1 /* $NetBSD: linux_exec_elf32.c,v 1.99 2019/03/01 11:06:56 pgoyette Exp $ */ 2 3 /*- 4 * Copyright (c) 1995, 1998, 2000, 2001 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Christos Zoulas, Frank van der Linden, Eric Haszlakiewicz and 9 * Emmanuel Dreyfus. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 /* 34 * based on exec_aout.c, sunos_exec.c and svr4_exec.c 35 */ 36 37 #include <sys/cdefs.h> 38 __KERNEL_RCSID(0, "$NetBSD: linux_exec_elf32.c,v 1.99 2019/03/01 11:06:56 pgoyette Exp $"); 39 40 #ifndef ELFSIZE 41 /* XXX should die */ 42 #define ELFSIZE 32 43 #endif 44 45 #include <sys/param.h> 46 #include <sys/systm.h> 47 #include <sys/kernel.h> 48 #include <sys/proc.h> 49 #include <sys/malloc.h> 50 #include <sys/namei.h> 51 #include <sys/vnode.h> 52 #include <sys/mount.h> 53 #include <sys/exec.h> 54 #include <sys/exec_elf.h> 55 #include <sys/stat.h> 56 #include <sys/kauth.h> 57 #include <sys/cprng.h> 58 #include <sys/compat_stub.h> 59 60 #include <sys/mman.h> 61 #include <sys/syscallargs.h> 62 63 #include <sys/cpu.h> 64 #include <machine/reg.h> 65 66 #include <compat/linux/common/linux_types.h> 67 #include <compat/linux/common/linux_signal.h> 68 #include <compat/linux/common/linux_util.h> 69 #include <compat/linux/common/linux_exec.h> 70 #include <compat/linux/common/linux_machdep.h> 71 #include <compat/linux/common/linux_ipc.h> 72 #include <compat/linux/common/linux_sem.h> 73 74 #include <compat/linux/linux_syscallargs.h> 75 #include <compat/linux/linux_syscall.h> 76 77 #define LINUX_GO_RT0_SIGNATURE 78 79 #ifdef DEBUG_LINUX 80 #define DPRINTF(a) uprintf a 81 #else 82 #define DPRINTF(a) do {} while (0) 83 #endif 84 85 #ifdef LINUX_ATEXIT_SIGNATURE 86 /* 87 * On the PowerPC, statically linked Linux binaries are not recognized 88 * by linux_signature nor by linux_gcc_signature. Fortunately, thoses 89 * binaries features a __libc_atexit ELF section. We therefore assume we 90 * have a Linux binary if we find this section. 91 */ 92 int 93 ELFNAME2(linux,atexit_signature)( 94 struct lwp *l, 95 struct exec_package *epp, 96 Elf_Ehdr *eh) 97 { 98 Elf_Shdr *sh; 99 size_t shsize; 100 u_int shstrndx; 101 size_t i; 102 static const char signature[] = "__libc_atexit"; 103 const size_t sigsz = sizeof(signature); 104 char tbuf[sizeof(signature)]; 105 int error; 106 107 /* Load the section header table. */ 108 shsize = eh->e_shnum * sizeof(Elf_Shdr); 109 sh = (Elf_Shdr *) malloc(shsize, M_TEMP, M_WAITOK); 110 error = exec_read_from(l, epp->ep_vp, eh->e_shoff, sh, shsize); 111 if (error) 112 goto out; 113 114 /* Now let's find the string table. If it does not exist, give up. */ 115 shstrndx = eh->e_shstrndx; 116 if (shstrndx == SHN_UNDEF || shstrndx >= eh->e_shnum) { 117 error = ENOEXEC; 118 goto out; 119 } 120 121 /* Check if any section has the name we're looking for. */ 122 const off_t stroff = sh[shstrndx].sh_offset; 