Lines Matching refs:bprm
84 static int bprm_creds_from_file(struct linux_binprm *bprm);
131 static void acct_arg_size(struct linux_binprm *bprm, unsigned long pages) in acct_arg_size() argument
134 long diff = (long)(pages - bprm->vma_pages); in acct_arg_size()
139 bprm->vma_pages = pages; in acct_arg_size()
143 static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, in get_arg_page() argument
147 struct vm_area_struct *vma = bprm->vma; in get_arg_page()
148 struct mm_struct *mm = bprm->mm; in get_arg_page()
171 acct_arg_size(bprm, vma_pages(vma)); in get_arg_page()
181 static void free_arg_pages(struct linux_binprm *bprm) in free_arg_pages() argument
185 static void flush_arg_page(struct linux_binprm *bprm, unsigned long pos, in flush_arg_page() argument
188 flush_cache_page(bprm->vma, pos, page_to_pfn(page)); in flush_arg_page()
191 static bool valid_arg_len(struct linux_binprm *bprm, long len) in valid_arg_len() argument
198 static inline void acct_arg_size(struct linux_binprm *bprm, unsigned long pages) in acct_arg_size() argument
202 static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, in get_arg_page() argument
207 page = bprm->page[pos / PAGE_SIZE]; in get_arg_page()
212 bprm->page[pos / PAGE_SIZE] = page; in get_arg_page()
222 static void free_arg_page(struct linux_binprm *bprm, int i) in free_arg_page() argument
224 if (bprm->page[i]) { in free_arg_page()
225 __free_page(bprm->page[i]); in free_arg_page()
226 bprm->page[i] = NULL; in free_arg_page()
230 static void free_arg_pages(struct linux_binprm *bprm) in free_arg_pages() argument
235 free_arg_page(bprm, i); in free_arg_pages()
238 static void flush_arg_page(struct linux_binprm *bprm, unsigned long pos, in flush_arg_page() argument
243 static bool valid_arg_len(struct linux_binprm *bprm, long len) in valid_arg_len() argument
245 return len <= bprm->p; in valid_arg_len()
256 static int bprm_mm_init(struct linux_binprm *bprm) in bprm_mm_init() argument
261 bprm->mm = mm = mm_alloc(); in bprm_mm_init()
268 bprm->rlim_stack = current->signal->rlim[RLIMIT_STACK]; in bprm_mm_init()
272 bprm->p = PAGE_SIZE * MAX_ARG_PAGES - sizeof(void *); in bprm_mm_init()
274 err = create_init_stack_vma(bprm->mm, &bprm->vma, &bprm->p); in bprm_mm_init()
283 bprm->mm = NULL; in bprm_mm_init()
369 static inline int bprm_set_stack_limit(struct linux_binprm *bprm, in bprm_set_stack_limit() argument
374 if (bprm->p < limit) in bprm_set_stack_limit()
376 bprm->argmin = bprm->p - limit; in bprm_set_stack_limit()
380 static inline bool bprm_hit_stack_limit(struct linux_binprm *bprm) in bprm_hit_stack_limit() argument
383 return bprm->p < bprm->argmin; in bprm_hit_stack_limit()
398 static int bprm_stack_limits(struct linux_binprm *bprm) in bprm_stack_limits() argument
411 limit = min(limit, bprm->rlim_stack.rlim_cur / 4); in bprm_stack_limits()
418 if (bprm->argc < 0 || bprm->envc < 0) in bprm_stack_limits()
433 if (check_add_overflow(max(bprm->argc, 1), bprm->envc, &ptr_size) || in bprm_stack_limits()
440 return bprm_set_stack_limit(bprm, limit); in bprm_stack_limits()
449 struct linux_binprm *bprm) in copy_strings() argument
471 if (!valid_arg_len(bprm, len)) in copy_strings()
475 pos = bprm->p; in copy_strings()
477 bprm->p -= len; in copy_strings()
478 if (bprm_hit_stack_limit(bprm)) in copy_strings()
506 page = get_arg_page(bprm, pos, 1); in copy_strings()
520 flush_arg_page(bprm, kpos, kmapped_page); in copy_strings()
541 int copy_string_kernel(const char *arg, struct linux_binprm *bprm) in copy_string_kernel() argument
544 unsigned long pos = bprm->p; in copy_string_kernel()
