kern_exec.c revision 1.287
1 /* $NetBSD: kern_exec.c,v 1.287 2009/03/24 21:00:05 christos Exp $ */ 2 3 /*- 4 * Copyright (c) 2008 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 /*- 30 * Copyright (C) 1993, 1994, 1996 Christopher G. Demetriou 31 * Copyright (C) 1992 Wolfgang Solfrank. 32 * Copyright (C) 1992 TooLs GmbH. 33 * All rights reserved. 34 * 35 * Redistribution and use in source and binary forms, with or without 36 * modification, are permitted provided that the following conditions 37 * are met: 38 * 1. Redistributions of source code must retain the above copyright 39 * notice, this list of conditions and the following disclaimer. 40 * 2. Redistributions in binary form must reproduce the above copyright 41 * notice, this list of conditions and the following disclaimer in the 42 * documentation and/or other materials provided with the distribution. 43 * 3. All advertising materials mentioning features or use of this software 44 * must display the following acknowledgement: 45 * This product includes software developed by TooLs GmbH. 46 * 4. The name of TooLs GmbH may not be used to endorse or promote products 47 * derived from this software without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY TOOLS GMBH ``AS IS'' AND ANY EXPRESS OR 50 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 51 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 52 * IN NO EVENT SHALL TOOLS GMBH BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 53 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 54 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 55 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 56 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 57 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 58 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 59 */ 60 61 #include <sys/cdefs.h> 62 __KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.287 2009/03/24 21:00:05 christos Exp $"); 63 64 #include "opt_ktrace.h" 65 #include "opt_modular.h" 66 #include "opt_syscall_debug.h" 67 #include "veriexec.h" 68 #include "opt_pax.h" 69 #include "opt_sa.h" 70 71 #include <sys/param.h> 72 #include <sys/systm.h> 73 #include <sys/filedesc.h> 74 #include <sys/kernel.h> 75 #include <sys/proc.h> 76 #include <sys/mount.h> 77 #include <sys/malloc.h> 78 #include <sys/kmem.h> 79 #include <sys/namei.h> 80 #include <sys/vnode.h> 81 #include <sys/file.h> 82 #include <sys/acct.h> 83 #include <sys/exec.h> 84 #include <sys/ktrace.h> 85 #include <sys/uidinfo.h> 86 #include <sys/wait.h> 87 #include <sys/mman.h> 88 #include <sys/ras.h> 89 #include <sys/signalvar.h> 90 #include <sys/stat.h> 91 #include <sys/syscall.h> 92 #include <sys/kauth.h> 93 #include <sys/lwpctl.h> 94 #include <sys/pax.h> 95 #include <sys/cpu.h> 96 #include <sys/module.h> 97 #include <sys/sa.h> 98 #include <sys/savar.h> 99 #include <sys/syscallargs.h> 100 #if NVERIEXEC > 0 101 #include <sys/verified_exec.h> 102 #endif /* NVERIEXEC > 0 */ 103 104 #include <uvm/uvm_extern.h> 105 106 #include <machine/reg.h> 107 108 #include <compat/common/compat_util.h> 109 110 static int exec_sigcode_map(struct proc *, const struct emul *); 111 112 #ifdef DEBUG_EXEC 113 #define DPRINTF(a) uprintf a 114 #else 115 #define DPRINTF(a) 116 #endif /* DEBUG_EXEC */ 117 118 /* 119 * Exec function switch: 120 * 121 * Note that each makecmds function is responsible for loading the 122 * exec package with the necessary functions for any exec-type-specific 123 * handling. 124 * 125 * Functions for specific exec types should be defined in their own 126 * header file. 127 */ 128 static const struct execsw **execsw = NULL; 129 static int nexecs; 130 131 u_int exec_maxhdrsz; /* must not be static - used by netbsd32 */ 132 133 /* list of dynamically loaded execsw entries */ 134 static LIST_HEAD(execlist_head, exec_entry) ex_head = 135 LIST_HEAD_INITIALIZER(ex_head); 136 struct exec_entry { 137 LIST_ENTRY(exec_entry) ex_list; 138 SLIST_ENTRY(exec_entry) ex_slist; 139 const struct execsw *ex_sw; 140 }; 141 142 #ifdef SYSCALL_DEBUG 143 extern const char * const syscallnames[]; 144 #endif 145 146 #ifndef __HAVE_SYSCALL_INTERN 147 void syscall(void); 148 #endif 149 150 #ifdef KERN_SA 151 static struct sa_emul saemul_netbsd = { 152 sizeof(ucontext_t), 153 sizeof(struct sa_t), 154 sizeof(struct sa_t *), 155 NULL, 156 NULL, 157 cpu_upcall, 158 (void (*)(struct lwp *, void *))getucontext_sa, 159 sa_ucsp 160 }; 161 #endif /* KERN_SA */ 162 163 /* NetBSD emul struct */ 164 struct emul emul_netbsd = { 165 "netbsd", 166 NULL, /* emulation path */ 167 #ifndef __HAVE_MINIMAL_EMUL 168 EMUL_HAS_SYS___syscall, 169 NULL, 170 SYS_syscall, 171 SYS_NSYSENT, 172 #endif 173 sysent, 174 #ifdef SYSCALL_DEBUG 175 syscallnames, 176 #else 177 NULL, 178 #endif 179 sendsig, 180 trapsignal, 181 NULL, 182 NULL, 183 NULL, 184 NULL, 185 setregs, 186 NULL, 187 NULL, 188 NULL, 189 NULL, 190 NULL, 191 #ifdef __HAVE_SYSCALL_INTERN 192 syscall_intern, 193 #else 194 syscall, 195 #endif 196 NULL, 197 NULL, 198 199 uvm_default_mapaddr, 200 NULL, 201 #ifdef KERN_SA 202 &saemul_netbsd, 203 #else 204 NULL, 205 #endif 206 sizeof(ucontext_t), 207 startlwp, 208 }; 209 210 /* 211 * Exec lock. Used to control access to execsw[] structures. 