Commit | Line | Data |
---|---|---|
b2441318 | 1 | // SPDX-License-Identifier: GPL-2.0 |
1da177e4 LT |
2 | /****************************************************************************/ |
3 | /* | |
4 | * linux/fs/binfmt_flat.c | |
5 | * | |
6 | * Copyright (C) 2000-2003 David McCullough <davidm@snapgear.com> | |
7 | * Copyright (C) 2002 Greg Ungerer <gerg@snapgear.com> | |
8 | * Copyright (C) 2002 SnapGear, by Paul Dale <pauli@snapgear.com> | |
9 | * Copyright (C) 2000, 2001 Lineo, by David McCullough <davidm@lineo.com> | |
10 | * based heavily on: | |
11 | * | |
12 | * linux/fs/binfmt_aout.c: | |
13 | * Copyright (C) 1991, 1992, 1996 Linus Torvalds | |
14 | * linux/fs/binfmt_flat.c for 2.0 kernel | |
15 | * Copyright (C) 1998 Kenneth Albanowski <kjahds@kjahds.com> | |
16 | * JAN/99 -- coded full program relocation (gerg@snapgear.com) | |
17 | */ | |
18 | ||
4adbb6ac NP |
19 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
20 | ||
1da177e4 LT |
21 | #include <linux/kernel.h> |
22 | #include <linux/sched.h> | |
68db0cf1 | 23 | #include <linux/sched/task_stack.h> |
1da177e4 LT |
24 | #include <linux/mm.h> |
25 | #include <linux/mman.h> | |
1da177e4 LT |
26 | #include <linux/errno.h> |
27 | #include <linux/signal.h> | |
28 | #include <linux/string.h> | |
29 | #include <linux/fs.h> | |
30 | #include <linux/file.h> | |
1da177e4 LT |
31 | #include <linux/ptrace.h> |
32 | #include <linux/user.h> | |
33 | #include <linux/slab.h> | |
34 | #include <linux/binfmts.h> | |
35 | #include <linux/personality.h> | |
36 | #include <linux/init.h> | |
37 | #include <linux/flat.h> | |
13c3f50c | 38 | #include <linux/uaccess.h> |
472f95f3 | 39 | #include <linux/vmalloc.h> |
1da177e4 LT |
40 | |
41 | #include <asm/byteorder.h> | |
1da177e4 LT |
42 | #include <asm/unaligned.h> |
43 | #include <asm/cacheflush.h> | |
c3dc5bec | 44 | #include <asm/page.h> |
06d2bfed | 45 | #include <asm/flat.h> |
1da177e4 | 46 | |
02da2833 CH |
47 | #ifndef flat_get_relocate_addr |
48 | #define flat_get_relocate_addr(rel) (rel) | |
49 | #endif | |
1da177e4 LT |
50 | |
51 | /****************************************************************************/ | |
52 | ||
c3dc5bec | 53 | /* |
2e94de8a MF |
54 | * User data (data section and bss) needs to be aligned. |
55 | * We pick 0x20 here because it is the max value elf2flt has always | |
56 | * used in producing FLAT files, and because it seems to be large | |
57 | * enough to make all the gcc alignment related tests happy. | |
58 | */ | |
59 | #define FLAT_DATA_ALIGN (0x20) | |
60 | ||
61 | /* | |
62 | * User data (stack) also needs to be aligned. | |
63 | * Here we can be a bit looser than the data sections since this | |
64 | * needs to only meet arch ABI requirements. | |
c3dc5bec | 65 | */ |
2952095c | 66 | #define FLAT_STACK_ALIGN max_t(unsigned long, sizeof(void *), ARCH_SLAB_MINALIGN) |
c3dc5bec | 67 | |
1da177e4 LT |
68 | #define RELOC_FAILED 0xff00ff01 /* Relocation incorrect somewhere */ |
69 | #define UNLOADED_LIB 0x7ff000ff /* Placeholder for unused library */ | |
70 | ||
a445d988 CH |
71 | #ifdef CONFIG_BINFMT_SHARED_FLAT |
72 | #define MAX_SHARED_LIBS (4) | |
73 | #else | |
74 | #define MAX_SHARED_LIBS (1) | |
75 | #endif | |
76 | ||
1da177e4 LT |
77 | struct lib_info { |
78 | struct { | |
79 | unsigned long start_code; /* Start of text segment */ | |
80 | unsigned long start_data; /* Start of data segment */ | |
81 | unsigned long start_brk; /* End of data segment */ | |
82 | unsigned long text_len; /* Length of text segment */ | |
83 | unsigned long entry; /* Start address for this module */ | |
84 | unsigned long build_date; /* When this one was compiled */ | |
13c3f50c | 85 | bool loaded; /* Has this library been loaded? */ |
1da177e4 LT |
86 | } lib_list[MAX_SHARED_LIBS]; |
87 | }; | |
88 | ||
89 | #ifdef CONFIG_BINFMT_SHARED_FLAT | |
90 | static int load_flat_shared_library(int id, struct lib_info *p); | |
91 | #endif | |
92 | ||
71613c3b | 93 | static int load_flat_binary(struct linux_binprm *); |
f6151dfe | 94 | static int flat_core_dump(struct coredump_params *cprm); |
1da177e4 | 95 | |
1da177e4 LT |
96 | static struct linux_binfmt flat_format = { |
97 | .module = THIS_MODULE, | |
98 | .load_binary = load_flat_binary, | |
99 | .core_dump = flat_core_dump, | |
100 | .min_coredump = PAGE_SIZE | |
101 | }; | |
102 | ||
103 | /****************************************************************************/ | |
104 | /* | |
105 | * Routine writes a core dump image in the current directory. | |
106 | * Currently only a stub-function. | |
107 | */ | |
108 | ||
f6151dfe | 109 | static int flat_core_dump(struct coredump_params *cprm) |
1da177e4 | 110 | { |
4adbb6ac NP |
111 | pr_warn("Process %s:%d received signr %d and should have core dumped\n", |
112 | current->comm, current->pid, cprm->siginfo->si_signo); | |
13c3f50c | 113 | return 1; |
1da177e4 LT |
114 | } |
115 | ||
116 | /****************************************************************************/ | |
117 | /* | |
118 | * create_flat_tables() parses the env- and arg-strings in new user | |
119 | * memory and creates the pointer tables from them, and puts their | |
