Lines Matching +full:len +full:- +full:or +full:- +full:limit
1 // SPDX-License-Identifier: GPL-2.0-only
9 * #!-checking implemented by tytso.
12 * Demand-loading implemented 01.12.91 - no need to read anything but
14 * "current->executable", and page faults do the actual loading. Clean.
17 * was less than 2 hours work to get demand-loading completely implemented.
20 * current->executable is only used by the procfs. This allows a dispatch
22 * trying until we recognize the file or we run out of supported binary
94 insert ? list_add(&fmt->lh, &formats) : in __register_binfmt()
95 list_add_tail(&fmt->lh, &formats); in __register_binfmt()
104 list_del(&fmt->lh); in unregister_binfmt()
112 module_put(fmt->module); in put_binfmt()
118 VFS_WARN_ON_ONCE(IS_ANON_FILE(d_inode(path->dentry)) && in path_noexec()
119 !(path->mnt->mnt_sb->s_iflags & SB_I_NOEXEC)); in path_noexec()
120 return (path->mnt->mnt_flags & MNT_NOEXEC) || in path_noexec()
121 (path->mnt->mnt_sb->s_iflags & SB_I_NOEXEC); in path_noexec()
126 * The nascent bprm->mm is not visible until exec_mmap() but it can
127 * use a lot of memory, account these pages in current->mm temporary
128 * for oom_badness()->get_mm_rss(). Once exec succeeds or fails, we
133 struct mm_struct *mm = current->mm; in acct_arg_size()
134 long diff = (long)(pages - bprm->vma_pages); in acct_arg_size()
139 bprm->vma_pages = pages; in acct_arg_size()
147 struct vm_area_struct *vma = bprm->vma; in get_arg_page()
148 struct mm_struct *mm = bprm->mm; in get_arg_page()
188 flush_cache_page(bprm->vma, pos, page_to_pfn(page)); in flush_arg_page()
191 static bool valid_arg_len(struct linux_binprm *bprm, long len) in valid_arg_len() argument
193 return len <= MAX_ARG_STRLEN; in valid_arg_len()
207 page = bprm->page[pos / PAGE_SIZE]; in get_arg_page()
212 bprm->page[pos / PAGE_SIZE] = page; in get_arg_page()
224 if (bprm->page[i]) { in free_arg_page()
225 __free_page(bprm->page[i]); in free_arg_page()
226 bprm->page[i] = NULL; in free_arg_page()
243 static bool valid_arg_len(struct linux_binprm *bprm, long len) in valid_arg_len() argument
245 return len <= bprm->p; in valid_arg_len()
261 bprm->mm = mm = mm_alloc(); in bprm_mm_init()
262 err = -ENOMEM; in bprm_mm_init()
266 /* Save current stack limit for all calculations made during exec. */ in bprm_mm_init()
267 task_lock(current->group_leader); in bprm_mm_init()
268 bprm->rlim_stack = current->signal->rlim[RLIMIT_STACK]; in bprm_mm_init()
269 task_unlock(current->group_leader); in bprm_mm_init()
272 bprm->p = PAGE_SIZE * MAX_ARG_PAGES - sizeof(void *); in bprm_mm_init()
274 err = create_init_stack_vma(bprm->mm, &bprm->vma, &bprm->p); in bprm_mm_init()
283 bprm->mm = NULL; in bprm_mm_init()
311 return ERR_PTR(-EFAULT); in get_user_arg_ptr()
318 return ERR_PTR(-EFAULT); in get_user_arg_ptr()
338 return -EFAULT; in count()
341 return -E2BIG; in count()
345 return -ERESTARTNOHAND; in count()
361 return -E2BIG; in count_strings_kernel()
363 return -ERESTARTNOHAND; in count_strings_kernel()
370 unsigned long limit) in bprm_set_stack_limit() argument
373 /* Avoid a pathological bprm->p. */ in bprm_set_stack_limit()
374 if (bprm->p < limit) in bprm_set_stack_limit()
375 return -E2BIG; in bprm_set_stack_limit()