212 * This must not be static so that netbsd32 can access it, too. 213 */ 214 krwlock_t exec_lock; 215 216 static kmutex_t sigobject_lock; 217 218 static void * 219 exec_pool_alloc(struct pool *pp, int flags) 220 { 221 222 return (void *)uvm_km_alloc(kernel_map, NCARGS, 0, 223 UVM_KMF_PAGEABLE | UVM_KMF_WAITVA); 224 } 225 226 static void 227 exec_pool_free(struct pool *pp, void *addr) 228 { 229 230 uvm_km_free(kernel_map, (vaddr_t)addr, NCARGS, UVM_KMF_PAGEABLE); 231 } 232 233 static struct pool exec_pool; 234 235 static struct pool_allocator exec_palloc = { 236 .pa_alloc = exec_pool_alloc, 237 .pa_free = exec_pool_free, 238 .pa_pagesz = NCARGS 239 }; 240 241 /* 242 * check exec: 243 * given an "executable" described in the exec package's namei info, 244 * see what we can do with it. 245 * 246 * ON ENTRY: 247 * exec package with appropriate namei info 248 * lwp pointer of exec'ing lwp 249 * NO SELF-LOCKED VNODES 250 * 251 * ON EXIT: 252 * error: nothing held, etc. exec header still allocated. 253 * ok: filled exec package, executable's vnode (unlocked). 254 * 255 * EXEC SWITCH ENTRY: 256 * Locked vnode to check, exec package, proc. 257 * 258 * EXEC SWITCH EXIT: 259 * ok: return 0, filled exec package, executable's vnode (unlocked). 260 * error: destructive: 261 * everything deallocated execept exec header. 262 * non-destructive: 263 * error code, executable's vnode (unlocked), 264 * exec header unmodified. 265 */ 266 int 267 /*ARGSUSED*/ 268 check_exec(struct lwp *l, struct exec_package *epp) 269 { 270 int error, i; 271 struct vnode *vp; 272 struct nameidata *ndp; 273 size_t resid; 274 275 ndp = epp->ep_ndp; 276 ndp->ni_cnd.cn_nameiop = LOOKUP; 277 ndp->ni_cnd.cn_flags = FOLLOW | LOCKLEAF | SAVENAME | TRYEMULROOT; 278 /* first get the vnode */ 279 if ((error = namei(ndp)) != 0) 280 return error; 281 epp->ep_vp = vp = ndp->ni_vp; 282 283 /* check access and type */ 284 if (vp->v_type != VREG) { 285 error = EACCES; 286 goto bad1; 287 } 288 if ((error = VOP_ACCESS(vp, VEXEC, l->l_cred)) != 0) 289 goto bad1; 290 291 /* get attributes */ 292 if ((error = VOP_GETATTR(vp, epp->ep_vap, l->l_cred)) != 0) 293 goto bad1; 294 295 /* Check mount point */ 296 if (vp->v_mount->mnt_flag & MNT_NOEXEC) { 297 error = EACCES; 298 goto bad1; 299 } 300 if (vp->v_mount->mnt_flag & MNT_NOSUID) 301 epp->ep_vap->va_mode &= ~(S_ISUID | S_ISGID); 302 303 /* try to open it */ 304 if ((error = VOP_OPEN(vp, FREAD, l->l_cred)) != 0) 305 goto bad1; 306 307 /* unlock vp, since we need it unlocked from here on out. */ 308 VOP_UNLOCK(vp, 0); 309 310 #if NVERIEXEC > 0 311 error = veriexec_verify(l, vp, ndp->ni_cnd.cn_pnbuf, 312 epp->ep_flags & EXEC_INDIR ? VERIEXEC_INDIRECT : VERIEXEC_DIRECT, 313 NULL); 314 if (error) 315 goto bad2; 316 #endif /* NVERIEXEC > 0 */ 317 318 #ifdef PAX_SEGVGUARD 319 error = pax_segvguard(l, vp, ndp->ni_cnd.cn_pnbuf, false); 320 if (error) 321 goto bad2; 322 #endif /* PAX_SEGVGUARD */ 323 324 /* now we have the file, get the exec header */ 325 error = vn_rdwr(UIO_READ, vp, epp->ep_hdr, epp->ep_hdrlen, 0, 326 UIO_SYSSPACE, 0, l->l_cred, &resid, NULL); 327 if (error) 328 goto bad2; 329 epp->ep_hdrvalid = epp->ep_hdrlen - resid; 330 331 /* 332 * Set up default address space limits. Can be overridden 333 * by individual exec packages. 334 * 335 * XXX probably should be all done in the exec packages. 336 */ 337 epp->ep_vm_minaddr = VM_MIN_ADDRESS; 338 epp->ep_vm_maxaddr = VM_MAXUSER_ADDRESS; 339 /* 340 * set up the vmcmds for creation of the process 341 * address space 342 */ 343 error = ENOEXEC; 344 for (i = 0; i < nexecs; i++) { 345 int newerror; 346 347 epp->ep_esch = execsw[i]; 348 newerror = (*execsw[i]->es_makecmds)(l, epp); 349 350 if (!newerror) { 351 /* Seems ok: check that entry point is sane */ 352 if (epp->ep_entry > VM_MAXUSER_ADDRESS) { 353 error = ENOEXEC; 354 break; 355 } 356 357 /* check limits */ 358 if ((epp->ep_tsize > MAXTSIZ) || 359 (epp->ep_dsize > (u_quad_t)l->l_proc->p_rlimit 360 [RLIMIT_DATA].rlim_cur)) { 361 error = ENOMEM; 362 break; 363 } 364 return 0; 365 } 366 367 if (epp->ep_emul_root != NULL) { 368 vrele(epp->ep_emul_root); 369 epp->ep_emul_root = NULL; 370 } 371 if (epp->ep_interp != NULL) { 372 vrele(epp->ep_interp); 373 epp->ep_interp = NULL; 374 } 375 376 /* make sure the first "interesting" error code is saved. */ 377 if (error == ENOEXEC) 378 error = newerror; 379 380 if (epp->ep_flags & EXEC_DESTR) 381 /* Error from "#!" code, tidied up by recursive call */ 382 return error; 383 } 384 385 /* not found, error */ 386 387 /* 388 * free any vmspace-creation commands, 389 * and release their references 390 */ 391 kill_vmcmds(&epp->ep_vmcmds); 392 393 bad2: 394 /* 395 * close and release the vnode, restore the old one, free the 396 * pathname buf, and punt. 397 */ 398 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 399 VOP_CLOSE(vp, FREAD, l->l_cred); 400 vput(vp); 401 PNBUF_PUT(ndp->ni_cnd.cn_pnbuf); 402 return error; 403 404 bad1: 405 /* 406 * free the namei pathname buffer, and put the vnode 407 * (which we don't yet have open). 