a97d157d | 120 | * addresses on the "stack", recording the new stack pointer value. |
1da177e4 LT |
121 | */ |
122 | ||
a97d157d | 123 | static int create_flat_tables(struct linux_binprm *bprm, unsigned long arg_start) |
1da177e4 | 124 | { |
a97d157d NP |
125 | char __user *p; |
126 | unsigned long __user *sp; | |
127 | long i, len; | |
1da177e4 | 128 | |
a97d157d NP |
129 | p = (char __user *)arg_start; |
130 | sp = (unsigned long __user *)current->mm->start_stack; | |
131 | ||
132 | sp -= bprm->envc + 1; | |
133 | sp -= bprm->argc + 1; | |
bdd15a28 CH |
134 | if (IS_ENABLED(CONFIG_BINFMT_FLAT_ARGVP_ENVP_ON_STACK)) |
135 | sp -= 2; /* argvp + envp */ | |
a97d157d NP |
136 | sp -= 1; /* &argc */ |
137 | ||
138 | current->mm->start_stack = (unsigned long)sp & -FLAT_STACK_ALIGN; | |
139 | sp = (unsigned long __user *)current->mm->start_stack; | |
140 | ||
141 | __put_user(bprm->argc, sp++); | |
bdd15a28 | 142 | if (IS_ENABLED(CONFIG_BINFMT_FLAT_ARGVP_ENVP_ON_STACK)) { |
a97d157d NP |
143 | unsigned long argv, envp; |
144 | argv = (unsigned long)(sp + 2); | |
145 | envp = (unsigned long)(sp + 2 + bprm->argc + 1); | |
146 | __put_user(argv, sp++); | |
147 | __put_user(envp, sp++); | |
148 | } | |
149 | ||
150 | current->mm->arg_start = (unsigned long)p; | |
151 | for (i = bprm->argc; i > 0; i--) { | |
152 | __put_user((unsigned long)p, sp++); | |
153 | len = strnlen_user(p, MAX_ARG_STRLEN); | |
154 | if (!len || len > MAX_ARG_STRLEN) | |
155 | return -EINVAL; | |
156 | p += len; | |
157 | } | |
158 | __put_user(0, sp++); | |
159 | current->mm->arg_end = (unsigned long)p; | |
160 | ||
161 | current->mm->env_start = (unsigned long) p; | |
162 | for (i = bprm->envc; i > 0; i--) { | |
163 | __put_user((unsigned long)p, sp++); | |
164 | len = strnlen_user(p, MAX_ARG_STRLEN); | |
165 | if (!len || len > MAX_ARG_STRLEN) | |
166 | return -EINVAL; | |
167 | p += len; | |
168 | } | |
169 | __put_user(0, sp++); | |
170 | current->mm->env_end = (unsigned long)p; | |
171 | ||
172 | return 0; | |
1da177e4 LT |
173 | } |
174 | ||
175 | /****************************************************************************/ | |
176 | ||
177 | #ifdef CONFIG_BINFMT_ZFLAT | |
178 | ||
179 | #include <linux/zlib.h> | |
180 | ||
181 | #define LBUFSIZE 4000 | |
182 | ||
183 | /* gzip flag byte */ | |
184 | #define ASCII_FLAG 0x01 /* bit 0 set: file probably ASCII text */ | |
185 | #define CONTINUATION 0x02 /* bit 1 set: continuation of multi-part gzip file */ | |
186 | #define EXTRA_FIELD 0x04 /* bit 2 set: extra field present */ | |
187 | #define ORIG_NAME 0x08 /* bit 3 set: original file name present */ | |
188 | #define COMMENT 0x10 /* bit 4 set: file comment present */ | |
189 | #define ENCRYPTED 0x20 /* bit 5 set: file is encrypted */ | |
190 | #define RESERVED 0xC0 /* bit 6,7: reserved */ | |
191 | ||
bdd1d2d3 CH |
192 | static int decompress_exec(struct linux_binprm *bprm, loff_t fpos, char *dst, |
193 | long len, int fd) | |
1da177e4 LT |
194 | { |
195 | unsigned char *buf; | |
196 | z_stream strm; | |
1da177e4 LT |
197 | int ret, retval; |
198 | ||
bdd1d2d3 | 199 | pr_debug("decompress_exec(offset=%llx,buf=%p,len=%lx)\n", fpos, dst, len); |
1da177e4 LT |
200 | |
201 | memset(&strm, 0, sizeof(strm)); | |
202 | strm.workspace = kmalloc(zlib_inflate_workspacesize(), GFP_KERNEL); | |
9367bb73 | 203 | if (!strm.workspace) |
1da177e4 | 204 | return -ENOMEM; |
9367bb73 | 205 | |
1da177e4 | 206 | buf = kmalloc(LBUFSIZE, GFP_KERNEL); |
9367bb73 | 207 | if (!buf) { |
1da177e4 LT |
208 | retval = -ENOMEM; |
209 | goto out_free; | |
210 | } | |
211 | ||
212 | /* Read in first chunk of data and parse gzip header. */ | |
bdd1d2d3 | 213 | ret = kernel_read(bprm->file, buf, LBUFSIZE, &fpos); |
1da177e4 LT |
214 | |
215 | strm.next_in = buf; | |
216 | strm.avail_in = ret; | |
217 | strm.total_in = 0; | |
218 | ||
219 | retval = -ENOEXEC; | |
220 | ||
221 | /* Check minimum size -- gzip header */ | |
222 | if (ret < 10) { | |
4adbb6ac | 223 | pr_debug("file too small?\n"); |
1da177e4 LT |
224 | goto out_free_buf; |
225 | } | |
226 | ||
227 | /* Check gzip magic number */ | |
228 | if ((buf[0] != 037) || ((buf[1] != 0213) && (buf[1] != 0236))) { | |
4adbb6ac | 229 | pr_debug("unknown compression magic?\n"); |
1da177e4 LT |
230 | goto out_free_buf; |
231 | } | |
232 | ||
233 | /* Check gzip method */ | |
234 | if (buf[2] != 8) { | |
4adbb6ac | 235 | pr_debug("unknown compression method?\n"); |
1da177e4 LT |
236 | goto out_free_buf; |
237 | } | |
238 | /* Check gzip flags */ | |
239 | if ((buf[3] & ENCRYPTED) || (buf[3] & CONTINUATION) || | |
240 | (buf[3] & RESERVED)) { | |
4adbb6ac | 241 | pr_debug("unknown flags?\n"); |
1da177e4 LT |
242 | goto out_free_buf; |
243 | } | |
244 | ||
245 | ret = 10; | |
246 | if (buf[3] & EXTRA_FIELD) { | |
247 | ret += 2 + buf[10] + (buf[11] << 8); | |
13c3f50c | 248 | if (unlikely(ret >= LBUFSIZE)) { |
4adbb6ac | 249 | pr_debug("buffer overflow (EXTRA)?\n"); |
1da177e4 LT |
250 | goto out_free_buf; |
251 | } | |
252 | } | |
253 | if (buf[3] & ORIG_NAME) { | |
f4cfb18d | 254 | while (ret < LBUFSIZE && buf[ret++] != 0) |
1da177e4 | 255 | ; |
