• Will Deacon's avatar
    ARM: 7791/1: a.out: remove partial a.out support · acfdd4b1
    Will Deacon authored
    a.out support on ARM requires that argc, argv and envp are passed in
    r0-r2 respectively, which requires hacking load_aout_binary to
    prevent argc being clobbered by the return code. Whilst mainline kernels
    do set the registers up in start_thread, the aout loader has never
    carried the hack in mainline.
    
    Initialising the registers in this way actually goes against the libc
    expectations for ELF binaries, where argc, argv and envp are passed on
    the stack, with r0 being used to hold a pointer to an exit function for
    cleaning up after the dynamic linker if required. If the pointer is
    NULL, then it is ignored. When execing an ELF binary, Linux currently
    zeroes r0, then sets it to argc and then finally clobbers it with the
    return value of the execve syscall, so we actually end up with:
    
    	r0 = 0
    	stack[0] = argc
    	r1 = stack[1] = argv
    	r2 = stack[2] = envp
    
    libc treats r1 and r2 as undefined. The clobbering of r0 by sys_execve
    works for user-spawned threads, but when executing an ELF binary from a
    kernel thread (via call_usermodehelper), the execve is performed on the
    ret_from_fork path, which restores r0 from the saved pt_regs, resulting
    in argc being presented to the C library. This has horrible consequences
    when the application exits, since we have an exit function registered
    using argc, resulting in a jump to hyperspace.
    
    This patch solves the problem by removing the partial a.out support from
    arch/arm/ altogether.
    
    Cc: <stable@vger.kernel.org>
    Cc: Ashish Sangwan <ashishsangwan2@gmail.com>
    Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
    Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
    acfdd4b1
processor.h 2.62 KB