408 */ 409 vput(vp); /* was still locked */ 410 PNBUF_PUT(ndp->ni_cnd.cn_pnbuf); 411 return error; 412 } 413 414 #ifdef __MACHINE_STACK_GROWS_UP 415 #define STACK_PTHREADSPACE NBPG 416 #else 417 #define STACK_PTHREADSPACE 0 418 #endif 419 420 static int 421 execve_fetch_element(char * const *array, size_t index, char **value) 422 { 423 return copyin(array + index, value, sizeof(*value)); 424 } 425 426 /* 427 * exec system call 428 */ 429 /* ARGSUSED */ 430 int 431 sys_execve(struct lwp *l, const struct sys_execve_args *uap, register_t *retval) 432 { 433 /* { 434 syscallarg(const char *) path; 435 syscallarg(char * const *) argp; 436 syscallarg(char * const *) envp; 437 } */ 438 439 return execve1(l, SCARG(uap, path), SCARG(uap, argp), 440 SCARG(uap, envp), execve_fetch_element); 441 } 442 443 /* 444 * Load modules to try and execute an image that we do not understand. 445 * If no execsw entries are present, we load those likely to be needed 446 * in order to run native images only. Otherwise, we autoload all 447 * possible modules that could let us run the binary. XXX lame 448 */ 449 static void 450 exec_autoload(void) 451 { 452 #ifdef MODULAR 453 static const char * const native[] = { 454 "exec_elf32", 455 "exec_elf64", 456 "exec_script", 457 NULL 458 }; 459 static const char * const compat[] = { 460 "exec_elf32", 461 "exec_elf64", 462 "exec_script", 463 "exec_aout", 464 "exec_coff", 465 "exec_ecoff", 466 "compat_aoutm68k", 467 "compat_freebsd", 468 "compat_ibcs2", 469 "compat_irix", 470 "compat_linux", 471 "compat_linux32", 472 "compat_netbsd32", 473 "compat_sunos", 474 "compat_sunos32", 475 "compat_svr4", 476 "compat_svr4_32", 477 "compat_ultrix", 478 NULL 479 }; 480 char const * const *list; 481 int i; 482 483 mutex_enter(&module_lock); 484 list = (nexecs == 0 ? native : compat); 485 for (i = 0; list[i] != NULL; i++) { 486 if (module_autoload(list[i], MODULE_CLASS_MISC) != 0) { 487 continue; 488 } 489 mutex_exit(&module_lock); 490 yield(); 491 mutex_enter(&module_lock); 492 } 493 mutex_exit(&module_lock); 494 #endif 495 } 496 497 int 498 execve1(struct lwp *l, const char *path, char * const *args, 499 char * const *envs, execve_fetch_element_t fetch_element) 500 { 501 int error; 502 struct exec_package pack; 503 struct nameidata nid; 504 struct vattr attr; 505 struct proc *p; 506 char *argp; 507 char *dp, *sp; 508 long argc, envc; 509 size_t i, len; 510 char *stack; 511 struct ps_strings arginfo; 512 struct ps_strings *aip = &arginfo; 513 struct vmspace *vm; 514 struct exec_fakearg *tmpfap; 515 int szsigcode; 516 struct exec_vmcmd *base_vcp; 517 int oldlwpflags; 518 ksiginfo_t ksi; 519 ksiginfoq_t kq; 520 char *pathbuf; 521 size_t pathbuflen; 522 u_int modgen; 523 524 p = l->l_proc; 525 modgen = 0; 526 527 /* 528 * Check if we have exceeded our number of processes limit. 529 * This is so that we handle the case where a root daemon 530 * forked, ran setuid to become the desired user and is trying 531 * to exec. The obvious place to do the reference counting check 532 * is setuid(), but we don't do the reference counting check there 533 * like other OS's do because then all the programs that use setuid() 534 * must be modified to check the return code of setuid() and exit(). 535 * It is dangerous to make setuid() fail, because it fails open and 536 * the program will continue to run as root. If we make it succeed 537 * and return an error code, again we are not enforcing the limit. 538 * The best place to enforce the limit is here, when the process tries 539 * to execute a new image, because eventually the process will need 540 * to call exec in order to do something useful. 541 */ 542 retry: 543 if ((p->p_flag & PK_SUGID) && kauth_authorize_generic(l->l_cred, 544 KAUTH_GENERIC_ISSUSER, NULL) != 0 && chgproccnt(kauth_cred_getuid( 545 l->l_cred), 0) > p->p_rlimit[RLIMIT_NPROC].rlim_cur) 546 return EAGAIN; 547 548 oldlwpflags = l->l_flag & (LW_SA | LW_SA_UPCALL); 549 if (l->l_flag & LW_SA) { 550 lwp_lock(l); 551 l->l_flag &= ~(LW_SA | LW_SA_UPCALL); 552 lwp_unlock(l); 553 } 554 555 /* 556 * Drain existing references and forbid new ones. The process 557 * should be left alone until we're done here. This is necessary 558 * to avoid race conditions - e.g. in ptrace() - that might allow 559 * a local user to illicitly obtain elevated privileges. 560 */ 561 rw_enter(&p->p_reflock, RW_WRITER); 562 563 base_vcp = NULL; 564 /* 565 * Init the namei data to point the file user's program name. 566 * This is done here rather than in check_exec(), so that it's 567 * possible to override this settings if any of makecmd/probe 568 * functions call check_exec() recursively - for example, 569 * see exec_script_makecmds(). 570 */ 571 pathbuf = PNBUF_GET(); 572 error = copyinstr(path, pathbuf, MAXPATHLEN, &pathbuflen); 573 if (error) { 574 DPRINTF(("execve: copyinstr path %d", error)); 575 goto clrflg; 576 } 577 578 NDINIT(&nid, LOOKUP, NOFOLLOW | TRYEMULROOT, UIO_SYSSPACE, pathbuf); 579 580 /* 581 * initialize the fields of the exec package. 