFT; in transfer_args_to_stack()
883 unsigned int offset = index == stop ? bprm->p & ~PAGE_MASK : 0; in transfer_args_to_stack()
884 char *src = kmap_local_page(bprm->page[index]) + offset; in transfer_args_to_stack()
1244 int begin_new_exec(struct linux_binprm * bprm) in begin_new_exec() argument
1250 retval = bprm_creds_from_file(bprm); in begin_new_exec()
1257 bprm->point_of_no_return = true; in begin_new_exec()
1281 retval = set_mm_exe_file(bprm->mm, bprm->file); in begin_new_exec()
1286 would_dump(bprm, bprm->file); in begin_new_exec()
1287 if (bprm->have_execfd) in begin_new_exec()
1288 would_dump(bprm, bprm->executable); in begin_new_exec()
1293 acct_arg_size(bprm, 0); in begin_new_exec()
1294 retval = exec_mmap(bprm->mm); in begin_new_exec()
1298 bprm->mm = NULL; in begin_new_exec()
1318 me->personality &= ~bprm->per_clear; in begin_new_exec()
1330 if (bprm->secureexec) { in begin_new_exec()
1341 if (bprm->rlim_stack.rlim_cur > _STK_LIM) in begin_new_exec()
1342 bprm->rlim_stack.rlim_cur = _STK_LIM; in begin_new_exec()
1352 if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP || in begin_new_exec()
1360 __set_task_comm(me, kbasename(bprm->filename), true); in begin_new_exec()
1367 retval = set_cred_ucounts(bprm->cred); in begin_new_exec()
1374 security_bprm_committing_creds(bprm); in begin_new_exec()
1376 commit_creds(bprm->cred); in begin_new_exec()
1377 bprm->cred = NULL; in begin_new_exec()
1392 security_bprm_committed_creds(bprm); in begin_new_exec()
1395 if (bprm->have_execfd) { in begin_new_exec()
1399 fd_install(retval, bprm->executable); in begin_new_exec()
1400 bprm->executable = NULL; in begin_new_exec()
1401 bprm->execfd = retval; in begin_new_exec()
1412 void would_dump(struct linux_binprm *bprm, struct file *file) in would_dump() argument
1418 bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP; in would_dump()
1421 user_ns = old = bprm->mm->user_ns; in would_dump()
1427 bprm->mm->user_ns = get_user_ns(user_ns); in would_dump()
1434 void setup_new_exec(struct linux_binprm * bprm) in setup_new_exec() argument
1439 arch_pick_mmap_layout(me->mm, &bprm->rlim_stack); in setup_new_exec()
1454 void finalize_exec(struct linux_binprm *bprm) in finalize_exec() argument
1458 current->signal->rlim[RLIMIT_STACK] = bprm->rlim_stack; in finalize_exec()
1469 static int prepare_bprm_creds(struct linux_binprm *bprm) in prepare_bprm_creds() argument
1474 bprm->cred = prepare_exec_creds(); in prepare_bprm_creds()
1475 if (likely(bprm->cred)) in prepare_bprm_creds()
1482 static void free_bprm(struct linux_binprm *bprm) in free_bprm() argument
1484 if (bprm->mm) { in free_bprm()
1485 acct_arg_size(bprm, 0); in free_bprm()
1486 mmput(bprm->mm); in free_bprm()
1488 free_arg_pages(bprm); in free_bprm()
1489 if (bprm->cred) { in free_bprm()
1491 abort_creds(bprm->cred); in free_bprm()
1493 if (bprm->file) { in free_bprm()
1494 allow_write_access(bprm->file); in free_bprm()
1495 fput(bprm->file); in free_bprm()
1497 if (bprm->executable) in free_bprm()
1498 fput(bprm->executable); in free_bprm()
1500 if (bprm->interp != bprm->filename) in free_bprm()
1501 kfree(bprm->interp); in free_bprm()
