kern_exec.c revision 1.282 1 /* $NetBSD: kern_exec.c,v 1.282 2008/11/19 18:36:06 ad Exp $ */
2
3 /*-
4 * Copyright (c) 2008 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
18 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
20 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26 * POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 /*-
30 * Copyright (C) 1993, 1994, 1996 Christopher G. Demetriou
31 * Copyright (C) 1992 Wolfgang Solfrank.
32 * Copyright (C) 1992 TooLs GmbH.
33 * All rights reserved.
34 *
35 * Redistribution and use in source and binary forms, with or without
36 * modification, are permitted provided that the following conditions
37 * are met:
38 * 1. Redistributions of source code must retain the above copyright
39 * notice, this list of conditions and the following disclaimer.
40 * 2. Redistributions in binary form must reproduce the above copyright
41 * notice, this list of conditions and the following disclaimer in the
42 * documentation and/or other materials provided with the distribution.
43 * 3. All advertising materials mentioning features or use of this software
44 * must display the following acknowledgement:
45 * This product includes software developed by TooLs GmbH.
46 * 4. The name of TooLs GmbH may not be used to endorse or promote products
47 * derived from this software without specific prior written permission.
48 *
49 * THIS SOFTWARE IS PROVIDED BY TOOLS GMBH ``AS IS'' AND ANY EXPRESS OR
50 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
51 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
52 * IN NO EVENT SHALL TOOLS GMBH BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
53 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
54 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
55 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
56 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
57 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
58 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
59 */
60
61 #include <sys/cdefs.h>
62 __KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.282 2008/11/19 18:36:06 ad Exp $");
63
64 #include "opt_ktrace.h"
65 #include "opt_syscall_debug.h"
66 #include "veriexec.h"
67 #include "opt_pax.h"
68 #include "opt_sa.h"
69
70 #include <sys/param.h>
71 #include <sys/systm.h>
72 #include <sys/filedesc.h>
73 #include <sys/kernel.h>
74 #include <sys/proc.h>
75 #include <sys/mount.h>
76 #include <sys/malloc.h>
77 #include <sys/kmem.h>
78 #include <sys/namei.h>
79 #include <sys/vnode.h>
80 #include <sys/file.h>
81 #include <sys/acct.h>
82 #include <sys/exec.h>
83 #include <sys/ktrace.h>
84 #include <sys/uidinfo.h>
85 #include <sys/wait.h>
86 #include <sys/mman.h>
87 #include <sys/ras.h>
88 #include <sys/signalvar.h>
89 #include <sys/stat.h>
90 #include <sys/syscall.h>
91 #include <sys/kauth.h>
92 #include <sys/lwpctl.h>
93 #include <sys/pax.h>
94 #include <sys/cpu.h>
95 #include <sys/module.h>
96 #include <sys/sa.h>
97 #include <sys/savar.h>
98 #include <sys/syscallargs.h>
99 #if NVERIEXEC > 0
100 #include <sys/verified_exec.h>
101 #endif /* NVERIEXEC > 0 */
102
103 #include <uvm/uvm_extern.h>
104
105 #include <machine/reg.h>
106
107 #include <compat/common/compat_util.h>
108
109 static int exec_sigcode_map(struct proc *, const struct emul *);
110
111 #ifdef DEBUG_EXEC
112 #define DPRINTF(a) uprintf a
113 #else
114 #define DPRINTF(a)
115 #endif /* DEBUG_EXEC */
116
117 /*
118 * Exec function switch:
119 *
120 * Note that each makecmds function is responsible for loading the
121 * exec package with the necessary functions for any exec-type-specific
122 * handling.
123 *
124 * Functions for specific exec types should be defined in their own
125 * header file.
126 */
127 static const struct execsw **execsw = NULL;
128 static int nexecs;
129
130 u_int exec_maxhdrsz; /* must not be static - used by netbsd32 */
131
132 /* list of dynamically loaded execsw entries */
133 static LIST_HEAD(execlist_head, exec_entry) ex_head =
134 LIST_HEAD_INITIALIZER(ex_head);
135 struct exec_entry {
136 LIST_ENTRY(exec_entry) ex_list;
137 SLIST_ENTRY(exec_entry) ex_slist;
138 const struct execsw *ex_sw;
139 };
140
141 #ifdef SYSCALL_DEBUG
142 extern const char * const syscallnames[];
143 #endif
144
145 #ifndef __HAVE_SYSCALL_INTERN
146 void syscall(void);
147 #endif
148
149 #ifdef KERN_SA
150 static struct sa_emul saemul_netbsd = {
151 sizeof(ucontext_t),
152 sizeof(struct sa_t),
153 sizeof(struct sa_t *),
154 NULL,
155 NULL,
156 cpu_upcall,
157 (void (*)(struct lwp *, void *))getucontext_sa,
158 sa_ucsp
159 };
160 #endif /* KERN_SA */
161
162 /* NetBSD emul struct */
163 struct emul emul_netbsd = {
164 "netbsd",
165 NULL, /* emulation path */
166 #ifndef __HAVE_MINIMAL_EMUL
167 EMUL_HAS_SYS___syscall,
168 NULL,
169 SYS_syscall,
170 SYS_NSYSENT,
171 #endif
172 sysent,
173 #ifdef SYSCALL_DEBUG
174 syscallnames,
175 #else
176 NULL,
177 #endif
178 sendsig,
179 trapsignal,
180 NULL,
181 NULL,
182 NULL,
183 NULL,
184 setregs,
185 NULL,
186 NULL,
187 NULL,
188 NULL,
189 NULL,
190 #ifdef __HAVE_SYSCALL_INTERN
191 syscall_intern,
192 #else
193 syscall,
194 #endif
195 NULL,
196 NULL,
197
198 uvm_default_mapaddr,
199 NULL,
200 #ifdef KERN_SA
201 &saemul_netbsd,
202 #else
203 NULL,
204 #endif
205 sizeof(ucontext_t),
206 startlwp,
207 };
208
209 /*
210 * Exec lock. Used to control access to execsw[] structures.
211 * This must not be static so that netbsd32 can access it, too.
212 */
213 krwlock_t exec_lock;
214
215 static kmutex_t sigobject_lock;
216
217 static void *
218 exec_pool_alloc(struct pool *pp, int flags)
219 {
220
221 return (void *)uvm_km_alloc(kernel_map, NCARGS, 0,
222 UVM_KMF_PAGEABLE | UVM_KMF_WAITVA);
223 }
224
225 static void
226 exec_pool_free(struct pool *pp, void *addr)
227 {
228
229 uvm_km_free(kernel_map, (vaddr_t)addr, NCARGS, UVM_KMF_PAGEABLE);
230 }
231
232 static struct pool exec_pool;
233
234 static struct pool_allocator exec_palloc = {
235 .pa_alloc = exec_pool_alloc,
236 .pa_free = exec_pool_free,
237 .pa_pagesz = NCARGS
238 };
239
240 /*
241 * check exec:
242 * given an "executable" described in the exec package's namei info,
243 * see what we can do with it.