582 */ 583 pack.ep_name = path; 584 pack.ep_hdr = kmem_alloc(exec_maxhdrsz, KM_SLEEP); 585 pack.ep_hdrlen = exec_maxhdrsz; 586 pack.ep_hdrvalid = 0; 587 pack.ep_ndp = &nid; 588 pack.ep_emul_arg = NULL; 589 pack.ep_vmcmds.evs_cnt = 0; 590 pack.ep_vmcmds.evs_used = 0; 591 pack.ep_vap = &attr; 592 pack.ep_flags = 0; 593 pack.ep_emul_root = NULL; 594 pack.ep_interp = NULL; 595 pack.ep_esch = NULL; 596 pack.ep_pax_flags = 0; 597 598 rw_enter(&exec_lock, RW_READER); 599 600 /* see if we can run it. */ 601 if ((error = check_exec(l, &pack)) != 0) { 602 if (error != ENOENT) { 603 DPRINTF(("execve: check exec failed %d\n", error)); 604 } 605 goto freehdr; 606 } 607 608 /* XXX -- THE FOLLOWING SECTION NEEDS MAJOR CLEANUP */ 609 610 /* allocate an argument buffer */ 611 argp = pool_get(&exec_pool, PR_WAITOK); 612 KASSERT(argp != NULL); 613 dp = argp; 614 argc = 0; 615 616 /* copy the fake args list, if there's one, freeing it as we go */ 617 if (pack.ep_flags & EXEC_HASARGL) { 618 tmpfap = pack.ep_fa; 619 while (tmpfap->fa_arg != NULL) { 620 const char *cp; 621 622 cp = tmpfap->fa_arg; 623 while (*cp) 624 *dp++ = *cp++; 625 *dp++ = '\0'; 626 627 kmem_free(tmpfap->fa_arg, tmpfap->fa_len); 628 tmpfap++; argc++; 629 } 630 kmem_free(pack.ep_fa, pack.ep_fa_len); 631 pack.ep_flags &= ~EXEC_HASARGL; 632 } 633 634 /* Now get argv & environment */ 635 if (args == NULL) { 636 DPRINTF(("execve: null args\n")); 637 error = EINVAL; 638 goto bad; 639 } 640 /* 'i' will index the argp/envp element to be retrieved */ 641 i = 0; 642 if (pack.ep_flags & EXEC_SKIPARG) 643 i++; 644 645 while (1) { 646 len = argp + ARG_MAX - dp; 647 if ((error = (*fetch_element)(args, i, &sp)) != 0) { 648 DPRINTF(("execve: fetch_element args %d\n", error)); 649 goto bad; 650 } 651 if (!sp) 652 break; 653 if ((error = copyinstr(sp, dp, len, &len)) != 0) { 654 DPRINTF(("execve: copyinstr args %d\n", error)); 655 if (error == ENAMETOOLONG) 656 error = E2BIG; 657 goto bad; 658 } 659 ktrexecarg(dp, len - 1); 660 dp += len; 661 i++; 662 argc++; 663 } 664 665 envc = 0; 666 /* environment need not be there */ 667 if (envs != NULL) { 668 i = 0; 669 while (1) { 670 len = argp + ARG_MAX - dp; 671 if ((error = (*fetch_element)(envs, i, &sp)) != 0) { 672 DPRINTF(("execve: fetch_element env %d\n", error)); 673 goto bad; 674 } 675 if (!sp) 676 break; 677 if ((error = copyinstr(sp, dp, len, &len)) != 0) { 678 DPRINTF(("execve: copyinstr env %d\n", error)); 679 if (error == ENAMETOOLONG) 680 error = E2BIG; 681 goto bad; 682 } 683 ktrexecenv(dp, len - 1); 684 dp += len; 685 i++; 686 envc++; 687 } 688 } 689 690 dp = (char *) ALIGN(dp); 691 692 szsigcode = pack.ep_esch->es_emul->e_esigcode - 693 pack.ep_esch->es_emul->e_sigcode; 694 695 #ifdef __MACHINE_STACK_GROWS_UP 696 /* See big comment lower down */ 697 #define RTLD_GAP 32 698 #else 699 #define RTLD_GAP 0 700 #endif 701 702 /* Now check if args & environ fit into new stack */ 703 if (pack.ep_flags & EXEC_32) 704 len = ((argc + envc + 2 + pack.ep_esch->es_arglen) * 705 sizeof(int) + sizeof(int) + dp + RTLD_GAP + 706 szsigcode + sizeof(struct ps_strings) + STACK_PTHREADSPACE) 707 - argp; 708 else 709 len = ((argc + envc + 2 + pack.ep_esch->es_arglen) * 710 sizeof(char *) + sizeof(int) + dp + RTLD_GAP + 711 szsigcode + sizeof(struct ps_strings) + STACK_PTHREADSPACE) 712 - argp; 713 714 #ifdef PAX_ASLR 715 if (pax_aslr_active(l)) 716 len += (arc4random() % PAGE_SIZE); 717 #endif /* PAX_ASLR */ 718 719 #ifdef STACKLALIGN /* arm, etc. */ 720 len = STACKALIGN(len); /* make the stack "safely" aligned */ 721 #else 722 len = ALIGN(len); /* make the stack "safely" aligned */ 723 #endif 724 725 if (len > pack.ep_ssize) { /* in effect, compare to initial limit */ 726 DPRINTF(("execve: stack limit exceeded %zu\n", len)); 727 error = ENOMEM; 728 goto bad; 729 } 730 731 /* Get rid of other LWPs. */ 732 if (p->p_sa || p->p_nlwps > 1) { 733 mutex_enter(p->p_lock); 734 exit_lwps(l); 735 mutex_exit(p->p_lock); 736 } 737 KDASSERT(p->p_nlwps == 1); 738 739 /* Destroy any lwpctl info. */ 740 if (p->p_lwpctl != NULL) 741 lwp_ctl_exit(); 742 743 /* This is now LWP 1 */ 744 l->l_lid = 1; 745 p->p_nlwpid = 1; 746 747 #ifdef KERN_SA 748 /* Release any SA state. */ 749 if (p->p_sa) 750 sa_release(p); 751 #endif /* KERN_SA */ 752 753 /* Remove POSIX timers */ 754 timers_free(p, TIMERS_POSIX); 755 756 /* adjust "active stack depth" for process VSZ */ 757 pack.ep_ssize = len; /* maybe should go elsewhere, but... */ 758 759 /* 760 * Do whatever is necessary to prepare the address space 761 * for remapping. Note that this might replace the current 762 * vmspace with another! 763 */ 764 uvmspace_exec(l, pack.ep_vm_minaddr, pack.ep_vm_maxaddr); 765 766 /* record proc's vnode, for use by procfs and others */ 767 if (p->p_textvp) 768 vrele(p->p_textvp); 769 VREF(pack.ep_vp); 770 p->p_textvp = pack.ep_vp; 771 772 /* Now map address space */ 773 vm = p->p_vmspace; 774 vm->vm_taddr = (void *)pack.ep_taddr; 775 vm->vm_tsize = btoc(pack.ep_tsize); 776 vm->vm_daddr = (void*)pack.ep_daddr; 777 vm->vm_dsize = btoc(pack.ep_dsize); 778 vm->vm_ssize = btoc(pack.ep_ssize); 779 vm->vm_maxsaddr = (void *)pack.ep_maxsaddr; 780 vm->vm_minsaddr = (void *)pack.ep_minsaddr; 781 782 #ifdef PAX_ASLR 783 pax_aslr_init(l, vm); 784 #endif /* PAX_ASLR */ 785 786 /* create the new process's VM space by running the vmcmds */ 787 #ifdef DIAGNOSTIC 788 if (pack.ep_vmcmds.evs_used == 0) 789 panic("execve: no vmcmds"); 790 #endif 791 for (i = 0; i < pack.ep_vmcmds.evs_used && !error; i++) { 792 struct exec_vmcmd *vcp; 793 794 vcp = &pack.ep_vmcmds.evs_cmds[i]; 795 if (vcp->ev_flags & VMCMD_RELATIVE) { 796 #ifdef DIAGNOSTIC 797 if (base_vcp == NULL) 798 panic("execve: relative vmcmd with no base"); 799 if (vcp->ev_flags & VMCMD_BASE) 800 panic("execve: illegal base & relative vmcmd"); 801 #endif 802 vcp->ev_addr += base_vcp->ev_addr; 803 } 804 error = (*vcp->ev_proc)(l, vcp); 805 #ifdef DEBUG_EXEC 806 if (error) { 