Lines Matching +full:protect +full:- +full:exec
1 // SPDX-License-Identifier: GPL-2.0-only
3 * linux/fs/exec.c
9 * #!-checking implemented by tytso.
12 * Demand-loading implemented 01.12.91 - no need to read anything but
14 * "current->executable", and page faults do the actual loading. Clean.
17 * was less than 2 hours work to get demand-loading completely implemented.
20 * current->executable is only used by the procfs. This allows a dispatch
89 if (WARN_ON(!fmt->load_binary)) in __register_binfmt()
92 insert ? list_add(&fmt->lh, &formats) : in __register_binfmt()
93 list_add_tail(&fmt->lh, &formats); in __register_binfmt()
102 list_del(&fmt->lh); in unregister_binfmt()
110 module_put(fmt->module); in put_binfmt()
115 return (path->mnt->mnt_flags & MNT_NOEXEC) || in path_noexec()
116 (path->mnt->mnt_sb->s_iflags & SB_I_NOEXEC); in path_noexec()
153 error = -EACCES; in SYSCALL_DEFINE1()
154 if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode) || in SYSCALL_DEFINE1()
155 path_noexec(&file->f_path))) in SYSCALL_DEFINE1()
160 error = -ENOEXEC; in SYSCALL_DEFINE1()
164 if (!fmt->load_shlib) in SYSCALL_DEFINE1()
166 if (!try_module_get(fmt->module)) in SYSCALL_DEFINE1()
169 error = fmt->load_shlib(file); in SYSCALL_DEFINE1()
172 if (error != -ENOEXEC) in SYSCALL_DEFINE1()
185 * The nascent bprm->mm is not visible until exec_mmap() but it can
186 * use a lot of memory, account these pages in current->mm temporary
187 * for oom_badness()->get_mm_rss(). Once exec succeeds or fails, we
192 struct mm_struct *mm = current->mm; in acct_arg_size()
193 long diff = (long)(pages - bprm->vma_pages); in acct_arg_size()
198 bprm->vma_pages = pages; in acct_arg_size()
211 ret = expand_downwards(bprm->vma, pos); in get_arg_page()
221 * We are doing an exec(). 'current' is the process in get_arg_page()
222 * doing the exec and bprm->mm is the new process's mm. in get_arg_page()
224 ret = get_user_pages_remote(bprm->mm, pos, 1, gup_flags, in get_arg_page()
230 acct_arg_size(bprm, vma_pages(bprm->vma)); in get_arg_page()
247 flush_cache_page(bprm->vma, pos, page_to_pfn(page)); in flush_arg_page()
254 struct mm_struct *mm = bprm->mm; in __bprm_mm_init()
256 bprm->vma = vma = vm_area_alloc(mm); in __bprm_mm_init()
258 return -ENOMEM; in __bprm_mm_init()
262 err = -EINTR; in __bprm_mm_init()
273 vma->vm_end = STACK_TOP_MAX; in __bprm_mm_init()
274 vma->vm_start = vma->vm_end - PAGE_SIZE; in __bprm_mm_init()
275 vma->vm_flags = VM_SOFTDIRTY | VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP; in __bprm_mm_init()
276 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); in __bprm_mm_init()
282 mm->stack_vm = mm->total_vm = 1; in __bprm_mm_init()
284 bprm->p = vma->vm_end - sizeof(void *); in __bprm_mm_init()
289 bprm->vma = NULL; in __bprm_mm_init()
310 page = bprm->page[pos / PAGE_SIZE]; in get_arg_page()
315 bprm->page[pos / PAGE_SIZE] = page; in get_arg_page()
327 if (bprm->page[i]) { in free_arg_page()
328 __free_page(bprm->page[i]); in free_arg_page()
329 bprm->page[i] = NULL; in free_arg_page()
348 bprm->p = PAGE_SIZE * MAX_ARG_PAGES - sizeof(void *); in __bprm_mm_init()
354 return len <= bprm->p; in valid_arg_len()