244 *
245 * ON ENTRY:
246 * exec package with appropriate namei info
247 * lwp pointer of exec'ing lwp
248 * NO SELF-LOCKED VNODES
249 *
250 * ON EXIT:
251 * error: nothing held, etc. exec header still allocated.
252 * ok: filled exec package, executable's vnode (unlocked).
253 *
254 * EXEC SWITCH ENTRY:
255 * Locked vnode to check, exec package, proc.
256 *
257 * EXEC SWITCH EXIT:
258 * ok: return 0, filled exec package, executable's vnode (unlocked).
259 * error: destructive:
260 * everything deallocated execept exec header.
261 * non-destructive:
262 * error code, executable's vnode (unlocked),
263 * exec header unmodified.
264 */
265 int
266 /*ARGSUSED*/
267 check_exec(struct lwp *l, struct exec_package *epp)
268 {
269 int error, i;
270 struct vnode *vp;
271 struct nameidata *ndp;
272 size_t resid;
273
274 ndp = epp->ep_ndp;
275 ndp->ni_cnd.cn_nameiop = LOOKUP;
276 ndp->ni_cnd.cn_flags = FOLLOW | LOCKLEAF | SAVENAME | TRYEMULROOT;
277 /* first get the vnode */
278 if ((error = namei(ndp)) != 0)
279 return error;
280 epp->ep_vp = vp = ndp->ni_vp;
281
282 /* check access and type */
283 if (vp->v_type != VREG) {
284 error = EACCES;
285 goto bad1;
286 }
287 if ((error = VOP_ACCESS(vp, VEXEC, l->l_cred)) != 0)
288 goto bad1;
289
290 /* get attributes */
291 if ((error = VOP_GETATTR(vp, epp->ep_vap, l->l_cred)) != 0)
292 goto bad1;
293
294 /* Check mount point */
295 if (vp->v_mount->mnt_flag & MNT_NOEXEC) {
296 error = EACCES;
297 goto bad1;
298 }
299 if (vp->v_mount->mnt_flag & MNT_NOSUID)
300 epp->ep_vap->va_mode &= ~(S_ISUID | S_ISGID);
301
302 /* try to open it */
303 if ((error = VOP_OPEN(vp, FREAD, l->l_cred)) != 0)
304 goto bad1;
305
306 /* unlock vp, since we need it unlocked from here on out. */
307 VOP_UNLOCK(vp, 0);
308
309 #if NVERIEXEC > 0
310 error = veriexec_verify(l, vp, ndp->ni_cnd.cn_pnbuf,
311 epp->ep_flags & EXEC_INDIR ? VERIEXEC_INDIRECT : VERIEXEC_DIRECT,
312 NULL);
313 if (error)
314 goto bad2;
315 #endif /* NVERIEXEC > 0 */
316
317 #ifdef PAX_SEGVGUARD
318 error = pax_segvguard(l, vp, ndp->ni_cnd.cn_pnbuf, false);
319 if (error)
320 goto bad2;
321 #endif /* PAX_SEGVGUARD */
322
323 /* now we have the file, get the exec header */
324 error = vn_rdwr(UIO_READ, vp, epp->ep_hdr, epp->ep_hdrlen, 0,
325 UIO_SYSSPACE, 0, l->l_cred, &resid, NULL);
326 if (error)
327 goto bad2;
328 epp->ep_hdrvalid = epp->ep_hdrlen - resid;
329
330 /*
331 * Set up default address space limits. Can be overridden
332 * by individual exec packages.
333 *
334 * XXX probably should be all done in the exec packages.
335 */
336 epp->ep_vm_minaddr = VM_MIN_ADDRESS;
337 epp->ep_vm_maxaddr = VM_MAXUSER_ADDRESS;
338 /*
339 * set up the vmcmds for creation of the process
340 * address space
341 */
342 error = ENOEXEC;
343 for (i = 0; i < nexecs; i++) {
344 int newerror;
345
346 epp->ep_esch = execsw[i];
347 newerror = (*execsw[i]->es_makecmds)(l, epp);
348
349 if (!newerror) {
350 /* Seems ok: check that entry point is sane */
351 if (epp->ep_entry > VM_MAXUSER_ADDRESS) {
352 error = ENOEXEC;
353 break;
354 }
355
356 /* check limits */
357 if ((epp->ep_tsize > MAXTSIZ) ||
358 (epp->ep_dsize > (u_quad_t)l->l_proc->p_rlimit
359 [RLIMIT_DATA].rlim_cur)) {
360 error = ENOMEM;
361 break;
362 }
363 return 0;
364 }
365
366 if (epp->ep_emul_root != NULL) {
367 vrele(epp->ep_emul_root);
368 epp->ep_emul_root = NULL;
369 }
370 if (epp->ep_interp != NULL) {
371 vrele(epp->ep_interp);
372 epp->ep_interp = NULL;
373 }
374
375 /* make sure the first "interesting" error code is saved. */
376 if (error == ENOEXEC)
377 error = newerror;
378
379 if (epp->ep_flags & EXEC_DESTR)
380 /* Error from "#!" code, tidied up by recursive call */
381 return error;
382 }
383
384 /* not found, error */
385
386 /*
387 * free any vmspace-creation commands,
388 * and release their references
389 */
390 kill_vmcmds(&epp->ep_vmcmds);
391
392 bad2:
393 /*
394 * close and release the vnode, restore the old one, free the
395 * pathname buf, and punt.
396 */
397 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
398 VOP_CLOSE(vp, FREAD, l->l_cred);
399 vput(vp);
400 PNBUF_PUT(ndp->ni_cnd.cn_pnbuf);
401 return error;
402
403 bad1:
404 /*
405 * free the namei pathname buffer, and put the vnode
406 * (which we don't yet have open).
407 */
408 vput(vp); /* was still locked */
409 PNBUF_PUT(ndp->ni_cnd.cn_pnbuf);
410 return error;
411 }
412
413 #ifdef __MACHINE_STACK_GROWS_UP
414 #define STACK_PTHREADSPACE NBPG
415 #else
416 #define STACK_PTHREADSPACE 0
417 #endif
418
419 static int
420 execve_fetch_element(char * const *array, size_t index, char **value)
421 {
422 return copyin(array + index, value, sizeof(*value));
423 }
424
425 /*
426 * exec system call
427 */
428 /* ARGSUSED */
429 int
430 sys_execve(struct lwp *l, const struct sys_execve_args *uap, register_t *retval)
431 {
432 /* {
433 syscallarg(const char *) path;
434 syscallarg(char * const *) argp;
435 syscallarg(char * const *) envp;
436 } */
437
438 return execve1(l, SCARG(uap, path), SCARG(uap, argp),
439 SCARG(uap, envp), execve_fetch_element);
440 }
441
442 /*
443 * Load modules to try and execute an image that we do not understand.