807 size_t j; 808 struct exec_vmcmd *vp = &pack.ep_vmcmds.evs_cmds[0]; 809 for (j = 0; j <= i; j++) 810 uprintf( 811 "vmcmd[%zu] = %#lx/%#lx fd@%#lx prot=0%o flags=%d\n", 812 j, vp[j].ev_addr, vp[j].ev_len, 813 vp[j].ev_offset, vp[j].ev_prot, 814 vp[j].ev_flags); 815 } 816 #endif /* DEBUG_EXEC */ 817 if (vcp->ev_flags & VMCMD_BASE) 818 base_vcp = vcp; 819 } 820 821 /* free the vmspace-creation commands, and release their references */ 822 kill_vmcmds(&pack.ep_vmcmds); 823 824 vn_lock(pack.ep_vp, LK_EXCLUSIVE | LK_RETRY); 825 VOP_CLOSE(pack.ep_vp, FREAD, l->l_cred); 826 vput(pack.ep_vp); 827 828 /* if an error happened, deallocate and punt */ 829 if (error) { 830 DPRINTF(("execve: vmcmd %zu failed: %d\n", i - 1, error)); 831 goto exec_abort; 832 } 833 834 /* remember information about the process */ 835 arginfo.ps_nargvstr = argc; 836 arginfo.ps_nenvstr = envc; 837 838 /* set command name & other accounting info */ 839 i = min(nid.ni_cnd.cn_namelen, MAXCOMLEN); 840 (void)memcpy(p->p_comm, nid.ni_cnd.cn_nameptr, i); 841 p->p_comm[i] = '\0'; 842 843 dp = PNBUF_GET(); 844 /* 845 * If the path starts with /, we don't need to do any work. 846 * This handles the majority of the cases. 847 * In the future perhaps we could canonicalize it? 848 */ 849 if (pathbuf[0] == '/') 850 (void)strlcpy(pack.ep_path = dp, pathbuf, MAXPATHLEN); 851 #ifdef notyet 852 /* 853 * Although this works most of the time [since the entry was just 854 * entered in the cache] we don't use it because it theoretically 855 * can fail and it is not the cleanest interface, because there 856 * could be races. When the namei cache is re-written, this can 857 * be changed to use the appropriate function. 858 */ 859 else if (!(error = vnode_to_path(dp, MAXPATHLEN, p->p_textvp, l, p))) 860 pack.ep_path = dp; 861 #endif 862 else { 863 #ifdef notyet 864 printf("Cannot get path for pid %d [%s] (error %d)", 865 (int)p->p_pid, p->p_comm, error); 866 #endif 867 pack.ep_path = NULL; 868 PNBUF_PUT(dp); 869 } 870 871 stack = (char *)STACK_ALLOC(STACK_GROW(vm->vm_minsaddr, 872 STACK_PTHREADSPACE + sizeof(struct ps_strings) + szsigcode), 873 len - (sizeof(struct ps_strings) + szsigcode)); 874 875 #ifdef __MACHINE_STACK_GROWS_UP 876 /* 877 * The copyargs call always copies into lower addresses 878 * first, moving towards higher addresses, starting with 879 * the stack pointer that we give. When the stack grows 880 * down, this puts argc/argv/envp very shallow on the 881 * stack, right at the first user stack pointer. 882 * When the stack grows up, the situation is reversed. 883 * 884 * Normally, this is no big deal. But the ld_elf.so _rtld() 885 * function expects to be called with a single pointer to 886 * a region that has a few words it can stash values into, 887 * followed by argc/argv/envp. When the stack grows down, 888 * it's easy to decrement the stack pointer a little bit to 889 * allocate the space for these few words and pass the new 890 * stack pointer to _rtld. When the stack grows up, however, 891 * a few words before argc is part of the signal trampoline, XXX 892 * so we have a problem. 893 * 894 * Instead of changing how _rtld works, we take the easy way 895 * out and steal 32 bytes before we call copyargs. 896 * This extra space was allowed for when 'len' was calculated. 897 */ 898 stack += RTLD_GAP; 899 #endif /* __MACHINE_STACK_GROWS_UP */ 900 901 /* Now copy argc, args & environ to new stack */ 902 error = (*pack.ep_esch->es_copyargs)(l, &pack, &arginfo, &stack, argp); 903 if (pack.ep_path) { 904 PNBUF_PUT(pack.ep_path); 905 pack.ep_path = NULL; 906 } 907 if (error) { 908 DPRINTF(("execve: copyargs failed %d\n", error)); 909 goto exec_abort; 910 } 911 /* Move the stack back to original point */ 912 stack = (char *)STACK_GROW(vm->vm_minsaddr, len); 913 914 /* fill process ps_strings info */ 915 p->p_psstr = (struct ps_strings *) 916 STACK_ALLOC(STACK_GROW(vm->vm_minsaddr, STACK_PTHREADSPACE), 917 sizeof(struct ps_strings)); 918 p->p_psargv = offsetof(struct ps_strings, ps_argvstr); 919 p->p_psnargv = offsetof(struct ps_strings, ps_nargvstr); 920 p->p_psenv = offsetof(struct ps_strings, ps_envstr); 921 p->p_psnenv = offsetof(struct ps_strings, ps_nenvstr); 922 923 /* copy out the process's ps_strings structure */ 924 if ((error = copyout(aip, (char *)p->p_psstr, 925 sizeof(arginfo))) != 0) { 926 DPRINTF(("execve: ps_strings copyout %p->%p size %ld failed\n", 927 aip, (char *)p->p_psstr, (long)sizeof(arginfo))); 928 goto exec_abort; 929 } 930 931 fd_closeexec(); /* handle close on exec */ 932 execsigs(p); /* reset catched signals */ 933 934 l->l_ctxlink = NULL; /* reset ucontext link */ 935 936 937 p->p_acflag &= ~AFORK; 938 mutex_enter(p->p_lock); 939 p->p_flag |= PK_EXEC; 940 mutex_exit(p->p_lock); 941 942 /* 943 * Stop profiling. 944 */ 945 if ((p->p_stflag & PST_PROFIL) != 0) { 946 mutex_spin_enter(&p->p_stmutex); 947 stopprofclock(p); 948 mutex_spin_exit(&p->p_stmutex); 949 } 950 951 /* 952 * It's OK to test PL_PPWAIT unlocked here, as other LWPs have 953 * exited and exec()/exit() are the only places it will be cleared. 954 */ 955 if ((p->p_lflag & PL_PPWAIT) != 0) { 956 mutex_enter(proc_lock); 957 p->p_lflag &= ~PL_PPWAIT; 958 cv_broadcast(&p->p_pptr->p_waitcv); 959 mutex_exit(proc_lock); 960 } 961 962 /* 963 * Deal with set[ug]id. MNT_NOSUID has already been used to disable 964 * s[ug]id. It's OK to check for PSL_TRACED here as we have blocked 965 * out additional references on the process for the moment. 