548 if (!valid_arg_len(bprm, len)) in copy_string_kernel()
553 bprm->p -= len; in copy_string_kernel()
554 if (bprm_hit_stack_limit(bprm)) in copy_string_kernel()
566 page = get_arg_page(bprm, pos, 1); in copy_string_kernel()
569 flush_arg_page(bprm, pos & PAGE_MASK, page); in copy_string_kernel()
579 struct linux_binprm *bprm) in copy_strings_kernel() argument
582 int ret = copy_string_kernel(argv[argc], bprm); in copy_strings_kernel()
598 int setup_arg_pages(struct linux_binprm *bprm, in setup_arg_pages() argument
605 struct vm_area_struct *vma = bprm->vma; in setup_arg_pages()
617 stack_base = bprm->rlim_stack.rlim_max; in setup_arg_pages()
632 mm->arg_start = bprm->p - stack_shift; in setup_arg_pages()
633 bprm->p = vma->vm_end - stack_shift; in setup_arg_pages()
644 bprm->p -= stack_shift; in setup_arg_pages()
645 mm->arg_start = bprm->p; in setup_arg_pages()
648 bprm->exec -= stack_shift; in setup_arg_pages()
680 bprm->file); in setup_arg_pages()
704 rlim_stack = bprm->rlim_stack.rlim_cur & PAGE_MASK; in setup_arg_pages()
713 current->mm->start_stack = bprm->p; in setup_arg_pages()
730 int transfer_args_to_stack(struct linux_binprm *bprm, in transfer_args_to_stack() argument
736 stop = bprm->p >> PAGE_SHIFT; in transfer_args_to_stack()
740 unsigned int offset = index == stop ? bprm->p & ~PAGE_MASK : 0; in transfer_args_to_stack()
741 char *src = kmap_local_page(bprm->page[index]) + offset; in transfer_args_to_stack()
750 bprm->exec += *sp_location - MAX_ARG_PAGES * PAGE_SIZE; in transfer_args_to_stack()
1099 int begin_new_exec(struct linux_binprm * bprm) in begin_new_exec() argument
1105 retval = bprm_creds_from_file(bprm); in begin_new_exec()
1115 trace_sched_prepare_exec(current, bprm); in begin_new_exec()
1120 bprm->point_of_no_return = true; in begin_new_exec()
1143 retval = set_mm_exe_file(bprm->mm, bprm->file); in begin_new_exec()
1148 would_dump(bprm, bprm->file); in begin_new_exec()
1149 if (bprm->have_execfd) in begin_new_exec()
1150 would_dump(bprm, bprm->executable); in begin_new_exec()
1155 acct_arg_size(bprm, 0); in begin_new_exec()
1156 retval = exec_mmap(bprm->mm); in begin_new_exec()
1160 bprm->mm = NULL; in begin_new_exec()
1184 me->personality &= ~bprm->per_clear; in begin_new_exec()
1196 if (bprm->secureexec) { in begin_new_exec()
1207 if (bprm->rlim_stack.rlim_cur > _STK_LIM) in begin_new_exec()
1208 bprm->rlim_stack.rlim_cur = _STK_LIM; in begin_new_exec()
1218 if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP || in begin_new_exec()
1232 if (bprm->comm_from_dentry) { in begin_new_exec()
1242 __set_task_comm(me, smp_load_acquire(&bprm->file->f_path.dentry->d_name.name), in begin_new_exec()
1246 __set_task_comm(me, kbasename(bprm->filename), true); in begin_new_exec()
1254 retval = set_cred_ucounts(bprm->cred); in begin_new_exec()
1261 security_bprm_committing_creds(bprm); in begin_new_exec()
1263 commit_creds(bprm->cred); in begin_new_exec()
1264 bprm->cred = NULL; in begin_new_exec()
1279 security_bprm_committed_creds(bprm); in begin_new_exec()
1282 if (bprm->have_execfd) { in begin_new_exec()
1283 retval = FD_ADD(0, bprm->executable); in begin_new_exec()
1286 bprm->executable = NULL; in begin_new_exec()
1287 bprm->execfd = retval; in begin_new_exec()
1293 if (!bprm->cred) in begin_new_exec()
1301 void would_dump(struct linux_binprm *bprm, struct file *file) in would_dump() argument
1307 bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP; in would_dump()
1310 user_ns = old = bprm->mm->user_ns; in would_dump()
1316 bprm->mm->user_ns = get_user_ns(user_ns); in would_dump()
1323 void setup_new_exec(struct linux_binprm * bprm) in setup_new_exec() argument