370 bprm->mm = mm = mm_alloc(); in bprm_mm_init()
371 err = -ENOMEM; in bprm_mm_init()
375 /* Save current stack limit for all calculations made during exec. */ in bprm_mm_init()
376 task_lock(current->group_leader); in bprm_mm_init()
377 bprm->rlim_stack = current->signal->rlim[RLIMIT_STACK]; in bprm_mm_init()
378 task_unlock(current->group_leader); in bprm_mm_init()
388 bprm->mm = NULL; in bprm_mm_init()
416 return ERR_PTR(-EFAULT); in get_user_arg_ptr()
423 return ERR_PTR(-EFAULT); in get_user_arg_ptr()
443 return -EFAULT; in count()
446 return -E2BIG; in count()
450 return -ERESTARTNOHAND; in count()
466 return -E2BIG; in count_strings_kernel()
468 return -ERESTARTNOHAND; in count_strings_kernel()
482 * - the remaining binfmt code will not run out of stack space, in bprm_stack_limits()
483 * - the program will have a reasonable amount of stack left in bprm_stack_limits()
487 limit = min(limit, bprm->rlim_stack.rlim_cur / 4); in bprm_stack_limits()
506 ptr_size = (max(bprm->argc, 1) + bprm->envc) * sizeof(void *); in bprm_stack_limits()
508 return -E2BIG; in bprm_stack_limits()
509 limit -= ptr_size; in bprm_stack_limits()
511 bprm->argmin = bprm->p - limit; in bprm_stack_limits()
528 while (argc-- > 0) { in copy_strings()
533 ret = -EFAULT; in copy_strings()
542 ret = -E2BIG; in copy_strings()
547 pos = bprm->p; in copy_strings()
549 bprm->p -= len; in copy_strings()
551 if (bprm->p < bprm->argmin) in copy_strings()
559 ret = -ERESTARTNOHAND; in copy_strings()
572 offset -= bytes_to_copy; in copy_strings()
573 pos -= bytes_to_copy; in copy_strings()
574 str -= bytes_to_copy; in copy_strings()
575 len -= bytes_to_copy; in copy_strings()
582 ret = -E2BIG; in copy_strings()
597 ret = -EFAULT; in copy_strings()
618 unsigned long pos = bprm->p; in copy_string_kernel()
621 return -EFAULT; in copy_string_kernel()
623 return -E2BIG; in copy_string_kernel()
627 bprm->p -= len; in copy_string_kernel()
628 if (IS_ENABLED(CONFIG_MMU) && bprm->p < bprm->argmin) in copy_string_kernel()
629 return -E2BIG; in copy_string_kernel()
637 pos -= bytes_to_copy; in copy_string_kernel()
638 arg -= bytes_to_copy; in copy_string_kernel()
639 len -= bytes_to_copy; in copy_string_kernel()
643 return -E2BIG; in copy_string_kernel()
659 while (argc-- > 0) { in copy_strings_kernel()
664 return -ERESTARTNOHAND; in copy_strings_kernel()
686 struct mm_struct *mm = vma->vm_mm; in shift_arg_pages()
687 unsigned long old_start = vma->vm_start; in shift_arg_pages()
688 unsigned long old_end = vma->vm_end; in shift_arg_pages()
689 unsigned long length = old_end - old_start; in shift_arg_pages()
690 unsigned long new_start = old_start - shift; in shift_arg_pages()
691 unsigned long new_end = old_end - shift; in shift_arg_pages()
701 return -EFAULT; in shift_arg_pages()
706 if (vma_adjust(vma, new_start, old_end, vma->vm_pgoff, NULL)) in shift_arg_pages()
707 return -ENOMEM; in shift_arg_pages()
715 return -ENOMEM; in shift_arg_pages()
724 vma->vm_next ? vma->vm_next->vm_start : USER_PGTABLES_CEILING); in shift_arg_pages()
729 * have constraints on va-space that make this illegal (IA64) - in shift_arg_pages()
733 vma->vm_next ? vma->vm_next->vm_start : USER_PGTABLES_CEILING); in shift_arg_pages()