376 bprm->argmin = bprm->p - limit; in bprm_set_stack_limit()
383 return bprm->p < bprm->argmin; in bprm_hit_stack_limit()
390 * Calculate bprm->argmin from:
391 * - _STK_LIM
392 * - ARG_MAX
393 * - bprm->rlim_stack.rlim_cur
394 * - bprm->argc
395 * - bprm->envc
396 * - bprm->p
400 unsigned long limit, ptr_size; in bprm_stack_limits() local
403 * Limit to 1/4 of the max stack size or 3/4 of _STK_LIM in bprm_stack_limits()
406 * - the remaining binfmt code will not run out of stack space, in bprm_stack_limits()
407 * - the program will have a reasonable amount of stack left in bprm_stack_limits()
410 limit = _STK_LIM / 4 * 3; in bprm_stack_limits()
411 limit = min(limit, bprm->rlim_stack.rlim_cur / 4); in bprm_stack_limits()
416 limit = max_t(unsigned long, limit, ARG_MAX); in bprm_stack_limits()
418 if (bprm->argc < 0 || bprm->envc < 0) in bprm_stack_limits()
419 return -E2BIG; in bprm_stack_limits()
433 if (check_add_overflow(max(bprm->argc, 1), bprm->envc, &ptr_size) || in bprm_stack_limits()
435 return -E2BIG; in bprm_stack_limits()
436 if (limit <= ptr_size) in bprm_stack_limits()
437 return -E2BIG; in bprm_stack_limits()
438 limit -= ptr_size; in bprm_stack_limits()
440 return bprm_set_stack_limit(bprm, limit); in bprm_stack_limits()
456 while (argc-- > 0) { in copy_strings()
458 int len; in copy_strings() local
461 ret = -EFAULT; in copy_strings()
466 len = strnlen_user(str, MAX_ARG_STRLEN); in copy_strings()
467 if (!len) in copy_strings()
470 ret = -E2BIG; in copy_strings()
471 if (!valid_arg_len(bprm, len)) in copy_strings()
475 pos = bprm->p; in copy_strings()
476 str += len; in copy_strings()
477 bprm->p -= len; in copy_strings()
481 while (len > 0) { in copy_strings()
485 ret = -ERESTARTNOHAND; in copy_strings()
495 if (bytes_to_copy > len) in copy_strings()
496 bytes_to_copy = len; in copy_strings()
498 offset -= bytes_to_copy; in copy_strings()
499 pos -= bytes_to_copy; in copy_strings()
500 str -= bytes_to_copy; in copy_strings()
501 len -= bytes_to_copy; in copy_strings()
508 ret = -E2BIG; in copy_strings()
523 ret = -EFAULT; in copy_strings()
543 int len = strnlen(arg, MAX_ARG_STRLEN) + 1 /* terminating NUL */; in copy_string_kernel() local
544 unsigned long pos = bprm->p; in copy_string_kernel()
546 if (len == 0) in copy_string_kernel()
547 return -EFAULT; in copy_string_kernel()
548 if (!valid_arg_len(bprm, len)) in copy_string_kernel()
549 return -E2BIG; in copy_string_kernel()
552 arg += len; in copy_string_kernel()
553 bprm->p -= len; in copy_string_kernel()
555 return -E2BIG; in copy_string_kernel()
557 while (len > 0) { in copy_string_kernel()
558 unsigned int bytes_to_copy = min_t(unsigned int, len, in copy_string_kernel()
562 pos -= bytes_to_copy; in copy_string_kernel()
563 arg -= bytes_to_copy; in copy_string_kernel()
564 len -= bytes_to_copy; in copy_string_kernel()
568 return -E2BIG; in copy_string_kernel()
581 while (argc-- > 0) { in copy_strings_kernel()
586 return -ERESTARTNOHAND; in copy_strings_kernel()
604 struct mm_struct *mm = current->mm; in setup_arg_pages()
605 struct vm_area_struct *vma = bprm->vma; in setup_arg_pages()
616 /* Limit stack size */ in setup_arg_pages()
617 stack_base = bprm->rlim_stack.rlim_max; in setup_arg_pages()
