1 /* $NetBSD: linux_exec_elf32.c,v 1.101 2021/11/26 08:56:28 ryo Exp $ */ 2 3 /*- 4 * Copyright (c) 1995, 1998, 2000, 2001 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Christos Zoulas, Frank van der Linden, Eric Haszlakiewicz and 9 * Emmanuel Dreyfus. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 /* 34 * based on exec_aout.c, sunos_exec.c and svr4_exec.c 35 */ 36 37 #include <sys/cdefs.h> 38 __KERNEL_RCSID(0, "$NetBSD: linux_exec_elf32.c,v 1.101 2021/11/26 08:56:28 ryo Exp $"); 39 40 #ifndef ELFSIZE 41 /* XXX should die */ 42 #define ELFSIZE 32 43 #endif 44 45 #include <sys/param.h> 46 #include <sys/systm.h> 47 #include <sys/kernel.h> 48 #include <sys/proc.h> 49 #include <sys/malloc.h> 50 #include <sys/namei.h> 51 #include <sys/vnode.h> 52 #include <sys/mount.h> 53 #include <sys/exec.h> 54 #include <sys/exec_elf.h> 55 #include <sys/stat.h> 56 #include <sys/kauth.h> 57 #include <sys/cprng.h> 58 #include <sys/compat_stub.h> 59 60 #include <sys/mman.h> 61 #include <sys/syscallargs.h> 62 63 #include <sys/cpu.h> 64 #include <machine/reg.h> 65 66 #include <compat/linux/common/linux_types.h> 67 #include <compat/linux/common/linux_signal.h> 68 #include <compat/linux/common/linux_util.h> 69 #include <compat/linux/common/linux_exec.h> 70 #include <compat/linux/common/linux_machdep.h> 71 #include <compat/linux/common/linux_ipc.h> 72 #include <compat/linux/common/linux_sem.h> 73 74 #include <compat/linux/linux_syscallargs.h> 75 #include <compat/linux/linux_syscall.h> 76 77 #ifdef DEBUG_LINUX 78 #define DPRINTF(a) uprintf a 79 #else 80 #define DPRINTF(a) do {} while (0) 81 #endif 82 83 #ifdef LINUX_ATEXIT_SIGNATURE 84 /* 85 * On the PowerPC, statically linked Linux binaries are not recognized 86 * by linux_signature nor by linux_gcc_signature. Fortunately, thoses 87 * binaries features a __libc_atexit ELF section. We therefore assume we 88 * have a Linux binary if we find this section. 89 */ 90 int 91 ELFNAME2(linux,atexit_signature)( 92 struct lwp *l, 93 struct exec_package *epp, 94 Elf_Ehdr *eh) 95 { 96 Elf_Shdr *sh; 97 size_t shsize; 98 u_int shstrndx; 99 size_t i; 100 static const char signature[] = "__libc_atexit"; 101 const size_t sigsz = sizeof(signature); 102 char tbuf[sizeof(signature)]; 103 int error; 104 105 /* Load the section header table. */ 106 shsize = eh->e_shnum * sizeof(Elf_Shdr); 107 sh = (Elf_Shdr *) malloc(shsize, M_TEMP, M_WAITOK); 108 error = exec_read(l, epp->ep_vp, eh->e_shoff, sh, shsize, 109 IO_NODELOCKED); 110 if (error) 111 goto out; 112 113 /* Now let's find the string table. If it does not exist, give up. */ 114 shstrndx = eh->e_shstrndx; 115 if (shstrndx == SHN_UNDEF || shstrndx >= eh->e_shnum) { 116 error = ENOEXEC; 117 goto out; 118 } 119 120 /* Check if any section has the name we're looking for. */ 121 const off_t stroff = sh[shstrndx].sh_offset; 122 for (i = 0; i < eh->e_shnum; i++) { 123 