123 for (i = 0; i < eh->e_shnum; i++) { 124 Elf_Shdr *s = &sh[i]; 125 126 if (s->sh_name + sigsz > sh[shstrndx].sh_size) 127 continue; 128 129 error = exec_read_from(l, epp->ep_vp, stroff + s->sh_name, tbuf, 130 sigsz); 131 if (error) 132 goto out; 133 if (!memcmp(tbuf, signature, sigsz)) { 134 DPRINTF(("linux_atexit_sig=%s\n", tbuf)); 135 error = 0; 136 goto out; 137 } 138 } 139 error = ENOEXEC; 140 141 out: 142 free(sh, M_TEMP); 143 return (error); 144 } 145 #endif 146 147 #ifdef LINUX_GCC_SIGNATURE 148 /* 149 * Take advantage of the fact that all the linux binaries are compiled 150 * with gcc, and gcc sticks in the comment field a signature. Note that 151 * on SVR4 binaries, the gcc signature will follow the OS name signature, 152 * that will not be a problem. We don't bother to read in the string table, 153 * but we check all the progbits headers. 154 * 155 * XXX This only works in the i386. On the alpha (at least) 156 * XXX we have the same gcc signature which incorrectly identifies 157 * XXX NetBSD binaries as Linux. 158 */ 159 int 160 ELFNAME2(linux,gcc_signature)( 161 struct lwp *l, 162 struct exec_package *epp, 163 Elf_Ehdr *eh) 164 { 165 size_t shsize; 166 size_t i; 167 static const char signature[] = "\0GCC: (GNU) "; 168 char tbuf[sizeof(signature) - 1]; 169 Elf_Shdr *sh; 170 int error; 171 172 shsize = eh->e_shnum * sizeof(Elf_Shdr); 173 sh = (Elf_Shdr *) malloc(shsize, M_TEMP, M_WAITOK); 174 error = exec_read_from(l, epp->ep_vp, eh->e_shoff, sh, shsize); 175 if (error) 176 goto out; 177 178 for (i = 0; i < eh->e_shnum; i++) { 179 Elf_Shdr *s = &sh[i]; 180 181 /* 182 * Identify candidates for the comment header; 183 * Header cannot have a load address, or flags and 184 * it must be large enough. 185 */ 186 if (s->sh_type != SHT_PROGBITS || 187 s->sh_addr != 0 || 188 s->sh_flags != 0 || 189 s->sh_size < sizeof(signature) - 1) 190 continue; 191 192 error = exec_read_from(l, epp->ep_vp, s->sh_offset, tbuf, 193 sizeof(signature) - 1); 194 if (error) 195 continue; 196 197 /* 198 * error is 0, if the signatures match we are done. 199 */ 200 DPRINTF(("linux_gcc_sig: sig=%s\n", tbuf)); 201 if (!memcmp(tbuf, signature, sizeof(signature) - 1)) { 202 error = 0; 203 goto out; 204 } 205 } 206 error = ENOEXEC; 207 208 out: 209 free(sh, M_TEMP); 210 return (error); 211 } 212 #endif 213 214 #ifdef LINUX_DEBUGLINK_SIGNATURE 215 /* 216 * Look for a .gnu_debuglink, specific to x86_64 interpreter 217 */ 218 int 219 ELFNAME2(linux,debuglink_signature)(struct lwp *l, struct exec_package *epp, Elf_Ehdr *eh) 220 { 221 Elf_Shdr *sh; 222 size_t shsize; 223 u_int shstrndx; 224 size_t i; 225 static const char signature[] = ".gnu_debuglink"; 226 const size_t sigsz = sizeof(signature); 227 char tbuf[sizeof(signature)]; 228 int error; 229 230 /* Load the section header table. */ 231 shsize = eh->e_shnum * sizeof(Elf_Shdr); 232 sh = (Elf_Shdr *) malloc(shsize, M_TEMP, M_WAITOK); 233 error = exec_read_from(l, epp->ep_vp, eh->e_shoff, sh, shsize); 234 if (error) 235 goto out; 236 237 /* Now let's find the string table. If it does not exist, give up. */ 238 shstrndx = eh->e_shstrndx; 239 if (shstrndx == SHN_UNDEF || shstrndx >= eh->e_shnum) { 240 error = ENOEXEC; 241 goto out; 242 } 243 244 /* Check if any section has the name we're looking for. */ 245 const off_t stroff = sh[shstrndx].sh_offset; 246 for (i = 0; i < eh->e_shnum; i++) { 247 Elf_Shdr *s = &sh[i]; 248 249 if (s->sh_name + sigsz > sh[shstrndx].sh_size) 250 continue; 251 252 error = exec_read_from(l, epp->ep_vp, stroff + s->sh_name, tbuf, 253 sigsz); 254 if (error) 255 goto out; 256 if (!memcmp(tbuf, signature, sigsz)) { 257 DPRINTF(("linux_debuglink_sig=%s\n", tbuf)); 258 error = 0; 259 goto out; 260 } 261 } 262 error = ENOEXEC; 263 264 out: 265 free(sh, M_TEMP); 266 return (error); 267 } 268 #endif 269 270 #ifdef LINUX_GO_RT0_SIGNATURE 271 /* 272 * Look for a .gopclntab, specific to go binaries 273 * in it look for a symbol called _rt0_<cpu>_linux 274 */ 275 static int 276 ELFNAME2(linux,go_rt0_signature)(struct lwp *l, struct exec_package *epp, Elf_Ehdr *eh) 277 { 278 Elf_Shdr *sh; 279 size_t shsize; 280 u_int shstrndx; 281 size_t i; 282 static const char signature[] = ".gopclntab"; 283 const size_t sigsz = sizeof(signature); 284 char tbuf[sizeof(signature)], *tmp = NULL; 285 char mbuf[64]; 286 const char *m; 287 int mlen; 288 int error; 289 290 /* Load the section header table. */ 291 shsize = eh->e_shnum * sizeof(Elf_Shdr); 292 sh = malloc(shsize, M_TEMP, M_WAITOK); 293 error = exec_read_from(l, epp->ep_vp, eh->e_shoff, sh, shsize); 294 if (error) 295 goto out; 296 297 /* Now let's find the string table. If it does not exist, give up. */ 298 shstrndx = eh->e_shstrndx; 299 if (shstrndx == SHN_UNDEF || shstrndx >= eh->e_shnum) { 300 error = ENOEXEC; 301 goto out; 302 } 303 304 /* Check if any section has the name we're looking for. */ 305 const off_t stroff = sh[shstrndx].sh_offset; 306 for (i = 0; i < eh->e_shnum; i++) { 307 Elf_Shdr *s = &sh[i]; 308 309 if (s->sh_name + sigsz > sh[shstrndx].sh_size) 310 continue; 311 312 error = exec_read_from(l, epp->ep_vp, stroff + s->sh_name, tbuf, 313 sigsz); 314 if (error) 315 goto out; 316 if (!memcmp(tbuf, signature, sigsz)) { 317 DPRINTF(("linux_goplcntab_sig=%s\n", tbuf)); 318 break; 319 } 320 } 321 322 if (i == eh->e_shnum) { 323 error = ENOEXEC; 324 goto out; 325 } 326 327 // Don't scan more than 1MB 328 if (sh[i].sh_size > 1024 * 1024) 329 sh[i].sh_size = 1024 * 1024; 330 331 tmp = malloc(sh[i].sh_size, M_TEMP, M_WAITOK); 332 error = exec_read_from(l, epp->ep_vp, sh[i].sh_offset, tmp, 333 sh[i].sh_size); 334 if (error) 335 goto out; 336 337 #if (ELFSIZE == 32) 338 extern struct netbsd32_machine32_hook_t netbsd32_machine32_hook; 339 