kern_exec.c revision 1.288 1 /* $NetBSD: kern_exec.c,v 1.288 2009/03/29 01:02:50 mrg Exp $ */
2
3 /*-
4 * Copyright (c) 2008 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
18 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
20 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26 * POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 /*-
30 * Copyright (C) 1993, 1994, 1996 Christopher G. Demetriou
31 * Copyright (C) 1992 Wolfgang Solfrank.
32 * Copyright (C) 1992 TooLs GmbH.
33 * All rights reserved.
34 *
35 * Redistribution and use in source and binary forms, with or without
36 * modification, are permitted provided that the following conditions
37 * are met:
38 * 1. Redistributions of source code must retain the above copyright
39 * notice, this list of conditions and the following disclaimer.
40 * 2. Redistributions in binary form must reproduce the above copyright
41 * notice, this list of conditions and the following disclaimer in the
42 * documentation and/or other materials provided with the distribution.
43 * 3. All advertising materials mentioning features or use of this software
44 * must display the following acknowledgement:
45 * This product includes software developed by TooLs GmbH.
46 * 4. The name of TooLs GmbH may not be used to endorse or promote products
47 * derived from this software without specific prior written permission.
48 *
49 * THIS SOFTWARE IS PROVIDED BY TOOLS GMBH ``AS IS'' AND ANY EXPRESS OR
50 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
51 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
52 * IN NO EVENT SHALL TOOLS GMBH BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
53 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
54 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
55 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
56 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
57 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
58 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
59 */
60
61 #include <sys/cdefs.h>
62 __KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.288 2009/03/29 01:02:50 mrg Exp $");
63
64 #include "opt_ktrace.h"
65 #include "opt_modular.h"
66 #include "opt_syscall_debug.h"
67 #include "veriexec.h"
68 #include "opt_pax.h"
69 #include "opt_sa.h"
70
71 #include <sys/param.h>
72 #include <sys/systm.h>
73 #include <sys/filedesc.h>
74 #include <sys/kernel.h>
75 #include <sys/proc.h>
76 #include <sys/mount.h>
77 #include <sys/malloc.h>
78 #include <sys/kmem.h>
79 #include <sys/namei.h>
80 #include <sys/vnode.h>
81 #include <sys/file.h>
82 #include <sys/acct.h>
83 #include <sys/exec.h>
84 #include <sys/ktrace.h>
85 #include <sys/uidinfo.h>
86 #include <sys/wait.h>
87 #include <sys/mman.h>
88 #include <sys/ras.h>
89 #include <sys/signalvar.h>
90 #include <sys/stat.h>
91 #include <sys/syscall.h>
92 #include <sys/kauth.h>
93 #include <sys/lwpctl.h>
94 #include <sys/pax.h>
95 #include <sys/cpu.h>
96 #include <sys/module.h>
97 #include <sys/sa.h>
98 #include <sys/savar.h>
99 #include <sys/syscallargs.h>
100 #if NVERIEXEC > 0
101 #include <sys/verified_exec.h>
102 #endif /* NVERIEXEC > 0 */
103
104 #include <uvm/uvm_extern.h>
105
106 #include <machine/reg.h>
107
108 #include <compat/common/compat_util.h>
109
110 static int exec_sigcode_map(struct proc *, const struct emul *);
111
112 #ifdef DEBUG_EXEC
113 #define DPRINTF(a) uprintf a
114 #else
115 #define DPRINTF(a)
116 #endif /* DEBUG_EXEC */
117
118 /*
119 * Exec function switch:
120 *
121 * Note that each makecmds function is responsible for loading the
122 * exec package with the necessary functions for any exec-type-specific
123 * handling.
124 *
125 * Functions for specific exec types should be defined in their own
126 * header file.
127 */
128 static const struct execsw **execsw = NULL;
129 static int nexecs;
130
131 u_int exec_maxhdrsz; /* must not be static - used by netbsd32 */
132
133 /* list of dynamically loaded execsw entries */
134 static LIST_HEAD(execlist_head, exec_entry) ex_head =
135 LIST_HEAD_INITIALIZER(ex_head);
136 struct exec_entry {
137 LIST_ENTRY(exec_entry) ex_list;
138 SLIST_ENTRY(exec_entry) ex_slist;
139 const struct execsw *ex_sw;
140 };
141
142 #ifdef SYSCALL_DEBUG
143 extern const char * const syscallnames[];
144 #endif
145
146 #ifndef __HAVE_SYSCALL_INTERN
147 void syscall(void);
148 #endif
149
150 #ifdef KERN_SA
151 static struct sa_emul saemul_netbsd = {
152 sizeof(ucontext_t),
153 sizeof(struct sa_t),
154 sizeof(struct sa_t *),
155 NULL,
156 NULL,
157 cpu_upcall,
158 (void (*)(struct lwp *, void *))getucontext_sa,
159 sa_ucsp
160 };
161 #endif /* KERN_SA */
162
163 /* NetBSD emul struct */
164 struct emul emul_netbsd = {
165 "netbsd",
166 NULL, /* emulation path */
167 #ifndef __HAVE_MINIMAL_EMUL
168 EMUL_HAS_SYS___syscall,
169 NULL,
170 SYS_syscall,
171 SYS_NSYSENT,
172 #endif
173 sysent,
174 #ifdef SYSCALL_DEBUG
175 syscallnames,
176 #else
177 NULL,
178 #endif
179 sendsig,
180 trapsignal,
181 NULL,
182 NULL,
183 NULL,
184 NULL,
185 setregs,
186 NULL,
187 NULL,
188 NULL,
189 NULL,
190 NULL,
191 #ifdef __HAVE_SYSCALL_INTERN
192 syscall_intern,
193 #else
194 syscall,
195 #endif
196 NULL,
197 NULL,
198
199 uvm_default_mapaddr,
200 NULL,
201 #ifdef KERN_SA
202 &saemul_netbsd,
203 #else
204 NULL,
205 #endif
206 sizeof(ucontext_t),
207 startlwp,
208 };
209
210 /*
211 * Exec lock. Used to control access to execsw[] structures.
212 * This must not be static so that netbsd32 can access it, too.
213 */
214 krwlock_t exec_lock;
215
216 static kmutex_t sigobject_lock;
217
218 static void *
219 exec_pool_alloc(struct pool *pp, int flags)
220 {
221
222 return (void *)uvm_km_alloc(kernel_map, NCARGS, 0,
223 UVM_KMF_PAGEABLE | UVM_KMF_WAITVA);
224 }
225
226 static void
227 exec_pool_free(struct pool *pp, void *addr)
228 {
229
230 uvm_km_free(kernel_map, (vaddr_t)addr, NCARGS, UVM_KMF_PAGEABLE);
231 }
232
233 static struct pool exec_pool;
234
235 static struct pool_allocator exec_palloc = {
236 .pa_alloc = exec_pool_alloc,
237 .pa_free = exec_pool_free,
238 .pa_pagesz = NCARGS
239 };
240
241 /*
242 * check exec:
243 * given an "executable" described in the exec package's namei info,
244 * see what we can do with it.