966 */ 967 if ((p->p_slflag & PSL_TRACED) == 0 && 968 969 (((attr.va_mode & S_ISUID) != 0 && 970 kauth_cred_geteuid(l->l_cred) != attr.va_uid) || 971 972 ((attr.va_mode & S_ISGID) != 0 && 973 kauth_cred_getegid(l->l_cred) != attr.va_gid))) { 974 /* 975 * Mark the process as SUGID before we do 976 * anything that might block. 977 */ 978 proc_crmod_enter(); 979 proc_crmod_leave(NULL, NULL, true); 980 981 /* Make sure file descriptors 0..2 are in use. */ 982 if ((error = fd_checkstd()) != 0) { 983 DPRINTF(("execve: fdcheckstd failed %d\n", error)); 984 goto exec_abort; 985 } 986 987 /* 988 * Copy the credential so other references don't see our 989 * changes. 990 */ 991 l->l_cred = kauth_cred_copy(l->l_cred); 992 #ifdef KTRACE 993 /* 994 * If the persistent trace flag isn't set, turn off. 995 */ 996 if (p->p_tracep) { 997 mutex_enter(&ktrace_lock); 998 if (!(p->p_traceflag & KTRFAC_PERSISTENT)) 999 ktrderef(p); 1000 mutex_exit(&ktrace_lock); 1001 } 1002 #endif 1003 if (attr.va_mode & S_ISUID) 1004 kauth_cred_seteuid(l->l_cred, attr.va_uid); 1005 if (attr.va_mode & S_ISGID) 1006 kauth_cred_setegid(l->l_cred, attr.va_gid); 1007 } else { 1008 if (kauth_cred_geteuid(l->l_cred) == 1009 kauth_cred_getuid(l->l_cred) && 1010 kauth_cred_getegid(l->l_cred) == 1011 kauth_cred_getgid(l->l_cred)) 1012 p->p_flag &= ~PK_SUGID; 1013 } 1014 1015 /* 1016 * Copy the credential so other references don't see our changes. 1017 * Test to see if this is necessary first, since in the common case 1018 * we won't need a private reference. 1019 */ 1020 if (kauth_cred_geteuid(l->l_cred) != kauth_cred_getsvuid(l->l_cred) || 1021 kauth_cred_getegid(l->l_cred) != kauth_cred_getsvgid(l->l_cred)) { 1022 l->l_cred = kauth_cred_copy(l->l_cred); 1023 kauth_cred_setsvuid(l->l_cred, kauth_cred_geteuid(l->l_cred)); 1024 kauth_cred_setsvgid(l->l_cred, kauth_cred_getegid(l->l_cred)); 1025 } 1026 1027 /* Update the master credentials. */ 1028 if (l->l_cred != p->p_cred) { 1029 kauth_cred_t ocred; 1030 1031 kauth_cred_hold(l->l_cred); 1032 mutex_enter(p->p_lock); 1033 ocred = p->p_cred; 1034 p->p_cred = l->l_cred; 1035 mutex_exit(p->p_lock); 1036 kauth_cred_free(ocred); 1037 } 1038 1039 #if defined(__HAVE_RAS) 1040 /* 1041 * Remove all RASs from the address space. 1042 */ 1043 ras_purgeall(); 1044 #endif 1045 1046 doexechooks(p); 1047 1048 /* setup new registers and do misc. setup. */ 1049 (*pack.ep_esch->es_emul->e_setregs)(l, &pack, (u_long) stack); 1050 if (pack.ep_esch->es_setregs) 1051 (*pack.ep_esch->es_setregs)(l, &pack, (u_long) stack); 1052 1053 /* map the process's signal trampoline code */ 1054 if (exec_sigcode_map(p, pack.ep_esch->es_emul)) { 1055 DPRINTF(("execve: map sigcode failed %d\n", error)); 1056 goto exec_abort; 1057 } 1058 1059 pool_put(&exec_pool, argp); 1060 1061 PNBUF_PUT(nid.ni_cnd.cn_pnbuf); 1062 1063 /* notify others that we exec'd */ 1064 KNOTE(&p->p_klist, NOTE_EXEC); 1065 1066 kmem_free(pack.ep_hdr, pack.ep_hdrlen); 1067 1068 /* The emulation root will usually have been found when we looked 1069 * for the elf interpreter (or similar), if not look now. */ 1070 if (pack.ep_esch->es_emul->e_path != NULL && pack.ep_emul_root == NULL) 1071 emul_find_root(l, &pack); 1072 1073 /* Any old emulation root got removed by fdcloseexec */ 1074 rw_enter(&p->p_cwdi->cwdi_lock, RW_WRITER); 1075 p->p_cwdi->cwdi_edir = pack.ep_emul_root; 1076 rw_exit(&p->p_cwdi->cwdi_lock); 1077 pack.ep_emul_root = NULL; 1078 if (pack.ep_interp != NULL) 1079 vrele(pack.ep_interp); 1080 1081 /* 1082 * Call emulation specific exec hook. This can setup per-process 1083 * p->p_emuldata or do any other per-process stuff an emulation needs. 1084 * 1085 * If we are executing process of different emulation than the 1086 * original forked process, call e_proc_exit() of the old emulation 1087 * first, then e_proc_exec() of new emulation. If the emulation is 1088 * same, the exec hook code should deallocate any old emulation 1089 * resources held previously by this process. 1090 */ 1091 if (p->p_emul && p->p_emul->e_proc_exit 1092 && p->p_emul != pack.ep_esch->es_emul) 1093 (*p->p_emul->e_proc_exit)(p); 1094 1095 /* 1096 * Call exec hook. Emulation code may NOT store reference to anything 1097 * from &pack. 1098 */ 1099 if (pack.ep_esch->es_emul->e_proc_exec) 1100 (*pack.ep_esch->es_emul->e_proc_exec)(p, &pack); 1101 1102 /* update p_emul, the old value is no longer needed */ 1103 p->p_emul = pack.ep_esch->es_emul; 1104 1105 /* ...and the same for p_execsw */ 1106 p->p_execsw = pack.ep_esch; 1107 1108 #ifdef __HAVE_SYSCALL_INTERN 1109 (*p->p_emul->e_syscall_intern)(p); 1110 #endif 1111 ktremul(); 1112 1113 /* Allow new references from the debugger/procfs. */ 1114 rw_exit(&p->p_reflock); 1115 rw_exit(&exec_lock); 1116 1117 mutex_enter(proc_lock); 1118 1119 if ((p->p_slflag & (PSL_TRACED|PSL_SYSCALL)) == PSL_TRACED) { 1120 KSI_INIT_EMPTY(&ksi); 1121 ksi.ksi_signo = SIGTRAP; 1122 ksi.ksi_lid = l->l_lid; 1123 kpsignal(p, &ksi, NULL); 1124 } 1125 1126 if (p->p_sflag & PS_STOPEXEC) { 1127 KERNEL_UNLOCK_ALL(l, &l->l_biglocks); 1128 p->p_pptr->p_nstopchild++; 1129 p->p_pptr->p_waited = 0; 1130 mutex_enter(p->p_lock); 1131 