13c3f50c | 256 | if (unlikely(ret == LBUFSIZE)) { |
4adbb6ac | 257 | pr_debug("buffer overflow (ORIG_NAME)?\n"); |
1da177e4 LT |
258 | goto out_free_buf; |
259 | } | |
260 | } | |
261 | if (buf[3] & COMMENT) { | |
f4cfb18d | 262 | while (ret < LBUFSIZE && buf[ret++] != 0) |
1da177e4 | 263 | ; |
13c3f50c | 264 | if (unlikely(ret == LBUFSIZE)) { |
4adbb6ac | 265 | pr_debug("buffer overflow (COMMENT)?\n"); |
1da177e4 LT |
266 | goto out_free_buf; |
267 | } | |
268 | } | |
269 | ||
270 | strm.next_in += ret; | |
271 | strm.avail_in -= ret; | |
272 | ||
273 | strm.next_out = dst; | |
274 | strm.avail_out = len; | |
275 | strm.total_out = 0; | |
276 | ||
277 | if (zlib_inflateInit2(&strm, -MAX_WBITS) != Z_OK) { | |
4adbb6ac | 278 | pr_debug("zlib init failed?\n"); |
1da177e4 LT |
279 | goto out_free_buf; |
280 | } | |
281 | ||
282 | while ((ret = zlib_inflate(&strm, Z_NO_FLUSH)) == Z_OK) { | |
bdd1d2d3 | 283 | ret = kernel_read(bprm->file, buf, LBUFSIZE, &fpos); |
1da177e4 LT |
284 | if (ret <= 0) |
285 | break; | |
1da177e4 LT |
286 | len -= ret; |
287 | ||
288 | strm.next_in = buf; | |
289 | strm.avail_in = ret; | |
290 | strm.total_in = 0; | |
291 | } | |
292 | ||
293 | if (ret < 0) { | |
4adbb6ac | 294 | pr_debug("decompression failed (%d), %s\n", |
1da177e4 LT |
295 | ret, strm.msg); |
296 | goto out_zlib; | |
297 | } | |
298 | ||
299 | retval = 0; | |
300 | out_zlib: | |
301 | zlib_inflateEnd(&strm); | |
302 | out_free_buf: | |
303 | kfree(buf); | |
304 | out_free: | |
305 | kfree(strm.workspace); | |
1da177e4 LT |
306 | return retval; |
307 | } | |
308 | ||
309 | #endif /* CONFIG_BINFMT_ZFLAT */ | |
310 | ||
311 | /****************************************************************************/ | |
312 | ||
313 | static unsigned long | |
314 | calc_reloc(unsigned long r, struct lib_info *p, int curid, int internalp) | |
315 | { | |
316 | unsigned long addr; | |
317 | int id; | |
318 | unsigned long start_brk; | |
319 | unsigned long start_data; | |
320 | unsigned long text_len; | |
321 | unsigned long start_code; | |
322 | ||
323 | #ifdef CONFIG_BINFMT_SHARED_FLAT | |
324 | if (r == 0) | |
325 | id = curid; /* Relocs of 0 are always self referring */ | |
326 | else { | |
327 | id = (r >> 24) & 0xff; /* Find ID for this reloc */ | |
328 | r &= 0x00ffffff; /* Trim ID off here */ | |
329 | } | |
330 | if (id >= MAX_SHARED_LIBS) { | |
4adbb6ac | 331 | pr_err("reference 0x%lx to shared library %d", r, id); |
1da177e4 LT |
332 | goto failed; |
333 | } | |
334 | if (curid != id) { | |
335 | if (internalp) { | |
4adbb6ac NP |
336 | pr_err("reloc address 0x%lx not in same module " |
337 | "(%d != %d)", r, curid, id); | |
1da177e4 | 338 | goto failed; |
13c3f50c NP |
339 | } else if (!p->lib_list[id].loaded && |
340 | load_flat_shared_library(id, p) < 0) { | |
4adbb6ac | 341 | pr_err("failed to load library %d", id); |
1da177e4 LT |
342 | goto failed; |
343 | } | |
344 | /* Check versioning information (i.e. time stamps) */ | |
345 | if (p->lib_list[id].build_date && p->lib_list[curid].build_date && | |
346 | p->lib_list[curid].build_date < p->lib_list[id].build_date) { | |
4adbb6ac | 347 | pr_err("library %d is younger than %d", id, curid); |
1da177e4 LT |
348 | goto failed; |
349 | } | |
350 | } | |
351 | #else | |
352 | id = 0; | |
353 | #endif | |
354 | ||
355 | start_brk = p->lib_list[id].start_brk; | |
356 | start_data = p->lib_list[id].start_data; | |
357 | start_code = p->lib_list[id].start_code; | |
358 | text_len = p->lib_list[id].text_len; | |
359 | ||
9ee24b2a | 360 | if (r > start_brk - start_data + text_len) { |
4adbb6ac | 361 | pr_err("reloc outside program 0x%lx (0 - 0x%lx/0x%lx)", |
13c3f50c | 362 | r, start_brk-start_data+text_len, text_len); |
1da177e4 LT |
363 | goto failed; |
364 | } | |
365 | ||
366 | if (r < text_len) /* In text segment */ | |
367 | addr = r + start_code; | |
368 | else /* In data segment */ | |
369 | addr = r - text_len + start_data; | |
370 | ||
371 | /* Range checked already above so doing the range tests is redundant...*/ | |
13c3f50c | 372 | return addr; |
1da177e4 LT |
373 | |
374 | failed: | |
4adbb6ac | 375 | pr_cont(", killing %s!\n", current->comm); |
1da177e4 LT |
376 | send_sig(SIGSEGV, current, 0); |
377 | ||
378 | return RELOC_FAILED; | |
379 | } | |
380 | ||
381 | /****************************************************************************/ | |
382 | ||
cf9a566c | 383 | #ifdef CONFIG_BINFMT_FLAT_OLD |
34303435 | 384 | static void old_reloc(unsigned long rl) |
1da177e4 | 385 | { |
13c3f50c | 386 | static const char *segment[] = { "TEXT", "DATA", "BSS", "*UNKNOWN*" }; |
1da177e4 | 387 | flat_v2_reloc_t r; |
1b2ce442 NP |
388 | unsigned long __user *ptr; |
389 | unsigned long val; | |
13c3f50c | 390 | |
1da177e4 LT |
391 | r.value = rl; |
392 | #if defined(CONFIG_COLDFIRE) | |
1b2ce442 | 393 | ptr = (unsigned long __user *)(current->mm->start_code + r.reloc.offset); |
1da177e4 | 394 | #else |
1b2ce442 | 395 | ptr = (unsigned long __user *)(current->mm->start_data + r.reloc.offset); |
1da177e4 | 396 | #endif |
1b2ce442 | 397 | get_user(val, ptr); |
1da177e4 | 398 | |
4adbb6ac NP |
