4 * Copyright (C) 1997 Richard Günther
6 * binfmt_misc detects binaries via a magic or filename extension and invokes
7 * a specified wrapper. See Documentation/binfmt_misc.txt for more details.
10 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
12 #include <linux/kernel.h>
13 #include <linux/module.h>
14 #include <linux/init.h>
15 #include <linux/sched.h>
16 #include <linux/magic.h>
17 #include <linux/binfmts.h>
18 #include <linux/slab.h>
19 #include <linux/ctype.h>
20 #include <linux/string_helpers.h>
21 #include <linux/file.h>
22 #include <linux/pagemap.h>
23 #include <linux/namei.h>
24 #include <linux/mount.h>
25 #include <linux/syscalls.h>
27 #include <linux/uaccess.h>
38 VERBOSE_STATUS = 1 /* make it zero to save 400 bytes kernel memory */
41 static LIST_HEAD(entries);
42 static int enabled = 1;
44 enum {Enabled, Magic};
45 #define MISC_FMT_PRESERVE_ARGV0 (1 << 31)
46 #define MISC_FMT_OPEN_BINARY (1 << 30)
47 #define MISC_FMT_CREDENTIALS (1 << 29)
48 #define MISC_FMT_OPEN_FILE (1 << 28)
51 struct list_head list;
52 unsigned long flags; /* type, status, etc. */
53 int offset; /* offset of magic */
54 int size; /* size of magic/mask */
55 char *magic; /* magic or filename extension */
56 char *mask; /* mask, NULL for exact match */
57 char *interpreter; /* filename of interpreter */
59 struct dentry *dentry;
60 struct file *interp_file;
63 static DEFINE_RWLOCK(entries_lock);
64 static struct file_system_type bm_fs_type;
65 static struct vfsmount *bm_mnt;
66 static int entry_count;
69 * Max length of the register string. Determined by:
73 * - offset: 3 bytes (has to be smaller than BINPRM_BUF_SIZE)
74 * - magic: 128 bytes (512 in escaped form)
75 * - mask: 128 bytes (512 in escaped form)
78 * Round that up a bit, and then back off to hold the internal data
81 #define MAX_REGISTER_LENGTH 1920
84 * Check if we support the binfmt
85 * if we do, return the node, else NULL
86 * locking is done in load_misc_binary
88 static Node *check_file(struct linux_binprm *bprm)
90 char *p = strrchr(bprm->interp, '.');
93 /* Walk all the registered handlers. */
94 list_for_each(l, &entries) {
95 Node *e = list_entry(l, Node, list);
99 /* Make sure this one is currently enabled. */
100 if (!test_bit(Enabled, &e->flags))
103 /* Do matching based on extension if applicable. */
104 if (!test_bit(Magic, &e->flags)) {
105 if (p && !strcmp(e->magic, p + 1))
110 /* Do matching based on magic & mask. */
111 s = bprm->buf + e->offset;
113 for (j = 0; j < e->size; j++)
114 if ((*s++ ^ e->magic[j]) & e->mask[j])
117 for (j = 0; j < e->size; j++)
118 if ((*s++ ^ e->magic[j]))
130 static int load_misc_binary(struct linux_binprm *bprm)
133 struct file *interp_file = NULL;
134 char iname[BINPRM_BUF_SIZE];
135 const char *iname_addr = iname;
143 /* to keep locking time low, we copy the interpreter string */
144 read_lock(&entries_lock);
145 fmt = check_file(bprm);
147 strlcpy(iname, fmt->interpreter, BINPRM_BUF_SIZE);
148 read_unlock(&entries_lock);
152 /* Need to be able to load the file after exec */
153 if (bprm->interp_flags & BINPRM_FLAGS_PATH_INACCESSIBLE)
156 if (!(fmt->flags & MISC_FMT_PRESERVE_ARGV0)) {
157 retval = remove_arg_zero(bprm);
162 if (fmt->flags & MISC_FMT_OPEN_BINARY) {
164 /* if the binary should be opened on behalf of the
165 * interpreter than keep it open and assign descriptor
168 fd_binary = get_unused_fd_flags(0);
173 fd_install(fd_binary, bprm->file);
175 /* if the binary is not readable than enforce mm->dumpable=0
176 regardless of the interpreter's permissions */
177 would_dump(bprm, bprm->file);
179 allow_write_access(bprm->file);
182 /* mark the bprm that fd should be passed to interp */
183 bprm->interp_flags |= BINPRM_FLAGS_EXECFD;
184 bprm->interp_data = fd_binary;
187 allow_write_access(bprm->file);
191 /* make argv[1] be the path to the binary */
192 retval = copy_strings_kernel(1, &bprm->interp, bprm);
197 /* add the interp as argv[0] */
198 retval = copy_strings_kernel(1, &iname_addr, bprm);
203 /* Update interp in case binfmt_script needs it. */
204 retval = bprm_change_interp(iname, bprm);
208 if (fmt->flags & MISC_FMT_OPEN_FILE && fmt->interp_file) {
209 interp_file = filp_clone_open(fmt->interp_file);
210 if (!IS_ERR(interp_file))
211 deny_write_access(interp_file);
213 interp_file = open_exec(iname);
215 retval = PTR_ERR(interp_file);
216 if (IS_ERR(interp_file))
219 bprm->file = interp_file;
220 if (fmt->flags & MISC_FMT_CREDENTIALS) {
222 * No need to call prepare_binprm(), it's already been
223 * done. bprm->buf is stale, update from interp_file.