740 vma_adjust(vma, new_start, new_end, vma->vm_pgoff, NULL); in shift_arg_pages()
755 struct mm_struct *mm = current->mm; in setup_arg_pages()
756 struct vm_area_struct *vma = bprm->vma; in setup_arg_pages()
766 stack_base = bprm->rlim_stack.rlim_max; in setup_arg_pages()
774 if (vma->vm_end - vma->vm_start > stack_base) in setup_arg_pages()
775 return -ENOMEM; in setup_arg_pages()
777 stack_base = PAGE_ALIGN(stack_top - stack_base); in setup_arg_pages()
779 stack_shift = vma->vm_start - stack_base; in setup_arg_pages()
780 mm->arg_start = bprm->p - stack_shift; in setup_arg_pages()
781 bprm->p = vma->vm_end - stack_shift; in setup_arg_pages()
787 unlikely(vma->vm_end - vma->vm_start >= stack_top - mmap_min_addr)) in setup_arg_pages()
788 return -ENOMEM; in setup_arg_pages()
790 stack_shift = vma->vm_end - stack_top; in setup_arg_pages()
792 bprm->p -= stack_shift; in setup_arg_pages()
793 mm->arg_start = bprm->p; in setup_arg_pages()
796 if (bprm->loader) in setup_arg_pages()
797 bprm->loader -= stack_shift; in setup_arg_pages()
798 bprm->exec -= stack_shift; in setup_arg_pages()
801 return -EINTR; in setup_arg_pages()
814 vm_flags |= mm->def_flags; in setup_arg_pages()
817 ret = mprotect_fixup(vma, &prev, vma->vm_start, vma->vm_end, in setup_arg_pages()
825 bprm->file); in setup_arg_pages()
836 vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP; in setup_arg_pages()
839 stack_size = vma->vm_end - vma->vm_start; in setup_arg_pages()
844 rlim_stack = bprm->rlim_stack.rlim_cur & PAGE_MASK; in setup_arg_pages()
847 stack_base = vma->vm_start + rlim_stack; in setup_arg_pages()
849 stack_base = vma->vm_end + stack_expand; in setup_arg_pages()
852 stack_base = vma->vm_end - rlim_stack; in setup_arg_pages()
854 stack_base = vma->vm_start - stack_expand; in setup_arg_pages()
856 current->mm->start_stack = bprm->p; in setup_arg_pages()
859 ret = -EFAULT; in setup_arg_pages()
879 stop = bprm->p >> PAGE_SHIFT; in transfer_args_to_stack()
882 for (index = MAX_ARG_PAGES - 1; index >= stop; index--) { in transfer_args_to_stack()
883 unsigned int offset = index == stop ? bprm->p & ~PAGE_MASK : 0; in transfer_args_to_stack()
884 char *src = kmap(bprm->page[index]) + offset; in transfer_args_to_stack()
885 sp -= PAGE_SIZE - offset; in transfer_args_to_stack()
886 if (copy_to_user((void *) sp, src, PAGE_SIZE - offset) != 0) in transfer_args_to_stack()
887 ret = -EFAULT; in transfer_args_to_stack()
888 kunmap(bprm->page[index]); in transfer_args_to_stack()
914 return ERR_PTR(-EINVAL); in do_open_execat()
929 err = -EACCES; in do_open_execat()
930 if (WARN_ON_ONCE(!S_ISREG(file_inode(file)->i_mode) || in do_open_execat()
931 path_noexec(&file->f_path))) in do_open_execat()
938 if (name->name[0] != '\0') in do_open_execat()
987 old_mm = current->mm; in exec_mmap()
992 ret = down_write_killable(&tsk->signal->exec_update_lock); in exec_mmap()
1000 * through with the exec. We must hold mmap_lock around in exec_mmap()
1001 * checking core_state and changing tsk->mm. in exec_mmap()
1004 if (unlikely(old_mm->core_state)) { in exec_mmap()
1006 up_write(&tsk->signal->exec_update_lock); in exec_mmap()