1502 kfree(bprm->fdpath); in free_bprm()
1503 kfree(bprm); in free_bprm()
1508 struct linux_binprm *bprm = kzalloc(sizeof(*bprm), GFP_KERNEL); in alloc_bprm() local
1510 if (!bprm) in alloc_bprm()
1514 bprm->filename = filename->name; in alloc_bprm()
1517 bprm->fdpath = kasprintf(GFP_KERNEL, "/dev/fd/%d", fd); in alloc_bprm()
1519 bprm->fdpath = kasprintf(GFP_KERNEL, "/dev/fd/%d/%s", in alloc_bprm()
1521 if (!bprm->fdpath) in alloc_bprm()
1524 bprm->filename = bprm->fdpath; in alloc_bprm()
1526 bprm->interp = bprm->filename; in alloc_bprm()
1528 retval = bprm_mm_init(bprm); in alloc_bprm()
1531 return bprm; in alloc_bprm()
1534 free_bprm(bprm); in alloc_bprm()
1539 int bprm_change_interp(const char *interp, struct linux_binprm *bprm) in bprm_change_interp() argument
1542 if (bprm->interp != bprm->filename) in bprm_change_interp()
1543 kfree(bprm->interp); in bprm_change_interp()
1544 bprm->interp = kstrdup(interp, GFP_KERNEL); in bprm_change_interp()
1545 if (!bprm->interp) in bprm_change_interp()
1556 static void check_unsafe_exec(struct linux_binprm *bprm) in check_unsafe_exec() argument
1562 bprm->unsafe |= LSM_UNSAFE_PTRACE; in check_unsafe_exec()
1569 bprm->unsafe |= LSM_UNSAFE_NO_NEW_PRIVS; in check_unsafe_exec()
1582 bprm->unsafe |= LSM_UNSAFE_SHARE; in check_unsafe_exec()
1588 static void bprm_fill_uid(struct linux_binprm *bprm, struct file *file) in bprm_fill_uid() argument
1619 if (!kuid_has_mapping(bprm->cred->user_ns, uid) || in bprm_fill_uid()
1620 !kgid_has_mapping(bprm->cred->user_ns, gid)) in bprm_fill_uid()
1624 bprm->per_clear |= PER_CLEAR_ON_SETID; in bprm_fill_uid()
1625 bprm->cred->euid = uid; in bprm_fill_uid()
1629 bprm->per_clear |= PER_CLEAR_ON_SETID; in bprm_fill_uid()
1630 bprm->cred->egid = gid; in bprm_fill_uid()
1637 static int bprm_creds_from_file(struct linux_binprm *bprm) in bprm_creds_from_file() argument
1640 struct file *file = bprm->execfd_creds ? bprm->executable : bprm->file; in bprm_creds_from_file()
1642 bprm_fill_uid(bprm, file); in bprm_creds_from_file()
1643 return security_bprm_creds_from_file(bprm, file); in bprm_creds_from_file()
1652 static int prepare_binprm(struct linux_binprm *bprm) in prepare_binprm() argument
1656 memset(bprm->buf, 0, BINPRM_BUF_SIZE); in prepare_binprm()
1657 return kernel_read(bprm->file, bprm->buf, BINPRM_BUF_SIZE, &pos); in prepare_binprm()
1665 int remove_arg_zero(struct linux_binprm *bprm) in remove_arg_zero() argument
1672 if (!bprm->argc) in remove_arg_zero()
1676 offset = bprm->p & ~PAGE_MASK; in remove_arg_zero()
1677 page = get_arg_page(bprm, bprm->p, 0); in remove_arg_zero()
1685 offset++, bprm->p++) in remove_arg_zero()
1692 bprm->p++; in remove_arg_zero()
1693 bprm->argc--; in remove_arg_zero()
1705 static int search_binary_handler(struct linux_binprm *bprm) in search_binary_handler() argument
1711 retval = prepare_binprm(bprm); in search_binary_handler()
1715 retval = security_bprm_check(bprm); in search_binary_handler()
1727 retval = fmt->load_binary(bprm); in search_binary_handler()
1731 if (bprm->point_of_no_return || (retval != -ENOEXEC)) { in search_binary_handler()