ksiginfo_queue_init(&kq); 1132 sigclearall(p, &contsigmask, &kq); 1133 lwp_lock(l); 1134 l->l_stat = LSSTOP; 1135 p->p_stat = SSTOP; 1136 p->p_nrlwps--; 1137 mutex_exit(p->p_lock); 1138 mutex_exit(proc_lock); 1139 mi_switch(l); 1140 ksiginfo_queue_drain(&kq); 1141 KERNEL_LOCK(l->l_biglocks, l); 1142 } else { 1143 mutex_exit(proc_lock); 1144 } 1145 1146 PNBUF_PUT(pathbuf); 1147 return (EJUSTRETURN); 1148 1149 bad: 1150 /* free the vmspace-creation commands, and release their references */ 1151 kill_vmcmds(&pack.ep_vmcmds); 1152 /* kill any opened file descriptor, if necessary */ 1153 if (pack.ep_flags & EXEC_HASFD) { 1154 pack.ep_flags &= ~EXEC_HASFD; 1155 fd_close(pack.ep_fd); 1156 } 1157 /* close and put the exec'd file */ 1158 vn_lock(pack.ep_vp, LK_EXCLUSIVE | LK_RETRY); 1159 VOP_CLOSE(pack.ep_vp, FREAD, l->l_cred); 1160 vput(pack.ep_vp); 1161 PNBUF_PUT(nid.ni_cnd.cn_pnbuf); 1162 pool_put(&exec_pool, argp); 1163 1164 freehdr: 1165 kmem_free(pack.ep_hdr, pack.ep_hdrlen); 1166 if (pack.ep_emul_root != NULL) 1167 vrele(pack.ep_emul_root); 1168 if (pack.ep_interp != NULL) 1169 vrele(pack.ep_interp); 1170 1171 rw_exit(&exec_lock); 1172 1173 clrflg: 1174 lwp_lock(l); 1175 l->l_flag |= oldlwpflags; 1176 lwp_unlock(l); 1177 PNBUF_PUT(pathbuf); 1178 rw_exit(&p->p_reflock); 1179 1180 if (modgen != module_gen && error == ENOEXEC) { 1181 modgen = module_gen; 1182 exec_autoload(); 1183 goto retry; 1184 } 1185 1186 return error; 1187 1188 exec_abort: 1189 PNBUF_PUT(pathbuf); 1190 rw_exit(&p->p_reflock); 1191 rw_exit(&exec_lock); 1192 1193 /* 1194 * the old process doesn't exist anymore. exit gracefully. 1195 * get rid of the (new) address space we have created, if any, get rid 1196 * of our namei data and vnode, and exit noting failure 1197 */ 1198 uvm_deallocate(&vm->vm_map, VM_MIN_ADDRESS, 1199 VM_MAXUSER_ADDRESS - VM_MIN_ADDRESS); 1200 if (pack.ep_emul_arg) 1201 free(pack.ep_emul_arg, M_TEMP); 1202 PNBUF_PUT(nid.ni_cnd.cn_pnbuf); 1203 pool_put(&exec_pool, argp); 1204 kmem_free(pack.ep_hdr, pack.ep_hdrlen); 1205 if (pack.ep_emul_root != NULL) 1206 vrele(pack.ep_emul_root); 1207 if (pack.ep_interp != NULL) 1208 vrele(pack.ep_interp); 1209 1210 /* Acquire the sched-state mutex (exit1() will release it). */ 1211 mutex_enter(p->p_lock); 1212 exit1(l, W_EXITCODE(error, SIGABRT)); 1213 1214 /* NOTREACHED */ 1215 return 0; 1216 } 1217 1218 1219 int 1220 copyargs(struct lwp *l, struct exec_package *pack, struct ps_strings *arginfo, 1221 char **stackp, void *argp) 1222 { 1223 char **cpp, *dp, *sp; 1224 size_t len; 1225 void *nullp; 1226 long argc, envc; 1227 int error; 1228 1229 cpp = (char **)*stackp; 1230 nullp = NULL; 1231 argc = arginfo->ps_nargvstr; 1232 envc = arginfo->ps_nenvstr; 1233 if ((error = copyout(&argc, cpp++, sizeof(argc))) != 0) 1234 return error; 1235 1236 dp = (char *) (cpp + argc + envc + 2 + pack->ep_esch->es_arglen); 1237 sp = argp; 1238 1239 /* XXX don't copy them out, remap them! */ 1240 arginfo->ps_argvstr = cpp; /* remember location of argv for later */ 1241 1242 for (; --argc >= 0; sp += len, dp += len) 1243 if ((error = copyout(&dp, cpp++, sizeof(dp))) != 0 || 1244 (error = copyoutstr(sp, dp, ARG_MAX, &len)) != 0) 1245 return error; 1246 1247 if ((error = copyout(&nullp, cpp++, sizeof(nullp))) != 0) 1248 return error; 1249 1250 arginfo->ps_envstr = cpp; /* remember location of envp for later */ 1251 1252 for (; --envc >= 0; sp += len, dp += len) 1253 if ((error = copyout(&dp, cpp++, sizeof(dp))) != 0 || 1254 (error = copyoutstr(sp, dp, ARG_MAX, &len)) != 0) 1255 return error; 1256 1257 if ((error = copyout(&nullp, cpp++, sizeof(nullp))) != 0) 1258 return error; 1259 1260 *stackp = (char *)cpp; 1261 return 0; 1262 } 1263 1264 1265 /* 1266 * Add execsw[] entries. 1267 */ 1268 int 1269 exec_add(struct execsw *esp, int count) 1270 { 1271 struct exec_entry *it; 1272 int i; 1273 1274 if (count == 0) { 1275 return 0; 1276 } 1277 1278 /* Check for duplicates. */ 1279 rw_enter(&exec_lock, RW_WRITER); 1280 for (i = 0; i < count; i++) { 1281 LIST_FOREACH(it, &ex_head, ex_list) { 1282 /* assume unique (makecmds, probe_func, emulation) */ 1283 if (it->ex_sw->es_makecmds == esp[i].es_makecmds && 1284 it->ex_sw->u.elf_probe_func == 1285 esp[i].u.elf_probe_func && 1286 it->ex_sw->es_emul == esp[i].es_emul) { 1287 rw_exit(&exec_lock); 1288 return EEXIST; 1289 } 1290 } 1291 } 1292 1293 /* Allocate new entries. */ 1294 for (i = 0; i < count; i++) { 1295 it = kmem_alloc(sizeof(*it), KM_SLEEP); 1296 it->ex_sw = &esp[i]; 1297 LIST_INSERT_HEAD(&ex_head, it, ex_list); 1298 } 1299 1300 /* update execsw[] */ 1301 exec_init(0); 1302 rw_exit(&exec_lock); 1303 return 0; 1304 } 1305 1306 /* 1307 * Remove execsw[] entry. 1308 */ 1309 int 1310 exec_remove(struct execsw *esp, int count) 1311 { 1312 struct exec_entry *it, *next; 1313 int i; 1314 const struct proclist_desc *pd; 1315 proc_t *p; 1316 1317 if (count == 0) { 1318 return 0; 1319 } 1320 1321 /* Abort if any are busy. */ 1322 rw_enter(&exec_lock, RW_WRITER); 1323 for (i = 0; i < count; i++) { 1324 mutex_enter(proc_lock); 1325 for (pd = proclists; pd->pd_list != NULL; pd++) { 1326 PROCLIST_FOREACH(p, pd->pd_list) { 1327 if (p->p_execsw == &esp[i]) { 1328 mutex_exit(proc_lock); 1329 rw_exit(&exec_lock); 1330 return EBUSY; 1331 } 1332 } 1333 } 1334 mutex_exit(proc_lock); 1335 } 1336 1337 /* None are busy, so remove them all. */ 1338 for (i = 0; i < count; i++) { 1339 for (it = LIST_FIRST(&ex_head); it != NULL; it = next) { 1340 next = LIST_NEXT(it, ex_list); 1341 if (it->ex_sw == &esp[i]) { 1342 LIST_REMOVE(it, ex_list); 1343 kmem_free(it, sizeof(*it)); 1344 break; 1345 } 1346 } 1347 } 1348 1349 /* update execsw[] */ 1350 exec_init(0); 1351 rw_exit(&exec_lock); 1352 return 0; 1353 } 1354 1355 /* 1356 * Initialize exec structures. If init_boot is true, also does necessary 1357 * one-time initialization (it's called from main() that way). 