622 if (current->flags & PF_RANDOMIZE) in setup_arg_pages()
626 if (vma->vm_end - vma->vm_start > stack_base) in setup_arg_pages()
627 return -ENOMEM; in setup_arg_pages()
629 stack_base = PAGE_ALIGN(stack_top - stack_base); in setup_arg_pages()
631 stack_shift = vma->vm_start - stack_base; in setup_arg_pages()
632 mm->arg_start = bprm->p - stack_shift; in setup_arg_pages()
633 bprm->p = vma->vm_end - stack_shift; in setup_arg_pages()
639 unlikely(vma->vm_end - vma->vm_start >= stack_top - mmap_min_addr)) in setup_arg_pages()
640 return -ENOMEM; in setup_arg_pages()
642 stack_shift = vma->vm_end - stack_top; in setup_arg_pages()
644 bprm->p -= stack_shift; in setup_arg_pages()
645 mm->arg_start = bprm->p; in setup_arg_pages()
648 bprm->exec -= stack_shift; in setup_arg_pages()
651 return -EINTR; in setup_arg_pages()
664 vm_flags |= mm->def_flags; in setup_arg_pages()
667 vma_iter_init(&vmi, mm, vma->vm_start); in setup_arg_pages()
670 ret = mprotect_fixup(&vmi, &tlb, vma, &prev, vma->vm_start, vma->vm_end, in setup_arg_pages()
680 bprm->file); in setup_arg_pages()
698 stack_expand = 131072UL; /* randomly 32*4k (or 2*64k) pages */ in setup_arg_pages()
699 stack_size = vma->vm_end - vma->vm_start; in setup_arg_pages()
704 rlim_stack = bprm->rlim_stack.rlim_cur & PAGE_MASK; in setup_arg_pages()
709 stack_base = vma->vm_start + stack_expand; in setup_arg_pages()
711 stack_base = vma->vm_end - stack_expand; in setup_arg_pages()
713 current->mm->start_stack = bprm->p; in setup_arg_pages()
716 ret = -EFAULT; in setup_arg_pages()
736 stop = bprm->p >> PAGE_SHIFT; in transfer_args_to_stack()
739 for (index = MAX_ARG_PAGES - 1; index >= stop; index--) { in transfer_args_to_stack()
740 unsigned int offset = index == stop ? bprm->p & ~PAGE_MASK : 0; in transfer_args_to_stack()
741 char *src = kmap_local_page(bprm->page[index]) + offset; in transfer_args_to_stack()
742 sp -= PAGE_SIZE - offset; in transfer_args_to_stack()
743 if (copy_to_user((void *) sp, src, PAGE_SIZE - offset) != 0) in transfer_args_to_stack()
744 ret = -EFAULT; in transfer_args_to_stack()
750 bprm->exec += *sp_location - MAX_ARG_PAGES * PAGE_SIZE; in transfer_args_to_stack()
777 return ERR_PTR(-EINVAL); in do_open_execat()
787 if (path_noexec(&file->f_path)) in do_open_execat()
788 return ERR_PTR(-EACCES); in do_open_execat()
793 * an invariant that all non-regular files error out before we get here. in do_open_execat()
795 if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode))) in do_open_execat()
796 return ERR_PTR(-EACCES); in do_open_execat()
806 * open_exec - Open a path name for execution
810 * Returns ERR_PTR on failure or allocated struct file on success.
830 ssize_t read_code(struct file *file, unsigned long addr, loff_t pos, size_t len) in read_code() argument
832 ssize_t res = vfs_read(file, (void __user *)addr, len, &pos); in read_code()
834 flush_icache_user_range(addr, addr + len); in read_code()
853 old_mm = current->mm; in exec_mmap()
856 ret = down_write_killable(&tsk->signal->exec_update_lock); in exec_mmap()
868 up_write(&tsk->signal->exec_update_lock); in exec_mmap()
877 active_mm = tsk->active_mm; in exec_mmap()
878 tsk->active_mm = mm; in exec_mmap()
879 tsk->mm = mm; in exec_mmap()