444 * If no execsw entries are present, we load those likely to be needed
445 * in order to run native images only. Otherwise, we autoload all
446 * possible modules that could let us run the binary. XXX lame
447 */
448 static void
449 exec_autoload(void)
450 {
451 #ifdef MODULAR
452 static const char * const native[] = {
453 "exec_elf32",
454 "exec_elf64",
455 "exec_script",
456 NULL
457 };
458 static const char * const compat[] = {
459 "exec_elf32",
460 "exec_elf64",
461 "exec_script",
462 "exec_aout",
463 "exec_coff",
464 "exec_ecoff",
465 "compat_aoutm68k",
466 "compat_freebsd",
467 "compat_ibcs2",
468 "compat_irix",
469 "compat_linux",
470 "compat_linux32",
471 "compat_netbsd32",
472 "compat_sunos",
473 "compat_sunos32",
474 "compat_svr4",
475 "compat_svr4_32",
476 "compat_ultrix",
477 NULL
478 };
479 char const * const *list;
480 int i;
481
482 mutex_enter(&module_lock);
483 list = (nexecs == 0 ? native : compat);
484 for (i = 0; list[i] != NULL; i++) {
485 if (module_autoload(list[i], MODULE_CLASS_MISC) != 0) {
486 continue;
487 }
488 mutex_exit(&module_lock);
489 yield();
490 mutex_enter(&module_lock);
491 }
492 mutex_exit(&module_lock);
493 #endif
494 }
495
496 int
497 execve1(struct lwp *l, const char *path, char * const *args,
498 char * const *envs, execve_fetch_element_t fetch_element)
499 {
500 int error;
501 struct exec_package pack;
502 struct nameidata nid;
503 struct vattr attr;
504 struct proc *p;
505 char *argp;
506 char *dp, *sp;
507 long argc, envc;
508 size_t i, len;
509 char *stack;
510 struct ps_strings arginfo;
511 struct ps_strings *aip = &arginfo;
512 struct vmspace *vm;
513 struct exec_fakearg *tmpfap;
514 int szsigcode;
515 struct exec_vmcmd *base_vcp;
516 int oldlwpflags;
517 ksiginfo_t ksi;
518 ksiginfoq_t kq;
519 char *pathbuf;
520 size_t pathbuflen;
521 u_int modgen;
522
523 p = l->l_proc;
524 modgen = 0;
525
526 /*
527 * Check if we have exceeded our number of processes limit.
528 * This is so that we handle the case where a root daemon
529 * forked, ran setuid to become the desired user and is trying
530 * to exec. The obvious place to do the reference counting check
531 * is setuid(), but we don't do the reference counting check there
532 * like other OS's do because then all the programs that use setuid()
533 * must be modified to check the return code of setuid() and exit().
534 * It is dangerous to make setuid() fail, because it fails open and
535 * the program will continue to run as root. If we make it succeed
536 * and return an error code, again we are not enforcing the limit.
537 * The best place to enforce the limit is here, when the process tries
538 * to execute a new image, because eventually the process will need
539 * to call exec in order to do something useful.
540 */
541 retry:
542 if ((p->p_flag & PK_SUGID) &&
543 chgproccnt(kauth_cred_getuid(l->l_cred), 0) >
544 p->p_rlimit[RLIMIT_NPROC].rlim_cur)
545 return EAGAIN;
546
547 oldlwpflags = l->l_flag & (LW_SA | LW_SA_UPCALL);
548 if (l->l_flag & LW_SA) {
549 lwp_lock(l);
550 l->l_flag &= ~(LW_SA | LW_SA_UPCALL);
551 lwp_unlock(l);
552 }
553
554 /*
555 * Drain existing references and forbid new ones. The process
556 * should be left alone until we're done here. This is necessary
557 * to avoid race conditions - e.g. in ptrace() - that might allow
558 * a local user to illicitly obtain elevated privileges.
559 */
560 rw_enter(&p->p_reflock, RW_WRITER);
561
562 base_vcp = NULL;
563 /*
564 * Init the namei data to point the file user's program name.
565 * This is done here rather than in check_exec(), so that it's
566 * possible to override this settings if any of makecmd/probe
567 * functions call check_exec() recursively - for example,
568 * see exec_script_makecmds().
569 */
570 pathbuf = PNBUF_GET();
571 error = copyinstr(path, pathbuf, MAXPATHLEN, &pathbuflen);
572 if (error) {
573 DPRINTF(("execve: copyinstr path %d", error));
574 goto clrflg;
575 }
576
577 NDINIT(&nid, LOOKUP, NOFOLLOW | TRYEMULROOT, UIO_SYSSPACE, pathbuf);
578
579 /*
580 * initialize the fields of the exec package.
581 */
582 pack.ep_name = path;
583 pack.ep_hdr = kmem_alloc(exec_maxhdrsz, KM_SLEEP);
584 pack.ep_hdrlen = exec_maxhdrsz;
585 pack.ep_hdrvalid = 0;
586 pack.ep_ndp = &nid;
587 pack.ep_emul_arg = NULL;
588 pack.ep_vmcmds.evs_cnt = 0;
589 pack.ep_vmcmds.evs_used = 0;
590 pack.ep_vap = &attr;
591 pack.ep_flags = 0;
592 pack.ep_emul_root = NULL;
593 pack.ep_interp = NULL;
594 pack.ep_esch = NULL;
595 pack.ep_pax_flags = 0;
596
597 rw_enter(&exec_lock, RW_READER);
598
599 /* see if we can run it. */
600 if ((error = check_exec(l, &pack)) != 0) {
601 if (error != ENOENT) {
602 DPRINTF(("execve: check exec failed %d\n", error));
603 }
604 goto freehdr;
605 }
606
607 /* XXX -- THE FOLLOWING SECTION NEEDS MAJOR CLEANUP */
608
609 /* allocate an argument buffer */
610 argp = pool_get(&exec_pool, PR_WAITOK);
611 KASSERT(argp != NULL);
612 dp = argp;
613 argc = 0;
614
615 /* copy the fake args list, if there's one, freeing it as we go */
616 if (pack.ep_flags & EXEC_HASARGL) {
617 tmpfap = pack.ep_fa;
618 while (tmpfap->fa_arg != NULL) {
619 const char *cp;
620
621 cp = tmpfap->fa_arg;
622 while (*cp)
623 *dp++ = *cp++;
624 *dp++ = '\0';
625
626 kmem_free(tmpfap->fa_arg, tmpfap->fa_len);
627 tmpfap++; argc++;
628 }
629 kmem_free(pack.ep_fa, pack.ep_fa_len);
630 pack.ep_flags &= ~EXEC_HASARGL;
631 }
632
633 /* Now get argv & environment */
634 if (args == NULL) {
635 DPRINTF(("execve: null args\n"));
636 error = EINVAL;
637 goto bad;
638 }
639 /* 'i' will index the argp/envp element to be retrieved */