399 | pr_debug("Relocation of variable at DATASEG+%x " |
400 | "(address %p, currently %lx) into segment %s\n", | |
1b2ce442 | 401 | r.reloc.offset, ptr, val, segment[r.reloc.type]); |
13c3f50c | 402 | |
1da177e4 LT |
403 | switch (r.reloc.type) { |
404 | case OLD_FLAT_RELOC_TYPE_TEXT: | |
1b2ce442 | 405 | val += current->mm->start_code; |
1da177e4 LT |
406 | break; |
407 | case OLD_FLAT_RELOC_TYPE_DATA: | |
1b2ce442 | 408 | val += current->mm->start_data; |
1da177e4 LT |
409 | break; |
410 | case OLD_FLAT_RELOC_TYPE_BSS: | |
1b2ce442 | 411 | val += current->mm->end_data; |
1da177e4 LT |
412 | break; |
413 | default: | |
4adbb6ac | 414 | pr_err("Unknown relocation type=%x\n", r.reloc.type); |
1da177e4 LT |
415 | break; |
416 | } | |
1b2ce442 | 417 | put_user(val, ptr); |
1da177e4 | 418 | |
1b2ce442 | 419 | pr_debug("Relocation became %lx\n", val); |
13c3f50c | 420 | } |
cf9a566c | 421 | #endif /* CONFIG_BINFMT_FLAT_OLD */ |
1da177e4 LT |
422 | |
423 | /****************************************************************************/ | |
424 | ||
13c3f50c | 425 | static int load_flat_file(struct linux_binprm *bprm, |
1da177e4 LT |
426 | struct lib_info *libinfo, int id, unsigned long *extra_stack) |
427 | { | |
13c3f50c NP |
428 | struct flat_hdr *hdr; |
429 | unsigned long textpos, datapos, realdatastart; | |
468138d7 | 430 | u32 text_len, data_len, bss_len, stack_len, full_data, flags; |
13c3f50c | 431 | unsigned long len, memp, memp_size, extra, rlim; |
3b977718 CH |
432 | __be32 __user *reloc; |
433 | u32 __user *rp; | |
13c3f50c | 434 | int i, rev, relocs; |
1da177e4 LT |
435 | loff_t fpos; |
436 | unsigned long start_code, end_code; | |
13c3f50c | 437 | ssize_t result; |
1ad3dcc0 | 438 | int ret; |
1da177e4 LT |
439 | |
440 | hdr = ((struct flat_hdr *) bprm->buf); /* exec-header */ | |
1da177e4 LT |
441 | |
442 | text_len = ntohl(hdr->data_start); | |
443 | data_len = ntohl(hdr->data_end) - ntohl(hdr->data_start); | |
444 | bss_len = ntohl(hdr->bss_end) - ntohl(hdr->data_end); | |
445 | stack_len = ntohl(hdr->stack_size); | |
446 | if (extra_stack) { | |
447 | stack_len += *extra_stack; | |
448 | *extra_stack = stack_len; | |
449 | } | |
450 | relocs = ntohl(hdr->reloc_count); | |
451 | flags = ntohl(hdr->flags); | |
452 | rev = ntohl(hdr->rev); | |
3dc20cb2 | 453 | full_data = data_len + relocs * sizeof(unsigned long); |
1da177e4 | 454 | |
845884d3 | 455 | if (strncmp(hdr->magic, "bFLT", 4)) { |
1da177e4 | 456 | /* |
e2a366dc MF |
457 | * Previously, here was a printk to tell people |
458 | * "BINFMT_FLAT: bad header magic". | |
459 | * But for the kernel which also use ELF FD-PIC format, this | |
460 | * error message is confusing. | |
1da177e4 | 461 | * because a lot of people do not manage to produce good |
1da177e4 | 462 | */ |
1ad3dcc0 LY |
463 | ret = -ENOEXEC; |
464 | goto err; | |
845884d3 GU |
465 | } |
466 | ||
467 | if (flags & FLAT_FLAG_KTRACE) | |
4adbb6ac | 468 | pr_info("Loading file: %s\n", bprm->filename); |
845884d3 | 469 | |
cf9a566c | 470 | #ifdef CONFIG_BINFMT_FLAT_OLD |
845884d3 | 471 | if (rev != FLAT_VERSION && rev != OLD_FLAT_VERSION) { |
4adbb6ac NP |
472 | pr_err("bad flat file version 0x%x (supported 0x%lx and 0x%lx)\n", |
473 | rev, FLAT_VERSION, OLD_FLAT_VERSION); | |
1ad3dcc0 LY |
474 | ret = -ENOEXEC; |
475 | goto err; | |
1da177e4 | 476 | } |
13c3f50c | 477 | |
1da177e4 LT |
478 | /* Don't allow old format executables to use shared libraries */ |
479 | if (rev == OLD_FLAT_VERSION && id != 0) { | |
4adbb6ac NP |
480 | pr_err("shared libraries are not available before rev 0x%lx\n", |
481 | FLAT_VERSION); | |
1ad3dcc0 LY |
482 | ret = -ENOEXEC; |
483 | goto err; | |
1da177e4 LT |
484 | } |
485 | ||
cf9a566c CH |
486 | /* |
487 | * fix up the flags for the older format, there were all kinds | |
488 | * of endian hacks, this only works for the simple cases | |
489 | */ | |
490 | if (rev == OLD_FLAT_VERSION && | |
491 | (flags || IS_ENABLED(CONFIG_BINFMT_FLAT_OLD_ALWAYS_RAM))) | |
492 | flags = FLAT_FLAG_RAM; | |
493 | ||
494 | #else /* CONFIG_BINFMT_FLAT_OLD */ | |
495 | if (rev != FLAT_VERSION) { | |
496 | pr_err("bad flat file version 0x%x (supported 0x%lx)\n", | |
497 | rev, FLAT_VERSION); | |
498 | ret = -ENOEXEC; | |
499 | goto err; | |
500 | } | |
501 | #endif /* !CONFIG_BINFMT_FLAT_OLD */ | |
502 | ||
c995ee28 NP |
503 | /* |
504 | * Make sure the header params are sane. | |
505 | * 28 bits (256 MB) is way more than reasonable in this case. | |
506 | * If some top bits are set we have probable binary corruption. | |
507 | */ | |
508 | if ((text_len | data_len | bss_len | stack_len | full_data) >> 28) { | |
509 | pr_err("bad header\n"); | |
510 | ret = -ENOEXEC; | |
511 | goto err; | |
512 | } | |
513 | ||
1da177e4 LT |
514 | #ifndef CONFIG_BINFMT_ZFLAT |
515 | if (flags & (FLAT_FLAG_GZIP|FLAT_FLAG_GZDATA)) { | |
4adbb6ac | 516 | pr_err("Support for ZFLAT executables is not enabled.\n"); |
1ad3dcc0 LY |
517 | ret = -ENOEXEC; |
518 | goto err; | |
1da177e4 LT |
519 | } |
520 | #endif | |
521 | ||
522 | /* | |
523 | * Check initial limits. This avoids letting people circumvent | |
524 | * size limits imposed on them by creating programs with large | |