899 setmax_mm_hiwater_rss(&tsk->signal->maxrss, old_mm); in exec_mmap()
910 struct signal_struct *sig = tsk->signal; in de_thread()
911 struct sighand_struct *oldsighand = tsk->sighand; in de_thread()
912 spinlock_t *lock = &oldsighand->siglock; in de_thread()
921 if ((sig->flags & SIGNAL_GROUP_EXIT) || sig->group_exec_task) { in de_thread()
927 return -EAGAIN; in de_thread()
930 sig->group_exec_task = tsk; in de_thread()
931 sig->notify_count = zap_other_threads(tsk); in de_thread()
933 sig->notify_count--; in de_thread()
935 while (sig->notify_count) { in de_thread()
951 struct task_struct *leader = tsk->group_leader; in de_thread()
958 * exit_notify() can't miss ->group_exec_task in de_thread()
960 sig->notify_count = -1; in de_thread()
961 if (likely(leader->exit_state)) in de_thread()
972 * The only record we have of the real-time age of a in de_thread()
975 * from sister threads now dead. But in this non-leader in de_thread()
981 tsk->start_time = leader->start_time; in de_thread()
982 tsk->start_boottime = leader->start_boottime; in de_thread()
1000 list_replace_rcu(&leader->tasks, &tsk->tasks); in de_thread()
1001 list_replace_init(&leader->sibling, &tsk->sibling); in de_thread()
1003 tsk->group_leader = tsk; in de_thread()
1004 leader->group_leader = tsk; in de_thread()
1006 tsk->exit_signal = SIGCHLD; in de_thread()
1007 leader->exit_signal = -1; in de_thread()
1009 BUG_ON(leader->exit_state != EXIT_ZOMBIE); in de_thread()
1010 leader->exit_state = EXIT_DEAD; in de_thread()
1012 * We are going to release_task()->ptrace_unlink() silently, in de_thread()
1016 if (unlikely(leader->ptrace)) in de_thread()
1017 __wake_up_parent(leader, leader->parent); in de_thread()
1024 sig->group_exec_task = NULL; in de_thread()
1025 sig->notify_count = 0; in de_thread()
1029 tsk->exit_signal = SIGCHLD; in de_thread()
1037 sig->group_exec_task = NULL; in de_thread()
1038 sig->notify_count = 0; in de_thread()
1040 return -EAGAIN; in de_thread()
1052 struct sighand_struct *oldsighand = me->sighand; in unshare_sighand()
1054 if (refcount_read(&oldsighand->count) != 1) { in unshare_sighand()
1057 * This ->sighand is shared with the CLONE_SIGHAND in unshare_sighand()
1062 return -ENOMEM; in unshare_sighand()
1064 refcount_set(&newsighand->count, 1); in unshare_sighand()
1067 spin_lock(&oldsighand->siglock); in unshare_sighand()
1068 memcpy(newsighand->action, oldsighand->action, in unshare_sighand()
1069 sizeof(newsighand->action)); in unshare_sighand()
1070 rcu_assign_pointer(me->sighand, newsighand); in unshare_sighand()
1071 spin_unlock(&oldsighand->siglock); in unshare_sighand()
1080 * This is unlocked -- the string will always be NUL-terminated, but
1085 size_t len = min(strlen(buf), sizeof(tsk->comm) - 1); in __set_task_comm() local
1088 memcpy(tsk->comm, buf, len); in __set_task_comm()
1089 memset(&tsk->comm[len], 0, sizeof(tsk->comm) - len); in __set_task_comm()
1096 * signal (via de_thread() or coredump), or will have SEGV raised
1120 bprm->point_of_no_return = true; in begin_new_exec()
1127 current->fs->in_exec = 0; in begin_new_exec()
1139 * Must be called _before_ exec_mmap() as bprm->mm is in begin_new_exec()
1143 retval = set_mm_exe_file(bprm->mm, bprm->file); in begin_new_exec()