MODULE_HOOK_CALL(netbsd32_machine32_hook, (), machine, m); 340 #else 341 m = machine; 342 #endif 343 mlen = snprintf(mbuf, sizeof(mbuf), "_rt0_%s_linux", m); 344 if (memmem(tmp, sh[i].sh_size, mbuf, mlen) == NULL) 345 error = ENOEXEC; 346 else 347 DPRINTF(("linux_rt0_sig=%s\n", mbuf)); 348 out: 349 if (tmp) 350 free(tmp, M_TEMP); 351 free(sh, M_TEMP); 352 return error; 353 } 354 #endif 355 356 int 357 ELFNAME2(linux,signature)(struct lwp *l, struct exec_package *epp, Elf_Ehdr *eh, char *itp) 358 { 359 size_t i; 360 Elf_Phdr *ph; 361 size_t phsize; 362 int error; 363 static const char linux[] = "Linux"; 364 365 if (eh->e_ident[EI_OSABI] == ELFOSABI_LINUX || 366 memcmp(&eh->e_ident[EI_ABIVERSION], linux, sizeof(linux)) == 0) 367 return 0; 368 369 phsize = eh->e_phnum * sizeof(Elf_Phdr); 370 ph = (Elf_Phdr *)malloc(phsize, M_TEMP, M_WAITOK); 371 error = exec_read_from(l, epp->ep_vp, eh->e_phoff, ph, phsize); 372 if (error) 373 goto out; 374 375 for (i = 0; i < eh->e_phnum; i++) { 376 Elf_Phdr *ephp = &ph[i]; 377 Elf_Nhdr *np; 378 u_int32_t *abi; 379 380 if (ephp->p_type != PT_NOTE || 381 ephp->p_filesz > 1024 || 382 ephp->p_filesz < sizeof(Elf_Nhdr) + 20) 383 continue; 384 385 np = (Elf_Nhdr *)malloc(ephp->p_filesz, M_TEMP, M_WAITOK); 386 error = exec_read_from(l, epp->ep_vp, ephp->p_offset, np, 387 ephp->p_filesz); 388 if (error) 389 goto next; 390 391 if (np->n_type != ELF_NOTE_TYPE_ABI_TAG || 392 np->n_namesz != ELF_NOTE_ABI_NAMESZ || 393 np->n_descsz != ELF_NOTE_ABI_DESCSZ || 394 memcmp((void *)(np + 1), ELF_NOTE_ABI_NAME, 395 ELF_NOTE_ABI_NAMESZ)) 396 goto next; 397 398 /* Make sure the OS is Linux. */ 399 abi = (u_int32_t *)((char *)np + sizeof(Elf_Nhdr) + 400 np->n_namesz); 401 if (abi[0] == ELF_NOTE_ABI_OS_LINUX) 402 error = 0; 403 else 404 error = ENOEXEC; 405 free(np, M_TEMP); 406 goto out; 407 408 next: 409 free(np, M_TEMP); 410 continue; 411 } 412 413 /* Check for certain interpreter names. */ 414 if (itp) { 415 if (!strncmp(itp, "/lib/ld-linux", 13) || 416 #if (ELFSIZE == 64) 417 !strncmp(itp, "/lib64/ld-linux", 15) || 418 #endif 419 !strncmp(itp, "/lib/ld.so.", 11)) 420 error = 0; 421 else 422 error = ENOEXEC; 423 goto out; 424 } 425 426 error = ENOEXEC; 427 out: 428 free(ph, M_TEMP); 429 return (error); 430 } 431 432 int 433 ELFNAME2(linux,probe)(struct lwp *l, struct exec_package *epp, void *eh, 434 char *itp, vaddr_t *pos) 435 { 436 int error; 437 438 if (((error = ELFNAME2(linux,signature)(l, epp, eh, itp)) != 0) && 439 #ifdef LINUX_GCC_SIGNATURE 440 ((error = ELFNAME2(linux,gcc_signature)(l, epp, eh)) != 0) && 441 #endif 442 #ifdef LINUX_ATEXIT_SIGNATURE 443 ((error = ELFNAME2(linux,atexit_signature)(l, epp, eh)) != 0) && 444 #endif 445 #ifdef LINUX_DEBUGLINK_SIGNATURE 446 ((error = ELFNAME2(linux,debuglink_signature)(l, epp, eh)) != 0) && 447 #endif 448 #ifdef LINUX_GO_RT0_SIGNATURE 449 ((error = ELFNAME2(linux,go_rt0_signature)(l, epp, eh)) != 0) && 450 #endif 451 1) { 452 DPRINTF(("linux_probe: returning %d\n", error)); 453 return error; 454 } 455 456 if (itp) { 457 if ((error = emul_find_interp(l, epp, itp))) 458 return (error); 459 } 460 epp->ep_flags |= EXEC_FORCEAUX; 461 DPRINTF(("linux_probe: returning 0\n")); 462 return 0; 463 } 464 465 #ifndef LINUX_MACHDEP_ELF_COPYARGS 466 /* 467 * Copy arguments onto the stack in the normal way, but add some 468 * extra information in case of dynamic binding. 469 */ 470 int 471 ELFNAME2(linux,copyargs)(struct lwp *l, struct exec_package *pack, 472 struct ps_strings *arginfo, char **stackp, void *argp) 473 { 474 size_t len; 475 AuxInfo ai[LINUX_ELF_AUX_ENTRIES], *a; 476 struct elf_args *ap; 477 int error; 478 struct vattr *vap; 479 uint32_t randbytes[4]; 480 481 if ((error = copyargs(l, pack, arginfo, stackp, argp)) != 0) 482 return error; 483 484 a = ai; 485 486 memset(ai, 0, sizeof(ai)); 487 488 /* 489 * Push extra arguments used by glibc on the stack. 490 */ 491 492 a->a_type = AT_PAGESZ; 493 a->a_v = PAGE_SIZE; 494 a++; 495 496 if ((ap = (struct elf_args *)pack->ep_emul_arg)) { 497 498 a->a_type = AT_PHDR; 499 a->a_v = ap->arg_phaddr; 500 a++; 501 502 a->a_type = AT_PHENT; 503 a->a_v = ap->arg_phentsize; 504 a++; 505 506 a->a_type = AT_PHNUM; 507 a->a_v = ap->arg_phnum; 508 a++; 509 510 a->a_type = AT_BASE; 511 a->a_v = ap->arg_interp; 512 a++; 513 514 a->a_type = AT_FLAGS; 515 a->a_v = 0; 516 a++; 517 518 a->a_type = AT_ENTRY; 519 a->a_v = ap->arg_entry; 520 a++; 521 522 exec_free_emul_arg(pack); 523 } 524 525 /* Linux-specific items */ 526 a->a_type = LINUX_AT_CLKTCK; 527 a->a_v = hz; 528 a++; 529 530 vap = pack->ep_vap; 531 532 a->a_type = LINUX_AT_UID; 533 a->a_v = kauth_cred_getuid(l->l_cred); 534 a++; 535 536 a->a_type = LINUX_AT_EUID; 537 if (vap->va_mode & S_ISUID) 538 a->a_v = vap->va_uid; 539 else 540 a->a_v = kauth_cred_geteuid(l->l_cred); 541 a++; 542 543 a->a_type = LINUX_AT_GID; 544 a->a_v = kauth_cred_getgid(l->l_cred); 545 a++; 546 547 a->a_type = LINUX_AT_EGID; 548 if (vap->va_mode & S_ISGID) 549 a->a_v = vap->va_gid; 550 else 551 a->a_v = kauth_cred_getegid(l->l_cred); 552 a++; 553 554 a->a_type = LINUX_AT_RANDOM; 555 a->a_v = (Elf_Addr)(uintptr_t)*stackp; 556 a++; 557 558 a->a_type = AT_NULL; 559 a->a_v = 0; 560 a++; 561 562 randbytes[0] = cprng_strong32(); 563 randbytes[1] = cprng_strong32(); 564 randbytes[2] = cprng_strong32(); 565 randbytes[3] = cprng_strong32(); 566 567 len = sizeof(randbytes); 568 if ((error = copyout(randbytes, *stackp, len)) != 0) 569 return error; 570 *stackp += len; 571 572 len = (a - ai) * sizeof(AuxInfo); 573 KASSERT(len <= LINUX_ELF_AUX_ENTRIES * sizeof(AuxInfo)); 574 if ((error = copyout(ai, *stackp, len)) != 0) 575 return error; 576 *stackp += len; 577 578 return 0; 579 } 580 #endif /* !LINUX_MACHDEP_ELF_COPYARGS */ 581