1007 return -EINTR; in exec_mmap()
1015 active_mm = tsk->active_mm; in exec_mmap()
1016 tsk->active_mm = mm; in exec_mmap()
1017 tsk->mm = mm; in exec_mmap()
1030 tsk->mm->vmacache_seqnum = 0; in exec_mmap()
1036 setmax_mm_hiwater_rss(&tsk->signal->maxrss, old_mm); in exec_mmap()
1047 struct signal_struct *sig = tsk->signal; in de_thread()
1048 struct sighand_struct *oldsighand = tsk->sighand; in de_thread()
1049 spinlock_t *lock = &oldsighand->siglock; in de_thread()
1064 return -EAGAIN; in de_thread()
1067 sig->group_exit_task = tsk; in de_thread()
1068 sig->notify_count = zap_other_threads(tsk); in de_thread()
1070 sig->notify_count--; in de_thread()
1072 while (sig->notify_count) { in de_thread()
1088 struct task_struct *leader = tsk->group_leader; in de_thread()
1095 * exit_notify() can't miss ->group_exit_task in de_thread()
1097 sig->notify_count = -1; in de_thread()
1098 if (likely(leader->exit_state)) in de_thread()
1109 * The only record we have of the real-time age of a in de_thread()
1112 * from sister threads now dead. But in this non-leader in de_thread()
1113 * exec, nothing survives from the original leader thread, in de_thread()
1118 tsk->start_time = leader->start_time; in de_thread()
1119 tsk->start_boottime = leader->start_boottime; in de_thread()
1123 * An exec() starts a new thread group with the in de_thread()
1137 list_replace_rcu(&leader->tasks, &tsk->tasks); in de_thread()
1138 list_replace_init(&leader->sibling, &tsk->sibling); in de_thread()
1140 tsk->group_leader = tsk; in de_thread()
1141 leader->group_leader = tsk; in de_thread()
1143 tsk->exit_signal = SIGCHLD; in de_thread()
1144 leader->exit_signal = -1; in de_thread()
1146 BUG_ON(leader->exit_state != EXIT_ZOMBIE); in de_thread()
1147 leader->exit_state = EXIT_DEAD; in de_thread()
1150 * We are going to release_task()->ptrace_unlink() silently, in de_thread()
1154 if (unlikely(leader->ptrace)) in de_thread()
1155 __wake_up_parent(leader, leader->parent); in de_thread()
1162 sig->group_exit_task = NULL; in de_thread()
1163 sig->notify_count = 0; in de_thread()
1167 tsk->exit_signal = SIGCHLD; in de_thread()
1175 sig->group_exit_task = NULL; in de_thread()
1176 sig->notify_count = 0; in de_thread()
1178 return -EAGAIN; in de_thread()
1190 struct sighand_struct *oldsighand = me->sighand; in unshare_sighand()
1192 if (refcount_read(&oldsighand->count) != 1) { in unshare_sighand()
1195 * This ->sighand is shared with the CLONE_SIGHAND in unshare_sighand()
1200 return -ENOMEM; in unshare_sighand()
1202 refcount_set(&newsighand->count, 1); in unshare_sighand()
1205 spin_lock(&oldsighand->siglock); in unshare_sighand()
1206 memcpy(newsighand->action, oldsighand->action, in unshare_sighand()
1207 sizeof(newsighand->action)); in unshare_sighand()
1208 rcu_assign_pointer(me->sighand, newsighand); in unshare_sighand()
1209 spin_unlock(&oldsighand->siglock); in unshare_sighand()
1220 strncpy(buf, tsk->comm, buf_size); in __get_task_comm()
1231 void __set_task_comm(struct task_struct *tsk, const char *buf, bool exec) in __set_task_comm() argument
1235 strlcpy(tsk->comm, buf, sizeof(tsk->comm)); in __set_task_comm()