1147 /* If the binary is not readable then enforce mm->dumpable=0 */ in begin_new_exec()
1148 would_dump(bprm, bprm->file); in begin_new_exec()
1149 if (bprm->have_execfd) in begin_new_exec()
1150 would_dump(bprm, bprm->executable); in begin_new_exec()
1156 retval = exec_mmap(bprm->mm); in begin_new_exec()
1160 bprm->mm = NULL; in begin_new_exec()
1167 spin_lock_irq(&me->sighand->siglock); in begin_new_exec()
1169 spin_unlock_irq(&me->sighand->siglock); in begin_new_exec()
1181 me->flags &= ~(PF_RANDOMIZE | PF_FORKNOEXEC | in begin_new_exec()
1184 me->personality &= ~bprm->per_clear; in begin_new_exec()
1191 * trying to access the should-be-closed file descriptors of a process in begin_new_exec()
1194 do_close_on_exec(me->files); in begin_new_exec()
1196 if (bprm->secureexec) { in begin_new_exec()
1198 me->pdeath_signal = 0; in begin_new_exec()
1201 * For secureexec, reset the stack limit to sane default to in begin_new_exec()
1207 if (bprm->rlim_stack.rlim_cur > _STK_LIM) in begin_new_exec()
1208 bprm->rlim_stack.rlim_cur = _STK_LIM; in begin_new_exec()
1211 me->sas_ss_sp = me->sas_ss_size = 0; in begin_new_exec()
1216 * bprm->secureexec instead. in begin_new_exec()
1218 if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP || in begin_new_exec()
1221 set_dumpable(current->mm, suid_dumpable); in begin_new_exec()
1223 set_dumpable(current->mm, SUID_DUMP_USER); in begin_new_exec()
1229 * that will probably not be useful to admins running ps or similar. in begin_new_exec()
1232 if (bprm->comm_from_dentry) { in begin_new_exec()
1242 __set_task_comm(me, smp_load_acquire(&bprm->file->f_path.dentry->d_name.name), in begin_new_exec()
1246 __set_task_comm(me, kbasename(bprm->filename), true); in begin_new_exec()
1251 WRITE_ONCE(me->self_exec_id, me->self_exec_id + 1); in begin_new_exec()
1254 retval = set_cred_ucounts(bprm->cred); in begin_new_exec()
1263 commit_creds(bprm->cred); in begin_new_exec()
1264 bprm->cred = NULL; in begin_new_exec()
1272 if (get_dumpable(me->mm) != SUID_DUMP_USER) in begin_new_exec()
1282 if (bprm->have_execfd) { in begin_new_exec()
1286 fd_install(retval, bprm->executable); in begin_new_exec()
1287 bprm->executable = NULL; in begin_new_exec()
1288 bprm->execfd = retval; in begin_new_exec()
1293 up_write(&me->signal->exec_update_lock); in begin_new_exec()
1294 if (!bprm->cred) in begin_new_exec()
1295 mutex_unlock(&me->signal->cred_guard_mutex); in begin_new_exec()
1308 bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP; in would_dump()
1310 /* Ensure mm->user_ns contains the executable */ in would_dump()
1311 user_ns = old = bprm->mm->user_ns; in would_dump()
1314 user_ns = user_ns->parent; in would_dump()
1317 bprm->mm->user_ns = get_user_ns(user_ns); in would_dump()
1329 arch_pick_mmap_layout(me->mm, &bprm->rlim_stack); in setup_new_exec()
1337 me->mm->task_size = TASK_SIZE; in setup_new_exec()
1338 up_write(&me->signal->exec_update_lock); in setup_new_exec()
1339 mutex_unlock(&me->signal->cred_guard_mutex); in setup_new_exec()
1347 task_lock(current->group_leader); in finalize_exec()
1348 current->signal->rlim[RLIMIT_STACK] = bprm->rlim_stack; in finalize_exec()
1349 task_unlock(current->group_leader); in finalize_exec()
1354 * Prepare credentials and lock ->cred_guard_mutex.