245 *
246 * ON ENTRY:
247 * exec package with appropriate namei info
248 * lwp pointer of exec'ing lwp
249 * NO SELF-LOCKED VNODES
250 *
251 * ON EXIT:
252 * error: nothing held, etc. exec header still allocated.
253 * ok: filled exec package, executable's vnode (unlocked).
254 *
255 * EXEC SWITCH ENTRY:
256 * Locked vnode to check, exec package, proc.
257 *
258 * EXEC SWITCH EXIT:
259 * ok: return 0, filled exec package, executable's vnode (unlocked).
260 * error: destructive:
261 * everything deallocated execept exec header.
262 * non-destructive:
263 * error code, executable's vnode (unlocked),
264 * exec header unmodified.
265 */
266 int
267 /*ARGSUSED*/
268 check_exec(struct lwp *l, struct exec_package *epp)
269 {
270 int error, i;
271 struct vnode *vp;
272 struct nameidata *ndp;
273 size_t resid;
274
275 ndp = epp->ep_ndp;
276 ndp->ni_cnd.cn_nameiop = LOOKUP;
277 ndp->ni_cnd.cn_flags = FOLLOW | LOCKLEAF | SAVENAME | TRYEMULROOT;
278 /* first get the vnode */
279 if ((error = namei(ndp)) != 0)
280 return error;
281 epp->ep_vp = vp = ndp->ni_vp;
282
283 /* check access and type */
284 if (vp->v_type != VREG) {
285 error = EACCES;
286 goto bad1;
287 }
288 if ((error = VOP_ACCESS(vp, VEXEC, l->l_cred)) != 0)
289 goto bad1;
290
291 /* get attributes */
292 if ((error = VOP_GETATTR(vp, epp->ep_vap, l->l_cred)) != 0)
293 goto bad1;
294
295 /* Check mount point */
296 if (vp->v_mount->mnt_flag & MNT_NOEXEC) {
297 error = EACCES;
298 goto bad1;
299 }
300 if (vp->v_mount->mnt_flag & MNT_NOSUID)
301 epp->ep_vap->va_mode &= ~(S_ISUID | S_ISGID);
302
303 /* try to open it */
304 if ((error = VOP_OPEN(vp, FREAD, l->l_cred)) != 0)
305 goto bad1;
306
307 /* unlock vp, since we need it unlocked from here on out. */
308 VOP_UNLOCK(vp, 0);
309
310 #if NVERIEXEC > 0
311 error = veriexec_verify(l, vp, ndp->ni_cnd.cn_pnbuf,
312 epp->ep_flags & EXEC_INDIR ? VERIEXEC_INDIRECT : VERIEXEC_DIRECT,
313 NULL);
314 if (error)
315 goto bad2;
316 #endif /* NVERIEXEC > 0 */
317
318 #ifdef PAX_SEGVGUARD
319 error = pax_segvguard(l, vp, ndp->ni_cnd.cn_pnbuf, false);
320 if (error)
321 goto bad2;
322 #endif /* PAX_SEGVGUARD */
323
324 /* now we have the file, get the exec header */
325 error = vn_rdwr(UIO_READ, vp, epp->ep_hdr, epp->ep_hdrlen, 0,
326 UIO_SYSSPACE, 0, l->l_cred, &resid, NULL);
327 if (error)
328 goto bad2;
329 epp->ep_hdrvalid = epp->ep_hdrlen - resid;
330
331 /*
332 * Set up default address space limits. Can be overridden
333 * by individual exec packages.
334 *
335 * XXX probably should be all done in the exec packages.
336 */
337 epp->ep_vm_minaddr = VM_MIN_ADDRESS;
338 epp->ep_vm_maxaddr = VM_MAXUSER_ADDRESS;
339 /*
340 * set up the vmcmds for creation of the process
341 * address space
342 */
343 error = ENOEXEC;
344 for (i = 0; i < nexecs; i++) {
345 int newerror;
346
347 epp->ep_esch = execsw[i];
348 newerror = (*execsw[i]->es_makecmds)(l, epp);
349
350 if (!newerror) {
351 /* Seems ok: check that entry point is sane */
352 if (epp->ep_entry > VM_MAXUSER_ADDRESS) {
353 error = ENOEXEC;
354 break;
355 }
356
357 /* check limits */
358 if ((epp->ep_tsize > MAXTSIZ) ||
359 (epp->ep_dsize > (u_quad_t)l->l_proc->p_rlimit
360 [RLIMIT_DATA].rlim_cur)) {
361 error = ENOMEM;
362 break;
363 }
364 return 0;
365 }
366
367 if (epp->ep_emul_root != NULL) {
368 vrele(epp->ep_emul_root);
369 epp->ep_emul_root = NULL;
370 }
371 if (epp->ep_interp != NULL) {
372 vrele(epp->ep_interp);
373 epp->ep_interp = NULL;
374 }
375
376 /* make sure the first "interesting" error code is saved. */
377 if (error == ENOEXEC)
378 error = newerror;
379
380 if (epp->ep_flags & EXEC_DESTR)
381 /* Error from "#!" code, tidied up by recursive call */
382 return error;
383 }
384
385 /* not found, error */
386
387 /*
388 * free any vmspace-creation commands,
389 * and release their references
390 */
391 kill_vmcmds(&epp->ep_vmcmds);
392
393 bad2:
394 /*
395 * close and release the vnode, restore the old one, free the
396 * pathname buf, and punt.
397 */
398 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
399 VOP_CLOSE(vp, FREAD, l->l_cred);
400 vput(vp);
401 PNBUF_PUT(ndp->ni_cnd.cn_pnbuf);
402 return error;
403
404 bad1:
405 /*
406 * free the namei pathname buffer, and put the vnode
407 * (which we don't yet have open).
408 */
409 vput(vp); /* was still locked */
410 PNBUF_PUT(ndp->ni_cnd.cn_pnbuf);
411 return error;
412 }
413
414 #ifdef __MACHINE_STACK_GROWS_UP
415 #define STACK_PTHREADSPACE NBPG
416 #else
417 #define STACK_PTHREADSPACE 0
418 #endif
419
420 static int
421 execve_fetch_element(char * const *array, size_t index, char **value)
422 {
423 return copyin(array + index, value, sizeof(*value));
424 }
425
426 /*
427 * exec system call
428 */
429 /* ARGSUSED */
430 int
431 sys_execve(struct lwp *l, const struct sys_execve_args *uap, register_t *retval)
432 {
433 /* {
434 syscallarg(const char *) path;
435 syscallarg(char * const *) argp;
436 syscallarg(char * const *) envp;
437 } */
438
439 return execve1(l, SCARG(uap, path), SCARG(uap, argp),
440 SCARG(uap, envp), execve_fetch_element);
441 }
442
443 /*
444 * Load modules to try and execute an image that we do not understand.