1328 arch_pick_mmap_layout(me->mm, &bprm->rlim_stack); in setup_new_exec()
1343 void finalize_exec(struct linux_binprm *bprm) in finalize_exec() argument
1347 current->signal->rlim[RLIMIT_STACK] = bprm->rlim_stack; in finalize_exec()
1358 static int prepare_bprm_creds(struct linux_binprm *bprm) in prepare_bprm_creds() argument
1363 bprm->cred = prepare_exec_creds(); in prepare_bprm_creds()
1364 if (likely(bprm->cred)) in prepare_bprm_creds()
1380 static void free_bprm(struct linux_binprm *bprm) in free_bprm() argument
1382 if (bprm->mm) { in free_bprm()
1383 acct_arg_size(bprm, 0); in free_bprm()
1384 mmput(bprm->mm); in free_bprm()
1386 free_arg_pages(bprm); in free_bprm()
1387 if (bprm->cred) { in free_bprm()
1391 abort_creds(bprm->cred); in free_bprm()
1393 do_close_execat(bprm->file); in free_bprm()
1394 if (bprm->executable) in free_bprm()
1395 fput(bprm->executable); in free_bprm()
1397 if (bprm->interp != bprm->filename) in free_bprm()
1398 kfree(bprm->interp); in free_bprm()
1399 kfree(bprm->fdpath); in free_bprm()
1400 kfree(bprm); in free_bprm()
1405 struct linux_binprm *bprm; in alloc_bprm() local
1413 bprm = kzalloc(sizeof(*bprm), GFP_KERNEL); in alloc_bprm()
1414 if (!bprm) { in alloc_bprm()
1419 bprm->file = file; in alloc_bprm()
1422 bprm->filename = filename->name; in alloc_bprm()
1425 bprm->fdpath = kasprintf(GFP_KERNEL, "/dev/fd/%d", fd); in alloc_bprm()
1426 bprm->comm_from_dentry = 1; in alloc_bprm()
1428 bprm->fdpath = kasprintf(GFP_KERNEL, "/dev/fd/%d/%s", in alloc_bprm()
1431 if (!bprm->fdpath) in alloc_bprm()
1444 bprm->interp_flags |= BINPRM_FLAGS_PATH_INACCESSIBLE; in alloc_bprm()
1446 bprm->filename = bprm->fdpath; in alloc_bprm()
1448 bprm->interp = bprm->filename; in alloc_bprm()
1463 bprm->is_check = !!(flags & AT_EXECVE_CHECK); in alloc_bprm()
1465 retval = bprm_mm_init(bprm); in alloc_bprm()
1467 return bprm; in alloc_bprm()
1470 free_bprm(bprm); in alloc_bprm()
1474 int bprm_change_interp(const char *interp, struct linux_binprm *bprm) in bprm_change_interp() argument
1477 if (bprm->interp != bprm->filename) in bprm_change_interp()
1478 kfree(bprm->interp); in bprm_change_interp()
1479 bprm->interp = kstrdup(interp, GFP_KERNEL); in bprm_change_interp()
1480 if (!bprm->interp) in bprm_change_interp()
1491 static void check_unsafe_exec(struct linux_binprm *bprm) in check_unsafe_exec() argument
1497 bprm->unsafe |= LSM_UNSAFE_PTRACE; in check_unsafe_exec()
1504 bprm->unsafe |= LSM_UNSAFE_NO_NEW_PRIVS; in check_unsafe_exec()
1527 bprm->unsafe |= LSM_UNSAFE_SHARE; in check_unsafe_exec()
1533 static void bprm_fill_uid(struct linux_binprm *bprm, struct file *file) in bprm_fill_uid() argument
1570 if (!vfsuid_has_mapping(bprm->cred->user_ns, vfsuid) || in bprm_fill_uid()
1571 !vfsgid_has_mapping(bprm->cred->user_ns, vfsgid)) in bprm_fill_uid()
1575 bprm->per_clear |= PER_CLEAR_ON_SETID; in bprm_fill_uid()
1576 bprm->cred->euid = vfsuid_into_kuid(vfsuid); in bprm_fill_uid()
1580 bprm->per_clear |= PER_CLEAR_ON_SETID; in bprm_fill_uid()
1581 bprm->cred->egid = vfsgid_into_kgid(vfsgid); in bprm_fill_uid()
1588 static int bprm_creds_from_file(struct linux_binprm *bprm) in bprm_creds_from_file() argument
1591 struct file *file = bprm->execfd_creds ? bprm->executable : bprm->file; in bprm_creds_from_file()
1593 bprm_fill_uid(bprm, file); in bprm_creds_from_file()
1594 return security_bprm_creds_from_file(bprm, file); in bprm_creds_from_file()
1603 static int prepare_binprm(struct linux_binprm *bprm) in prepare_binprm() argument
1607 memset(bprm->buf, 0, BINPRM_BUF_SIZE); in prepare_binprm()