1356 * Or, if exec fails before, free_bprm() should release ->cred
1361 if (mutex_lock_interruptible(¤t->signal->cred_guard_mutex)) in prepare_bprm_creds()
1362 return -ERESTARTNOINTR; in prepare_bprm_creds()
1364 bprm->cred = prepare_exec_creds(); in prepare_bprm_creds()
1365 if (likely(bprm->cred)) in prepare_bprm_creds()
1368 mutex_unlock(¤t->signal->cred_guard_mutex); in prepare_bprm_creds()
1369 return -ENOMEM; in prepare_bprm_creds()
1383 if (bprm->mm) { in free_bprm()
1385 mmput(bprm->mm); in free_bprm()
1388 if (bprm->cred) { in free_bprm()
1390 current->fs->in_exec = 0; in free_bprm()
1391 mutex_unlock(¤t->signal->cred_guard_mutex); in free_bprm()
1392 abort_creds(bprm->cred); in free_bprm()
1394 do_close_execat(bprm->file); in free_bprm()
1395 if (bprm->executable) in free_bprm()
1396 fput(bprm->executable); in free_bprm()
1398 if (bprm->interp != bprm->filename) in free_bprm()
1399 kfree(bprm->interp); in free_bprm()
1400 kfree(bprm->fdpath); in free_bprm()
1408 int retval = -ENOMEM; in alloc_bprm()
1417 return ERR_PTR(-ENOMEM); in alloc_bprm()
1420 bprm->file = file; in alloc_bprm()
1422 if (fd == AT_FDCWD || filename->name[0] == '/') { in alloc_bprm()
1423 bprm->filename = filename->name; in alloc_bprm()
1425 if (filename->name[0] == '\0') { in alloc_bprm()
1426 bprm->fdpath = kasprintf(GFP_KERNEL, "/dev/fd/%d", fd); in alloc_bprm()
1427 bprm->comm_from_dentry = 1; in alloc_bprm()
1429 bprm->fdpath = kasprintf(GFP_KERNEL, "/dev/fd/%d/%s", in alloc_bprm()
1430 fd, filename->name); in alloc_bprm()
1432 if (!bprm->fdpath) in alloc_bprm()
1445 bprm->interp_flags |= BINPRM_FLAGS_PATH_INACCESSIBLE; in alloc_bprm()
1447 bprm->filename = bprm->fdpath; in alloc_bprm()
1449 bprm->interp = bprm->filename; in alloc_bprm()
1459 * - security_bprm_check() in alloc_bprm()
1460 * - security_bprm_creds_from_file() in alloc_bprm()
1461 * - security_bprm_committing_creds() in alloc_bprm()
1462 * - security_bprm_committed_creds() in alloc_bprm()
1464 bprm->is_check = !!(flags & AT_EXECVE_CHECK); in alloc_bprm()
1478 if (bprm->interp != bprm->filename) in bprm_change_interp()
1479 kfree(bprm->interp); in bprm_change_interp()
1480 bprm->interp = kstrdup(interp, GFP_KERNEL); in bprm_change_interp()
1481 if (!bprm->interp) in bprm_change_interp()
1482 return -ENOMEM; in bprm_change_interp()
1489 * - the caller must hold ->cred_guard_mutex to protect against
1490 * PTRACE_ATTACH or seccomp thread-sync
1497 if (p->ptrace) in check_unsafe_exec()
1498 bprm->unsafe |= LSM_UNSAFE_PTRACE; in check_unsafe_exec()
1505 bprm->unsafe |= LSM_UNSAFE_NO_NEW_PRIVS; in check_unsafe_exec()
1513 * Otherwise we set fs->in_exec = 1 to deny clone(CLONE_FS) in check_unsafe_exec()
1514 * from another sub-thread until de_thread() succeeds, this in check_unsafe_exec()
1518 read_seqlock_excl(&p->fs->seq); in check_unsafe_exec()
1521 if (t->fs == p->fs) in check_unsafe_exec()
1527 if (p->fs->users > n_fs) in check_unsafe_exec()
1528 bprm->unsafe |= LSM_UNSAFE_SHARE; in check_unsafe_exec()
1530 p->fs->in_exec = 1; in check_unsafe_exec()
1531 read_sequnlock_excl(&p->fs->seq); in check_unsafe_exec()
1544 if (!mnt_may_suid(file->f_path.mnt)) in bprm_fill_uid()
1550 mode = READ_ONCE(inode->i_mode); in bprm_fill_uid()
1560 mode = inode->i_mode; in bprm_fill_uid()
1571 if (!vfsuid_has_mapping(bprm->cred->user_ns, vfsuid) || in bprm_fill_uid()
1572 !vfsgid_has_mapping(bprm->cred->user_ns, vfsgid)) in bprm_fill_uid()
1576 bprm->per_clear |= PER_CLEAR_ON_SETID; in bprm_fill_uid()
1577 bprm->cred->euid = vfsuid_into_kuid(vfsuid); in bprm_fill_uid()
1581 bprm->per_clear |= PER_CLEAR_ON_SETID; in bprm_fill_uid()
1582 bprm->cred->egid = vfsgid_into_kgid(vfsgid); in bprm_fill_uid()
1587 * Compute brpm->cred based upon the final binary.
