1 /* $NetBSD: linux_exec_elf32.c,v 1.102 2021/11/26 09:05:05 ryo Exp $ */ 2 3 /*- 4 * Copyright (c) 1995, 1998, 2000, 2001 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Christos Zoulas, Frank van der Linden, Eric Haszlakiewicz and 9 * Emmanuel Dreyfus. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 /* 34 * based on exec_aout.c, sunos_exec.c and svr4_exec.c 35 */ 36 37 #include <sys/cdefs.h> 38 __KERNEL_RCSID(0, "$NetBSD: linux_exec_elf32.c,v 1.102 2021/11/26 09:05:05 ryo Exp $"); 39 40 #ifndef ELFSIZE 41 /* XXX should die */ 42 #define ELFSIZE 32 43 #endif 44 45 #include <sys/param.h> 46 #include <sys/systm.h> 47 #include <sys/kernel.h> 48 #include <sys/proc.h> 49 #include <sys/malloc.h> 50 #include <sys/namei.h> 51 #include <sys/vnode.h> 52 #include <sys/mount.h> 53 #include <sys/exec.h> 54 #include <sys/exec_elf.h> 55 #include <sys/stat.h> 56 #include <sys/kauth.h> 57 #include <sys/cprng.h> 58 #include <sys/compat_stub.h> 59 60 #include <sys/mman.h> 61 #include <sys/syscallargs.h> 62 63 #include <sys/cpu.h> 64 #include <machine/reg.h> 65 66 #include <compat/linux/common/linux_types.h> 67 #include <compat/linux/common/linux_signal.h> 68 #include <compat/linux/common/linux_util.h> 69 #include <compat/linux/common/linux_exec.h> 70 #include <compat/linux/common/linux_machdep.h> 71 #include <compat/linux/common/linux_ipc.h> 72 #include <compat/linux/common/linux_sem.h> 73 74 #include <compat/linux/linux_syscallargs.h> 75 #include <compat/linux/linux_syscall.h> 76 77 #ifdef DEBUG_LINUX 78 #define DPRINTF(a) uprintf a 79 #else 80 #define DPRINTF(a) do {} while (0) 81 #endif 82 83 #ifdef LINUX_ATEXIT_SIGNATURE 84 /* 85 * On the PowerPC, statically linked Linux binaries are not recognized 86 * by linux_signature nor by linux_gcc_signature. Fortunately, thoses 87 * binaries features a __libc_atexit ELF section. We therefore assume we 88 * have a Linux binary if we find this section. 89 */ 90 int 91 ELFNAME2(linux,atexit_signature)( 92 struct lwp *l, 93 struct exec_package *epp, 94 Elf_Ehdr *eh) 95 { 96 Elf_Shdr *sh; 97 size_t shsize; 98 u_int shstrndx; 99 size_t i; 100 static const char signature[] = "__libc_atexit"; 101 const size_t sigsz = sizeof(signature); 102 char tbuf[sizeof(signature)]; 103 int error; 104 105 /* Load the section header table. */ 106 shsize = eh->e_shnum * sizeof(Elf_Shdr); 107 sh = (Elf_Shdr *) malloc(shsize, M_TEMP, M_WAITOK); 108 error = exec_read(l, epp->ep_vp, eh->e_shoff, sh, shsize, 109 IO_NODELOCKED); 110 if (error) 111 goto out; 112 113 /* Now let's find the string table. If it does not exist, give up. */ 114 shstrndx = eh->e_shstrndx; 115 if (shstrndx == SHN_UNDEF || shstrndx >= eh->e_shnum) { 116 error = ENOEXEC; 117 goto out; 118 } 119 120 /* Check if any section has the name we're looking for. */ 121 const off_t stroff = sh[shstrndx].sh_offset; 122 for (i = 0; i < eh->e_shnum; i++) { 123 Elf_Shdr *s = &sh[i]; 124 125 if (s->sh_name + sigsz > sh[shstrndx].sh_size) 126 continue; 127 128 error = exec_read(l, epp->ep_vp, stroff + s->sh_name, tbuf, 129 sigsz, IO_NODELOCKED); 130 if (error) 131 goto out; 132 if (!memcmp(tbuf, signature, sigsz)) { 133 DPRINTF(("linux_atexit_sig=%s\n", tbuf)); 134 error = 0; 135 goto out; 136 } 137 } 138 error = ENOEXEC; 139 140 out: 141 free(sh, M_TEMP); 142 return (error); 143 } 144 #endif 145 146 #ifdef LINUX_GCC_SIGNATURE 147 /* 148 * Take advantage of the fact that all the linux binaries are compiled 149 * with gcc, and gcc sticks in the comment field a signature. Note that 150 * on SVR4 binaries, the gcc signature will follow the OS name signature, 151 * that will not be a problem. We don't bother to read in the string table, 152 * but we check all the progbits headers. 153 * 154 * XXX This only works in the i386. On the alpha (at least) 155 * XXX we have the same gcc signature which incorrectly identifies 156 * XXX NetBSD binaries as Linux. 157 */ 158 int 159 ELFNAME2(linux,gcc_signature)( 160 struct lwp *l, 161 struct exec_package *epp, 162 Elf_Ehdr *eh) 163 { 164 size_t shsize; 165 size_t i; 166 static const char signature[] = "\0GCC: (GNU) "; 167 char tbuf[sizeof(signature) - 1]; 168 Elf_Shdr *sh; 169 int error; 170 171 shsize = eh->e_shnum * sizeof(Elf_Shdr); 172 sh = (Elf_Shdr *) malloc(shsize, M_TEMP, M_WAITOK); 173 error = exec_read(l, epp->ep_vp, eh->e_shoff, sh, shsize, 174 IO_NODELOCKED); 175 if (error) 176 goto out; 177 178 for (i = 0; i < eh->e_shnum; i++) { 179 Elf_Shdr *s = &sh[i]; 180 181 /* 182 * Identify candidates for the comment header; 183 * Header cannot have a load address, or flags and 184 * it must be large enough. 185 */ 186 if (s->sh_type != SHT_PROGBITS || 187 s->sh_addr != 0 || 188 s->sh_flags != 0 || 189 s->sh_size < sizeof(signature) - 1) 190 continue; 191 192 error = exec_read(l, epp->ep_vp, s->sh_offset, tbuf, 193 sizeof(signature) - 1, IO_NODELOCKED); 194 if (error) 195 continue; 196 197 /* 198 * error is 0, if the signatures match we are done. 199 */ 200 DPRINTF(("linux_gcc_sig: sig=%s\n", tbuf)); 201 if (!memcmp(tbuf, signature, sizeof(signature) - 1)) { 202 error = 0; 203 goto out; 204 } 205 } 206 error = ENOEXEC; 207 208 out: 209 free(sh, M_TEMP); 210 return (error); 211 } 212 #endif 213 214 #ifdef LINUX_DEBUGLINK_SIGNATURE 215 /* 216 * Look for a .gnu_debuglink, specific to x86_64 interpreter 217 */ 218 int 219 ELFNAME2(linux,debuglink_signature)(struct lwp *l, struct exec_package *epp, Elf_Ehdr *eh) 220 { 221 Elf_Shdr *sh; 222 size_t shsize; 223 u_int shstrndx; 224 size_t i; 225 static const char signature[] = ".gnu_debuglink"; 226 const size_t sigsz = sizeof(signature); 227 char tbuf[sizeof(signature)]; 228 int error; 229 230 /* Load the section header table. */ 231 shsize = eh->e_shnum * sizeof(Elf_Shdr); 232 sh = (Elf_Shdr *) malloc(shsize, M_TEMP, M_WAITOK); 233 error = exec_read(l, epp->ep_vp, eh->e_shoff, sh, shsize, 234 IO_NODELOCKED); 