445 * If no execsw entries are present, we load those likely to be needed
446 * in order to run native images only. Otherwise, we autoload all
447 * possible modules that could let us run the binary. XXX lame
448 */
449 static void
450 exec_autoload(void)
451 {
452 #ifdef MODULAR
453 static const char * const native[] = {
454 "exec_elf32",
455 "exec_elf64",
456 "exec_script",
457 NULL
458 };
459 static const char * const compat[] = {
460 "exec_elf32",
461 "exec_elf64",
462 "exec_script",
463 "exec_aout",
464 "exec_coff",
465 "exec_ecoff",
466 "compat_aoutm68k",
467 "compat_freebsd",
468 "compat_ibcs2",
469 "compat_irix",
470 "compat_linux",
471 "compat_linux32",
472 "compat_netbsd32",
473 "compat_sunos",
474 "compat_sunos32",
475 "compat_svr4",
476 "compat_svr4_32",
477 "compat_ultrix",
478 NULL
479 };
480 char const * const *list;
481 int i;
482
483 mutex_enter(&module_lock);
484 list = (nexecs == 0 ? native : compat);
485 for (i = 0; list[i] != NULL; i++) {
486 if (module_autoload(list[i], MODULE_CLASS_MISC) != 0) {
487 continue;
488 }
489 mutex_exit(&module_lock);
490 yield();
491 mutex_enter(&module_lock);
492 }
493 mutex_exit(&module_lock);
494 #endif
495 }
496
497 int
498 execve1(struct lwp *l, const char *path, char * const *args,
499 char * const *envs, execve_fetch_element_t fetch_element)
500 {
501 int error;
502 struct exec_package pack;
503 struct nameidata nid;
504 struct vattr attr;
505 struct proc *p;
506 char *argp;
507 char *dp, *sp;
508 long argc, envc;
509 size_t i, len;
510 char *stack;
511 struct ps_strings arginfo;
512 struct ps_strings *aip = &arginfo;
513 struct vmspace *vm;
514 struct exec_fakearg *tmpfap;
515 int szsigcode;
516 struct exec_vmcmd *base_vcp;
517 int oldlwpflags;
518 ksiginfo_t ksi;
519 ksiginfoq_t kq;
520 char *pathbuf;
521 size_t pathbuflen;
522 u_int modgen;
523
524 p = l->l_proc;
525 modgen = 0;
526
527 /*
528 * Check if we have exceeded our number of processes limit.
529 * This is so that we handle the case where a root daemon
530 * forked, ran setuid to become the desired user and is trying
531 * to exec. The obvious place to do the reference counting check
532 * is setuid(), but we don't do the reference counting check there
533 * like other OS's do because then all the programs that use setuid()
534 * must be modified to check the return code of setuid() and exit().
535 * It is dangerous to make setuid() fail, because it fails open and
536 * the program will continue to run as root. If we make it succeed
537 * and return an error code, again we are not enforcing the limit.
538 * The best place to enforce the limit is here, when the process tries
539 * to execute a new image, because eventually the process will need
540 * to call exec in order to do something useful.
541 */
542 retry:
543 if ((p->p_flag & PK_SUGID) && kauth_authorize_generic(l->l_cred,
544 KAUTH_GENERIC_ISSUSER, NULL) != 0 && chgproccnt(kauth_cred_getuid(
545 l->l_cred), 0) > p->p_rlimit[RLIMIT_NPROC].rlim_cur)
546 return EAGAIN;
547
548 oldlwpflags = l->l_flag & (LW_SA | LW_SA_UPCALL);
549 if (l->l_flag & LW_SA) {
550 lwp_lock(l);
551 l->l_flag &= ~(LW_SA | LW_SA_UPCALL);
552 lwp_unlock(l);
553 }
554
555 /*
556 * Drain existing references and forbid new ones. The process
557 * should be left alone until we're done here. This is necessary
558 * to avoid race conditions - e.g. in ptrace() - that might allow
559 * a local user to illicitly obtain elevated privileges.
560 */
561 rw_enter(&p->p_reflock, RW_WRITER);
562
563 base_vcp = NULL;
564 /*
565 * Init the namei data to point the file user's program name.
566 * This is done here rather than in check_exec(), so that it's
567 * possible to override this settings if any of makecmd/probe
568 * functions call check_exec() recursively - for example,
569 * see exec_script_makecmds().
570 */
571 pathbuf = PNBUF_GET();
572 error = copyinstr(path, pathbuf, MAXPATHLEN, &pathbuflen);
573 if (error) {
574 DPRINTF(("execve: copyinstr path %d", error));
575 goto clrflg;
576 }
577
578 NDINIT(&nid, LOOKUP, NOFOLLOW | TRYEMULROOT, UIO_SYSSPACE, pathbuf);
579
580 /*
581 * initialize the fields of the exec package.
582 */
583 pack.ep_name = path;
584 pack.ep_hdr = kmem_alloc(exec_maxhdrsz, KM_SLEEP);
585 pack.ep_hdrlen = exec_maxhdrsz;
586 pack.ep_hdrvalid = 0;
587 pack.ep_ndp = &nid;
588 pack.ep_emul_arg = NULL;
589 pack.ep_vmcmds.evs_cnt = 0;
590 pack.ep_vmcmds.evs_used = 0;
591 pack.ep_vap = &attr;
592 pack.ep_flags = 0;
593 pack.ep_emul_root = NULL;
594 pack.ep_interp = NULL;
595 pack.ep_esch = NULL;
596 pack.ep_pax_flags = 0;
597
598 rw_enter(&exec_lock, RW_READER);
599
600 /* see if we can run it. */
601 if ((error = check_exec(l, &pack)) != 0) {
602 if (error != ENOENT) {
603 DPRINTF(("execve: check exec failed %d\n", error));
604 }
605 goto freehdr;
606 }
607
608 /* XXX -- THE FOLLOWING SECTION NEEDS MAJOR CLEANUP */
609
610 /* allocate an argument buffer */
611 argp = pool_get(&exec_pool, PR_WAITOK);
612 KASSERT(argp != NULL);
613 dp = argp;
614 argc = 0;
615
616 /* copy the fake args list, if there's one, freeing it as we go */
617 if (pack.ep_flags & EXEC_HASARGL) {
618 tmpfap = pack.ep_fa;
619 while (tmpfap->fa_arg != NULL) {
620 const char *cp;
621
622 cp = tmpfap->fa_arg;
623 while (*cp)
624 *dp++ = *cp++;
625 *dp++ = '\0';
626
627 kmem_free(tmpfap->fa_arg, tmpfap->fa_len);
628 tmpfap++; argc++;
629 }
630 kmem_free(pack.ep_fa, pack.ep_fa_len);
631 pack.ep_flags &= ~EXEC_HASARGL;
632 }
633
634 /* Now get argv & environment */
635 if (args == NULL) {
636 DPRINTF(("execve: null args\n"));
637 error = EINVAL;
638 goto bad;
639 }
640 /* 'i' will index the argp/envp element to be retrieved */