525 | * arrays in the data or bss. | |
526 | */ | |
d554ed89 | 527 | rlim = rlimit(RLIMIT_DATA); |
1da177e4 LT |
528 | if (rlim >= RLIM_INFINITY) |
529 | rlim = ~0; | |
1ad3dcc0 LY |
530 | if (data_len + bss_len > rlim) { |
531 | ret = -ENOMEM; | |
532 | goto err; | |
533 | } | |
534 | ||
1da177e4 LT |
535 | /* Flush all traces of the currently running executable */ |
536 | if (id == 0) { | |
13c3f50c NP |
537 | ret = flush_old_exec(bprm); |
538 | if (ret) | |
df88912a | 539 | goto err; |
1da177e4 LT |
540 | |
541 | /* OK, This is the point of no return */ | |
fcc18e83 | 542 | set_personality(PER_LINUX_32BIT); |
221af7f8 | 543 | setup_new_exec(bprm); |
1da177e4 LT |
544 | } |
545 | ||
546 | /* | |
547 | * calculate the extra space we need to map in | |
548 | */ | |
0e647c04 AM |
549 | extra = max_t(unsigned long, bss_len + stack_len, |
550 | relocs * sizeof(unsigned long)); | |
1da177e4 LT |
551 | |
552 | /* | |
553 | * there are a couple of cases here, the separate code/data | |
554 | * case, and then the fully copied to RAM case which lumps | |
555 | * it all together. | |
556 | */ | |
015feacf | 557 | if (!IS_ENABLED(CONFIG_MMU) && !(flags & (FLAT_FLAG_RAM|FLAT_FLAG_GZIP))) { |
1da177e4 LT |
558 | /* |
559 | * this should give us a ROM ptr, but if it doesn't we don't | |
560 | * really care | |
561 | */ | |
4adbb6ac | 562 | pr_debug("ROM mapping of file (we hope)\n"); |
1da177e4 | 563 | |
6be5ceb0 | 564 | textpos = vm_mmap(bprm->file, 0, text_len, PROT_READ|PROT_EXEC, |
925d1c40 | 565 | MAP_PRIVATE|MAP_EXECUTABLE, 0); |
0b8c78f2 | 566 | if (!textpos || IS_ERR_VALUE(textpos)) { |
1ad3dcc0 | 567 | ret = textpos; |
13c3f50c NP |
568 | if (!textpos) |
569 | ret = -ENOMEM; | |
4adbb6ac | 570 | pr_err("Unable to mmap process text, errno %d\n", ret); |
df88912a | 571 | goto err; |
1da177e4 LT |
572 | } |
573 | ||
a2357223 | 574 | len = data_len + extra; |
0f3e442a | 575 | len = PAGE_ALIGN(len); |
13c3f50c | 576 | realdatastart = vm_mmap(NULL, 0, len, |
72613e5f | 577 | PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE, 0); |
1da177e4 | 578 | |
0b8c78f2 | 579 | if (realdatastart == 0 || IS_ERR_VALUE(realdatastart)) { |
13c3f50c | 580 | ret = realdatastart; |
1da177e4 | 581 | if (!realdatastart) |
13c3f50c | 582 | ret = -ENOMEM; |
4adbb6ac | 583 | pr_err("Unable to allocate RAM for process data, " |
13c3f50c | 584 | "errno %d\n", ret); |
7696e0c3 | 585 | vm_munmap(textpos, text_len); |
df88912a | 586 | goto err; |
1da177e4 | 587 | } |
a2357223 | 588 | datapos = ALIGN(realdatastart, FLAT_DATA_ALIGN); |
1da177e4 | 589 | |
a8605423 | 590 | pr_debug("Allocated data+bss+stack (%u bytes): %lx\n", |
4adbb6ac | 591 | data_len + bss_len + stack_len, datapos); |
1da177e4 LT |
592 | |
593 | fpos = ntohl(hdr->data_start); | |
594 | #ifdef CONFIG_BINFMT_ZFLAT | |
595 | if (flags & FLAT_FLAG_GZDATA) { | |
13c3f50c | 596 | result = decompress_exec(bprm, fpos, (char *)datapos, |
3dc20cb2 | 597 | full_data, 0); |
1da177e4 LT |
598 | } else |
599 | #endif | |
600 | { | |
3dc20cb2 AV |
601 | result = read_code(bprm->file, datapos, fpos, |
602 | full_data); | |
1da177e4 | 603 | } |
0b8c78f2 | 604 | if (IS_ERR_VALUE(result)) { |
13c3f50c | 605 | ret = result; |
4adbb6ac | 606 | pr_err("Unable to read data+bss, errno %d\n", ret); |
7696e0c3 AV |
607 | vm_munmap(textpos, text_len); |
608 | vm_munmap(realdatastart, len); | |
df88912a | 609 | goto err; |
1da177e4 LT |
610 | } |
611 | ||
3b977718 | 612 | reloc = (__be32 __user *) |
13c3f50c | 613 | (datapos + (ntohl(hdr->reloc_start) - text_len)); |
1da177e4 | 614 | memp = realdatastart; |
0f3e442a | 615 | memp_size = len; |
1da177e4 LT |
616 | } else { |
617 | ||
a2357223 | 618 | len = text_len + data_len + extra; |
0f3e442a | 619 | len = PAGE_ALIGN(len); |
13c3f50c | 620 | textpos = vm_mmap(NULL, 0, len, |
72613e5f | 621 | PROT_READ | PROT_EXEC | PROT_WRITE, MAP_PRIVATE, 0); |
72613e5f | 622 | |
0b8c78f2 | 623 | if (!textpos || IS_ERR_VALUE(textpos)) { |
1ad3dcc0 | 624 | ret = textpos; |
13c3f50c NP |
625 | if (!textpos) |
626 | ret = -ENOMEM; | |
4adbb6ac | 627 | pr_err("Unable to allocate RAM for process text/data, " |
13c3f50c | 628 | "errno %d\n", ret); |
df88912a | 629 | goto err; |
1da177e4 LT |
630 | } |
631 | ||
632 | realdatastart = textpos + ntohl(hdr->data_start); | |
a2357223 | 633 | datapos = ALIGN(realdatastart, FLAT_DATA_ALIGN); |
c3dc5bec | 634 | |
3b977718 | 635 | reloc = (__be32 __user *) |
c3dc5bec | 636 | (datapos + (ntohl(hdr->reloc_start) - text_len)); |
1da177e4 | 637 | memp = textpos; |
0f3e442a | 638 | memp_size = len; |
1da177e4 LT |
639 | #ifdef CONFIG_BINFMT_ZFLAT |
640 | /* | |
641 | * load it all in and treat it like a RAM load from now on | |
642 | */ | |
643 | if (flags & FLAT_FLAG_GZIP) { | |
472f95f3 | 644 | #ifndef CONFIG_MMU |
13c3f50c NP |
645 | result = decompress_exec(bprm, sizeof(struct flat_hdr), |
646 | (((char *)textpos) + sizeof(struct flat_hdr)), | |
3dc20cb2 | 647 | (text_len + full_data |
13c3f50c | 648 | - sizeof(struct flat_hdr)), |
1da177e4 | 649 | 0); |
a2357223 CH |
650 | if (datapos != realdatastart) |
651 | memmove((void *)datapos, (void *)realdatastart, | |