235 if (error) 236 goto out; 237 238 /* Now let's find the string table. If it does not exist, give up. */ 239 shstrndx = eh->e_shstrndx; 240 if (shstrndx == SHN_UNDEF || shstrndx >= eh->e_shnum) { 241 error = ENOEXEC; 242 goto out; 243 } 244 245 /* Check if any section has the name we're looking for. */ 246 const off_t stroff = sh[shstrndx].sh_offset; 247 for (i = 0; i < eh->e_shnum; i++) { 248 Elf_Shdr *s = &sh[i]; 249 250 if (s->sh_name + sigsz > sh[shstrndx].sh_size) 251 continue; 252 253 error = exec_read(l, epp->ep_vp, stroff + s->sh_name, tbuf, 254 sigsz, IO_NODELOCKED); 255 if (error) 256 goto out; 257 if (!memcmp(tbuf, signature, sigsz)) { 258 DPRINTF(("linux_debuglink_sig=%s\n", tbuf)); 259 error = 0; 260 goto out; 261 } 262 } 263 error = ENOEXEC; 264 265 out: 266 free(sh, M_TEMP); 267 return (error); 268 } 269 #endif 270 271 #ifdef LINUX_GO_RT0_SIGNATURE 272 /* 273 * Look for a .gopclntab, specific to go binaries 274 * in it look for a symbol called _rt0_<cpu>_linux 275 */ 276 int 277 ELFNAME2(linux,go_rt0_signature)(struct lwp *l, struct exec_package *epp, Elf_Ehdr *eh) 278 { 279 Elf_Shdr *sh; 280 size_t shsize; 281 u_int shstrndx; 282 size_t i; 283 static const char signature[] = ".gopclntab"; 284 const size_t sigsz = sizeof(signature); 285 char tbuf[sizeof(signature)], *tmp = NULL; 286 char mbuf[64]; 287 const char *m; 288 int mlen; 289 int error; 290 291 /* Load the section header table. */ 292 shsize = eh->e_shnum * sizeof(Elf_Shdr); 293 sh = malloc(shsize, M_TEMP, M_WAITOK); 294 error = exec_read(l, epp->ep_vp, eh->e_shoff, sh, shsize, 295 IO_NODELOCKED); 296 if (error) 297 goto out; 298 299 /* Now let's find the string table. If it does not exist, give up. */ 300 shstrndx = eh->e_shstrndx; 301 if (shstrndx == SHN_UNDEF || shstrndx >= eh->e_shnum) { 302 error = ENOEXEC; 303 goto out; 304 } 305 306 /* Check if any section has the name we're looking for. */ 307 const off_t stroff = sh[shstrndx].sh_offset; 308 for (i = 0; i < eh->e_shnum; i++) { 309 Elf_Shdr *s = &sh[i]; 310 311 if (s->sh_name + sigsz > sh[shstrndx].sh_size) 312 continue; 313 314 error = exec_read(l, epp->ep_vp, stroff + s->sh_name, tbuf, 315 sigsz, IO_NODELOCKED); 316 if (error) 317 goto out; 318 if (!memcmp(tbuf, signature, sigsz)) { 319 DPRINTF(("linux_goplcntab_sig=%s\n", tbuf)); 320 break; 321 } 322 } 323 324 if (i == eh->e_shnum) { 325 error = ENOEXEC; 326 goto out; 327 } 328 329 // Don't scan more than 1MB 330 if (sh[i].sh_size > 1024 * 1024) 331 sh[i].sh_size = 1024 * 1024; 332 333 tmp = malloc(sh[i].sh_size, M_TEMP, M_WAITOK); 334 error = exec_read(l, epp->ep_vp, sh[i].sh_offset, tmp, 335 sh[i].sh_size, IO_NODELOCKED); 336 if (error) 337 goto out; 338 339 #if (ELFSIZE == 32) 340 #ifdef LINUX_GO_RT0_SIGNATURE_ARCH32 341 m = LINUX_GO_RT0_SIGNATURE_ARCH32; 342 #else 343 extern struct netbsd32_machine32_hook_t netbsd32_machine32_hook; 344 MODULE_HOOK_CALL(netbsd32_machine32_hook, (), machine, m); 