640 i = 0;
641 if (pack.ep_flags & EXEC_SKIPARG)
642 i++;
643
644 while (1) {
645 len = argp + ARG_MAX - dp;
646 if ((error = (*fetch_element)(args, i, &sp)) != 0) {
647 DPRINTF(("execve: fetch_element args %d\n", error));
648 goto bad;
649 }
650 if (!sp)
651 break;
652 if ((error = copyinstr(sp, dp, len, &len)) != 0) {
653 DPRINTF(("execve: copyinstr args %d\n", error));
654 if (error == ENAMETOOLONG)
655 error = E2BIG;
656 goto bad;
657 }
658 ktrexecarg(dp, len - 1);
659 dp += len;
660 i++;
661 argc++;
662 }
663
664 envc = 0;
665 /* environment need not be there */
666 if (envs != NULL) {
667 i = 0;
668 while (1) {
669 len = argp + ARG_MAX - dp;
670 if ((error = (*fetch_element)(envs, i, &sp)) != 0) {
671 DPRINTF(("execve: fetch_element env %d\n", error));
672 goto bad;
673 }
674 if (!sp)
675 break;
676 if ((error = copyinstr(sp, dp, len, &len)) != 0) {
677 DPRINTF(("execve: copyinstr env %d\n", error));
678 if (error == ENAMETOOLONG)
679 error = E2BIG;
680 goto bad;
681 }
682 ktrexecenv(dp, len - 1);
683 dp += len;
684 i++;
685 envc++;
686 }
687 }
688
689 dp = (char *) ALIGN(dp);
690
691 szsigcode = pack.ep_esch->es_emul->e_esigcode -
692 pack.ep_esch->es_emul->e_sigcode;
693
694 #ifdef __MACHINE_STACK_GROWS_UP
695 /* See big comment lower down */
696 #define RTLD_GAP 32
697 #else
698 #define RTLD_GAP 0
699 #endif
700
701 /* Now check if args & environ fit into new stack */
702 if (pack.ep_flags & EXEC_32)
703 len = ((argc + envc + 2 + pack.ep_esch->es_arglen) *
704 sizeof(int) + sizeof(int) + dp + RTLD_GAP +
705 szsigcode + sizeof(struct ps_strings) + STACK_PTHREADSPACE)
706 - argp;
707 else
708 len = ((argc + envc + 2 + pack.ep_esch->es_arglen) *
709 sizeof(char *) + sizeof(int) + dp + RTLD_GAP +
710 szsigcode + sizeof(struct ps_strings) + STACK_PTHREADSPACE)
711 - argp;
712
713 #ifdef PAX_ASLR
714 if (pax_aslr_active(l))
715 len += (arc4random() % PAGE_SIZE);
716 #endif /* PAX_ASLR */
717
718 #ifdef STACKLALIGN /* arm, etc. */
719 len = STACKALIGN(len); /* make the stack "safely" aligned */
720 #else
721 len = ALIGN(len); /* make the stack "safely" aligned */
722 #endif
723
724 if (len > pack.ep_ssize) { /* in effect, compare to initial limit */
725 DPRINTF(("execve: stack limit exceeded %zu\n", len));
726 error = ENOMEM;
727 goto bad;
728 }
729
730 /* Get rid of other LWPs. */
731 if (p->p_sa || p->p_nlwps > 1) {
732 mutex_enter(p->p_lock);
733 exit_lwps(l);
734 mutex_exit(p->p_lock);
735 }
736 KDASSERT(p->p_nlwps == 1);
737
738 /* Destroy any lwpctl info. */
739 if (p->p_lwpctl != NULL)
740 lwp_ctl_exit();
741
742 /* This is now LWP 1 */
743 l->l_lid = 1;
744 p->p_nlwpid = 1;
745
746 #ifdef KERN_SA
747 /* Release any SA state. */
748 if (p->p_sa)
749 sa_release(p);
750 #endif /* KERN_SA */
751
752 /* Remove POSIX timers */
753 timers_free(p, TIMERS_POSIX);
754
755 /* adjust "active stack depth" for process VSZ */
756 pack.ep_ssize = len; /* maybe should go elsewhere, but... */
757
758 /*
759 * Do whatever is necessary to prepare the address space
760 * for remapping. Note that this might replace the current
761 * vmspace with another!
762 */
763 uvmspace_exec(l, pack.ep_vm_minaddr, pack.ep_vm_maxaddr);
764
765 /* record proc's vnode, for use by procfs and others */
766 if (p->p_textvp)
767 vrele(p->p_textvp);
768 VREF(pack.ep_vp);
769 p->p_textvp = pack.ep_vp;
770
771 /* Now map address space */
772 vm = p->p_vmspace;
773 vm->vm_taddr = (void *)pack.ep_taddr;
774 vm->vm_tsize = btoc(pack.ep_tsize);
775 vm->vm_daddr = (void*)pack.ep_daddr;
776 vm->vm_dsize = btoc(pack.ep_dsize);
777 vm->vm_ssize = btoc(pack.ep_ssize);
778 vm->vm_maxsaddr = (void *)pack.ep_maxsaddr;
779 vm->vm_minsaddr = (void *)pack.ep_minsaddr;
780
781 #ifdef PAX_ASLR
782 pax_aslr_init(l, vm);
783 #endif /* PAX_ASLR */
784
785 /* create the new process's VM space by running the vmcmds */
786 #ifdef DIAGNOSTIC
787 if (pack.ep_vmcmds.evs_used == 0)
788 panic("execve: no vmcmds");
789 #endif
790 for (i = 0; i < pack.ep_vmcmds.evs_used && !error; i++) {
791 struct exec_vmcmd *vcp;
792
793 vcp = &pack.ep_vmcmds.evs_cmds[i];
794 if (vcp->ev_flags & VMCMD_RELATIVE) {
795 #ifdef DIAGNOSTIC
796 if (base_vcp == NULL)
797 panic("execve: relative vmcmd with no base");
798 if (vcp->ev_flags & VMCMD_BASE)
799 panic("execve: illegal base & relative vmcmd");
800 #endif
801 vcp->ev_addr += base_vcp->ev_addr;
802 }
803 error = (*vcp->ev_proc)(l, vcp);
804 #ifdef DEBUG_EXEC
805 if (error) {
806 size_t j;
807 struct exec_vmcmd *vp = &pack.ep_vmcmds.evs_cmds[0];
808 for (j = 0; j <= i; j++)
809 uprintf(
810 "vmcmd[%zu] = %#lx/%#lx fd@%#lx prot=0%o flags=%d\n",
811 j, vp[j].ev_addr, vp[j].ev_len,
812 vp[j].ev_offset, vp[j].ev_prot,
813 vp[j].ev_flags);
814 }
815 #endif /* DEBUG_EXEC */
816 if (vcp->ev_flags & VMCMD_BASE)
817 base_vcp = vcp;
818 }
819
820 /* free the vmspace-creation commands, and release their references */
821 kill_vmcmds(&pack.ep_vmcmds);
822
823 vn_lock(pack.ep_vp, LK_EXCLUSIVE | LK_RETRY);
824 VOP_CLOSE(pack.ep_vp, FREAD, l->l_cred);
825 vput(pack.ep_vp);
826
827 /* if an error happened, deallocate and punt */
828 if (error) {
829 DPRINTF(("execve: vmcmd %zu failed: %d\n", i - 1, error));
830 goto exec_abort;
831 }
832
833 /* remember information about the process */
834 arginfo.ps_nargvstr = argc;
835 arginfo.ps_nenvstr = envc;
836
837 /* set command name & other accounting info */
838 i = min(nid.ni_cnd.cn_namelen, MAXCOMLEN);
839 (void)memcpy(p->p_comm, nid.ni_cnd.cn_nameptr, i);
840 p->p_comm[i] = '\0';
841
842 dp = PNBUF_GET();
843 /*
844 * If the path starts with /, we don't need to do any work.
