176 static void acct_arg_size(struct linux_binprm *bprm, unsigned long pages)  in acct_arg_size()  argument
179 	long diff = (long)(pages - bprm->vma_pages);  in acct_arg_size()
184 	bprm->vma_pages = pages;  in acct_arg_size()
188 static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,  in get_arg_page()  argument
196 		ret = expand_downwards(bprm->vma, pos);  in get_arg_page()
201 	ret = get_user_pages(current, bprm->mm, pos,  in get_arg_page()
207 		unsigned long size = bprm->vma->vm_end - bprm->vma->vm_start;  in get_arg_page()
210 		acct_arg_size(bprm, size / PAGE_SIZE);  in get_arg_page()
241 static void free_arg_page(struct linux_binprm *bprm, int i)  in free_arg_page()  argument
245 static void free_arg_pages(struct linux_binprm *bprm)  in free_arg_pages()  argument
249 static void flush_arg_page(struct linux_binprm *bprm, unsigned long pos,  in flush_arg_page()  argument
252 	flush_cache_page(bprm->vma, pos, page_to_pfn(page));  in flush_arg_page()
255 static int __bprm_mm_init(struct linux_binprm *bprm)  in __bprm_mm_init()  argument
259 	struct mm_struct *mm = bprm->mm;  in __bprm_mm_init()
261 	bprm->vma = vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);  in __bprm_mm_init()
288 	bprm->p = vma->vm_end - sizeof(void *);  in __bprm_mm_init()
292 	bprm->vma = NULL;  in __bprm_mm_init()
297 static bool valid_arg_len(struct linux_binprm *bprm, long len)  in valid_arg_len()  argument
304 static inline void acct_arg_size(struct linux_binprm *bprm, unsigned long pages)  in acct_arg_size()  argument
308 static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,  in get_arg_page()  argument
313 	page = bprm->page[pos / PAGE_SIZE];  in get_arg_page()
318 		bprm->page[pos / PAGE_SIZE] = page;  in get_arg_page()
328 static void free_arg_page(struct linux_binprm *bprm, int i)  in free_arg_page()  argument
330 	if (bprm->page[i]) {  in free_arg_page()
331 		__free_page(bprm->page[i]);  in free_arg_page()
332 		bprm->page[i] = NULL;  in free_arg_page()
336 static void free_arg_pages(struct linux_binprm *bprm)  in free_arg_pages()  argument
341 		free_arg_page(bprm, i);  in free_arg_pages()
344 static void flush_arg_page(struct linux_binprm *bprm, unsigned long pos,  in flush_arg_page()  argument
349 static int __bprm_mm_init(struct linux_binprm *bprm)  in __bprm_mm_init()  argument
351 	bprm->p = PAGE_SIZE * MAX_ARG_PAGES - sizeof(void *);  in __bprm_mm_init()
355 static bool valid_arg_len(struct linux_binprm *bprm, long len)  in valid_arg_len()  argument
357 	return len <= bprm->p;  in valid_arg_len()
368 static int bprm_mm_init(struct linux_binprm *bprm)  in bprm_mm_init()  argument
373 	bprm->mm = mm = mm_alloc();  in bprm_mm_init()
378 	err = __bprm_mm_init(bprm);  in bprm_mm_init()
386 		bprm->mm = NULL;  in bprm_mm_init()
461 			struct linux_binprm *bprm)  in copy_strings()  argument
483 		if (!valid_arg_len(bprm, len))  in copy_strings()
487 		pos = bprm->p;  in copy_strings()
489 		bprm->p -= len;  in copy_strings()
516 				page = get_arg_page(bprm, pos, 1);  in copy_strings()
530 				flush_arg_page(bprm, kpos, kmapped_page);  in copy_strings()
552 			struct linux_binprm *bprm)  in copy_strings_kernel()  argument
561 	r = copy_strings(argc, argv, bprm);  in copy_strings_kernel()
647 int setup_arg_pages(struct linux_binprm *bprm,  in setup_arg_pages()  argument
654 	struct vm_area_struct *vma = bprm->vma;  in setup_arg_pages()
678 	mm->arg_start = bprm->p - stack_shift;  in setup_arg_pages()
679 	bprm->p = vma->vm_end - stack_shift;  in setup_arg_pages()
690 	bprm->p -= stack_shift;  in setup_arg_pages()
691 	mm->arg_start = bprm->p;  in setup_arg_pages()