Elf_Shdr *s = &sh[i]; 124 125 if (s->sh_name + sigsz > sh[shstrndx].sh_size) 126 continue; 127 128 error = exec_read(l, epp->ep_vp, stroff + s->sh_name, tbuf, 129 sigsz, IO_NODELOCKED); 130 if (error) 131 goto out; 132 if (!memcmp(tbuf, signature, sigsz)) { 133 DPRINTF(("linux_atexit_sig=%s\n", tbuf)); 134 error = 0; 135 goto out; 136 } 137 } 138 error = ENOEXEC; 139 140 out: 141 free(sh, M_TEMP); 142 return (error); 143 } 144 #endif 145 146 #ifdef LINUX_GCC_SIGNATURE 147 /* 148 * Take advantage of the fact that all the linux binaries are compiled 149 * with gcc, and gcc sticks in the comment field a signature. Note that 150 * on SVR4 binaries, the gcc signature will follow the OS name signature, 151 * that will not be a problem. We don't bother to read in the string table, 152 * but we check all the progbits headers. 153 * 154 * XXX This only works in the i386. On the alpha (at least) 155 * XXX we have the same gcc signature which incorrectly identifies 156 * XXX NetBSD binaries as Linux. 157 */ 158 int 159 ELFNAME2(linux,gcc_signature)( 160 struct lwp *l, 161 struct exec_package *epp, 162 Elf_Ehdr *eh) 163 { 164 size_t shsize; 165 size_t i; 166 static const char signature[] = "\0GCC: (GNU) "; 167 char tbuf[sizeof(signature) - 1]; 168 Elf_Shdr *sh; 169 int error; 170 171 shsize = eh->e_shnum * sizeof(Elf_Shdr); 172 sh = (Elf_Shdr *) malloc(shsize, M_TEMP, M_WAITOK); 173 error = exec_read(l, epp->ep_vp, eh->e_shoff, sh, shsize, 174 IO_NODELOCKED); 175 if (error) 176 goto out; 177 178 for (i = 0; i < eh->e_shnum; i++) { 179 Elf_Shdr *s = &sh[i]; 180 181 /* 182 * Identify candidates for the comment header; 183 * Header cannot have a load address, or flags and 184 * it must be large enough. 185 */ 186 if (s->sh_type != SHT_PROGBITS || 187 s->sh_addr != 0 || 188 s->sh_flags != 0 || 189 s->sh_size < sizeof(signature) - 1) 190 continue; 191 192 error = exec_read(l, epp->ep_vp, s->sh_offset, tbuf, 193 sizeof(signature) - 1, IO_NODELOCKED); 194 if (error) 195 continue; 196 197 /* 198 * error is 0, if the signatures match we are done. 199 */ 200 DPRINTF(("linux_gcc_sig: sig=%s\n", tbuf)); 201 if (!memcmp(tbuf, signature, sizeof(signature) - 1)) { 202 error = 0; 203 goto out; 204 } 205 } 206 error = ENOEXEC; 207 208 out: 209 free(sh, M_TEMP); 210 return (error); 211 } 212 #endif 213 214 #ifdef LINUX_DEBUGLINK_SIGNATURE 215 /* 216 * Look for a .gnu_debuglink, specific to x86_64 interpreter 217 */ 218 int 219 ELFNAME2(linux,debuglink_signature)(struct lwp *l, struct exec_package *epp, Elf_Ehdr *eh) 220 { 221 Elf_Shdr *sh; 222 size_t shsize; 223 u_int shstrndx; 224 size_t i; 225 static const char signature[] = ".gnu_debuglink"; 226 const size_t sigsz = sizeof(signature); 227 char tbuf[sizeof(signature)]; 228 int error; 229 230 /* Load the section header table. */ 231 shsize = eh->e_shnum * sizeof(Elf_Shdr); 232 sh = (Elf_Shdr *) malloc(shsize, M_TEMP, M_WAITOK); 