652 | full_data); | |
472f95f3 NP |
653 | #else |
654 | /* | |
655 | * This is used on MMU systems mainly for testing. | |
656 | * Let's use a kernel buffer to simplify things. | |
657 | */ | |
658 | long unz_text_len = text_len - sizeof(struct flat_hdr); | |
659 | long unz_len = unz_text_len + full_data; | |
660 | char *unz_data = vmalloc(unz_len); | |
661 | if (!unz_data) { | |
662 | result = -ENOMEM; | |
663 | } else { | |
664 | result = decompress_exec(bprm, sizeof(struct flat_hdr), | |
665 | unz_data, unz_len, 0); | |
666 | if (result == 0 && | |
667 | (copy_to_user((void __user *)textpos + sizeof(struct flat_hdr), | |
668 | unz_data, unz_text_len) || | |
669 | copy_to_user((void __user *)datapos, | |
670 | unz_data + unz_text_len, full_data))) | |
671 | result = -EFAULT; | |
672 | vfree(unz_data); | |
673 | } | |
674 | #endif | |
1da177e4 | 675 | } else if (flags & FLAT_FLAG_GZDATA) { |
3dc20cb2 | 676 | result = read_code(bprm->file, textpos, 0, text_len); |
472f95f3 NP |
677 | if (!IS_ERR_VALUE(result)) { |
678 | #ifndef CONFIG_MMU | |
1da177e4 | 679 | result = decompress_exec(bprm, text_len, (char *) datapos, |
3dc20cb2 | 680 | full_data, 0); |
472f95f3 NP |
681 | #else |
682 | char *unz_data = vmalloc(full_data); | |
683 | if (!unz_data) { | |
684 | result = -ENOMEM; | |
685 | } else { | |
686 | result = decompress_exec(bprm, text_len, | |
687 | unz_data, full_data, 0); | |
688 | if (result == 0 && | |
689 | copy_to_user((void __user *)datapos, | |
690 | unz_data, full_data)) | |
691 | result = -EFAULT; | |
692 | vfree(unz_data); | |
693 | } | |
1da177e4 | 694 | #endif |
472f95f3 NP |
695 | } |
696 | } else | |
697 | #endif /* CONFIG_BINFMT_ZFLAT */ | |
1da177e4 | 698 | { |
3dc20cb2 AV |
699 | result = read_code(bprm->file, textpos, 0, text_len); |
700 | if (!IS_ERR_VALUE(result)) | |
701 | result = read_code(bprm->file, datapos, | |
702 | ntohl(hdr->data_start), | |
703 | full_data); | |
1da177e4 | 704 | } |
0b8c78f2 | 705 | if (IS_ERR_VALUE(result)) { |
13c3f50c | 706 | ret = result; |
4adbb6ac | 707 | pr_err("Unable to read code+data+bss, errno %d\n", ret); |
a2357223 | 708 | vm_munmap(textpos, text_len + data_len + extra); |
df88912a | 709 | goto err; |
1da177e4 LT |
710 | } |
711 | } | |
712 | ||
13c3f50c NP |
713 | start_code = textpos + sizeof(struct flat_hdr); |
714 | end_code = textpos + text_len; | |
715 | text_len -= sizeof(struct flat_hdr); /* the real code len */ | |
1da177e4 LT |
716 | |
717 | /* The main program needs a little extra setup in the task structure */ | |
1da177e4 LT |
718 | if (id == 0) { |
719 | current->mm->start_code = start_code; | |
720 | current->mm->end_code = end_code; | |
721 | current->mm->start_data = datapos; | |
722 | current->mm->end_data = datapos + data_len; | |
723 | /* | |
724 | * set up the brk stuff, uses any slack left in data/bss/stack | |
725 | * allocation. We put the brk after the bss (between the bss | |
726 | * and stack) like other platforms. | |
0f3e442a DH |
727 | * Userspace code relies on the stack pointer starting out at |
728 | * an address right at the end of a page. | |
1da177e4 LT |
729 | */ |
730 | current->mm->start_brk = datapos + data_len + bss_len; | |
731 | current->mm->brk = (current->mm->start_brk + 3) & ~3; | |
015feacf | 732 | #ifndef CONFIG_MMU |
0f3e442a | 733 | current->mm->context.end_brk = memp + memp_size - stack_len; |
015feacf | 734 | #endif |
1da177e4 LT |
735 | } |
736 | ||
13c3f50c | 737 | if (flags & FLAT_FLAG_KTRACE) { |
4adbb6ac NP |
738 | pr_info("Mapping is %lx, Entry point is %x, data_start is %x\n", |
739 | textpos, 0x00ffffff&ntohl(hdr->entry), ntohl(hdr->data_start)); | |
740 | pr_info("%s %s: TEXT=%lx-%lx DATA=%lx-%lx BSS=%lx-%lx\n", | |
741 | id ? "Lib" : "Load", bprm->filename, | |
742 | start_code, end_code, datapos, datapos + data_len, | |
743 | datapos + data_len, (datapos + data_len + bss_len + 3) & ~3); | |
13c3f50c | 744 | } |
1da177e4 LT |
745 | |
746 | /* Store the current module values into the global library structure */ | |
747 | libinfo->lib_list[id].start_code = start_code; | |
748 | libinfo->lib_list[id].start_data = datapos; | |
749 | libinfo->lib_list[id].start_brk = datapos + data_len + bss_len; | |
750 | libinfo->lib_list[id].text_len = text_len; | |
751 | libinfo->lib_list[id].loaded = 1; | |
752 | libinfo->lib_list[id].entry = (0x00ffffff & ntohl(hdr->entry)) + textpos; | |
753 | libinfo->lib_list[id].build_date = ntohl(hdr->build_date); | |
13c3f50c | 754 | |
1da177e4 LT |
755 | /* |
756 | * We just load the allocations into some temporary memory to | |
757 | * help simplify all this mumbo jumbo | |
758 | * | |
759 | * We've got two different sections of relocation entries. | |
25985edc | 760 | * The first is the GOT which resides at the beginning of the data segment |
1da177e4 LT |
761 | * and is terminated with a -1. This one can be relocated in place. |
762 | * The second is the extra relocation entries tacked after the image's | |
763 | * data segment. These require a little more processing as the entry is | |
764 | * really an offset into the image which contains an offset into the | |