694 	if (bprm->loader)  in setup_arg_pages()
695 		bprm->loader -= stack_shift;  in setup_arg_pages()
696 	bprm->exec -= stack_shift;  in setup_arg_pages()
747 	current->mm->start_stack = bprm->p;  in setup_arg_pages()
1082 int flush_old_exec(struct linux_binprm * bprm)  in flush_old_exec()  argument
1099 	set_mm_exe_file(bprm->mm, bprm->file);  in flush_old_exec()
1104 	acct_arg_size(bprm, 0);  in flush_old_exec()
1105 	retval = exec_mmap(bprm->mm);  in flush_old_exec()
1109 	bprm->mm = NULL;		/* We're using it now */  in flush_old_exec()
1115 	current->personality &= ~bprm->per_clear;  in flush_old_exec()
1124 void would_dump(struct linux_binprm *bprm, struct file *file)  in would_dump()  argument
1127 		bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;  in would_dump()
1131 void setup_new_exec(struct linux_binprm * bprm)  in setup_new_exec()  argument
1144 	__set_task_comm(current, kbasename(bprm->filename), true);  in setup_new_exec()
1153 	if (!uid_eq(bprm->cred->uid, current_euid()) ||  in setup_new_exec()
1154 	    !gid_eq(bprm->cred->gid, current_egid())) {  in setup_new_exec()
1157 		would_dump(bprm, bprm->file);  in setup_new_exec()
1158 		if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)  in setup_new_exec()
1176 int prepare_bprm_creds(struct linux_binprm *bprm)  in prepare_bprm_creds()  argument
1181 	bprm->cred = prepare_exec_creds();  in prepare_bprm_creds()
1182 	if (likely(bprm->cred))  in prepare_bprm_creds()
1189 static void free_bprm(struct linux_binprm *bprm)  in free_bprm()  argument
1191 	free_arg_pages(bprm);  in free_bprm()
1192 	if (bprm->cred) {  in free_bprm()
1194 		abort_creds(bprm->cred);  in free_bprm()
1196 	if (bprm->file) {  in free_bprm()
1197 		allow_write_access(bprm->file);  in free_bprm()
1198 		fput(bprm->file);  in free_bprm()
1201 	if (bprm->interp != bprm->filename)  in free_bprm()
1202 		kfree(bprm->interp);  in free_bprm()
1203 	kfree(bprm);  in free_bprm()
1206 int bprm_change_interp(char *interp, struct linux_binprm *bprm)  in bprm_change_interp()  argument
1209 	if (bprm->interp != bprm->filename)  in bprm_change_interp()
1210 		kfree(bprm->interp);  in bprm_change_interp()
1211 	bprm->interp = kstrdup(interp, GFP_KERNEL);  in bprm_change_interp()
1212 	if (!bprm->interp)  in bprm_change_interp()
1221 void install_exec_creds(struct linux_binprm *bprm)  in install_exec_creds()  argument
1223 	security_bprm_committing_creds(bprm);  in install_exec_creds()
1225 	commit_creds(bprm->cred);  in install_exec_creds()
1226 	bprm->cred = NULL;  in install_exec_creds()
1241 	security_bprm_committed_creds(bprm);  in install_exec_creds()
1251 static void check_unsafe_exec(struct linux_binprm *bprm)  in check_unsafe_exec()  argument
1258 			bprm->unsafe |= LSM_UNSAFE_PTRACE_CAP;  in check_unsafe_exec()
1260 			bprm->unsafe |= LSM_UNSAFE_PTRACE;  in check_unsafe_exec()
1268 		bprm->unsafe |= LSM_UNSAFE_NO_NEW_PRIVS;  in check_unsafe_exec()
1281 		bprm->unsafe |= LSM_UNSAFE_SHARE;  in check_unsafe_exec()
1287 static void bprm_fill_uid(struct linux_binprm *bprm)  in bprm_fill_uid()  argument
1295 	bprm->cred->euid = current_euid();  in bprm_fill_uid()
1296 	bprm->cred->egid = current_egid();  in bprm_fill_uid()
1298 	if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)  in bprm_fill_uid()
1304 	inode = file_inode(bprm->file);  in bprm_fill_uid()
1319 	if (!kuid_has_mapping(bprm->cred->user_ns, uid) ||  in bprm_fill_uid()
1320 		 !kgid_has_mapping(bprm->cred->user_ns, gid))  in bprm_fill_uid()
1324 		bprm->per_clear |= PER_CLEAR_ON_SETID;  in bprm_fill_uid()
1325 		bprm->cred->euid = uid;  in bprm_fill_uid()
1329 		bprm->per_clear |= PER_CLEAR_ON_SETID;  in bprm_fill_uid()