233 error = exec_read(l, epp->ep_vp, eh->e_shoff, sh, shsize, 234 IO_NODELOCKED); 235 if (error) 236 goto out; 237 238 /* Now let's find the string table. If it does not exist, give up. */ 239 shstrndx = eh->e_shstrndx; 240 if (shstrndx == SHN_UNDEF || shstrndx >= eh->e_shnum) { 241 error = ENOEXEC; 242 goto out; 243 } 244 245 /* Check if any section has the name we're looking for. */ 246 const off_t stroff = sh[shstrndx].sh_offset; 247 for (i = 0; i < eh->e_shnum; i++) { 248 Elf_Shdr *s = &sh[i]; 249 250 if (s->sh_name + sigsz > sh[shstrndx].sh_size) 251 continue; 252 253 error = exec_read(l, epp->ep_vp, stroff + s->sh_name, tbuf, 254 sigsz, IO_NODELOCKED); 255 if (error) 256 goto out; 257 if (!memcmp(tbuf, signature, sigsz)) { 258 DPRINTF(("linux_debuglink_sig=%s\n", tbuf)); 259 error = 0; 260 goto out; 261 } 262 } 263 error = ENOEXEC; 264 265 out: 266 free(sh, M_TEMP); 267 return (error); 268 } 269 #endif 270 271 #ifdef LINUX_GO_RT0_SIGNATURE 272 /* 273 * Look for a .gopclntab, specific to go binaries 274 * in it look for a symbol called _rt0_<cpu>_linux 275 */ 276 int 277 ELFNAME2(linux,go_rt0_signature)(struct lwp *l, struct exec_package *epp, Elf_Ehdr *eh) 278 { 279 Elf_Shdr *sh; 280 size_t shsize; 281 u_int shstrndx; 282 size_t i; 283 static const char signature[] = ".gopclntab"; 284 const size_t sigsz = sizeof(signature); 285 char tbuf[sizeof(signature)], *tmp = NULL; 286 char mbuf[64]; 287 const char *m; 288 int mlen; 289 int error; 290 291 /* Load the section header table. */ 292 shsize = eh->e_shnum * sizeof(Elf_Shdr); 293 sh = malloc(shsize, M_TEMP, M_WAITOK); 294 error = exec_read(l, epp->ep_vp, eh->e_shoff, sh, shsize, 295 IO_NODELOCKED); 296 if (error) 297 goto out; 298 299 /* Now let's find the string table. If it does not exist, give up. */ 300 shstrndx = eh->e_shstrndx; 301 if (shstrndx == SHN_UNDEF || shstrndx >= eh->e_shnum) { 302 error = ENOEXEC; 303 goto out; 304 } 305 306 /* Check if any section has the name we're looking for. */ 307 const off_t stroff = sh[shstrndx].sh_offset; 308 for (i = 0; i < eh->e_shnum; i++) { 309 Elf_Shdr *s = &sh[i]; 310 311 if (s->sh_name + sigsz > sh[shstrndx].sh_size) 312 continue; 313 314 error = exec_read(l, epp->ep_vp, stroff + s->sh_name, tbuf, 315 sigsz, IO_NODELOCKED); 316 if (error) 317 goto out; 318 if (!memcmp(tbuf, signature, sigsz)) { 319 DPRINTF(("linux_goplcntab_sig=%s\n", tbuf)); 320 break; 321 } 322 } 323 324 if (i == eh->e_shnum) { 325 error = ENOEXEC; 326 goto out; 327 } 328 329 // Don't scan more than 1MB 330 if (sh[i].sh_size > 1024 * 1024) 331 sh[i].sh_size = 1024 * 1024; 332 333 tmp = malloc(sh[i].sh_size, M_TEMP, M_WAITOK); 334 error = exec_read(l, epp->ep_vp, sh[i].sh_offset, tmp, 335 sh[i].sh_size, IO_NODELOCKED); 336 if (error) 337 goto out; 338 339 #if (ELFSIZE == 32) 340 extern struct netbsd32_machine32_hook_t netbsd32_machine32_hook; 341 