765 | * image. | |
766 | */ | |
767 | if (flags & FLAT_FLAG_GOTPIC) { | |
468138d7 AV |
768 | for (rp = (u32 __user *)datapos; ; rp++) { |
769 | u32 addr, rp_val; | |
6e572ffe NP |
770 | if (get_user(rp_val, rp)) |
771 | return -EFAULT; | |
772 | if (rp_val == 0xffffffff) | |
773 | break; | |
774 | if (rp_val) { | |
775 | addr = calc_reloc(rp_val, libinfo, id, 0); | |
1ad3dcc0 LY |
776 | if (addr == RELOC_FAILED) { |
777 | ret = -ENOEXEC; | |
df88912a | 778 | goto err; |
1ad3dcc0 | 779 | } |
6e572ffe NP |
780 | if (put_user(addr, rp)) |
781 | return -EFAULT; | |
1da177e4 LT |
782 | } |
783 | } | |
784 | } | |
785 | ||
786 | /* | |
787 | * Now run through the relocation entries. | |
788 | * We've got to be careful here as C++ produces relocatable zero | |
789 | * entries in the constructor and destructor tables which are then | |
790 | * tested for being not zero (which will always occur unless we're | |
791 | * based from address zero). This causes an endless loop as __start | |
792 | * is at zero. The solution used is to not relocate zero addresses. | |
793 | * This has the negative side effect of not allowing a global data | |
794 | * reference to be statically initialised to _stext (I've moved | |
795 | * __start to address 4 so that is okay). | |
796 | */ | |
797 | if (rev > OLD_FLAT_VERSION) { | |
13c3f50c | 798 | for (i = 0; i < relocs; i++) { |
468138d7 | 799 | u32 addr, relval; |
3b977718 | 800 | __be32 tmp; |
1da177e4 | 801 | |
13c3f50c NP |
802 | /* |
803 | * Get the address of the pointer to be | |
804 | * relocated (of course, the address has to be | |
805 | * relocated first). | |
806 | */ | |
3b977718 | 807 | if (get_user(tmp, reloc + i)) |
6e572ffe | 808 | return -EFAULT; |
3b977718 | 809 | relval = ntohl(tmp); |
1da177e4 | 810 | addr = flat_get_relocate_addr(relval); |
468138d7 AV |
811 | rp = (u32 __user *)calc_reloc(addr, libinfo, id, 1); |
812 | if (rp == (u32 __user *)RELOC_FAILED) { | |
1ad3dcc0 | 813 | ret = -ENOEXEC; |
df88912a | 814 | goto err; |
1ad3dcc0 | 815 | } |
1da177e4 LT |
816 | |
817 | /* Get the pointer's value. */ | |
6843d8aa | 818 | ret = flat_get_addr_from_rp(rp, relval, flags, &addr); |
468138d7 AV |
819 | if (unlikely(ret)) |
820 | goto err; | |
821 | ||
1da177e4 LT |
822 | if (addr != 0) { |
823 | /* | |
824 | * Do the relocation. PIC relocs in the data section are | |
825 | * already in target order | |
826 | */ | |
3b977718 CH |
827 | if ((flags & FLAT_FLAG_GOTPIC) == 0) { |
828 | /* | |
829 | * Meh, the same value can have a different | |
830 | * byte order based on a flag.. | |
831 | */ | |
832 | addr = ntohl((__force __be32)addr); | |
833 | } | |
1da177e4 | 834 | addr = calc_reloc(addr, libinfo, id, 0); |
1ad3dcc0 LY |
835 | if (addr == RELOC_FAILED) { |
836 | ret = -ENOEXEC; | |
df88912a | 837 | goto err; |
1ad3dcc0 | 838 | } |
1da177e4 LT |
839 | |
840 | /* Write back the relocated pointer. */ | |
468138d7 AV |
841 | ret = flat_put_addr_at_rp(rp, addr, relval); |
842 | if (unlikely(ret)) | |
843 | goto err; | |
1da177e4 LT |
844 | } |
845 | } | |
cf9a566c | 846 | #ifdef CONFIG_BINFMT_FLAT_OLD |
1da177e4 | 847 | } else { |
1b2ce442 | 848 | for (i = 0; i < relocs; i++) { |
3b977718 | 849 | __be32 relval; |
1b2ce442 NP |
850 | if (get_user(relval, reloc + i)) |
851 | return -EFAULT; | |
3b977718 | 852 | old_reloc(ntohl(relval)); |
1b2ce442 | 853 | } |
cf9a566c | 854 | #endif /* CONFIG_BINFMT_FLAT_OLD */ |
1da177e4 | 855 | } |
13c3f50c | 856 | |
1da177e4 LT |
857 | flush_icache_range(start_code, end_code); |
858 | ||
859 | /* zero the BSS, BRK and stack areas */ | |
467aa146 NP |
860 | if (clear_user((void __user *)(datapos + data_len), bss_len + |
861 | (memp + memp_size - stack_len - /* end brk */ | |
862 | libinfo->lib_list[id].start_brk) + /* start brk */ | |
863 | stack_len)) | |
864 | return -EFAULT; | |
1da177e4 LT |
865 | |
866 | return 0; | |
1ad3dcc0 LY |
867 | err: |
868 | return ret; | |
1da177e4 LT |
869 | } |
870 | ||
871 | ||
872 | /****************************************************************************/ | |
873 | #ifdef CONFIG_BINFMT_SHARED_FLAT | |
874 | ||
875 | /* | |
876 | * Load a shared library into memory. The library gets its own data | |
877 | * segment (including bss) but not argv/argc/environ. | |
878 | */ | |
879 | ||
880 | static int load_flat_shared_library(int id, struct lib_info *libs) | |
881 | { | |
867bfa4a JH |
882 | /* |
883 | * This is a fake bprm struct; only the members "buf", "file" and | |
884 | * "filename" are actually used. | |
885 | */ | |
1da177e4 LT |
886 | struct linux_binprm bprm; |
887 | int res; | |
888 | char buf[16]; | |
867bfa4a | 889 | loff_t pos = 0; |
1da177e4 | 890 | |
3a852d3b DH |
891 | memset(&bprm, 0, sizeof(bprm)); |
892 | ||
1da177e4 LT |
893 | /* Create the file name */ |
894 | sprintf(buf, "/lib/lib%d.so", id); | |
895 | ||
896 | /* Open the file up */ | |
897 | bprm.filename = buf; | |
898 | bprm.file = open_exec(bprm.filename); | |
899 | res = PTR_ERR(bprm.file); | |
900 | if (IS_ERR(bprm.file)) | |
901 | return res; | |
902 | ||
867bfa4a | 903 | res = kernel_read(bprm.file, bprm.buf, BINPRM_BUF_SIZE, &pos); |
1da177e4 | 904 | |