345 #endif 346 #else /* (ELFSIZE == 32) */ 347 #ifdef LINUX_GO_RT0_SIGNATURE_ARCH64 348 m = LINUX_GO_RT0_SIGNATURE_ARCH64; 349 #else 350 m = machine; 351 #endif 352 #endif /* (ELFSIZE == 32) */ 353 mlen = snprintf(mbuf, sizeof(mbuf), "_rt0_%s_linux", m); 354 if (memmem(tmp, sh[i].sh_size, mbuf, mlen) == NULL) 355 error = ENOEXEC; 356 else 357 DPRINTF(("linux_rt0_sig=%s\n", mbuf)); 358 out: 359 if (tmp) 360 free(tmp, M_TEMP); 361 free(sh, M_TEMP); 362 return error; 363 } 364 #endif 365 366 int 367 ELFNAME2(linux,signature)(struct lwp *l, struct exec_package *epp, Elf_Ehdr *eh, char *itp) 368 { 369 size_t i; 370 Elf_Phdr *ph; 371 size_t phsize; 372 int error; 373 static const char linux[] = "Linux"; 374 375 if (eh->e_ident[EI_OSABI] == ELFOSABI_LINUX || 376 memcmp(&eh->e_ident[EI_ABIVERSION], linux, sizeof(linux)) == 0) 377 return 0; 378 379 phsize = eh->e_phnum * sizeof(Elf_Phdr); 380 ph = (Elf_Phdr *)malloc(phsize, M_TEMP, M_WAITOK); 381 error = exec_read(l, epp->ep_vp, eh->e_phoff, ph, phsize, 382 IO_NODELOCKED); 383 if (error) 384 goto out; 385 386 for (i = 0; i < eh->e_phnum; i++) { 387 Elf_Phdr *ephp = &ph[i]; 388 Elf_Nhdr *np; 389 u_int32_t *abi; 390 391 if (ephp->p_type != PT_NOTE || 392 ephp->p_filesz > 1024 || 393 ephp->p_filesz < sizeof(Elf_Nhdr) + 20) 394 continue; 395 396 np = (Elf_Nhdr *)malloc(ephp->p_filesz, M_TEMP, M_WAITOK); 397 error = exec_read(l, epp->ep_vp, ephp->p_offset, np, 398 ephp->p_filesz, IO_NODELOCKED); 399 if (error) 400 goto next; 401 402 if (np->n_type != ELF_NOTE_TYPE_ABI_TAG || 403 np->n_namesz != ELF_NOTE_ABI_NAMESZ || 404 np->n_descsz != ELF_NOTE_ABI_DESCSZ || 405 memcmp((void *)(np + 1), ELF_NOTE_ABI_NAME, 406 ELF_NOTE_ABI_NAMESZ)) 407 goto next; 408 409 /* Make sure the OS is Linux. */ 410 abi = (u_int32_t *)((char *)np + sizeof(Elf_Nhdr) + 411 np->n_namesz); 412 if (abi[0] == ELF_NOTE_ABI_OS_LINUX) 413 error = 0; 414 else 415 error = ENOEXEC; 416 free(np, M_TEMP); 417 goto out; 418 419 next: 420 free(np, M_TEMP); 421 continue; 422 } 423 424 /* Check for certain interpreter names. */ 425 if (itp) { 426 if (!strncmp(itp, "/lib/ld-linux", 13) || 427 #if (ELFSIZE == 64) 428 !strncmp(itp, "/lib64/ld-linux", 15) || 429 #endif 430 !strncmp(itp, "/lib/ld.so.", 11)) 431 error = 0; 432 else 433 error = ENOEXEC; 434 goto out; 435 } 436 437 error = ENOEXEC; 438 out: 439 free(ph, M_TEMP); 440 return (error); 441 } 442 443 int 444 ELFNAME2(linux,probe)(struct lwp *l, struct exec_package *epp, void *eh, 445 char *itp, vaddr_t *pos) 446 { 447 int error; 448 449 if (((error = ELFNAME2(linux,signature)(l, epp, eh, itp)) != 0) && 450 #ifdef LINUX_GCC_SIGNATURE 451 ((error = ELFNAME2(linux,gcc_signature)(l, epp, eh)) != 0) && 452 #endif 453 #ifdef LINUX_ATEXIT_SIGNATURE 454 ((error = ELFNAME2(linux,atexit_signature)(l, epp, eh)) != 0) && 455 #endif 456 #ifdef LINUX_DEBUGLINK_SIGNATURE 457 ((error = ELFNAME2(linux,debuglink_signature)(l, epp, eh)) != 0) && 