225 memset(bprm->buf, 0, BINPRM_BUF_SIZE);
226 retval = kernel_read(bprm->file, 0, bprm->buf, BINPRM_BUF_SIZE);
228 retval = prepare_binprm(bprm);
233 retval = search_binary_handler(bprm);
241 sys_close(fd_binary);
242 bprm->interp_flags = 0;
243 bprm->interp_data = 0;
247 /* Command parsers */
250 * parses and copies one argument enclosed in del from *sp to *dp,
251 * recognising the \x special.
252 * returns pointer to the copied argument or NULL in case of an
253 * error (and sets err) or null argument length.
255 static char *scanarg(char *s, char del)
259 while ((c = *s++) != del) {
260 if (c == '\\' && *s == 'x') {
272 static char *check_special_flags(char *sfs, Node *e)
281 pr_debug("register: flag: P (preserve argv0)\n");
283 e->flags |= MISC_FMT_PRESERVE_ARGV0;
286 pr_debug("register: flag: O (open binary)\n");
288 e->flags |= MISC_FMT_OPEN_BINARY;
291 pr_debug("register: flag: C (preserve creds)\n");
293 /* this flags also implies the
295 e->flags |= (MISC_FMT_CREDENTIALS |
296 MISC_FMT_OPEN_BINARY);
299 pr_debug("register: flag: F: open interpreter file now\n");
301 e->flags |= MISC_FMT_OPEN_FILE;
312 * This registers a new binary format, it recognises the syntax
313 * ':name:type:offset:magic:mask:interpreter:flags'
314 * where the ':' is the IFS, that can be chosen with the first char
316 static Node *create_entry(const char __user *buffer, size_t count)
323 pr_debug("register: received %zu bytes\n", count);
325 /* some sanity checks */
327 if ((count < 11) || (count > MAX_REGISTER_LENGTH))
331 memsize = sizeof(Node) + count + 8;
332 e = kmalloc(memsize, GFP_KERNEL);
336 p = buf = (char *)e + sizeof(Node);
338 memset(e, 0, sizeof(Node));
339 if (copy_from_user(buf, buffer, count))
342 del = *p++; /* delimeter */
344 pr_debug("register: delim: %#x {%c}\n", del, del);
346 /* Pad the buffer with the delim to simplify parsing below. */
347 memset(buf + count, del, 8);
349 /* Parse the 'name' field. */
356 !strcmp(e->name, ".") ||
357 !strcmp(e->name, "..") ||
358 strchr(e->name, '/'))
361 pr_debug("register: name: {%s}\n", e->name);
363 /* Parse the 'type' field. */
366 pr_debug("register: type: E (extension)\n");
367 e->flags = 1 << Enabled;
370 pr_debug("register: type: M (magic)\n");
371 e->flags = (1 << Enabled) | (1 << Magic);
379 if (test_bit(Magic, &e->flags)) {
380 /* Handle the 'M' (magic) format. */
383 /* Parse the 'offset' field. */
389 int r = kstrtoint(p, 10, &e->offset);
390 if (r != 0 || e->offset < 0)
396 pr_debug("register: offset: %#x\n", e->offset);
398 /* Parse the 'magic' field. */
406 print_hex_dump_bytes(
407 KBUILD_MODNAME ": register: magic[raw]: ",
408 DUMP_PREFIX_NONE, e->magic, p - e->magic);
410 /* Parse the 'mask' field. */
417 pr_debug("register: mask[raw]: none\n");
418 } else if (USE_DEBUG)
419 print_hex_dump_bytes(
420 KBUILD_MODNAME ": register: mask[raw]: ",
421 DUMP_PREFIX_NONE, e->mask, p - e->mask);
424 * Decode the magic & mask fields.