MODULE_HOOK_CALL(netbsd32_machine32_hook, (), machine, m); 342 #else 343 m = machine; 344 #endif 345 mlen = snprintf(mbuf, sizeof(mbuf), "_rt0_%s_linux", m); 346 if (memmem(tmp, sh[i].sh_size, mbuf, mlen) == NULL) 347 error = ENOEXEC; 348 else 349 DPRINTF(("linux_rt0_sig=%s\n", mbuf)); 350 out: 351 if (tmp) 352 free(tmp, M_TEMP); 353 free(sh, M_TEMP); 354 return error; 355 } 356 #endif 357 358 int 359 ELFNAME2(linux,signature)(struct lwp *l, struct exec_package *epp, Elf_Ehdr *eh, char *itp) 360 { 361 size_t i; 362 Elf_Phdr *ph; 363 size_t phsize; 364 int error; 365 static const char linux[] = "Linux"; 366 367 if (eh->e_ident[EI_OSABI] == ELFOSABI_LINUX || 368 memcmp(&eh->e_ident[EI_ABIVERSION], linux, sizeof(linux)) == 0) 369 return 0; 370 371 phsize = eh->e_phnum * sizeof(Elf_Phdr); 372 ph = (Elf_Phdr *)malloc(phsize, M_TEMP, M_WAITOK); 373 error = exec_read(l, epp->ep_vp, eh->e_phoff, ph, phsize, 374 IO_NODELOCKED); 375 if (error) 376 goto out; 377 378 for (i = 0; i < eh->e_phnum; i++) { 379 Elf_Phdr *ephp = &ph[i]; 380 Elf_Nhdr *np; 381 u_int32_t *abi; 382 383 if (ephp->p_type != PT_NOTE || 384 ephp->p_filesz > 1024 || 385 ephp->p_filesz < sizeof(Elf_Nhdr) + 20) 386 continue; 387 388 np = (Elf_Nhdr *)malloc(ephp->p_filesz, M_TEMP, M_WAITOK); 389 error = exec_read(l, epp->ep_vp, ephp->p_offset, np, 390 ephp->p_filesz, IO_NODELOCKED); 391 if (error) 392 goto next; 393 394 if (np->n_type != ELF_NOTE_TYPE_ABI_TAG || 395 np->n_namesz != ELF_NOTE_ABI_NAMESZ || 396 np->n_descsz != ELF_NOTE_ABI_DESCSZ || 397 memcmp((void *)(np + 1), ELF_NOTE_ABI_NAME, 398 ELF_NOTE_ABI_NAMESZ)) 399 goto next; 400 401 /* Make sure the OS is Linux. */ 402 abi = (u_int32_t *)((char *)np + sizeof(Elf_Nhdr) + 403 np->n_namesz); 404 if (abi[0] == ELF_NOTE_ABI_OS_LINUX) 405 error = 0; 406 else 407 error = ENOEXEC; 408 free(np, M_TEMP); 409 goto out; 410 411 next: 412 free(np, M_TEMP); 413 continue; 414 } 415 416 /* Check for certain interpreter names. */ 417 if (itp) { 418 if (!strncmp(itp, "/lib/ld-linux", 13) || 419 #if (ELFSIZE == 64) 420 !strncmp(itp, "/lib64/ld-linux", 15) || 421 #endif 422 !strncmp(itp, "/lib/ld.so.", 11)) 423 error = 0; 424 else 425 error = ENOEXEC; 426 goto out; 427 } 428 429 error = ENOEXEC; 430 out: 431 free(ph, M_TEMP); 432 return (error); 433 } 434 435 int 436 ELFNAME2(linux,probe)(struct lwp *l, struct exec_package *epp, void *eh, 437 char *itp, vaddr_t *pos) 438 { 439 int error; 440 441 if (((error = ELFNAME2(linux,signature)(l, epp, eh, itp)) != 0) && 442 #ifdef LINUX_GCC_SIGNATURE 443 ((error = ELFNAME2(linux,gcc_signature)(l, epp, eh)) != 0) && 444 #endif 445 #ifdef LINUX_ATEXIT_SIGNATURE 446 ((error = ELFNAME2(linux,atexit_signature)(l, epp, eh)) != 0) && 447 #endif 448 #ifdef LINUX_DEBUGLINK_SIGNATURE 449 ((error = ELFNAME2(linux,debuglink_signature)(l, epp, eh)) != 0) && 450 #endif 451 #ifdef LINUX_GO_RT0_SIGNATURE 452 ((error = ELFNAME2(linux,go_rt0_signature)(l, epp, eh)) != 0) && 453 #endif 454 1) { 455 DPRINTF(("linux_probe: returning %d\n", error)); 456 return error; 457 } 458 459 if (itp) { 460 if ((error = emul_find_interp(l, epp, itp))) 461 return (error); 462 } 463 epp->ep_flags |= EXEC_FORCEAUX; 464 DPRINTF(("linux_probe: returning 0\n")); 465 return 0; 466 } 467 468 #ifndef LINUX_MACHDEP_ELF_COPYARGS 469 /* 470 * Copy arguments onto the stack in the normal way, but add some 471 * extra information in case of dynamic binding. 472 */ 473 int 474 ELFNAME2(linux,copyargs)(struct lwp *l, struct exec_package *pack, 475 struct ps_strings *arginfo, char **stackp, void *argp) 476 { 477 size_t len; 478 AuxInfo ai[LINUX_ELF_AUX_ENTRIES], *a; 479 struct elf_args *ap; 480 int error; 481 struct vattr *vap; 482 uint32_t randbytes[4]; 483 484 if ((error = copyargs(l, pack, arginfo, stackp, argp)) != 0) 485 return error; 486 487 a = ai; 488 489 memset(ai, 0, sizeof(ai)); 490 491 /* 492 * Push extra arguments used by glibc on the stack. 493 */ 494 495 a->a_type = AT_PAGESZ; 496 a->a_v = PAGE_SIZE; 497 a++; 498 499 if ((ap = (struct elf_args *)pack->ep_emul_arg)) { 500 501 a->a_type = AT_PHDR; 502 a->a_v = ap->arg_phaddr; 503 a++; 504 505 a->a_type = AT_PHENT; 506 a->a_v = ap->arg_phentsize; 507 a++; 508 509 a->a_type = AT_PHNUM; 510 a->a_v = ap->arg_phnum; 511 a++; 512 513 a->a_type = AT_BASE; 514 a->a_v = ap->arg_interp; 515 a++; 516 517 a->a_type = AT_FLAGS; 518 a->a_v = 0; 519 a++; 520 521 a->a_type = AT_ENTRY; 522 a->a_v = ap->arg_entry; 523 a++; 524 525 exec_free_emul_arg(pack); 526 } 527 528 /* Linux-specific items */ 529 a->a_type = LINUX_AT_CLKTCK; 530 a->a_v = hz; 531 a++; 532 533 vap = pack->ep_vap; 534 535 a->a_type = LINUX_AT_UID; 536 a->a_v = kauth_cred_getuid(l->l_cred); 537 a++; 538 539 a->a_type = LINUX_AT_EUID; 540 if (vap->va_mode & S_ISUID) 541 a->a_v = vap->va_uid; 542 else 543 a->a_v = kauth_cred_geteuid(l->l_cred); 544 a++; 545 546 a->a_type = LINUX_AT_GID; 547 a->a_v = kauth_cred_getgid(l->l_cred); 548 a++; 549 550 a->a_type = LINUX_AT_EGID; 551 if (vap->va_mode & S_ISGID) 552 a->a_v = vap->va_gid; 553 else 554 a->a_v = kauth_cred_getegid(l->l_cred); 555 a++; 556 557 a->a_type = LINUX_AT_RANDOM; 558 a->a_v = (Elf_Addr)(uintptr_t)*stackp; 559 a++; 560 561 a->a_type = AT_NULL; 562 a->a_v = 0; 563 a++; 564 565 randbytes[0] = cprng_strong32(); 566 randbytes[1] = cprng_strong32(); 567 randbytes[2] = cprng_strong32(); 568 randbytes[3] = cprng_strong32(); 569 570 len = sizeof(randbytes); 571 if ((error = copyout(randbytes, *stackp, len)) != 0) 572 return error; 573 *stackp += len; 574 575 len = (a - ai) * sizeof(AuxInfo); 576 KASSERT(len <= LINUX_ELF_AUX_ENTRIES * sizeof(AuxInfo)); 577 if ((error = copyout(ai, *stackp, len)) != 0) 578 return error; 579 *stackp += len; 580 581 return 0; 582 } 583 #endif /* !LINUX_MACHDEP_ELF_COPYARGS */ 584