1237 perf_event_comm(tsk, exec); in __set_task_comm()
1259 bprm->point_of_no_return = true; in begin_new_exec()
1269 * Must be called _before_ exec_mmap() as bprm->mm is in begin_new_exec()
1273 set_mm_exe_file(bprm->mm, bprm->file); in begin_new_exec()
1275 /* If the binary is not readable then enforce mm->dumpable=0 */ in begin_new_exec()
1276 would_dump(bprm, bprm->file); in begin_new_exec()
1277 if (bprm->have_execfd) in begin_new_exec()
1278 would_dump(bprm, bprm->executable); in begin_new_exec()
1284 retval = exec_mmap(bprm->mm); in begin_new_exec()
1288 bprm->mm = NULL; in begin_new_exec()
1291 spin_lock_irq(&me->sighand->siglock); in begin_new_exec()
1293 spin_unlock_irq(&me->sighand->siglock); in begin_new_exec()
1311 me->flags &= ~(PF_RANDOMIZE | PF_FORKNOEXEC | PF_KTHREAD | in begin_new_exec()
1314 me->personality &= ~bprm->per_clear; in begin_new_exec()
1319 * trying to access the should-be-closed file descriptors of a process in begin_new_exec()
1320 * undergoing exec(2). in begin_new_exec()
1322 do_close_on_exec(me->files); in begin_new_exec()
1324 if (bprm->secureexec) { in begin_new_exec()
1326 me->pdeath_signal = 0; in begin_new_exec()
1335 if (bprm->rlim_stack.rlim_cur > _STK_LIM) in begin_new_exec()
1336 bprm->rlim_stack.rlim_cur = _STK_LIM; in begin_new_exec()
1339 me->sas_ss_sp = me->sas_ss_size = 0; in begin_new_exec()
1344 * bprm->secureexec instead. in begin_new_exec()
1346 if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP || in begin_new_exec()
1349 set_dumpable(current->mm, suid_dumpable); in begin_new_exec()
1351 set_dumpable(current->mm, SUID_DUMP_USER); in begin_new_exec()
1354 __set_task_comm(me, kbasename(bprm->filename), true); in begin_new_exec()
1356 /* An exec changes our domain. We are no longer part of the thread in begin_new_exec()
1358 WRITE_ONCE(me->self_exec_id, me->self_exec_id + 1); in begin_new_exec()
1366 commit_creds(bprm->cred); in begin_new_exec()
1367 bprm->cred = NULL; in begin_new_exec()
1375 if (get_dumpable(me->mm) != SUID_DUMP_USER) in begin_new_exec()
1385 if (bprm->have_execfd) { in begin_new_exec()
1389 fd_install(retval, bprm->executable); in begin_new_exec()
1390 bprm->executable = NULL; in begin_new_exec()
1391 bprm->execfd = retval; in begin_new_exec()
1396 up_write(&me->signal->exec_update_lock); in begin_new_exec()
1407 bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP; in would_dump()
1409 /* Ensure mm->user_ns contains the executable */ in would_dump()
1410 user_ns = old = bprm->mm->user_ns; in would_dump()
1413 user_ns = user_ns->parent; in would_dump()
1416 bprm->mm->user_ns = get_user_ns(user_ns); in would_dump()
1428 arch_pick_mmap_layout(me->mm, &bprm->rlim_stack); in setup_new_exec()
1436 me->mm->task_size = TASK_SIZE; in setup_new_exec()
1437 up_write(&me->signal->exec_update_lock); in setup_new_exec()
1438 mutex_unlock(&me->signal->cred_guard_mutex); in setup_new_exec()
1446 task_lock(current->group_leader); in finalize_exec()
1447 current->signal->rlim[RLIMIT_STACK] = bprm->rlim_stack; in finalize_exec()
1448 task_unlock(current->group_leader); in finalize_exec()
1453 * Prepare credentials and lock ->cred_guard_mutex.