425 * Note: while we might have accepted embedded NUL bytes from
426 * above, the unescape helpers here will stop at the first one
429 e->size = string_unescape_inplace(e->magic, UNESCAPE_HEX);
431 string_unescape_inplace(e->mask, UNESCAPE_HEX) != e->size)
433 if (e->size > BINPRM_BUF_SIZE ||
434 BINPRM_BUF_SIZE - e->size < e->offset)
436 pr_debug("register: magic/mask length: %i\n", e->size);
438 print_hex_dump_bytes(
439 KBUILD_MODNAME ": register: magic[decoded]: ",
440 DUMP_PREFIX_NONE, e->magic, e->size);
444 char *masked = kmalloc(e->size, GFP_KERNEL);
446 print_hex_dump_bytes(
447 KBUILD_MODNAME ": register: mask[decoded]: ",
448 DUMP_PREFIX_NONE, e->mask, e->size);
451 for (i = 0; i < e->size; ++i)
452 masked[i] = e->magic[i] & e->mask[i];
453 print_hex_dump_bytes(
454 KBUILD_MODNAME ": register: magic[masked]: ",
455 DUMP_PREFIX_NONE, masked, e->size);
462 /* Handle the 'E' (extension) format. */
464 /* Skip the 'offset' field. */
470 /* Parse the 'magic' field. */
476 if (!e->magic[0] || strchr(e->magic, '/'))
478 pr_debug("register: extension: {%s}\n", e->magic);
480 /* Skip the 'mask' field. */
487 /* Parse the 'interpreter' field. */
493 if (!e->interpreter[0])
495 pr_debug("register: interpreter: {%s}\n", e->interpreter);
497 /* Parse the 'flags' field. */
498 p = check_special_flags(p, e);
501 if (p != buf + count)
511 return ERR_PTR(-EFAULT);
514 return ERR_PTR(-EINVAL);
518 * Set status of entry/binfmt_misc:
519 * '1' enables, '0' disables and '-1' clears entry/binfmt_misc
521 static int parse_command(const char __user *buffer, size_t count)
527 if (copy_from_user(s, buffer, count))
531 if (s[count - 1] == '\n')
533 if (count == 1 && s[0] == '0')
535 if (count == 1 && s[0] == '1')
537 if (count == 2 && s[0] == '-' && s[1] == '1')
544 static void entry_status(Node *e, char *page)
547 const char *status = "disabled";
549 if (test_bit(Enabled, &e->flags))
552 if (!VERBOSE_STATUS) {
553 sprintf(page, "%s\n", status);
557 dp += sprintf(dp, "%s\ninterpreter %s\n", status, e->interpreter);
559 /* print the special flags */
560 dp += sprintf(dp, "flags: ");
561 if (e->flags & MISC_FMT_PRESERVE_ARGV0)
563 if (e->flags & MISC_FMT_OPEN_BINARY)
565 if (e->flags & MISC_FMT_CREDENTIALS)
567 if (e->flags & MISC_FMT_OPEN_FILE)
571 if (!test_bit(Magic, &e->flags)) {
572 sprintf(dp, "extension .%s\n", e->magic);
574 dp += sprintf(dp, "offset %i\nmagic ", e->offset);
575 dp = bin2hex(dp, e->magic, e->size);
577 dp += sprintf(dp, "\nmask ");
578 dp = bin2hex(dp, e->mask, e->size);
585 static struct inode *bm_get_inode(struct super_block *sb, int mode)
587 struct inode *inode = new_inode(sb);
590 inode->i_ino = get_next_ino();
591 inode->i_mode = mode;
592 inode->i_atime = inode->i_mtime = inode->i_ctime =
598 static void bm_evict_inode(struct inode *inode)
601 kfree(inode->i_private);
604 static void kill_node(Node *e)
606 struct dentry *dentry;
608 write_lock(&entries_lock);
611 list_del_init(&e->list);
614 write_unlock(&entries_lock);
616 if ((e->flags & MISC_FMT_OPEN_FILE) && e->interp_file) {
617 filp_close(e->interp_file, NULL);
618 e->interp_file = NULL;
622 drop_nlink(d_inode(dentry));
625 simple_release_fs(&bm_mnt, &entry_count);
632 bm_entry_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
634 Node *e = file_inode(file)->i_private;
638 page = (char *) __get_free_page(GFP_KERNEL);
642 entry_status(e, page);
644 res = simple_read_from_buffer(buf, nbytes, ppos, page, strlen(page));
646 free_page((unsigned long) page);
650 static ssize_t bm_entry_write(struct file *file, const char __user *buffer,
651 size_t count, loff_t *ppos)
654 Node *e = file_inode(file)->i_private;