1608 return kernel_read(bprm->file, bprm->buf, BINPRM_BUF_SIZE, &pos); in prepare_binprm()
1616 int remove_arg_zero(struct linux_binprm *bprm) in remove_arg_zero() argument
1622 if (!bprm->argc) in remove_arg_zero()
1626 offset = bprm->p & ~PAGE_MASK; in remove_arg_zero()
1627 page = get_arg_page(bprm, bprm->p, 0); in remove_arg_zero()
1633 offset++, bprm->p++) in remove_arg_zero()
1640 bprm->p++; in remove_arg_zero()
1641 bprm->argc--; in remove_arg_zero()
1650 static int search_binary_handler(struct linux_binprm *bprm) in search_binary_handler() argument
1655 retval = prepare_binprm(bprm); in search_binary_handler()
1659 retval = security_bprm_check(bprm); in search_binary_handler()
1669 retval = fmt->load_binary(bprm); in search_binary_handler()
1673 if (bprm->point_of_no_return || (retval != -ENOEXEC)) { in search_binary_handler()
1684 static int exec_binprm(struct linux_binprm *bprm) in exec_binprm() argument
1701 ret = search_binary_handler(bprm); in exec_binprm()
1704 if (!bprm->interpreter) in exec_binprm()
1707 exec = bprm->file; in exec_binprm()
1708 bprm->file = bprm->interpreter; in exec_binprm()
1709 bprm->interpreter = NULL; in exec_binprm()
1712 if (unlikely(bprm->have_execfd)) { in exec_binprm()
1713 if (bprm->executable) { in exec_binprm()
1717 bprm->executable = exec; in exec_binprm()
1722 audit_bprm(bprm); in exec_binprm()
1723 trace_sched_process_exec(current, old_pid, bprm); in exec_binprm()
1729 static int bprm_execve(struct linux_binprm *bprm) in bprm_execve() argument
1733 retval = prepare_bprm_creds(bprm); in bprm_execve()
1742 check_unsafe_exec(bprm); in bprm_execve()
1749 retval = security_bprm_creds_for_exec(bprm); in bprm_execve()
1750 if (retval || bprm->is_check) in bprm_execve()
1753 retval = exec_binprm(bprm); in bprm_execve()
1773 if (bprm->point_of_no_return && !fatal_signal_pending(current)) in bprm_execve()
1788 struct linux_binprm *bprm; in do_execveat_common() local
1810 bprm = alloc_bprm(fd, filename, flags); in do_execveat_common()
1811 if (IS_ERR(bprm)) { in do_execveat_common()
1812 retval = PTR_ERR(bprm); in do_execveat_common()
1819 bprm->argc = retval; in do_execveat_common()
1824 bprm->envc = retval; in do_execveat_common()
1826 retval = bprm_stack_limits(bprm); in do_execveat_common()
1830 retval = copy_string_kernel(bprm->filename, bprm); in do_execveat_common()
1833 bprm->exec = bprm->p; in do_execveat_common()
1835 retval = copy_strings(bprm->envc, envp, bprm); in do_execveat_common()
1839 retval = copy_strings(bprm->argc, argv, bprm); in do_execveat_common()
1849 if (bprm->argc == 0) { in do_execveat_common()
1850 retval = copy_string_kernel("", bprm); in do_execveat_common()
1853 bprm->argc = 1; in do_execveat_common()
1856 current->comm, bprm->filename); in do_execveat_common()
1859 retval = bprm_execve(bprm); in do_execveat_common()
1861 free_bprm(bprm); in do_execveat_common()
1872 struct linux_binprm *bprm; in kernel_execve() local
1884 bprm = alloc_bprm(fd, filename, 0); in kernel_execve()
1885 if (IS_ERR(bprm)) { in kernel_execve()
1886 retval = PTR_ERR(bprm); in kernel_execve()
1895 bprm->argc = retval; in kernel_execve()
1900 bprm->envc = retval; in kernel_execve()
1902 retval = bprm_stack_limits(bprm); in kernel_execve()
1906 retval = copy_string_kernel(bprm->filename, bprm); in kernel_execve()
1909 bprm->exec = bprm->p; in kernel_execve()
1911 retval = copy_strings_kernel(bprm->envc, envp, bprm); in kernel_execve()
1915 retval = copy_strings_kernel(bprm->argc, argv, bprm); in kernel_execve()
1919 retval = bprm_execve(bprm); in kernel_execve()
1921 free_bprm(bprm); in kernel_execve()