641 i = 0;
642 if (pack.ep_flags & EXEC_SKIPARG)
643 i++;
644
645 while (1) {
646 len = argp + ARG_MAX - dp;
647 if ((error = (*fetch_element)(args, i, &sp)) != 0) {
648 DPRINTF(("execve: fetch_element args %d\n", error));
649 goto bad;
650 }
651 if (!sp)
652 break;
653 if ((error = copyinstr(sp, dp, len, &len)) != 0) {
654 DPRINTF(("execve: copyinstr args %d\n", error));
655 if (error == ENAMETOOLONG)
656 error = E2BIG;
657 goto bad;
658 }
659 ktrexecarg(dp, len - 1);
660 dp += len;
661 i++;
662 argc++;
663 }
664
665 envc = 0;
666 /* environment need not be there */
667 if (envs != NULL) {
668 i = 0;
669 while (1) {
670 len = argp + ARG_MAX - dp;
671 if ((error = (*fetch_element)(envs, i, &sp)) != 0) {
672 DPRINTF(("execve: fetch_element env %d\n", error));
673 goto bad;
674 }
675 if (!sp)
676 break;
677 if ((error = copyinstr(sp, dp, len, &len)) != 0) {
678 DPRINTF(("execve: copyinstr env %d\n", error));
679 if (error == ENAMETOOLONG)
680 error = E2BIG;
681 goto bad;
682 }
683 ktrexecenv(dp, len - 1);
684 dp += len;
685 i++;
686 envc++;
687 }
688 }
689
690 dp = (char *) ALIGN(dp);
691
692 szsigcode = pack.ep_esch->es_emul->e_esigcode -
693 pack.ep_esch->es_emul->e_sigcode;
694
695 #ifdef __MACHINE_STACK_GROWS_UP
696 /* See big comment lower down */
697 #define RTLD_GAP 32
698 #else
699 #define RTLD_GAP 0
700 #endif
701
702 /* Now check if args & environ fit into new stack */
703 if (pack.ep_flags & EXEC_32)
704 len = ((argc + envc + 2 + pack.ep_esch->es_arglen) *
705 sizeof(int) + sizeof(int) + dp + RTLD_GAP +
706 szsigcode + sizeof(struct ps_strings) + STACK_PTHREADSPACE)
707 - argp;
708 else
709 len = ((argc + envc + 2 + pack.ep_esch->es_arglen) *
710 sizeof(char *) + sizeof(int) + dp + RTLD_GAP +
711 szsigcode + sizeof(struct ps_strings) + STACK_PTHREADSPACE)
712 - argp;
713
714 #ifdef PAX_ASLR
715 if (pax_aslr_active(l))
716 len += (arc4random() % PAGE_SIZE);
717 #endif /* PAX_ASLR */
718
719 #ifdef STACKLALIGN /* arm, etc. */
720 len = STACKALIGN(len); /* make the stack "safely" aligned */
721 #else
722 len = ALIGN(len); /* make the stack "safely" aligned */
723 #endif
724
725 if (len > pack.ep_ssize) { /* in effect, compare to initial limit */
726 DPRINTF(("execve: stack limit exceeded %zu\n", len));
727 error = ENOMEM;
728 goto bad;
729 }
730
731 /* Get rid of other LWPs. */
732 if (p->p_sa || p->p_nlwps > 1) {
733 mutex_enter(p->p_lock);
734 exit_lwps(l);
735 mutex_exit(p->p_lock);
736 }
737 KDASSERT(p->p_nlwps == 1);
738
739 /* Destroy any lwpctl info. */
740 if (p->p_lwpctl != NULL)
741 lwp_ctl_exit();
742
743 /* This is now LWP 1 */
744 l->l_lid = 1;
745 p->p_nlwpid = 1;
746
747 #ifdef KERN_SA
748 /* Release any SA state. */
749 if (p->p_sa)
750 sa_release(p);
751 #endif /* KERN_SA */
752
753 /* Remove POSIX timers */
754 timers_free(p, TIMERS_POSIX);
755
756 /* adjust "active stack depth" for process VSZ */
757 pack.ep_ssize = len; /* maybe should go elsewhere, but... */
758
759 /*
760 * Do whatever is necessary to prepare the address space
761 * for remapping. Note that this might replace the current
762 * vmspace with another!
763 */
764 uvmspace_exec(l, pack.ep_vm_minaddr, pack.ep_vm_maxaddr);
765
766 /* record proc's vnode, for use by procfs and others */
767 if (p->p_textvp)
768 vrele(p->p_textvp);
769 VREF(pack.ep_vp);
770 p->p_textvp = pack.ep_vp;
771
772 /* Now map address space */
773 vm = p->p_vmspace;
774 vm->vm_taddr = (void *)pack.ep_taddr;
775 vm->vm_tsize = btoc(pack.ep_tsize);
776 vm->vm_daddr = (void*)pack.ep_daddr;
777 vm->vm_dsize = btoc(pack.ep_dsize);
778 vm->vm_ssize = btoc(pack.ep_ssize);
779 vm->vm_issize = 0;
780 vm->vm_maxsaddr = (void *)pack.ep_maxsaddr;
781 vm->vm_minsaddr = (void *)pack.ep_minsaddr;
782
783 #ifdef PAX_ASLR
784 pax_aslr_init(l, vm);
785 #endif /* PAX_ASLR */
786
787 /* create the new process's VM space by running the vmcmds */
788 #ifdef DIAGNOSTIC
789 if (pack.ep_vmcmds.evs_used == 0)
790 panic("execve: no vmcmds");
791 #endif
792 for (i = 0; i < pack.ep_vmcmds.evs_used && !error; i++) {
793 struct exec_vmcmd *vcp;
794
795 vcp = &pack.ep_vmcmds.evs_cmds[i];
796 if (vcp->ev_flags & VMCMD_RELATIVE) {
797 #ifdef DIAGNOSTIC
798 if (base_vcp == NULL)
799 panic("execve: relative vmcmd with no base");
800 if (vcp->ev_flags & VMCMD_BASE)
801 panic("execve: illegal base & relative vmcmd");
802 #endif
803 vcp->ev_addr += base_vcp->ev_addr;
804 }
805 error = (*vcp->ev_proc)(l, vcp);
806 #ifdef DEBUG_EXEC
807 if (error) {
808 size_t j;
809 struct exec_vmcmd *vp = &pack.ep_vmcmds.evs_cmds[0];
810 for (j = 0; j <= i; j++)
811 uprintf(
812 "vmcmd[%zu] = %#lx/%#lx fd@%#lx prot=0%o flags=%d\n",
813 j, vp[j].ev_addr, vp[j].ev_len,
814 vp[j].ev_offset, vp[j].ev_prot,
815 vp[j].ev_flags);
816 }
817 #endif /* DEBUG_EXEC */
818 if (vcp->ev_flags & VMCMD_BASE)
819 base_vcp = vcp;
820 }
821
822 /* free the vmspace-creation commands, and release their references */
823 kill_vmcmds(&pack.ep_vmcmds);
824
825 vn_lock(pack.ep_vp, LK_EXCLUSIVE | LK_RETRY);
826 VOP_CLOSE(pack.ep_vp, FREAD, l->l_cred);
827 vput(pack.ep_vp);
828
829 /* if an error happened, deallocate and punt */
830 if (error) {
831 DPRINTF(("execve: vmcmd %zu failed: %d\n", i - 1, error));
832 goto exec_abort;
833 }
834
835 /* remember information about the process */
836 arginfo.ps_nargvstr = argc;
837 arginfo.ps_nenvstr = envc;
838
839 /* set command name & other accounting info */
840 i = min(nid.ni_cnd.cn_namelen, MAXCOMLEN);
841 (void)memcpy(p->p_comm, nid.ni_cnd.cn_nameptr, i);
842 p->p_comm[i] = '\0';
843
844 dp = PNBUF_GET();
845 /*
846 * If the path starts with /, we don't need to do any work.