655 int res = parse_command(buffer, count);
659 /* Disable this handler. */
660 clear_bit(Enabled, &e->flags);
663 /* Enable this handler. */
664 set_bit(Enabled, &e->flags);
667 /* Delete this handler. */
668 root = file_inode(file)->i_sb->s_root;
669 inode_lock(d_inode(root));
673 inode_unlock(d_inode(root));
682 static const struct file_operations bm_entry_operations = {
683 .read = bm_entry_read,
684 .write = bm_entry_write,
685 .llseek = default_llseek,
690 static ssize_t bm_register_write(struct file *file, const char __user *buffer,
691 size_t count, loff_t *ppos)
695 struct super_block *sb = file_inode(file)->i_sb;
696 struct dentry *root = sb->s_root, *dentry;
698 struct file *f = NULL;
700 e = create_entry(buffer, count);
705 if (e->flags & MISC_FMT_OPEN_FILE) {
706 f = open_exec(e->interpreter);
708 pr_notice("register: failed to install interpreter file %s\n",
716 inode_lock(d_inode(root));
717 dentry = lookup_one_len(e->name, root, strlen(e->name));
718 err = PTR_ERR(dentry);
723 if (d_really_is_positive(dentry))
726 inode = bm_get_inode(sb, S_IFREG | 0644);
732 err = simple_pin_fs(&bm_fs_type, &bm_mnt, &entry_count);
739 e->dentry = dget(dentry);
740 inode->i_private = e;
741 inode->i_fop = &bm_entry_operations;
743 d_instantiate(dentry, inode);
744 write_lock(&entries_lock);
745 list_add(&e->list, &entries);
746 write_unlock(&entries_lock);
752 inode_unlock(d_inode(root));
763 static const struct file_operations bm_register_operations = {
764 .write = bm_register_write,
765 .llseek = noop_llseek,
771 bm_status_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
773 char *s = enabled ? "enabled\n" : "disabled\n";
775 return simple_read_from_buffer(buf, nbytes, ppos, s, strlen(s));
778 static ssize_t bm_status_write(struct file *file, const char __user *buffer,
779 size_t count, loff_t *ppos)
781 int res = parse_command(buffer, count);
786 /* Disable all handlers. */
790 /* Enable all handlers. */
794 /* Delete all handlers. */
795 root = file_inode(file)->i_sb->s_root;
796 inode_lock(d_inode(root));
798 while (!list_empty(&entries))
799 kill_node(list_entry(entries.next, Node, list));
801 inode_unlock(d_inode(root));
810 static const struct file_operations bm_status_operations = {
811 .read = bm_status_read,
812 .write = bm_status_write,
813 .llseek = default_llseek,
816 /* Superblock handling */
818 static const struct super_operations s_ops = {
819 .statfs = simple_statfs,
820 .evict_inode = bm_evict_inode,
823 static int bm_fill_super(struct super_block *sb, void *data, int silent)
826 static struct tree_descr bm_files[] = {
827 [2] = {"status", &bm_status_operations, S_IWUSR|S_IRUGO},
828 [3] = {"register", &bm_register_operations, S_IWUSR},
832 err = simple_fill_super(sb, BINFMTFS_MAGIC, bm_files);
838 static struct dentry *bm_mount(struct file_system_type *fs_type,
839 int flags, const char *dev_name, void *data)
841 return mount_single(fs_type, flags, data, bm_fill_super);
844 static struct linux_binfmt misc_format = {
845 .module = THIS_MODULE,
846 .load_binary = load_misc_binary,
849 static struct file_system_type bm_fs_type = {
850 .owner = THIS_MODULE,
851 .name = "binfmt_misc",
853 .kill_sb = kill_litter_super,
855 MODULE_ALIAS_FS("binfmt_misc");
857 static int __init init_misc_binfmt(void)
859 int err = register_filesystem(&bm_fs_type);
861 insert_binfmt(&misc_format);
865 static void __exit exit_misc_binfmt(void)
867 unregister_binfmt(&misc_format);
868 unregister_filesystem(&bm_fs_type);
871 core_initcall(init_misc_binfmt);
872 module_exit(exit_misc_binfmt);
873 MODULE_LICENSE("GPL");
projects / releases.git / blob