845 * This handles the majority of the cases.
846 * In the future perhaps we could canonicalize it?
847 */
848 if (pathbuf[0] == '/')
849 (void)strlcpy(pack.ep_path = dp, pathbuf, MAXPATHLEN);
850 #ifdef notyet
851 /*
852 * Although this works most of the time [since the entry was just
853 * entered in the cache] we don't use it because it theoretically
854 * can fail and it is not the cleanest interface, because there
855 * could be races. When the namei cache is re-written, this can
856 * be changed to use the appropriate function.
857 */
858 else if (!(error = vnode_to_path(dp, MAXPATHLEN, p->p_textvp, l, p)))
859 pack.ep_path = dp;
860 #endif
861 else {
862 #ifdef notyet
863 printf("Cannot get path for pid %d [%s] (error %d)",
864 (int)p->p_pid, p->p_comm, error);
865 #endif
866 pack.ep_path = NULL;
867 PNBUF_PUT(dp);
868 }
869
870 stack = (char *)STACK_ALLOC(STACK_GROW(vm->vm_minsaddr,
871 STACK_PTHREADSPACE + sizeof(struct ps_strings) + szsigcode),
872 len - (sizeof(struct ps_strings) + szsigcode));
873
874 #ifdef __MACHINE_STACK_GROWS_UP
875 /*
876 * The copyargs call always copies into lower addresses
877 * first, moving towards higher addresses, starting with
878 * the stack pointer that we give. When the stack grows
879 * down, this puts argc/argv/envp very shallow on the
880 * stack, right at the first user stack pointer.
881 * When the stack grows up, the situation is reversed.
882 *
883 * Normally, this is no big deal. But the ld_elf.so _rtld()
884 * function expects to be called with a single pointer to
885 * a region that has a few words it can stash values into,
886 * followed by argc/argv/envp. When the stack grows down,
887 * it's easy to decrement the stack pointer a little bit to
888 * allocate the space for these few words and pass the new
889 * stack pointer to _rtld. When the stack grows up, however,
890 * a few words before argc is part of the signal trampoline, XXX
891 * so we have a problem.
892 *
893 * Instead of changing how _rtld works, we take the easy way
894 * out and steal 32 bytes before we call copyargs.
895 * This extra space was allowed for when 'len' was calculated.
896 */
897 stack += RTLD_GAP;
898 #endif /* __MACHINE_STACK_GROWS_UP */
899
900 /* Now copy argc, args & environ to new stack */
901 error = (*pack.ep_esch->es_copyargs)(l, &pack, &arginfo, &stack, argp);
902 if (pack.ep_path) {
903 PNBUF_PUT(pack.ep_path);
904 pack.ep_path = NULL;
905 }
906 if (error) {
907 DPRINTF(("execve: copyargs failed %d\n", error));
908 goto exec_abort;
909 }
910 /* Move the stack back to original point */
911 stack = (char *)STACK_GROW(vm->vm_minsaddr, len);
912
913 /* fill process ps_strings info */
914 p->p_psstr = (struct ps_strings *)
915 STACK_ALLOC(STACK_GROW(vm->vm_minsaddr, STACK_PTHREADSPACE),
916 sizeof(struct ps_strings));
917 p->p_psargv = offsetof(struct ps_strings, ps_argvstr);
918 p->p_psnargv = offsetof(struct ps_strings, ps_nargvstr);
919 p->p_psenv = offsetof(struct ps_strings, ps_envstr);
920 p->p_psnenv = offsetof(struct ps_strings, ps_nenvstr);
921
922 /* copy out the process's ps_strings structure */
923 if ((error = copyout(aip, (char *)p->p_psstr,
924 sizeof(arginfo))) != 0) {
925 DPRINTF(("execve: ps_strings copyout %p->%p size %ld failed\n",
926 aip, (char *)p->p_psstr, (long)sizeof(arginfo)));
927 goto exec_abort;
928 }
929
930 fd_closeexec(); /* handle close on exec */
931 execsigs(p); /* reset catched signals */
932
933 l->l_ctxlink = NULL; /* reset ucontext link */
934
935
936 p->p_acflag &= ~AFORK;
937 mutex_enter(p->p_lock);
938 p->p_flag |= PK_EXEC;
939 mutex_exit(p->p_lock);
940
941 /*
942 * Stop profiling.
943 */
944 if ((p->p_stflag & PST_PROFIL) != 0) {
945 mutex_spin_enter(&p->p_stmutex);
946 stopprofclock(p);
947 mutex_spin_exit(&p->p_stmutex);
948 }
949
950 /*
951 * It's OK to test PL_PPWAIT unlocked here, as other LWPs have
952 * exited and exec()/exit() are the only places it will be cleared.
953 */
954 if ((p->p_lflag & PL_PPWAIT) != 0) {
955 mutex_enter(proc_lock);
956 p->p_lflag &= ~PL_PPWAIT;
957 cv_broadcast(&p->p_pptr->p_waitcv);
958 mutex_exit(proc_lock);
959 }
960
961 /*
962 * Deal with set[ug]id. MNT_NOSUID has already been used to disable
963 * s[ug]id. It's OK to check for PSL_TRACED here as we have blocked
964 * out additional references on the process for the moment.
965 */
966 if ((p->p_slflag & PSL_TRACED) == 0 &&
967
968 (((attr.va_mode & S_ISUID) != 0 &&
969 kauth_cred_geteuid(l->l_cred) != attr.va_uid) ||
970
971 ((attr.va_mode & S_ISGID) != 0 &&
972 kauth_cred_getegid(l->l_cred) != attr.va_gid))) {
973 /*
974 * Mark the process as SUGID before we do
975 * anything that might block.
976 */
977 proc_crmod_enter();
978 proc_crmod_leave(NULL, NULL, true);
979
980 /* Make sure file descriptors 0..2 are in use. */
981 if ((error = fd_checkstd()) != 0) {
982 DPRINTF(("execve: fdcheckstd failed %d\n", error));
983 goto exec_abort;
984 }
985
986 /*
987 * Copy the credential so other references don't see our
988 * changes.
989 */
990 l->l_cred = kauth_cred_copy(l->l_cred);
991 #ifdef KTRACE
992 /*
993 * If the persistent trace flag isn't set, turn off.