1358 * Once system is multiuser, this should be called with exec_lock held, 1359 * i.e. via exec_{add|remove}(). 1360 */ 1361 int 1362 exec_init(int init_boot) 1363 { 1364 const struct execsw **sw; 1365 struct exec_entry *ex; 1366 SLIST_HEAD(,exec_entry) first; 1367 SLIST_HEAD(,exec_entry) any; 1368 SLIST_HEAD(,exec_entry) last; 1369 int i, sz; 1370 1371 if (init_boot) { 1372 /* do one-time initializations */ 1373 rw_init(&exec_lock); 1374 mutex_init(&sigobject_lock, MUTEX_DEFAULT, IPL_NONE); 1375 pool_init(&exec_pool, NCARGS, 0, 0, PR_NOALIGN|PR_NOTOUCH, 1376 "execargs", &exec_palloc, IPL_NONE); 1377 pool_sethardlimit(&exec_pool, maxexec, "should not happen", 0); 1378 } else { 1379 KASSERT(rw_write_held(&exec_lock)); 1380 } 1381 1382 /* Sort each entry onto the appropriate queue. */ 1383 SLIST_INIT(&first); 1384 SLIST_INIT(&any); 1385 SLIST_INIT(&last); 1386 sz = 0; 1387 LIST_FOREACH(ex, &ex_head, ex_list) { 1388 switch(ex->ex_sw->es_prio) { 1389 case EXECSW_PRIO_FIRST: 1390 SLIST_INSERT_HEAD(&first, ex, ex_slist); 1391 break; 1392 case EXECSW_PRIO_ANY: 1393 SLIST_INSERT_HEAD(&any, ex, ex_slist); 1394 break; 1395 case EXECSW_PRIO_LAST: 1396 SLIST_INSERT_HEAD(&last, ex, ex_slist); 1397 break; 1398 default: 1399 panic("exec_init"); 1400 break; 1401 } 1402 sz++; 1403 } 1404 1405 /* 1406 * Create new execsw[]. Ensure we do not try a zero-sized 1407 * allocation. 1408 */ 1409 sw = kmem_alloc(sz * sizeof(struct execsw *) + 1, KM_SLEEP); 1410 i = 0; 1411 SLIST_FOREACH(ex, &first, ex_slist) { 1412 sw[i++] = ex->ex_sw; 1413 } 1414 SLIST_FOREACH(ex, &any, ex_slist) { 1415 sw[i++] = ex->ex_sw; 1416 } 1417 SLIST_FOREACH(ex, &last, ex_slist) { 1418 sw[i++] = ex->ex_sw; 1419 } 1420 1421 /* Replace old execsw[] and free used memory. */ 1422 if (execsw != NULL) { 1423 kmem_free(__UNCONST(execsw), 1424 nexecs * sizeof(struct execsw *) + 1); 1425 } 1426 execsw = sw; 1427 nexecs = sz; 1428 1429 /* Figure out the maximum size of an exec header. */ 1430 exec_maxhdrsz = sizeof(int); 1431 for (i = 0; i < nexecs; i++) { 1432 if (execsw[i]->es_hdrsz > exec_maxhdrsz) 1433 exec_maxhdrsz = execsw[i]->es_hdrsz; 1434 } 1435 1436 return 0; 1437 } 1438 1439 static int 1440 exec_sigcode_map(struct proc *p, const struct emul *e) 1441 { 1442 vaddr_t va; 1443 vsize_t sz; 1444 int error; 1445 struct uvm_object *uobj; 1446 1447 sz = (vaddr_t)e->e_esigcode - (vaddr_t)e->e_sigcode; 1448 1449 if (e->e_sigobject == NULL || sz == 0) { 1450 return 0; 1451 } 1452 1453 /* 1454 * If we don't have a sigobject for this emulation, create one. 1455 * 1456 * sigobject is an anonymous memory object (just like SYSV shared 1457 * memory) that we keep a permanent reference to and that we map 1458 * in all processes that need this sigcode. The creation is simple, 1459 * we create an object, add a permanent reference to it, map it in 1460 * kernel space, copy out the sigcode to it and unmap it. 1461 * We map it with PROT_READ|PROT_EXEC into the process just 1462 * the way sys_mmap() would map it. 1463 */ 1464 1465 uobj = *e->e_sigobject; 1466 if (uobj == NULL) { 1467 mutex_enter(&sigobject_lock); 1468 if ((uobj = *e->e_sigobject) == NULL) { 1469 uobj = uao_create(sz, 0); 1470 (*uobj->pgops->pgo_reference)(uobj); 1471 va = vm_map_min(kernel_map); 1472 if ((error = uvm_map(kernel_map, &va, round_page(sz), 1473 uobj, 0, 0, 1474 UVM_MAPFLAG(UVM_PROT_RW, UVM_PROT_RW, 1475 UVM_INH_SHARE, UVM_ADV_RANDOM, 0)))) { 1476 printf("kernel mapping failed %d\n", error); 1477 (*uobj->pgops->pgo_detach)(uobj); 1478 mutex_exit(&sigobject_lock); 1479 return (error); 1480 } 1481 memcpy((void *)va, e->e_sigcode, sz); 1482 #ifdef PMAP_NEED_PROCWR 1483 pmap_procwr(&proc0, va, sz); 1484 #endif 1485 uvm_unmap(kernel_map, va, va + round_page(sz)); 1486 *e->e_sigobject = uobj; 1487 } 1488 mutex_exit(&sigobject_lock); 1489 } 1490 1491 /* Just a hint to uvm_map where to put it. */ 1492 va = e->e_vm_default_addr(p, (vaddr_t)p->p_vmspace->vm_daddr, 1493 round_page(sz)); 1494 1495 #ifdef __alpha__ 1496 /* 1497 * Tru64 puts /sbin/loader at the end of user virtual memory, 1498 * which causes the above calculation to put the sigcode at 1499 * an invalid address. Put it just below the text instead. 1500 */ 1501 if (va == (vaddr_t)vm_map_max(&p->p_vmspace->vm_map)) { 1502 va = (vaddr_t)p->p_vmspace->vm_taddr - round_page(sz); 1503 } 1504 #endif 1505 1506 (*uobj->pgops->pgo_reference)(uobj); 1507 error = uvm_map(&p->p_vmspace->vm_map, &va, round_page(sz), 1508 uobj, 0, 0, 1509 UVM_MAPFLAG(UVM_PROT_RX, UVM_PROT_RX, UVM_INH_SHARE, 1510 UVM_ADV_RANDOM, 0)); 1511 if (error) { 1512 (*uobj->pgops->pgo_detach)(uobj); 1513 return (error); 1514 } 1515 p->p_sigctx.ps_sigcode = (void *)va; 1516 return (0); 1517 } 1518
Indexes created Sun Sep 21 20:09:37 GMT 2025