1330 		bprm->cred->egid = gid;  in bprm_fill_uid()
1340 int prepare_binprm(struct linux_binprm *bprm)  in prepare_binprm()  argument
1344 	bprm_fill_uid(bprm);  in prepare_binprm()
1347 	retval = security_bprm_set_creds(bprm);  in prepare_binprm()
1350 	bprm->cred_prepared = 1;  in prepare_binprm()
1352 	memset(bprm->buf, 0, BINPRM_BUF_SIZE);  in prepare_binprm()
1353 	return kernel_read(bprm->file, 0, bprm->buf, BINPRM_BUF_SIZE);  in prepare_binprm()
1363 int remove_arg_zero(struct linux_binprm *bprm)  in remove_arg_zero()  argument
1370 	if (!bprm->argc)  in remove_arg_zero()
1374 		offset = bprm->p & ~PAGE_MASK;  in remove_arg_zero()
1375 		page = get_arg_page(bprm, bprm->p, 0);  in remove_arg_zero()
1383 				offset++, bprm->p++)  in remove_arg_zero()
1390 			free_arg_page(bprm, (bprm->p >> PAGE_SHIFT) - 1);  in remove_arg_zero()
1393 	bprm->p++;  in remove_arg_zero()
1394 	bprm->argc--;  in remove_arg_zero()
1406 int search_binary_handler(struct linux_binprm *bprm)  in search_binary_handler()  argument
1413 	if (bprm->recursion_depth > 5)  in search_binary_handler()
1416 	retval = security_bprm_check(bprm);  in search_binary_handler()
1427 		bprm->recursion_depth++;  in search_binary_handler()
1428 		retval = fmt->load_binary(bprm);  in search_binary_handler()
1431 		bprm->recursion_depth--;  in search_binary_handler()
1432 		if (retval < 0 && !bprm->mm) {  in search_binary_handler()
1438 		if (retval != -ENOEXEC || !bprm->file) {  in search_binary_handler()
1446 		if (printable(bprm->buf[0]) && printable(bprm->buf[1]) &&  in search_binary_handler()
1447 		    printable(bprm->buf[2]) && printable(bprm->buf[3]))  in search_binary_handler()
1449 		if (request_module("binfmt-%04x", *(ushort *)(bprm->buf + 2)) < 0)  in search_binary_handler()
1459 static int exec_binprm(struct linux_binprm *bprm)  in exec_binprm()  argument
1470 	ret = search_binary_handler(bprm);  in exec_binprm()
1472 		audit_bprm(bprm);  in exec_binprm()
1473 		trace_sched_process_exec(current, old_pid, bprm);  in exec_binprm()
1490 	struct linux_binprm *bprm;  in do_execveat_common()  local
1519 	bprm = kzalloc(sizeof(*bprm), GFP_KERNEL);  in do_execveat_common()
1520 	if (!bprm)  in do_execveat_common()
1523 	retval = prepare_bprm_creds(bprm);  in do_execveat_common()
1527 	check_unsafe_exec(bprm);  in do_execveat_common()
1537 	bprm->file = file;  in do_execveat_common()
1539 		bprm->filename = filename->name;  in do_execveat_common()
1556 			bprm->interp_flags |= BINPRM_FLAGS_PATH_INACCESSIBLE;  in do_execveat_common()
1557 		bprm->filename = pathbuf;  in do_execveat_common()
1559 	bprm->interp = bprm->filename;  in do_execveat_common()
1561 	retval = bprm_mm_init(bprm);  in do_execveat_common()
1565 	bprm->argc = count(argv, MAX_ARG_STRINGS);  in do_execveat_common()
1566 	if ((retval = bprm->argc) < 0)  in do_execveat_common()
1569 	bprm->envc = count(envp, MAX_ARG_STRINGS);  in do_execveat_common()
1570 	if ((retval = bprm->envc) < 0)  in do_execveat_common()
1573 	retval = prepare_binprm(bprm);  in do_execveat_common()
1577 	retval = copy_strings_kernel(1, &bprm->filename, bprm);  in do_execveat_common()
1581 	bprm->exec = bprm->p;  in do_execveat_common()
1582 	retval = copy_strings(bprm->envc, envp, bprm);  in do_execveat_common()
1586 	retval = copy_strings(bprm->argc, argv, bprm);  in do_execveat_common()
1590 	retval = exec_binprm(bprm);  in do_execveat_common()
1599 	free_bprm(bprm);  in do_execveat_common()
1607 	if (bprm->mm) {  in do_execveat_common()
1608 		acct_arg_size(bprm, 0);  in do_execveat_common()
1609 		mmput(bprm->mm);  in do_execveat_common()
1617 	free_bprm(bprm);  in do_execveat_common()