867bfa4a | 905 | if (res >= 0) |
1da177e4 | 906 | res = load_flat_file(&bprm, libs, id, NULL); |
3440625d | 907 | |
3440625d LT |
908 | allow_write_access(bprm.file); |
909 | fput(bprm.file); | |
910 | ||
13c3f50c | 911 | return res; |
1da177e4 LT |
912 | } |
913 | ||
914 | #endif /* CONFIG_BINFMT_SHARED_FLAT */ | |
915 | /****************************************************************************/ | |
916 | ||
917 | /* | |
918 | * These are the functions used to load flat style executables and shared | |
919 | * libraries. There is no binary dependent code anywhere else. | |
920 | */ | |
921 | ||
13c3f50c | 922 | static int load_flat_binary(struct linux_binprm *bprm) |
1da177e4 LT |
923 | { |
924 | struct lib_info libinfo; | |
71613c3b | 925 | struct pt_regs *regs = current_pt_regs(); |
015feacf | 926 | unsigned long stack_len = 0; |
1da177e4 | 927 | unsigned long start_addr; |
1da177e4 LT |
928 | int res; |
929 | int i, j; | |
930 | ||
931 | memset(&libinfo, 0, sizeof(libinfo)); | |
13c3f50c | 932 | |
1da177e4 LT |
933 | /* |
934 | * We have to add the size of our arguments to our stack size | |
935 | * otherwise it's too easy for users to create stack overflows | |
936 | * by passing in a huge argument list. And yes, we have to be | |
937 | * pedantic and include space for the argv/envp array as it may have | |
938 | * a lot of entries. | |
939 | */ | |
015feacf NP |
940 | #ifndef CONFIG_MMU |
941 | stack_len += PAGE_SIZE * MAX_ARG_PAGES - bprm->p; /* the strings */ | |
942 | #endif | |
a97d157d NP |
943 | stack_len += (bprm->argc + 1) * sizeof(char *); /* the argv array */ |
944 | stack_len += (bprm->envc + 1) * sizeof(char *); /* the envp array */ | |
945 | stack_len = ALIGN(stack_len, FLAT_STACK_ALIGN); | |
13c3f50c | 946 | |
1da177e4 | 947 | res = load_flat_file(bprm, &libinfo, 0, &stack_len); |
287980e4 | 948 | if (res < 0) |
1da177e4 | 949 | return res; |
13c3f50c | 950 | |
1da177e4 | 951 | /* Update data segment pointers for all libraries */ |
af521f92 NP |
952 | for (i = 0; i < MAX_SHARED_LIBS; i++) { |
953 | if (!libinfo.lib_list[i].loaded) | |
954 | continue; | |
955 | for (j = 0; j < MAX_SHARED_LIBS; j++) { | |
956 | unsigned long val = libinfo.lib_list[j].loaded ? | |
957 | libinfo.lib_list[j].start_data : UNLOADED_LIB; | |
958 | unsigned long __user *p = (unsigned long __user *) | |
959 | libinfo.lib_list[i].start_data; | |
960 | p -= j + 1; | |
961 | if (put_user(val, p)) | |
962 | return -EFAULT; | |
963 | } | |
964 | } | |
1da177e4 | 965 | |
a6f76f23 | 966 | install_exec_creds(bprm); |
1da177e4 LT |
967 | |
968 | set_binfmt(&flat_format); | |
969 | ||
015feacf NP |
970 | #ifdef CONFIG_MMU |
971 | res = setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT); | |
972 | if (!res) | |
973 | res = create_flat_tables(bprm, bprm->p); | |
974 | #else | |
a97d157d NP |
975 | /* Stash our initial stack pointer into the mm structure */ |
976 | current->mm->start_stack = | |
977 | ((current->mm->context.end_brk + stack_len + 3) & ~3) - 4; | |
978 | pr_debug("sp=%lx\n", current->mm->start_stack); | |
1da177e4 | 979 | |
687fd773 | 980 | /* copy the arg pages onto the stack */ |
a97d157d NP |
981 | res = transfer_args_to_stack(bprm, ¤t->mm->start_stack); |
982 | if (!res) | |
983 | res = create_flat_tables(bprm, current->mm->start_stack); | |
015feacf | 984 | #endif |
687fd773 NP |
985 | if (res) |
986 | return res; | |
1da177e4 | 987 | |
1da177e4 LT |
988 | /* Fake some return addresses to ensure the call chain will |
989 | * initialise library in order for us. We are required to call | |
990 | * lib 1 first, then 2, ... and finally the main program (id 0). | |
991 | */ | |
992 | start_addr = libinfo.lib_list[0].entry; | |
993 | ||
994 | #ifdef CONFIG_BINFMT_SHARED_FLAT | |
13c3f50c | 995 | for (i = MAX_SHARED_LIBS-1; i > 0; i--) { |
1da177e4 LT |
996 | if (libinfo.lib_list[i].loaded) { |
997 | /* Push previos first to call address */ | |
a97d157d NP |
998 | unsigned long __user *sp; |
999 | current->mm->start_stack -= sizeof(unsigned long); | |
1000 | sp = (unsigned long __user *)current->mm->start_stack; | |
1001 | __put_user(start_addr, sp); | |
1da177e4 LT |
1002 | start_addr = libinfo.lib_list[i].entry; |
1003 | } | |
1004 | } | |
1005 | #endif | |
13c3f50c | 1006 | |
74c27c43 TY |
1007 | #ifdef FLAT_PLAT_INIT |
1008 | FLAT_PLAT_INIT(regs); | |
1009 | #endif | |
13c3f50c | 1010 | |
b8383831 | 1011 | finalize_exec(bprm); |
4adbb6ac NP |
1012 | pr_debug("start_thread(regs=0x%p, entry=0x%lx, start_stack=0x%lx)\n", |
1013 | regs, start_addr, current->mm->start_stack); | |
1da177e4 LT |
1014 | start_thread(regs, start_addr, current->mm->start_stack); |
1015 | ||
1da177e4 LT |
1016 | return 0; |
1017 | } | |
1018 | ||
1019 | /****************************************************************************/ | |
1020 | ||
1021 | static int __init init_flat_binfmt(void) | |
1022 | { | |
8fc3dc5a AV |
1023 | register_binfmt(&flat_format); |
1024 | return 0; | |
1da177e4 | 1025 | } |
1da177e4 | 1026 | core_initcall(init_flat_binfmt); |
1da177e4 LT |
1027 | |
1028 | /****************************************************************************/ |