1455 * Or, if exec fails before, free_bprm() should release ->cred and
1460 if (mutex_lock_interruptible(¤t->signal->cred_guard_mutex)) in prepare_bprm_creds()
1461 return -ERESTARTNOINTR; in prepare_bprm_creds()
1463 bprm->cred = prepare_exec_creds(); in prepare_bprm_creds()
1464 if (likely(bprm->cred)) in prepare_bprm_creds()
1467 mutex_unlock(¤t->signal->cred_guard_mutex); in prepare_bprm_creds()
1468 return -ENOMEM; in prepare_bprm_creds()
1473 if (bprm->mm) { in free_bprm()
1475 mmput(bprm->mm); in free_bprm()
1478 if (bprm->cred) { in free_bprm()
1479 mutex_unlock(¤t->signal->cred_guard_mutex); in free_bprm()
1480 abort_creds(bprm->cred); in free_bprm()
1482 if (bprm->file) { in free_bprm()
1483 allow_write_access(bprm->file); in free_bprm()
1484 fput(bprm->file); in free_bprm()
1486 if (bprm->executable) in free_bprm()
1487 fput(bprm->executable); in free_bprm()
1489 if (bprm->interp != bprm->filename) in free_bprm()
1490 kfree(bprm->interp); in free_bprm()
1491 kfree(bprm->fdpath); in free_bprm()
1498 int retval = -ENOMEM; in alloc_bprm()
1502 if (fd == AT_FDCWD || filename->name[0] == '/') { in alloc_bprm()
1503 bprm->filename = filename->name; in alloc_bprm()
1505 if (filename->name[0] == '\0') in alloc_bprm()
1506 bprm->fdpath = kasprintf(GFP_KERNEL, "/dev/fd/%d", fd); in alloc_bprm()
1508 bprm->fdpath = kasprintf(GFP_KERNEL, "/dev/fd/%d/%s", in alloc_bprm()
1509 fd, filename->name); in alloc_bprm()
1510 if (!bprm->fdpath) in alloc_bprm()
1513 bprm->filename = bprm->fdpath; in alloc_bprm()
1515 bprm->interp = bprm->filename; in alloc_bprm()
1531 if (bprm->interp != bprm->filename) in bprm_change_interp()
1532 kfree(bprm->interp); in bprm_change_interp()
1533 bprm->interp = kstrdup(interp, GFP_KERNEL); in bprm_change_interp()
1534 if (!bprm->interp) in bprm_change_interp()
1535 return -ENOMEM; in bprm_change_interp()
1542 * - the caller must hold ->cred_guard_mutex to protect against
1543 * PTRACE_ATTACH or seccomp thread-sync
1550 if (p->ptrace) in check_unsafe_exec()
1551 bprm->unsafe |= LSM_UNSAFE_PTRACE; in check_unsafe_exec()
1558 bprm->unsafe |= LSM_UNSAFE_NO_NEW_PRIVS; in check_unsafe_exec()
1562 spin_lock(&p->fs->lock); in check_unsafe_exec()
1565 if (t->fs == p->fs) in check_unsafe_exec()
1570 if (p->fs->users > n_fs) in check_unsafe_exec()
1571 bprm->unsafe |= LSM_UNSAFE_SHARE; in check_unsafe_exec()
1573 p->fs->in_exec = 1; in check_unsafe_exec()
1574 spin_unlock(&p->fs->lock); in check_unsafe_exec()
1585 if (!mnt_may_suid(file->f_path.mnt)) in bprm_fill_uid()
1591 inode = file->f_path.dentry->d_inode; in bprm_fill_uid()
1592 mode = READ_ONCE(inode->i_mode); in bprm_fill_uid()
1600 mode = inode->i_mode; in bprm_fill_uid()
1601 uid = inode->i_uid; in bprm_fill_uid()
1602 gid = inode->i_gid; in bprm_fill_uid()
1606 if (!kuid_has_mapping(bprm->cred->user_ns, uid) || in bprm_fill_uid()
1607 !kgid_has_mapping(bprm->cred->user_ns, gid)) in bprm_fill_uid()
1611 bprm->per_clear |= PER_CLEAR_ON_SETID; in bprm_fill_uid()
1612 bprm->cred->euid = uid; in bprm_fill_uid()
1616 bprm->per_clear |= PER_CLEAR_ON_SETID; in bprm_fill_uid()
1617 bprm->cred->egid = gid; in bprm_fill_uid()
1622 * Compute brpm->cred based upon the final binary.
