1 /* $NetBSD: linux_exec_elf32.c,v 1.97 2018/07/15 21:31:00 christos Exp $ */ 2 3 /*- 4 * Copyright (c) 1995, 1998, 2000, 2001 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Christos Zoulas, Frank van der Linden, Eric Haszlakiewicz and 9 * Emmanuel Dreyfus. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 /* 34 * based on exec_aout.c, sunos_exec.c and svr4_exec.c 35 */ 36 37 #include <sys/cdefs.h> 38 __KERNEL_RCSID(0, "$NetBSD: linux_exec_elf32.c,v 1.97 2018/07/15 21:31:00 christos Exp $"); 39 40 #ifndef ELFSIZE 41 /* XXX should die */ 42 #define ELFSIZE 32 43 #endif 44 45 #include <sys/param.h> 46 #include <sys/systm.h> 47 #include <sys/kernel.h> 48 #include <sys/proc.h> 49 #include <sys/malloc.h> 50 #include <sys/namei.h> 51 #include <sys/vnode.h> 52 #include <sys/mount.h> 53 #include <sys/exec.h> 54 #include <sys/exec_elf.h> 55 #include <sys/stat.h> 56 #include <sys/kauth.h> 57 #include <sys/cprng.h> 58 59 #include <sys/mman.h> 60 #include <sys/syscallargs.h> 61 62 #include <sys/cpu.h> 63 #include <machine/reg.h> 64 65 #include <compat/linux/common/linux_types.h> 66 #include <compat/linux/common/linux_signal.h> 67 #include <compat/linux/common/linux_util.h> 68 #include <compat/linux/common/linux_exec.h> 69 #include <compat/linux/common/linux_machdep.h> 70 #include <compat/linux/common/linux_ipc.h> 71 #include <compat/linux/common/linux_sem.h> 72 73 #include <compat/linux/linux_syscallargs.h> 74 #include <compat/linux/linux_syscall.h> 75 76 #define LINUX_GO_RT0_SIGNATURE 77 78 #ifdef DEBUG_LINUX 79 #define DPRINTF(a) uprintf a 80 #else 81 #define DPRINTF(a) do {} while (0) 82 #endif 83 84 #ifdef LINUX_ATEXIT_SIGNATURE 85 /* 86 * On the PowerPC, statically linked Linux binaries are not recognized 87 * by linux_signature nor by linux_gcc_signature. Fortunately, thoses 88 * binaries features a __libc_atexit ELF section. We therefore assume we 89 * have a Linux binary if we find this section. 90 */ 91 int 92 ELFNAME2(linux,atexit_signature)( 93 struct lwp *l, 94 struct exec_package *epp, 95 Elf_Ehdr *eh) 96 { 97 Elf_Shdr *sh; 98 size_t shsize; 99 u_int shstrndx; 100 size_t i; 101 static const char signature[] = "__libc_atexit"; 102 const size_t sigsz = sizeof(signature); 103 char tbuf[sizeof(signature)]; 104 int error; 105 106 /* Load the section header table. */ 107 shsize = eh->e_shnum * sizeof(Elf_Shdr); 108 sh = (Elf_Shdr *) malloc(shsize, M_TEMP, M_WAITOK); 109 error = exec_read_from(l, epp->ep_vp, eh->e_shoff, sh, shsize); 110 if (error) 111 goto out; 112 113 /* Now let's find the string table. If it does not exist, give up. */ 114 shstrndx = eh->e_shstrndx; 115 if (shstrndx == SHN_UNDEF || shstrndx >= eh->e_shnum) { 116 error = ENOEXEC; 117 goto out; 118 } 119 120 /* Check if any section has the name we're looking for. */ 121 const off_t stroff = sh[shstrndx].sh_offset; 122 for (i = 0; i < eh->e_shnum; i++) { 123 Elf_Shdr *s = &sh[i]; 124 125 if (s->sh_name + sigsz > sh[shstrndx].sh_size) 126 continue; 127 128 error = exec_read_from(l, epp->ep_vp, stroff + s->sh_name, tbuf, 129 sigsz); 130 if (error) 131 goto out; 132 if (!memcmp(tbuf, signature, sigsz)) { 133 DPRINTF(("linux_atexit_sig=%s\n", tbuf)); 134 error = 0; 135 goto out; 136 } 137 } 138 error = ENOEXEC; 139 140 out: 141 free(sh, M_TEMP); 142 return (error); 143 } 144 #endif 145 146 #ifdef LINUX_GCC_SIGNATURE 147 /* 148 * Take advantage of the fact that all the linux binaries are compiled 149 * with gcc, and gcc sticks in the comment field a signature. Note that 150 * on SVR4 binaries, the gcc signature will follow the OS name signature, 151 * that will not be a problem. We don't bother to read in the string table, 152 * but we check all the progbits headers. 