1 // SPDX-License-Identifier: GPL-2.0
6  *	Copyright (C) 2000-2003 David McCullough <davidm@snapgear.com>
16  *	JAN/99 -- coded full program relocation (gerg@snapgear.com)
103  * create_flat_tables() parses the env- and arg-strings in new user
115 	sp = (unsigned long __user *)current->mm->start_stack;  in create_flat_tables()
117 	sp -= bprm->envc + 1;  in create_flat_tables()
118 	sp -= bprm->argc + 1;  in create_flat_tables()
120 		sp -= 2; /* argvp + envp */  in create_flat_tables()
121 	sp -= 1;  /* &argc */  in create_flat_tables()
123 	current->mm->start_stack = (unsigned long)sp & -FLAT_STACK_ALIGN;  in create_flat_tables()
124 	sp = (unsigned long __user *)current->mm->start_stack;  in create_flat_tables()
126 	if (put_user(bprm->argc, sp++))  in create_flat_tables()
127 		return -EFAULT;  in create_flat_tables()
131 		envp = (unsigned long)(sp + 2 + bprm->argc + 1);  in create_flat_tables()
133 			return -EFAULT;  in create_flat_tables()
136 	current->mm->arg_start = (unsigned long)p;  in create_flat_tables()
137 	for (i = bprm->argc; i > 0; i--) {  in create_flat_tables()
139 			return -EFAULT;  in create_flat_tables()
142 			return -EINVAL;  in create_flat_tables()
146 		return -EFAULT;  in create_flat_tables()
147 	current->mm->arg_end = (unsigned long)p;  in create_flat_tables()
149 	current->mm->env_start = (unsigned long) p;  in create_flat_tables()
150 	for (i = bprm->envc; i > 0; i--) {  in create_flat_tables()
152 			return -EFAULT;  in create_flat_tables()
155 			return -EINVAL;  in create_flat_tables()
159 		return -EFAULT;  in create_flat_tables()
160 	current->mm->env_end = (unsigned long)p;  in create_flat_tables()
175 #define CONTINUATION 0x02 /* bit 1 set: continuation of multi-part gzip file */
194 		return -ENOMEM;  in decompress_exec()
198 		retval = -ENOMEM;  in decompress_exec()
203 	ret = kernel_read(bprm->file, buf, LBUFSIZE, &fpos);  in decompress_exec()
209 	retval = -ENOEXEC;  in decompress_exec()
211 	/* Check minimum size -- gzip header */  in decompress_exec()
261 	strm.avail_in -= ret;  in decompress_exec()
267 	if (zlib_inflateInit2(&strm, -MAX_WBITS) != Z_OK) {  in decompress_exec()
273 		ret = kernel_read(bprm->file, buf, LBUFSIZE, &fpos);  in decompress_exec()
276 		len -= ret;  in decompress_exec()
312 	start_brk = p->lib_list[0].start_brk;  in calc_reloc()
313 	start_data = p->lib_list[0].start_data;  in calc_reloc()
314 	start_code = p->lib_list[0].start_code;  in calc_reloc()
315 	text_len = p->lib_list[0].text_len;  in calc_reloc()
317 	if (r > start_brk - start_data + text_len) {  in calc_reloc()
318 		pr_err("reloc outside program 0x%lx (0 - 0x%lx/0x%lx)",  in calc_reloc()
319 		       r, start_brk-start_data+text_len, text_len);  in calc_reloc()
326 		addr = r - text_len + start_data;  in calc_reloc()
332 	pr_cont(", killing %s!\n", current->comm);  in calc_reloc()
350 	ptr = (unsigned long __user *)(current->mm->start_code + r.reloc.offset);  in old_reloc()
352 	ptr = (unsigned long __user *)(current->mm->start_data + r.reloc.offset);  in old_reloc()
362 		val += current->mm->start_code;  in old_reloc()
365 		val += current->mm->start_data;  in old_reloc()
368 		val += current->mm->end_data;  in old_reloc()
386 		 * RISC-V has a 16 byte GOT PLT header for elf64-riscv  in skip_got_header()
387 		 * and 8 byte GOT PLT header for elf32-riscv.  in skip_got_header()
421 	hdr = ((struct flat_hdr *) bprm->buf);		/* exec-header */  in load_flat_file()
423 	text_len  = ntohl(hdr->data_start);  in load_flat_file()
424 	data_len  = ntohl(hdr->data_end) - ntohl(hdr->data_start);  in load_flat_file()
425 	bss_len   = ntohl(hdr->bss_end) - ntohl(hdr->data_end);  in load_flat_file()
426 	stack_len = ntohl(hdr->stack_size);  in load_flat_file()
431 	relocs    = ntohl(hdr->reloc_count);  in load_flat_file()
432 	flags     = ntohl(hdr->flags);  in load_flat_file()
433 	rev       = ntohl(hdr->rev);  in load_flat_file()
436 	if (strncmp(hdr->magic, "bFLT", 4)) {  in load_flat_file()
440 		 * But for the kernel which also use ELF FD-PIC format, this  in load_flat_file()
444 		ret = -ENOEXEC;  in load_flat_file()
449 		pr_info("Loading file: %s\n", bprm->filename);  in load_flat_file()
455 		ret = -ENOEXEC;  in load_flat_file()
471 		ret = -ENOEXEC;  in load_flat_file()
479 	 * If some top bits are set we have probable binary corruption.  in load_flat_file()