847 * This handles the majority of the cases.
848 * In the future perhaps we could canonicalize it?
849 */
850 if (pathbuf[0] == '/')
851 (void)strlcpy(pack.ep_path = dp, pathbuf, MAXPATHLEN);
852 #ifdef notyet
853 /*
854 * Although this works most of the time [since the entry was just
855 * entered in the cache] we don't use it because it theoretically
856 * can fail and it is not the cleanest interface, because there
857 * could be races. When the namei cache is re-written, this can
858 * be changed to use the appropriate function.
859 */
860 else if (!(error = vnode_to_path(dp, MAXPATHLEN, p->p_textvp, l, p)))
861 pack.ep_path = dp;
862 #endif
863 else {
864 #ifdef notyet
865 printf("Cannot get path for pid %d [%s] (error %d)",
866 (int)p->p_pid, p->p_comm, error);
867 #endif
868 pack.ep_path = NULL;
869 PNBUF_PUT(dp);
870 }
871
872 stack = (char *)STACK_ALLOC(STACK_GROW(vm->vm_minsaddr,
873 STACK_PTHREADSPACE + sizeof(struct ps_strings) + szsigcode),
874 len - (sizeof(struct ps_strings) + szsigcode));
875
876 #ifdef __MACHINE_STACK_GROWS_UP
877 /*
878 * The copyargs call always copies into lower addresses
879 * first, moving towards higher addresses, starting with
880 * the stack pointer that we give. When the stack grows
881 * down, this puts argc/argv/envp very shallow on the
882 * stack, right at the first user stack pointer.
883 * When the stack grows up, the situation is reversed.
884 *
885 * Normally, this is no big deal. But the ld_elf.so _rtld()
886 * function expects to be called with a single pointer to
887 * a region that has a few words it can stash values into,
888 * followed by argc/argv/envp. When the stack grows down,
889 * it's easy to decrement the stack pointer a little bit to
890 * allocate the space for these few words and pass the new
891 * stack pointer to _rtld. When the stack grows up, however,
892 * a few words before argc is part of the signal trampoline, XXX
893 * so we have a problem.
894 *
895 * Instead of changing how _rtld works, we take the easy way
896 * out and steal 32 bytes before we call copyargs.
897 * This extra space was allowed for when 'len' was calculated.
898 */
899 stack += RTLD_GAP;
900 #endif /* __MACHINE_STACK_GROWS_UP */
901
902 /* Now copy argc, args & environ to new stack */
903 error = (*pack.ep_esch->es_copyargs)(l, &pack, &arginfo, &stack, argp);
904 if (pack.ep_path) {
905 PNBUF_PUT(pack.ep_path);
906 pack.ep_path = NULL;
907 }
908 if (error) {
909 DPRINTF(("execve: copyargs failed %d\n", error));
910 goto exec_abort;
911 }
912 /* Move the stack back to original point */
913 stack = (char *)STACK_GROW(vm->vm_minsaddr, len);
914
915 /* fill process ps_strings info */
916 p->p_psstr = (struct ps_strings *)
917 STACK_ALLOC(STACK_GROW(vm->vm_minsaddr, STACK_PTHREADSPACE),
918 sizeof(struct ps_strings));
919 p->p_psargv = offsetof(struct ps_strings, ps_argvstr);
920 p->p_psnargv = offsetof(struct ps_strings, ps_nargvstr);
921 p->p_psenv = offsetof(struct ps_strings, ps_envstr);
922 p->p_psnenv = offsetof(struct ps_strings, ps_nenvstr);
923
924 /* copy out the process's ps_strings structure */
925 if ((error = copyout(aip, (char *)p->p_psstr,
926 sizeof(arginfo))) != 0) {
927 DPRINTF(("execve: ps_strings copyout %p->%p size %ld failed\n",
928 aip, (char *)p->p_psstr, (long)sizeof(arginfo)));
929 goto exec_abort;
930 }
931
932 fd_closeexec(); /* handle close on exec */
933 execsigs(p); /* reset catched signals */
934
935 l->l_ctxlink = NULL; /* reset ucontext link */
936
937
938 p->p_acflag &= ~AFORK;
939 mutex_enter(p->p_lock);
940 p->p_flag |= PK_EXEC;
941 mutex_exit(p->p_lock);
942
943 /*
944 * Stop profiling.
945 */
946 if ((p->p_stflag & PST_PROFIL) != 0) {
947 mutex_spin_enter(&p->p_stmutex);
948 stopprofclock(p);
949 mutex_spin_exit(&p->p_stmutex);
950 }
951
952 /*
953 * It's OK to test PL_PPWAIT unlocked here, as other LWPs have
954 * exited and exec()/exit() are the only places it will be cleared.
955 */
956 if ((p->p_lflag & PL_PPWAIT) != 0) {
957 mutex_enter(proc_lock);
958 p->p_lflag &= ~PL_PPWAIT;
959 cv_broadcast(&p->p_pptr->p_waitcv);
960 mutex_exit(proc_lock);
961 }
962
963 /*
964 * Deal with set[ug]id. MNT_NOSUID has already been used to disable
965 * s[ug]id. It's OK to check for PSL_TRACED here as we have blocked
966 * out additional references on the process for the moment.
967 */
968 if ((p->p_slflag & PSL_TRACED) == 0 &&
969
970 (((attr.va_mode & S_ISUID) != 0 &&
971 kauth_cred_geteuid(l->l_cred) != attr.va_uid) ||
972
973 ((attr.va_mode & S_ISGID) != 0 &&
974 kauth_cred_getegid(l->l_cred) != attr.va_gid))) {
975 /*
976 * Mark the process as SUGID before we do
977 * anything that might block.
978 */
979 proc_crmod_enter();
980 proc_crmod_leave(NULL, NULL, true);
981
982 /* Make sure file descriptors 0..2 are in use. */
983 if ((error = fd_checkstd()) != 0) {
984 DPRINTF(("execve: fdcheckstd failed %d\n", error));
985 goto exec_abort;
986 }
987
988 /*
989 * Copy the credential so other references don't see our
990 * changes.
991 */
992 l->l_cred = kauth_cred_copy(l->l_cred);
993 #ifdef KTRACE
994 /*
995 * If the persistent trace flag isn't set, turn off.