458 #endif 459 #ifdef LINUX_GO_RT0_SIGNATURE 460 ((error = ELFNAME2(linux,go_rt0_signature)(l, epp, eh)) != 0) && 461 #endif 462 1) { 463 DPRINTF(("linux_probe: returning %d\n", error)); 464 return error; 465 } 466 467 if (itp) { 468 if ((error = emul_find_interp(l, epp, itp))) 469 return (error); 470 } 471 epp->ep_flags |= EXEC_FORCEAUX; 472 DPRINTF(("linux_probe: returning 0\n")); 473 return 0; 474 } 475 476 #ifndef LINUX_MACHDEP_ELF_COPYARGS 477 /* 478 * Copy arguments onto the stack in the normal way, but add some 479 * extra information in case of dynamic binding. 480 */ 481 int 482 ELFNAME2(linux,copyargs)(struct lwp *l, struct exec_package *pack, 483 struct ps_strings *arginfo, char **stackp, void *argp) 484 { 485 size_t len; 486 AuxInfo ai[LINUX_ELF_AUX_ENTRIES], *a; 487 struct elf_args *ap; 488 int error; 489 struct vattr *vap; 490 uint32_t randbytes[4]; 491 492 if ((error = copyargs(l, pack, arginfo, stackp, argp)) != 0) 493 return error; 494 495 a = ai; 496 497 memset(ai, 0, sizeof(ai)); 498 499 /* 500 * Push extra arguments used by glibc on the stack. 501 */ 502 503 a->a_type = AT_PAGESZ; 504 a->a_v = PAGE_SIZE; 505 a++; 506 507 if ((ap = (struct elf_args *)pack->ep_emul_arg)) { 508 509 a->a_type = AT_PHDR; 510 a->a_v = ap->arg_phaddr; 511 a++; 512 513 a->a_type = AT_PHENT; 514 a->a_v = ap->arg_phentsize; 515 a++; 516 517 a->a_type = AT_PHNUM; 518 a->a_v = ap->arg_phnum; 519 a++; 520 521 a->a_type = AT_BASE; 522 a->a_v = ap->arg_interp; 523 a++; 524 525 a->a_type = AT_FLAGS; 526 a->a_v = 0; 527 a++; 528 529 a->a_type = AT_ENTRY; 530 a->a_v = ap->arg_entry; 531 a++; 532 533 exec_free_emul_arg(pack); 534 } 535 536 /* Linux-specific items */ 537 a->a_type = LINUX_AT_CLKTCK; 538 a->a_v = hz; 539 a++; 540 541 vap = pack->ep_vap; 542 543 a->a_type = LINUX_AT_UID; 544 a->a_v = kauth_cred_getuid(l->l_cred); 545 a++; 546 547 a->a_type = LINUX_AT_EUID; 548 if (vap->va_mode & S_ISUID) 549 a->a_v = vap->va_uid; 550 else 551 a->a_v = kauth_cred_geteuid(l->l_cred); 552 a++; 553 554 a->a_type = LINUX_AT_GID; 555 a->a_v = kauth_cred_getgid(l->l_cred); 556 a++; 557 558 a->a_type = LINUX_AT_EGID; 559 if (vap->va_mode & S_ISGID) 560 a->a_v = vap->va_gid; 561 else 562 a->a_v = kauth_cred_getegid(l->l_cred); 563 a++; 564 565 a->a_type = LINUX_AT_RANDOM; 566 a->a_v = (Elf_Addr)(uintptr_t)*stackp; 567 a++; 568 569 a->a_type = AT_NULL; 570 a->a_v = 0; 571 a++; 572 573 randbytes[0] = cprng_strong32(); 574 randbytes[1] = cprng_strong32(); 575 randbytes[2] = cprng_strong32(); 576 randbytes[3] = cprng_strong32(); 577 578 len = sizeof(randbytes); 579 if ((error = copyout(randbytes, *stackp, len)) != 0) 580 return error; 581 *stackp += len; 582 583 len = (a - ai) * sizeof(AuxInfo); 584 KASSERT(len <= LINUX_ELF_AUX_ENTRIES * sizeof(AuxInfo)); 585 if ((error = copyout(ai, *stackp, len)) != 0) 586 return error; 587 *stackp += len; 588 589 return 0; 590 } 591 #endif /* !LINUX_MACHDEP_ELF_COPYARGS */ 592