994 */
995 if (p->p_tracep) {
996 mutex_enter(&ktrace_lock);
997 if (!(p->p_traceflag & KTRFAC_PERSISTENT))
998 ktrderef(p);
999 mutex_exit(&ktrace_lock);
1000 }
1001 #endif
1002 if (attr.va_mode & S_ISUID)
1003 kauth_cred_seteuid(l->l_cred, attr.va_uid);
1004 if (attr.va_mode & S_ISGID)
1005 kauth_cred_setegid(l->l_cred, attr.va_gid);
1006 } else {
1007 if (kauth_cred_geteuid(l->l_cred) ==
1008 kauth_cred_getuid(l->l_cred) &&
1009 kauth_cred_getegid(l->l_cred) ==
1010 kauth_cred_getgid(l->l_cred))
1011 p->p_flag &= ~PK_SUGID;
1012 }
1013
1014 /*
1015 * Copy the credential so other references don't see our changes.
1016 * Test to see if this is necessary first, since in the common case
1017 * we won't need a private reference.
1018 */
1019 if (kauth_cred_geteuid(l->l_cred) != kauth_cred_getsvuid(l->l_cred) ||
1020 kauth_cred_getegid(l->l_cred) != kauth_cred_getsvgid(l->l_cred)) {
1021 l->l_cred = kauth_cred_copy(l->l_cred);
1022 kauth_cred_setsvuid(l->l_cred, kauth_cred_geteuid(l->l_cred));
1023 kauth_cred_setsvgid(l->l_cred, kauth_cred_getegid(l->l_cred));
1024 }
1025
1026 /* Update the master credentials. */
1027 if (l->l_cred != p->p_cred) {
1028 kauth_cred_t ocred;
1029
1030 kauth_cred_hold(l->l_cred);
1031 mutex_enter(p->p_lock);
1032 ocred = p->p_cred;
1033 p->p_cred = l->l_cred;
1034 mutex_exit(p->p_lock);
1035 kauth_cred_free(ocred);
1036 }
1037
1038 #if defined(__HAVE_RAS)
1039 /*
1040 * Remove all RASs from the address space.
1041 */
1042 ras_purgeall();
1043 #endif
1044
1045 doexechooks(p);
1046
1047 /* setup new registers and do misc. setup. */
1048 (*pack.ep_esch->es_emul->e_setregs)(l, &pack, (u_long) stack);
1049 if (pack.ep_esch->es_setregs)
1050 (*pack.ep_esch->es_setregs)(l, &pack, (u_long) stack);
1051
1052 /* map the process's signal trampoline code */
1053 if (exec_sigcode_map(p, pack.ep_esch->es_emul)) {
1054 DPRINTF(("execve: map sigcode failed %d\n", error));
1055 goto exec_abort;
1056 }
1057
1058 pool_put(&exec_pool, argp);
1059
1060 PNBUF_PUT(nid.ni_cnd.cn_pnbuf);
1061
1062 /* notify others that we exec'd */
1063 KNOTE(&p->p_klist, NOTE_EXEC);
1064
1065 kmem_free(pack.ep_hdr, pack.ep_hdrlen);
1066
1067 /* The emulation root will usually have been found when we looked
1068 * for the elf interpreter (or similar), if not look now. */
1069 if (pack.ep_esch->es_emul->e_path != NULL && pack.ep_emul_root == NULL)
1070 emul_find_root(l, &pack);
1071
1072 /* Any old emulation root got removed by fdcloseexec */
1073 rw_enter(&p->p_cwdi->cwdi_lock, RW_WRITER);
1074 p->p_cwdi->cwdi_edir = pack.ep_emul_root;
1075 rw_exit(&p->p_cwdi->cwdi_lock);
1076 pack.ep_emul_root = NULL;
1077 if (pack.ep_interp != NULL)
1078 vrele(pack.ep_interp);
1079
1080 /*
1081 * Call emulation specific exec hook. This can setup per-process
1082 * p->p_emuldata or do any other per-process stuff an emulation needs.
1083 *
1084 * If we are executing process of different emulation than the
1085 * original forked process, call e_proc_exit() of the old emulation
1086 * first, then e_proc_exec() of new emulation. If the emulation is
1087 * same, the exec hook code should deallocate any old emulation
1088 * resources held previously by this process.
1089 */
1090 if (p->p_emul && p->p_emul->e_proc_exit
1091 && p->p_emul != pack.ep_esch->es_emul)
1092 (*p->p_emul->e_proc_exit)(p);
1093
1094 /*
1095 * Call exec hook. Emulation code may NOT store reference to anything
1096 * from &pack.
1097 */
1098 if (pack.ep_esch->es_emul->e_proc_exec)
1099 (*pack.ep_esch->es_emul->e_proc_exec)(p, &pack);
1100
1101 /* update p_emul, the old value is no longer needed */
1102 p->p_emul = pack.ep_esch->es_emul;
1103
1104 /* ...and the same for p_execsw */
1105 p->p_execsw = pack.ep_esch;
1106
1107 #ifdef __HAVE_SYSCALL_INTERN
1108 (*p->p_emul->e_syscall_intern)(p);
1109 #endif
1110 ktremul();
1111
1112 /* Allow new references from the debugger/procfs. */
1113 rw_exit(&p->p_reflock);
1114 rw_exit(&exec_lock);
1115
1116 mutex_enter(proc_lock);
1117
1118 if ((p->p_slflag & (PSL_TRACED|PSL_SYSCALL)) == PSL_TRACED) {
1119 KSI_INIT_EMPTY(&ksi);
1120 ksi.ksi_signo = SIGTRAP;
1121 ksi.ksi_lid = l->l_lid;
1122 kpsignal(p, &ksi, NULL);
1123 }
1124
1125 if (p->p_sflag & PS_STOPEXEC) {
1126 KERNEL_UNLOCK_ALL(l, &l->l_biglocks);
1127 p->p_pptr->p_nstopchild++;
1128 p->p_pptr->p_waited = 0;
1129 mutex_enter(p->p_lock);
1130 ksiginfo_queue_init(&kq);
1131 sigclearall(p, &contsigmask, &kq);
1132 lwp_lock(l);
1133 l->l_stat = LSSTOP;
1134 p->p_stat = SSTOP;
1135 p->p_nrlwps--;
1136 mutex_exit(p->p_lock);
1137 mutex_exit(proc_lock);
1138 mi_switch(l);
1139 ksiginfo_queue_drain(&kq);
1140 KERNEL_LOCK(l->l_biglocks, l);
1141 } else {
1142 mutex_exit(proc_lock);
1143 }
1144
1145 PNBUF_PUT(pathbuf);
1146 return (EJUSTRETURN);
1147
1148 bad:
1149 /* free the vmspace-creation commands, and release their references */
1150 kill_vmcmds(&pack.ep_vmcmds);
1151 /* kill any opened file descriptor, if necessary */
1152 if (pack.ep_flags & EXEC_HASFD) {
1153 pack.ep_flags &= ~EXEC_HASFD;
1154 fd_close(pack.ep_fd);
1155 }
1156 /* close and put the exec'd file */
1157 vn_lock(pack.ep_vp, LK_EXCLUSIVE | LK_RETRY);
1158 VOP_CLOSE(pack.ep_vp, FREAD, l->l_cred);
1159 vput(pack.ep_vp);
1160 PNBUF_PUT(nid.ni_cnd.cn_pnbuf);
1161 pool_put(&exec_pool, argp);
1162
1163 freehdr:
1164 kmem_free(pack.ep_hdr, pack.ep_hdrlen);
1165 if (pack.ep_emul_root != NULL)
1166 vrele(pack.ep_emul_root);
1167 if (pack.ep_interp != NULL)
1168 vrele(pack.ep_interp);
1169
1170 rw_exit(&exec_lock);
1171
1172 clrflg:
1173 lwp_lock(l);
1174 l->l_flag |= oldlwpflags;
1175 lwp_unlock(l);
1176 PNBUF_PUT(pathbuf);
1177 rw_exit(&p->p_reflock);
1178
1179 if (modgen != module_gen && error == ENOEXEC) {
1180 modgen = module_gen;
1181 exec_autoload();
1182 goto retry;
1183 }
1184
1185 return error;
1186
1187 exec_abort:
1188 PNBUF_PUT(pathbuf);
1189 rw_exit(&p->p_reflock);
1190 rw_exit(&exec_lock);
1191
1192 /*
1193 * the old process doesn't exist anymore. exit gracefully.