996 */
997 if (p->p_tracep) {
998 mutex_enter(&ktrace_lock);
999 if (!(p->p_traceflag & KTRFAC_PERSISTENT))
1000 ktrderef(p);
1001 mutex_exit(&ktrace_lock);
1002 }
1003 #endif
1004 if (attr.va_mode & S_ISUID)
1005 kauth_cred_seteuid(l->l_cred, attr.va_uid);
1006 if (attr.va_mode & S_ISGID)
1007 kauth_cred_setegid(l->l_cred, attr.va_gid);
1008 } else {
1009 if (kauth_cred_geteuid(l->l_cred) ==
1010 kauth_cred_getuid(l->l_cred) &&
1011 kauth_cred_getegid(l->l_cred) ==
1012 kauth_cred_getgid(l->l_cred))
1013 p->p_flag &= ~PK_SUGID;
1014 }
1015
1016 /*
1017 * Copy the credential so other references don't see our changes.
1018 * Test to see if this is necessary first, since in the common case
1019 * we won't need a private reference.
1020 */
1021 if (kauth_cred_geteuid(l->l_cred) != kauth_cred_getsvuid(l->l_cred) ||
1022 kauth_cred_getegid(l->l_cred) != kauth_cred_getsvgid(l->l_cred)) {
1023 l->l_cred = kauth_cred_copy(l->l_cred);
1024 kauth_cred_setsvuid(l->l_cred, kauth_cred_geteuid(l->l_cred));
1025 kauth_cred_setsvgid(l->l_cred, kauth_cred_getegid(l->l_cred));
1026 }
1027
1028 /* Update the master credentials. */
1029 if (l->l_cred != p->p_cred) {
1030 kauth_cred_t ocred;
1031
1032 kauth_cred_hold(l->l_cred);
1033 mutex_enter(p->p_lock);
1034 ocred = p->p_cred;
1035 p->p_cred = l->l_cred;
1036 mutex_exit(p->p_lock);
1037 kauth_cred_free(ocred);
1038 }
1039
1040 #if defined(__HAVE_RAS)
1041 /*
1042 * Remove all RASs from the address space.
1043 */
1044 ras_purgeall();
1045 #endif
1046
1047 doexechooks(p);
1048
1049 /* setup new registers and do misc. setup. */
1050 (*pack.ep_esch->es_emul->e_setregs)(l, &pack, (u_long) stack);
1051 if (pack.ep_esch->es_setregs)
1052 (*pack.ep_esch->es_setregs)(l, &pack, (u_long) stack);
1053
1054 /* map the process's signal trampoline code */
1055 if (exec_sigcode_map(p, pack.ep_esch->es_emul)) {
1056 DPRINTF(("execve: map sigcode failed %d\n", error));
1057 goto exec_abort;
1058 }
1059
1060 pool_put(&exec_pool, argp);
1061
1062 PNBUF_PUT(nid.ni_cnd.cn_pnbuf);
1063
1064 /* notify others that we exec'd */
1065 KNOTE(&p->p_klist, NOTE_EXEC);
1066
1067 kmem_free(pack.ep_hdr, pack.ep_hdrlen);
1068
1069 /* The emulation root will usually have been found when we looked
1070 * for the elf interpreter (or similar), if not look now. */
1071 if (pack.ep_esch->es_emul->e_path != NULL && pack.ep_emul_root == NULL)
1072 emul_find_root(l, &pack);
1073
1074 /* Any old emulation root got removed by fdcloseexec */
1075 rw_enter(&p->p_cwdi->cwdi_lock, RW_WRITER);
1076 p->p_cwdi->cwdi_edir = pack.ep_emul_root;
1077 rw_exit(&p->p_cwdi->cwdi_lock);
1078 pack.ep_emul_root = NULL;
1079 if (pack.ep_interp != NULL)
1080 vrele(pack.ep_interp);
1081
1082 /*
1083 * Call emulation specific exec hook. This can setup per-process
1084 * p->p_emuldata or do any other per-process stuff an emulation needs.
1085 *
1086 * If we are executing process of different emulation than the
1087 * original forked process, call e_proc_exit() of the old emulation
1088 * first, then e_proc_exec() of new emulation. If the emulation is
1089 * same, the exec hook code should deallocate any old emulation
1090 * resources held previously by this process.
1091 */
1092 if (p->p_emul && p->p_emul->e_proc_exit
1093 && p->p_emul != pack.ep_esch->es_emul)
1094 (*p->p_emul->e_proc_exit)(p);
1095
1096 /*
1097 * Call exec hook. Emulation code may NOT store reference to anything
1098 * from &pack.
1099 */
1100 if (pack.ep_esch->es_emul->e_proc_exec)
1101 (*pack.ep_esch->es_emul->e_proc_exec)(p, &pack);
1102
1103 /* update p_emul, the old value is no longer needed */
1104 p->p_emul = pack.ep_esch->es_emul;
1105
1106 /* ...and the same for p_execsw */
1107 p->p_execsw = pack.ep_esch;
1108
1109 #ifdef __HAVE_SYSCALL_INTERN
1110 (*p->p_emul->e_syscall_intern)(p);
1111 #endif
1112 ktremul();
1113
1114 /* Allow new references from the debugger/procfs. */
1115 rw_exit(&p->p_reflock);
1116 rw_exit(&exec_lock);
1117
1118 mutex_enter(proc_lock);
1119
1120 if ((p->p_slflag & (PSL_TRACED|PSL_SYSCALL)) == PSL_TRACED) {
1121 KSI_INIT_EMPTY(&ksi);
1122 ksi.ksi_signo = SIGTRAP;
1123 ksi.ksi_lid = l->l_lid;
1124 kpsignal(p, &ksi, NULL);
1125 }
1126
1127 if (p->p_sflag & PS_STOPEXEC) {
1128 KERNEL_UNLOCK_ALL(l, &l->l_biglocks);
1129 p->p_pptr->p_nstopchild++;
1130 p->p_pptr->p_waited = 0;
1131 mutex_enter(p->p_lock);
1132 ksiginfo_queue_init(&kq);
1133 sigclearall(p, &contsigmask, &kq);
1134 lwp_lock(l);
1135 l->l_stat = LSSTOP;
1136 p->p_stat = SSTOP;
1137 p->p_nrlwps--;
1138 mutex_exit(p->p_lock);
1139 mutex_exit(proc_lock);
1140 mi_switch(l);
1141 ksiginfo_queue_drain(&kq);
1142 KERNEL_LOCK(l->l_biglocks, l);
1143 } else {
1144 mutex_exit(proc_lock);
1145 }
1146
1147 PNBUF_PUT(pathbuf);
1148 return (EJUSTRETURN);
1149
1150 bad:
1151 /* free the vmspace-creation commands, and release their references */
1152 kill_vmcmds(&pack.ep_vmcmds);
1153 /* kill any opened file descriptor, if necessary */
1154 if (pack.ep_flags & EXEC_HASFD) {
1155 pack.ep_flags &= ~EXEC_HASFD;
1156 fd_close(pack.ep_fd);
1157 }
1158 /* close and put the exec'd file */
1159 vn_lock(pack.ep_vp, LK_EXCLUSIVE | LK_RETRY);
1160 VOP_CLOSE(pack.ep_vp, FREAD, l->l_cred);
1161 vput(pack.ep_vp);
1162 PNBUF_PUT(nid.ni_cnd.cn_pnbuf);
1163 pool_put(&exec_pool, argp);
1164
1165 freehdr:
1166 kmem_free(pack.ep_hdr, pack.ep_hdrlen);
1167 if (pack.ep_emul_root != NULL)
1168 vrele(pack.ep_emul_root);
1169 if (pack.ep_interp != NULL)
1170 vrele(pack.ep_interp);
1171
1172 rw_exit(&exec_lock);
1173
1174 clrflg:
1175 lwp_lock(l);
1176 l->l_flag |= oldlwpflags;
1177 lwp_unlock(l);
1178 PNBUF_PUT(pathbuf);
1179 rw_exit(&p->p_reflock);
1180
1181 if (modgen != module_gen && error == ENOEXEC) {
1182 modgen = module_gen;
1183 exec_autoload();
1184 goto retry;
1185 }
1186
1187 return error;
1188
1189 exec_abort:
1190 PNBUF_PUT(pathbuf);
1191 rw_exit(&p->p_reflock);
1192 rw_exit(&exec_lock);
1193
1194 /*
1195 * the old process doesn't exist anymore. exit gracefully.