1627 struct file *file = bprm->execfd_creds ? bprm->executable : bprm->file; in bprm_creds_from_file()
1643 memset(bprm->buf, 0, BINPRM_BUF_SIZE); in prepare_binprm()
1644 return kernel_read(bprm->file, bprm->buf, BINPRM_BUF_SIZE, &pos); in prepare_binprm()
1648 * Arguments are '\0' separated strings found at the location bprm->p
1649 * points to; chop off the first by relocating brpm->p to right after
1659 if (!bprm->argc) in remove_arg_zero()
1663 offset = bprm->p & ~PAGE_MASK; in remove_arg_zero()
1664 page = get_arg_page(bprm, bprm->p, 0); in remove_arg_zero()
1666 ret = -EFAULT; in remove_arg_zero()
1672 offset++, bprm->p++) in remove_arg_zero()
1679 bprm->p++; in remove_arg_zero()
1680 bprm->argc--; in remove_arg_zero()
1706 retval = -ENOENT; in search_binary_handler()
1710 if (!try_module_get(fmt->module)) in search_binary_handler()
1714 retval = fmt->load_binary(bprm); in search_binary_handler()
1718 if (bprm->point_of_no_return || (retval != -ENOEXEC)) { in search_binary_handler()
1726 if (printable(bprm->buf[0]) && printable(bprm->buf[1]) && in search_binary_handler()
1727 printable(bprm->buf[2]) && printable(bprm->buf[3])) in search_binary_handler()
1729 if (request_module("binfmt-%04x", *(ushort *)(bprm->buf + 2)) < 0) in search_binary_handler()
1744 old_pid = current->pid; in exec_binprm()
1746 old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent)); in exec_binprm()
1751 struct file *exec; in exec_binprm() local
1753 return -ELOOP; in exec_binprm()
1758 if (!bprm->interpreter) in exec_binprm()
1761 exec = bprm->file; in exec_binprm()
1762 bprm->file = bprm->interpreter; in exec_binprm()
1763 bprm->interpreter = NULL; in exec_binprm()
1765 allow_write_access(exec); in exec_binprm()
1766 if (unlikely(bprm->have_execfd)) { in exec_binprm()
1767 if (bprm->executable) { in exec_binprm()
1768 fput(exec); in exec_binprm()
1769 return -ENOEXEC; in exec_binprm()
1771 bprm->executable = exec; in exec_binprm()
1773 fput(exec); in exec_binprm()
1807 current->in_execve = 1; in bprm_execve()
1816 bprm->file = file; in bprm_execve()
1819 * inaccessible after exec. Relies on having exclusive access to in bprm_execve()
1820 * current->files (due to unshare_files above). in bprm_execve()
1822 if (bprm->fdpath && in bprm_execve()
1823 close_on_exec(fd, rcu_dereference_raw(current->files->fdt))) in bprm_execve()
1824 bprm->interp_flags |= BINPRM_FLAGS_PATH_INACCESSIBLE; in bprm_execve()
1826 /* Set the unchanging part of bprm->cred */ in bprm_execve()
1836 current->fs->in_exec = 0; in bprm_execve()
1837 current->in_execve = 0; in bprm_execve()
1852 if (bprm->point_of_no_return && !fatal_signal_pending(current)) in bprm_execve()
1856 current->fs->in_exec = 0; in bprm_execve()
1857 current->in_execve = 0; in bprm_execve()
1883 if ((current->flags & PF_NPROC_EXCEEDED) && in do_execveat_common()
1884 atomic_read(¤t_user()->processes) > rlimit(RLIMIT_NPROC)) { in do_execveat_common()
1885 retval = -EAGAIN; in do_execveat_common()
1891 current->flags &= ~PF_NPROC_EXCEEDED; in do_execveat_common()
1902 current->comm, bprm->filename); in do_execveat_common()
1905 bprm->argc = retval; in do_execveat_common()
1910 bprm->envc = retval; in do_execveat_common()
1916 retval = copy_string_kernel(bprm->filename, bprm); in do_execveat_common()
1919 bprm->exec = bprm->p; in do_execveat_common()
1921 retval = copy_strings(bprm->envc, envp, bprm); in do_execveat_common()
1925 retval = copy_strings(bprm->argc, argv, bprm); in do_execveat_common()
1935 if (bprm->argc == 0) { in do_execveat_common()
1939 bprm->argc = 1; in do_execveat_common()
1971 retval = -EINVAL; in kernel_execve()
1974 bprm->argc = retval; in kernel_execve()
1979 bprm->envc = retval; in kernel_execve()
1985 retval = copy_string_kernel(bprm->filename, bprm); in kernel_execve()
1988 bprm->exec = bprm->p; in kernel_execve()
1990 retval = copy_strings_kernel(bprm->envc, envp, bprm); in kernel_execve()
1994 retval = copy_strings_kernel(bprm->argc, argv, bprm); in kernel_execve()
2061 struct mm_struct *mm = current->mm; in set_binfmt()
2063 if (mm->binfmt) in set_binfmt()
2064 module_put(mm->binfmt->module); in set_binfmt()
2066 mm->binfmt = new; in set_binfmt()
2068 __module_get(new->module); in set_binfmt()
2073 * set_dumpable stores three-value SUID_DUMP_* into mm->flags.
2080 set_mask_bits(&mm->flags, MMF_DUMPABLE_MASK, value); in set_dumpable()