1194 * get rid of the (new) address space we have created, if any, get rid
1195 * of our namei data and vnode, and exit noting failure
1196 */
1197 uvm_deallocate(&vm->vm_map, VM_MIN_ADDRESS,
1198 VM_MAXUSER_ADDRESS - VM_MIN_ADDRESS);
1199 if (pack.ep_emul_arg)
1200 FREE(pack.ep_emul_arg, M_TEMP);
1201 PNBUF_PUT(nid.ni_cnd.cn_pnbuf);
1202 pool_put(&exec_pool, argp);
1203 kmem_free(pack.ep_hdr, pack.ep_hdrlen);
1204 if (pack.ep_emul_root != NULL)
1205 vrele(pack.ep_emul_root);
1206 if (pack.ep_interp != NULL)
1207 vrele(pack.ep_interp);
1208
1209 /* Acquire the sched-state mutex (exit1() will release it). */
1210 mutex_enter(p->p_lock);
1211 exit1(l, W_EXITCODE(error, SIGABRT));
1212
1213 /* NOTREACHED */
1214 return 0;
1215 }
1216
1217
1218 int
1219 copyargs(struct lwp *l, struct exec_package *pack, struct ps_strings *arginfo,
1220 char **stackp, void *argp)
1221 {
1222 char **cpp, *dp, *sp;
1223 size_t len;
1224 void *nullp;
1225 long argc, envc;
1226 int error;
1227
1228 cpp = (char **)*stackp;
1229 nullp = NULL;
1230 argc = arginfo->ps_nargvstr;
1231 envc = arginfo->ps_nenvstr;
1232 if ((error = copyout(&argc, cpp++, sizeof(argc))) != 0)
1233 return error;
1234
1235 dp = (char *) (cpp + argc + envc + 2 + pack->ep_esch->es_arglen);
1236 sp = argp;
1237
1238 /* XXX don't copy them out, remap them! */
1239 arginfo->ps_argvstr = cpp; /* remember location of argv for later */
1240
1241 for (; --argc >= 0; sp += len, dp += len)
1242 if ((error = copyout(&dp, cpp++, sizeof(dp))) != 0 ||
1243 (error = copyoutstr(sp, dp, ARG_MAX, &len)) != 0)
1244 return error;
1245
1246 if ((error = copyout(&nullp, cpp++, sizeof(nullp))) != 0)
1247 return error;
1248
1249 arginfo->ps_envstr = cpp; /* remember location of envp for later */
1250
1251 for (; --envc >= 0; sp += len, dp += len)
1252 if ((error = copyout(&dp, cpp++, sizeof(dp))) != 0 ||
1253 (error = copyoutstr(sp, dp, ARG_MAX, &len)) != 0)
1254 return error;
1255
1256 if ((error = copyout(&nullp, cpp++, sizeof(nullp))) != 0)
1257 return error;
1258
1259 *stackp = (char *)cpp;
1260 return 0;
1261 }
1262
1263
1264 /*
1265 * Add execsw[] entries.
1266 */
1267 int
1268 exec_add(struct execsw *esp, int count)
1269 {
1270 struct exec_entry *it;
1271 int i;
1272
1273 KASSERT(count > 0);
1274
1275 /* Check for duplicates. */
1276 rw_enter(&exec_lock, RW_WRITER);
1277 for (i = 0; i < count; i++) {
1278 LIST_FOREACH(it, &ex_head, ex_list) {
1279 /* assume unique (makecmds, probe_func, emulation) */
1280 if (it->ex_sw->es_makecmds == esp[i].es_makecmds &&
1281 it->ex_sw->u.elf_probe_func ==
1282 esp[i].u.elf_probe_func &&
1283 it->ex_sw->es_emul == esp[i].es_emul) {
1284 rw_exit(&exec_lock);
1285 return EEXIST;
1286 }
1287 }
1288 }
1289
1290 /* Allocate new entries. */
1291 for (i = 0; i < count; i++) {
1292 it = kmem_alloc(sizeof(*it), KM_SLEEP);
1293 it->ex_sw = &esp[i];
1294 LIST_INSERT_HEAD(&ex_head, it, ex_list);
1295 }
1296
1297 /* update execsw[] */
1298 exec_init(0);
1299 rw_exit(&exec_lock);
1300 return 0;
1301 }
1302
1303 /*
1304 * Remove execsw[] entry.
1305 */
1306 int
1307 exec_remove(struct execsw *esp, int count)
1308 {
1309 struct exec_entry *it, *next;
1310 int i;
1311 const struct proclist_desc *pd;
1312 proc_t *p;
1313
1314 KASSERT(count > 0);
1315
1316 /* Abort if any are busy. */
1317 rw_enter(&exec_lock, RW_WRITER);
1318 for (i = 0; i < count; i++) {
1319 mutex_enter(proc_lock);
1320 for (pd = proclists; pd->pd_list != NULL; pd++) {
1321 PROCLIST_FOREACH(p, pd->pd_list) {
1322 if (p->p_execsw == &esp[i]) {
1323 mutex_exit(proc_lock);
1324 rw_exit(&exec_lock);
1325 return EBUSY;
1326 }
1327 }
1328 }
1329 mutex_exit(proc_lock);
1330 }
1331
1332 /* None are busy, so remove them all. */
1333 for (i = 0; i < count; i++) {
1334 for (it = LIST_FIRST(&ex_head); it != NULL; it = next) {
1335 next = LIST_NEXT(it, ex_list);
1336 if (it->ex_sw == &esp[i]) {
1337 LIST_REMOVE(it, ex_list);
1338 kmem_free(it, sizeof(*it));
1339 break;
1340 }
1341 }
1342 }
1343
1344 /* update execsw[] */
1345 exec_init(0);
1346 rw_exit(&exec_lock);
1347 return 0;
1348 }
1349
1350 /*
1351 * Initialize exec structures. If init_boot is true, also does necessary
1352 * one-time initialization (it's called from main() that way).