1196 * get rid of the (new) address space we have created, if any, get rid
1197 * of our namei data and vnode, and exit noting failure
1198 */
1199 uvm_deallocate(&vm->vm_map, VM_MIN_ADDRESS,
1200 VM_MAXUSER_ADDRESS - VM_MIN_ADDRESS);
1201 if (pack.ep_emul_arg)
1202 free(pack.ep_emul_arg, M_TEMP);
1203 PNBUF_PUT(nid.ni_cnd.cn_pnbuf);
1204 pool_put(&exec_pool, argp);
1205 kmem_free(pack.ep_hdr, pack.ep_hdrlen);
1206 if (pack.ep_emul_root != NULL)
1207 vrele(pack.ep_emul_root);
1208 if (pack.ep_interp != NULL)
1209 vrele(pack.ep_interp);
1210
1211 /* Acquire the sched-state mutex (exit1() will release it). */
1212 mutex_enter(p->p_lock);
1213 exit1(l, W_EXITCODE(error, SIGABRT));
1214
1215 /* NOTREACHED */
1216 return 0;
1217 }
1218
1219
1220 int
1221 copyargs(struct lwp *l, struct exec_package *pack, struct ps_strings *arginfo,
1222 char **stackp, void *argp)
1223 {
1224 char **cpp, *dp, *sp;
1225 size_t len;
1226 void *nullp;
1227 long argc, envc;
1228 int error;
1229
1230 cpp = (char **)*stackp;
1231 nullp = NULL;
1232 argc = arginfo->ps_nargvstr;
1233 envc = arginfo->ps_nenvstr;
1234 if ((error = copyout(&argc, cpp++, sizeof(argc))) != 0)
1235 return error;
1236
1237 dp = (char *) (cpp + argc + envc + 2 + pack->ep_esch->es_arglen);
1238 sp = argp;
1239
1240 /* XXX don't copy them out, remap them! */
1241 arginfo->ps_argvstr = cpp; /* remember location of argv for later */
1242
1243 for (; --argc >= 0; sp += len, dp += len)
1244 if ((error = copyout(&dp, cpp++, sizeof(dp))) != 0 ||
1245 (error = copyoutstr(sp, dp, ARG_MAX, &len)) != 0)
1246 return error;
1247
1248 if ((error = copyout(&nullp, cpp++, sizeof(nullp))) != 0)
1249 return error;
1250
1251 arginfo->ps_envstr = cpp; /* remember location of envp for later */
1252
1253 for (; --envc >= 0; sp += len, dp += len)
1254 if ((error = copyout(&dp, cpp++, sizeof(dp))) != 0 ||
1255 (error = copyoutstr(sp, dp, ARG_MAX, &len)) != 0)
1256 return error;
1257
1258 if ((error = copyout(&nullp, cpp++, sizeof(nullp))) != 0)
1259 return error;
1260
1261 *stackp = (char *)cpp;
1262 return 0;
1263 }
1264
1265
1266 /*
1267 * Add execsw[] entries.
1268 */
1269 int
1270 exec_add(struct execsw *esp, int count)
1271 {
1272 struct exec_entry *it;
1273 int i;
1274
1275 if (count == 0) {
1276 return 0;
1277 }
1278
1279 /* Check for duplicates. */
1280 rw_enter(&exec_lock, RW_WRITER);
1281 for (i = 0; i < count; i++) {
1282 LIST_FOREACH(it, &ex_head, ex_list) {
1283 /* assume unique (makecmds, probe_func, emulation) */
1284 if (it->ex_sw->es_makecmds == esp[i].es_makecmds &&
1285 it->ex_sw->u.elf_probe_func ==
1286 esp[i].u.elf_probe_func &&
1287 it->ex_sw->es_emul == esp[i].es_emul) {
1288 rw_exit(&exec_lock);
1289 return EEXIST;
1290 }
1291 }
1292 }
1293
1294 /* Allocate new entries. */
1295 for (i = 0; i < count; i++) {
1296 it = kmem_alloc(sizeof(*it), KM_SLEEP);
1297 it->ex_sw = &esp[i];
1298 LIST_INSERT_HEAD(&ex_head, it, ex_list);
1299 }
1300
1301 /* update execsw[] */
1302 exec_init(0);
1303 rw_exit(&exec_lock);
1304 return 0;
1305 }
1306
1307 /*
1308 * Remove execsw[] entry.
1309 */
1310 int
1311 exec_remove(struct execsw *esp, int count)
1312 {
1313 struct exec_entry *it, *next;
1314 int i;
1315 const struct proclist_desc *pd;
1316 proc_t *p;
1317
1318 if (count == 0) {
1319 return 0;
1320 }
1321
1322 /* Abort if any are busy. */
1323 rw_enter(&exec_lock, RW_WRITER);
1324 for (i = 0; i < count; i++) {
1325 mutex_enter(proc_lock);
1326 for (pd = proclists; pd->pd_list != NULL; pd++) {
1327 PROCLIST_FOREACH(p, pd->pd_list) {
1328 if (p->p_execsw == &esp[i]) {
1329 mutex_exit(proc_lock);
1330 rw_exit(&exec_lock);
1331 return EBUSY;
1332 }
1333 }
1334 }
1335 mutex_exit(proc_lock);
1336 }
1337
1338 /* None are busy, so remove them all. */
1339 for (i = 0; i < count; i++) {
1340 for (it = LIST_FIRST(&ex_head); it != NULL; it = next) {
1341 next = LIST_NEXT(it, ex_list);
1342 if (it->ex_sw == &esp[i]) {
1343 LIST_REMOVE(it, ex_list);
1344 kmem_free(it, sizeof(*it));
1345 break;
1346 }
1347 }
1348 }
1349
1350 /* update execsw[] */
1351 exec_init(0);
1352 rw_exit(&exec_lock);
1353 return 0;
1354 }
1355
1356 /*
1357 * Initialize exec structures. If init_boot is true, also does necessary
1358 * one-time initialization (it's called from main() that way).