1739 if (printable(bprm->buf[0]) && printable(bprm->buf[1]) && in search_binary_handler()
1740 printable(bprm->buf[2]) && printable(bprm->buf[3])) in search_binary_handler()
1742 if (request_module("binfmt-%04x", *(ushort *)(bprm->buf + 2)) < 0) in search_binary_handler()
1751 static int exec_binprm(struct linux_binprm *bprm) in exec_binprm() argument
1768 ret = search_binary_handler(bprm); in exec_binprm()
1771 if (!bprm->interpreter) in exec_binprm()
1774 exec = bprm->file; in exec_binprm()
1775 bprm->file = bprm->interpreter; in exec_binprm()
1776 bprm->interpreter = NULL; in exec_binprm()
1779 if (unlikely(bprm->have_execfd)) { in exec_binprm()
1780 if (bprm->executable) { in exec_binprm()
1784 bprm->executable = exec; in exec_binprm()
1789 audit_bprm(bprm); in exec_binprm()
1790 trace_sched_process_exec(current, old_pid, bprm); in exec_binprm()
1799 static int bprm_execve(struct linux_binprm *bprm, in bprm_execve() argument
1805 retval = prepare_bprm_creds(bprm); in bprm_execve()
1809 check_unsafe_exec(bprm); in bprm_execve()
1819 bprm->file = file; in bprm_execve()
1829 if (bprm->fdpath && get_close_on_exec(fd)) in bprm_execve()
1830 bprm->interp_flags |= BINPRM_FLAGS_PATH_INACCESSIBLE; in bprm_execve()
1833 retval = security_bprm_creds_for_exec(bprm); in bprm_execve()
1837 retval = exec_binprm(bprm); in bprm_execve()
1856 if (bprm->point_of_no_return && !fatal_signal_pending(current)) in bprm_execve()
1871 struct linux_binprm *bprm; in do_execveat_common() local
1893 bprm = alloc_bprm(fd, filename); in do_execveat_common()
1894 if (IS_ERR(bprm)) { in do_execveat_common()
1895 retval = PTR_ERR(bprm); in do_execveat_common()
1902 current->comm, bprm->filename); in do_execveat_common()
1905 bprm->argc = retval; in do_execveat_common()
1910 bprm->envc = retval; in do_execveat_common()
1912 retval = bprm_stack_limits(bprm); in do_execveat_common()
1916 retval = copy_string_kernel(bprm->filename, bprm); in do_execveat_common()
1919 bprm->exec = bprm->p; in do_execveat_common()
1921 retval = copy_strings(bprm->envc, envp, bprm); in do_execveat_common()
1925 retval = copy_strings(bprm->argc, argv, bprm); in do_execveat_common()
1935 if (bprm->argc == 0) { in do_execveat_common()
1936 retval = copy_string_kernel("", bprm); in do_execveat_common()
1939 bprm->argc = 1; in do_execveat_common()
1942 retval = bprm_execve(bprm, fd, filename, flags); in do_execveat_common()
1944 free_bprm(bprm); in do_execveat_common()
1955 struct linux_binprm *bprm; in kernel_execve() local
1967 bprm = alloc_bprm(fd, filename); in kernel_execve()
1968 if (IS_ERR(bprm)) { in kernel_execve()
1969 retval = PTR_ERR(bprm); in kernel_execve()
1978 bprm->argc = retval; in kernel_execve()
1983 bprm->envc = retval; in kernel_execve()
1985 retval = bprm_stack_limits(bprm); in kernel_execve()
1989 retval = copy_string_kernel(bprm->filename, bprm); in kernel_execve()
1992 bprm->exec = bprm->p; in kernel_execve()
1994 retval = copy_strings_kernel(bprm->envc, envp, bprm); in kernel_execve()
1998 retval = copy_strings_kernel(bprm->argc, argv, bprm); in kernel_execve()
2002 retval = bprm_execve(bprm, fd, filename, 0); in kernel_execve()
2004 free_bprm(bprm); in kernel_execve()