1592 struct file *file = bprm->execfd_creds ? bprm->executable : bprm->file; in bprm_creds_from_file()
1608 memset(bprm->buf, 0, BINPRM_BUF_SIZE); in prepare_binprm()
1609 return kernel_read(bprm->file, bprm->buf, BINPRM_BUF_SIZE, &pos); in prepare_binprm()
1613 * Arguments are '\0' separated strings found at the location bprm->p
1614 * points to; chop off the first by relocating brpm->p to right after
1623 if (!bprm->argc) in remove_arg_zero()
1627 offset = bprm->p & ~PAGE_MASK; in remove_arg_zero()
1628 page = get_arg_page(bprm, bprm->p, 0); in remove_arg_zero()
1630 return -EFAULT; in remove_arg_zero()
1634 offset++, bprm->p++) in remove_arg_zero()
1641 bprm->p++; in remove_arg_zero()
1642 bprm->argc--; in remove_arg_zero()
1666 if (!try_module_get(fmt->module)) in search_binary_handler()
1670 retval = fmt->load_binary(bprm); in search_binary_handler()
1674 if (bprm->point_of_no_return || (retval != -ENOEXEC)) { in search_binary_handler()
1681 return -ENOEXEC; in search_binary_handler()
1691 old_pid = current->pid; in exec_binprm()
1693 old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent)); in exec_binprm()
1700 return -ELOOP; in exec_binprm()
1705 if (!bprm->interpreter) in exec_binprm()
1708 exec = bprm->file; in exec_binprm()
1709 bprm->file = bprm->interpreter; in exec_binprm()
1710 bprm->interpreter = NULL; in exec_binprm()
1713 if (unlikely(bprm->have_execfd)) { in exec_binprm()
1714 if (bprm->executable) { in exec_binprm()
1716 return -ENOEXEC; in exec_binprm()
1718 bprm->executable = exec; in exec_binprm()
1741 * where setuid-ness is evaluated. in bprm_execve()
1744 current->in_execve = 1; in bprm_execve()
1749 /* Set the unchanging part of bprm->cred */ in bprm_execve()
1751 if (retval || bprm->is_check) in bprm_execve()
1761 current->in_execve = 0; in bprm_execve()
1774 if (bprm->point_of_no_return && !fatal_signal_pending(current)) in bprm_execve()
1779 current->in_execve = 0; in bprm_execve()
1799 * whether NPROC limit is still exceeded. in do_execveat_common()
1801 if ((current->flags & PF_NPROC_EXCEEDED) && in do_execveat_common()
1803 retval = -EAGAIN; in do_execveat_common()
1807 /* We're below the limit (still or again), so we don't want to make in do_execveat_common()
1809 current->flags &= ~PF_NPROC_EXCEEDED; in do_execveat_common()
1820 bprm->argc = retval; in do_execveat_common()
1825 bprm->envc = retval; in do_execveat_common()
1831 retval = copy_string_kernel(bprm->filename, bprm); in do_execveat_common()
1834 bprm->exec = bprm->p; in do_execveat_common()
1836 retval = copy_strings(bprm->envc, envp, bprm); in do_execveat_common()
1840 retval = copy_strings(bprm->argc, argv, bprm); in do_execveat_common()
1850 if (bprm->argc == 0) { in do_execveat_common()
1854 bprm->argc = 1; in do_execveat_common()
1857 current->comm, bprm->filename); in do_execveat_common()
1877 /* It is non-sense for kernel threads to call execve */ in kernel_execve()
1878 if (WARN_ON_ONCE(current->flags & PF_KTHREAD)) in kernel_execve()
1879 return -EINVAL; in kernel_execve()
1893 retval = -EINVAL; in kernel_execve()
1896 bprm->argc = retval; in kernel_execve()
1901 bprm->envc = retval; in kernel_execve()
1907 retval = copy_string_kernel(bprm->filename, bprm); in kernel_execve()
1910 bprm->exec = bprm->p; in kernel_execve()
1912 retval = copy_strings_kernel(bprm->envc, envp, bprm); in kernel_execve()
1916 retval = copy_strings_kernel(bprm->argc, argv, bprm); in kernel_execve()
1983 struct mm_struct *mm = current->mm; in set_binfmt()
1985 if (mm->binfmt) in set_binfmt()
1986 module_put(mm->binfmt->module); in set_binfmt()
1988 mm->binfmt = new; in set_binfmt()
1990 __module_get(new->module); in set_binfmt()
1995 * set_dumpable stores three-value SUID_DUMP_* into mm->flags.