1359 * Once system is multiuser, this should be called with exec_lock held,
1360 * i.e. via exec_{add|remove}().
1361 */
1362 int
1363 exec_init(int init_boot)
1364 {
1365 const struct execsw **sw;
1366 struct exec_entry *ex;
1367 SLIST_HEAD(,exec_entry) first;
1368 SLIST_HEAD(,exec_entry) any;
1369 SLIST_HEAD(,exec_entry) last;
1370 int i, sz;
1371
1372 if (init_boot) {
1373 /* do one-time initializations */
1374 rw_init(&exec_lock);
1375 mutex_init(&sigobject_lock, MUTEX_DEFAULT, IPL_NONE);
1376 pool_init(&exec_pool, NCARGS, 0, 0, PR_NOALIGN|PR_NOTOUCH,
1377 "execargs", &exec_palloc, IPL_NONE);
1378 pool_sethardlimit(&exec_pool, maxexec, "should not happen", 0);
1379 } else {
1380 KASSERT(rw_write_held(&exec_lock));
1381 }
1382
1383 /* Sort each entry onto the appropriate queue. */
1384 SLIST_INIT(&first);
1385 SLIST_INIT(&any);
1386 SLIST_INIT(&last);
1387 sz = 0;
1388 LIST_FOREACH(ex, &ex_head, ex_list) {
1389 switch(ex->ex_sw->es_prio) {
1390 case EXECSW_PRIO_FIRST:
1391 SLIST_INSERT_HEAD(&first, ex, ex_slist);
1392 break;
1393 case EXECSW_PRIO_ANY:
1394 SLIST_INSERT_HEAD(&any, ex, ex_slist);
1395 break;
1396 case EXECSW_PRIO_LAST:
1397 SLIST_INSERT_HEAD(&last, ex, ex_slist);
1398 break;
1399 default:
1400 panic("exec_init");
1401 break;
1402 }
1403 sz++;
1404 }
1405
1406 /*
1407 * Create new execsw[]. Ensure we do not try a zero-sized
1408 * allocation.
1409 */
1410 sw = kmem_alloc(sz * sizeof(struct execsw *) + 1, KM_SLEEP);
1411 i = 0;
1412 SLIST_FOREACH(ex, &first, ex_slist) {
1413 sw[i++] = ex->ex_sw;
1414 }
1415 SLIST_FOREACH(ex, &any, ex_slist) {
1416 sw[i++] = ex->ex_sw;
1417 }
1418 SLIST_FOREACH(ex, &last, ex_slist) {
1419 sw[i++] = ex->ex_sw;
1420 }
1421
1422 /* Replace old execsw[] and free used memory. */
1423 if (execsw != NULL) {
1424 kmem_free(__UNCONST(execsw),
1425 nexecs * sizeof(struct execsw *) + 1);
1426 }
1427 execsw = sw;
1428 nexecs = sz;
1429
1430 /* Figure out the maximum size of an exec header. */
1431 exec_maxhdrsz = sizeof(int);
1432 for (i = 0; i < nexecs; i++) {
1433 if (execsw[i]->es_hdrsz > exec_maxhdrsz)
1434 exec_maxhdrsz = execsw[i]->es_hdrsz;
1435 }
1436
1437 return 0;
1438 }
1439
1440 static int
1441 exec_sigcode_map(struct proc *p, const struct emul *e)
1442 {
1443 vaddr_t va;
1444 vsize_t sz;
1445 int error;
1446 struct uvm_object *uobj;
1447
1448 sz = (vaddr_t)e->e_esigcode - (vaddr_t)e->e_sigcode;
1449
1450 if (e->e_sigobject == NULL || sz == 0) {
1451 return 0;
1452 }
1453
1454 /*
1455 * If we don't have a sigobject for this emulation, create one.
1456 *
1457 * sigobject is an anonymous memory object (just like SYSV shared
1458 * memory) that we keep a permanent reference to and that we map
1459 * in all processes that need this sigcode. The creation is simple,
1460 * we create an object, add a permanent reference to it, map it in
1461 * kernel space, copy out the sigcode to it and unmap it.
1462 * We map it with PROT_READ|PROT_EXEC into the process just
1463 * the way sys_mmap() would map it.
1464 */
1465
1466 uobj = *e->e_sigobject;
1467 if (uobj == NULL) {
1468 mutex_enter(&sigobject_lock);
1469 if ((uobj = *e->e_sigobject) == NULL) {
1470 uobj = uao_create(sz, 0);
1471 (*uobj->pgops->pgo_reference)(uobj);
1472 va = vm_map_min(kernel_map);
1473 if ((error = uvm_map(kernel_map, &va, round_page(sz),
1474 uobj, 0, 0,
1475 UVM_MAPFLAG(UVM_PROT_RW, UVM_PROT_RW,
1476 UVM_INH_SHARE, UVM_ADV_RANDOM, 0)))) {
1477 printf("kernel mapping failed %d\n", error);
1478 (*uobj->pgops->pgo_detach)(uobj);
1479 mutex_exit(&sigobject_lock);
1480 return (error);
1481 }
1482 memcpy((void *)va, e->e_sigcode, sz);
1483 #ifdef PMAP_NEED_PROCWR
1484 pmap_procwr(&proc0, va, sz);
1485 #endif
1486 uvm_unmap(kernel_map, va, va + round_page(sz));
1487 *e->e_sigobject = uobj;
1488 }
1489 mutex_exit(&sigobject_lock);
1490 }
1491
1492 /* Just a hint to uvm_map where to put it. */
1493 va = e->e_vm_default_addr(p, (vaddr_t)p->p_vmspace->vm_daddr,
1494 round_page(sz));
1495
1496 #ifdef __alpha__
1497 /*
1498 * Tru64 puts /sbin/loader at the end of user virtual memory,
1499 * which causes the above calculation to put the sigcode at
1500 * an invalid address. Put it just below the text instead.
1501 */
1502 if (va == (vaddr_t)vm_map_max(&p->p_vmspace->vm_map)) {
1503 va = (vaddr_t)p->p_vmspace->vm_taddr - round_page(sz);
1504 }
1505 #endif
1506
1507 (*uobj->pgops->pgo_reference)(uobj);
1508 error = uvm_map(&p->p_vmspace->vm_map, &va, round_page(sz),
1509 uobj, 0, 0,
1510 UVM_MAPFLAG(UVM_PROT_RX, UVM_PROT_RX, UVM_INH_SHARE,
1511 UVM_ADV_RANDOM, 0));
1512 if (error) {
1513 (*uobj->pgops->pgo_detach)(uobj);
1514 return (error);
1515 }
1516 p->p_sigctx.ps_sigcode = (void *)va;
1517 return (0);
1518 }
1519