1353 * Once system is multiuser, this should be called with exec_lock held,
1354 * i.e. via exec_{add|remove}().
1355 */
1356 int
1357 exec_init(int init_boot)
1358 {
1359 const struct execsw **sw;
1360 struct exec_entry *ex;
1361 SLIST_HEAD(,exec_entry) first;
1362 SLIST_HEAD(,exec_entry) any;
1363 SLIST_HEAD(,exec_entry) last;
1364 int i, sz;
1365
1366 if (init_boot) {
1367 /* do one-time initializations */
1368 rw_init(&exec_lock);
1369 mutex_init(&sigobject_lock, MUTEX_DEFAULT, IPL_NONE);
1370 pool_init(&exec_pool, NCARGS, 0, 0, PR_NOALIGN|PR_NOTOUCH,
1371 "execargs", &exec_palloc, IPL_NONE);
1372 pool_sethardlimit(&exec_pool, maxexec, "should not happen", 0);
1373 } else {
1374 KASSERT(rw_write_held(&exec_lock));
1375 }
1376
1377 /* Sort each entry onto the appropriate queue. */
1378 SLIST_INIT(&first);
1379 SLIST_INIT(&any);
1380 SLIST_INIT(&last);
1381 sz = 0;
1382 LIST_FOREACH(ex, &ex_head, ex_list) {
1383 switch(ex->ex_sw->es_prio) {
1384 case EXECSW_PRIO_FIRST:
1385 SLIST_INSERT_HEAD(&first, ex, ex_slist);
1386 break;
1387 case EXECSW_PRIO_ANY:
1388 SLIST_INSERT_HEAD(&any, ex, ex_slist);
1389 break;
1390 case EXECSW_PRIO_LAST:
1391 SLIST_INSERT_HEAD(&last, ex, ex_slist);
1392 break;
1393 default:
1394 panic("exec_init");
1395 break;
1396 }
1397 sz++;
1398 }
1399
1400 /*
1401 * Create new execsw[]. Ensure we do not try a zero-sized
1402 * allocation.
1403 */
1404 sw = kmem_alloc(sz * sizeof(struct execsw *) + 1, KM_SLEEP);
1405 i = 0;
1406 SLIST_FOREACH(ex, &first, ex_slist) {
1407 sw[i++] = ex->ex_sw;
1408 }
1409 SLIST_FOREACH(ex, &any, ex_slist) {
1410 sw[i++] = ex->ex_sw;
1411 }
1412 SLIST_FOREACH(ex, &last, ex_slist) {
1413 sw[i++] = ex->ex_sw;
1414 }
1415
1416 /* Replace old execsw[] and free used memory. */
1417 if (execsw != NULL) {
1418 kmem_free(__UNCONST(execsw),
1419 nexecs * sizeof(struct execsw *) + 1);
1420 }
1421 execsw = sw;
1422 nexecs = sz;
1423
1424 /* Figure out the maximum size of an exec header. */
1425 exec_maxhdrsz = sizeof(int);
1426 for (i = 0; i < nexecs; i++) {
1427 if (execsw[i]->es_hdrsz > exec_maxhdrsz)
1428 exec_maxhdrsz = execsw[i]->es_hdrsz;
1429 }
1430
1431 return 0;
1432 }
1433
1434 static int
1435 exec_sigcode_map(struct proc *p, const struct emul *e)
1436 {
1437 vaddr_t va;
1438 vsize_t sz;
1439 int error;
1440 struct uvm_object *uobj;
1441
1442 sz = (vaddr_t)e->e_esigcode - (vaddr_t)e->e_sigcode;
1443
1444 if (e->e_sigobject == NULL || sz == 0) {
1445 return 0;
1446 }
1447
1448 /*
1449 * If we don't have a sigobject for this emulation, create one.
1450 *
1451 * sigobject is an anonymous memory object (just like SYSV shared
1452 * memory) that we keep a permanent reference to and that we map
1453 * in all processes that need this sigcode. The creation is simple,
1454 * we create an object, add a permanent reference to it, map it in
1455 * kernel space, copy out the sigcode to it and unmap it.
1456 * We map it with PROT_READ|PROT_EXEC into the process just
1457 * the way sys_mmap() would map it.
1458 */
1459
1460 uobj = *e->e_sigobject;
1461 if (uobj == NULL) {
1462 mutex_enter(&sigobject_lock);
1463 if ((uobj = *e->e_sigobject) == NULL) {
1464 uobj = uao_create(sz, 0);
1465 (*uobj->pgops->pgo_reference)(uobj);
1466 va = vm_map_min(kernel_map);
1467 if ((error = uvm_map(kernel_map, &va, round_page(sz),
1468 uobj, 0, 0,
1469 UVM_MAPFLAG(UVM_PROT_RW, UVM_PROT_RW,
1470 UVM_INH_SHARE, UVM_ADV_RANDOM, 0)))) {
1471 printf("kernel mapping failed %d\n", error);
1472 (*uobj->pgops->pgo_detach)(uobj);
1473 mutex_exit(&sigobject_lock);
1474 return (error);
1475 }
1476 memcpy((void *)va, e->e_sigcode, sz);
1477 #ifdef PMAP_NEED_PROCWR
1478 pmap_procwr(&proc0, va, sz);
1479 #endif
1480 uvm_unmap(kernel_map, va, va + round_page(sz));
1481 *e->e_sigobject = uobj;
1482 }
1483 mutex_exit(&sigobject_lock);
1484 }
1485
1486 /* Just a hint to uvm_map where to put it. */
1487 va = e->e_vm_default_addr(p, (vaddr_t)p->p_vmspace->vm_daddr,
1488 round_page(sz));
1489
1490 #ifdef __alpha__
1491 /*
1492 * Tru64 puts /sbin/loader at the end of user virtual memory,
1493 * which causes the above calculation to put the sigcode at
1494 * an invalid address. Put it just below the text instead.
1495 */
1496 if (va == (vaddr_t)vm_map_max(&p->p_vmspace->vm_map)) {
1497 va = (vaddr_t)p->p_vmspace->vm_taddr - round_page(sz);
1498 }
1499 #endif
1500
1501 (*uobj->pgops->pgo_reference)(uobj);
1502 error = uvm_map(&p->p_vmspace->vm_map, &va, round_page(sz),
1503 uobj, 0, 0,
1504 UVM_MAPFLAG(UVM_PROT_RX, UVM_PROT_RX, UVM_INH_SHARE,
1505 UVM_ADV_RANDOM, 0));
1506 if (error) {
1507 (*uobj->pgops->pgo_detach)(uobj);
1508 return (error);
1509 }
1510 p->p_sigctx.ps_sigcode = (void *)va;
1511 return (0);
1512 }
1513