483 		ret = -ENOEXEC;  in load_flat_file()
490 		ret = -ENOEXEC;  in load_flat_file()
504 		ret = -ENOMEM;  in load_flat_file()
535 		textpos = vm_mmap(bprm->file, 0, text_len, PROT_READ|PROT_EXEC,  in load_flat_file()
540 				ret = -ENOMEM;  in load_flat_file()
554 				ret = -ENOMEM;  in load_flat_file()
567 		fpos = ntohl(hdr->data_start);  in load_flat_file()
575 			result = read_code(bprm->file, datapos, fpos,  in load_flat_file()
587 			(datapos + (ntohl(hdr->reloc_start) - text_len));  in load_flat_file()
601 				ret = -ENOMEM;  in load_flat_file()
607 		realdatastart = textpos + ntohl(hdr->data_start);  in load_flat_file()
613 			(datapos + (ntohl(hdr->reloc_start) - text_len));  in load_flat_file()
625 						  - sizeof(struct flat_hdr)),  in load_flat_file()
634 			long unz_text_len = text_len - sizeof(struct flat_hdr);  in load_flat_file()
638 				result = -ENOMEM;  in load_flat_file()
647 					result = -EFAULT;  in load_flat_file()
652 			result = read_code(bprm->file, textpos, 0, text_len);  in load_flat_file()
660 					result = -ENOMEM;  in load_flat_file()
667 						result = -EFAULT;  in load_flat_file()
675 			result = read_code(bprm->file, textpos, 0, text_len);  in load_flat_file()
677 				result = read_code(bprm->file, datapos,  in load_flat_file()
678 						   ntohl(hdr->data_start),  in load_flat_file()
692 	text_len -= sizeof(struct flat_hdr); /* the real code len */  in load_flat_file()
695 	current->mm->start_code = start_code;  in load_flat_file()
696 	current->mm->end_code = end_code;  in load_flat_file()
697 	current->mm->start_data = datapos;  in load_flat_file()
698 	current->mm->end_data = datapos + data_len;  in load_flat_file()
706 	current->mm->start_brk = datapos + data_len + bss_len;  in load_flat_file()
707 	current->mm->brk = (current->mm->start_brk + 3) & ~3;  in load_flat_file()
709 	current->mm->context.end_brk = memp + memp_size - stack_len;  in load_flat_file()
714 			textpos, 0x00ffffff&ntohl(hdr->entry), ntohl(hdr->data_start));  in load_flat_file()
715 		pr_info("%s %s: TEXT=%lx-%lx DATA=%lx-%lx BSS=%lx-%lx\n",  in load_flat_file()
716 			"Load", bprm->filename,  in load_flat_file()
722 	libinfo->lib_list[0].start_code = start_code;  in load_flat_file()
723 	libinfo->lib_list[0].start_data = datapos;  in load_flat_file()
724 	libinfo->lib_list[0].start_brk = datapos + data_len + bss_len;  in load_flat_file()
725 	libinfo->lib_list[0].text_len = text_len;  in load_flat_file()
726 	libinfo->lib_list[0].loaded = 1;  in load_flat_file()
727 	libinfo->lib_list[0].entry = (0x00ffffff & ntohl(hdr->entry)) + textpos;  in load_flat_file()
728 	libinfo->lib_list[0].build_date = ntohl(hdr->build_date);  in load_flat_file()
736 	 * and is terminated with a -1.  This one can be relocated in place.  in load_flat_file()
747 				return -EFAULT;  in load_flat_file()
753 					ret = -ENOEXEC;  in load_flat_file()
757 					return -EFAULT;  in load_flat_file()
784 				return -EFAULT;  in load_flat_file()
789 				ret = -ENOEXEC;  in load_flat_file()
812 					ret = -ENOEXEC;  in load_flat_file()
827 				return -EFAULT;  in load_flat_file()
837 		       (memp + memp_size - stack_len -		/* end brk */  in load_flat_file()
838 		       libinfo->lib_list[0].start_brk) +	/* start brk */  in load_flat_file()
840 		return -EFAULT;  in load_flat_file()
852  * libraries.  There is no binary dependent code anywhere else.
874 	stack_len += PAGE_SIZE * MAX_ARG_PAGES - bprm->p; /* the strings */  in load_flat_binary()
876 	stack_len += (bprm->argc + 1) * sizeof(char *);   /* the argv array */  in load_flat_binary()
877 	stack_len += (bprm->envc + 1) * sizeof(char *);   /* the envp array */  in load_flat_binary()
893 			p -= j + 1;  in load_flat_binary()
895 				return -EFAULT;  in load_flat_binary()
904 		res = create_flat_tables(bprm, bprm->p);  in load_flat_binary()
907 	current->mm->start_stack =  in load_flat_binary()
908 		((current->mm->context.end_brk + stack_len + 3) & ~3) - 4;  in load_flat_binary()
909 	pr_debug("sp=%lx\n", current->mm->start_stack);  in load_flat_binary()
912 	res = transfer_args_to_stack(bprm, &current->mm->start_stack);  in load_flat_binary()
914 		res = create_flat_tables(bprm, current->mm->start_stack);  in load_flat_binary()
931 		 regs, start_addr, current->mm->start_stack);  in load_flat_binary()
932 	start_thread(regs, start_addr, current->mm->start_stack);  in load_flat_binary()