153 * 154 * XXX This only works in the i386. On the alpha (at least) 155 * XXX we have the same gcc signature which incorrectly identifies 156 * XXX NetBSD binaries as Linux. 157 */ 158 int 159 ELFNAME2(linux,gcc_signature)( 160 struct lwp *l, 161 struct exec_package *epp, 162 Elf_Ehdr *eh) 163 { 164 size_t shsize; 165 size_t i; 166 static const char signature[] = "\0GCC: (GNU) "; 167 char tbuf[sizeof(signature) - 1]; 168 Elf_Shdr *sh; 169 int error; 170 171 shsize = eh->e_shnum * sizeof(Elf_Shdr); 172 sh = (Elf_Shdr *) malloc(shsize, M_TEMP, M_WAITOK); 173 error = exec_read_from(l, epp->ep_vp, eh->e_shoff, sh, shsize); 174 if (error) 175 goto out; 176 177 for (i = 0; i < eh->e_shnum; i++) { 178 Elf_Shdr *s = &sh[i]; 179 180 /* 181 * Identify candidates for the comment header; 182 * Header cannot have a load address, or flags and 183 * it must be large enough. 184 */ 185 if (s->sh_type != SHT_PROGBITS || 186 s->sh_addr != 0 || 187 s->sh_flags != 0 || 188 s->sh_size < sizeof(signature) - 1) 189 continue; 190 191 error = exec_read_from(l, epp->ep_vp, s->sh_offset, tbuf, 192 sizeof(signature) - 1); 193 if (error) 194 continue; 195 196 /* 197 * error is 0, if the signatures match we are done. 198 */ 199 DPRINTF(("linux_gcc_sig: sig=%s\n", tbuf)); 200 if (!memcmp(tbuf, signature, sizeof(signature) - 1)) { 201 error = 0; 202 goto out; 203 } 204 } 205 error = ENOEXEC; 206 207 out: 208 free(sh, M_TEMP); 209 return (error); 210 } 211 #endif 212 213 #ifdef LINUX_DEBUGLINK_SIGNATURE 214 /* 215 * Look for a .gnu_debuglink, specific to x86_64 interpreter 216 */ 217 int 218 ELFNAME2(linux,debuglink_signature)(struct lwp *l, struct exec_package *epp, Elf_Ehdr *eh) 219 { 220 Elf_Shdr *sh; 221 size_t shsize; 222 u_int shstrndx; 223 size_t i; 224 static const char signature[] = ".gnu_debuglink"; 225 const size_t sigsz = sizeof(signature); 226 char tbuf[sizeof(signature)]; 227 int error; 228 229 /* Load the section header table. */ 230 shsize = eh->e_shnum * sizeof(Elf_Shdr); 231 sh = (Elf_Shdr *) malloc(shsize, M_TEMP, M_WAITOK); 232 error = exec_read_from(l, epp->ep_vp, eh->e_shoff, sh, shsize); 233 if (error) 234 goto out; 235 236 /* Now let's find the string table. If it does not exist, give up. */ 237 shstrndx = eh->e_shstrndx; 238 if (shstrndx == SHN_UNDEF || shstrndx >= eh->e_shnum) { 239 error = ENOEXEC; 240 goto out; 241 } 242 243 /* Check if any section has the name we're looking for. */ 244 const off_t stroff = sh[shstrndx].sh_offset; 245 for (i = 0; i < eh->e_shnum; i++) { 246 Elf_Shdr *s = &sh[i]; 247 248 if (s->sh_name + sigsz > sh[shstrndx].sh_size) 249 continue; 250 251 error = exec_read_from(l, epp->ep_vp, stroff + s->sh_name, tbuf, 252 sigsz); 253 if (error) 254 goto out; 255 if (!memcmp(tbuf, signature, sigsz)) { 256 DPRINTF(("linux_debuglink_sig=%s\n", tbuf)); 257 error = 0; 258 goto out; 259 } 260 } 261 error = ENOEXEC; 262 263 out: 264 free(sh, M_TEMP); 265 return (error); 266 } 267 #endif 268 269 #ifdef LINUX_GO_RT0_SIGNATURE 270 /* 271 * Look for a .gopclntab, specific to go binaries 272 * in it look for a symbol called _rt0_<cpu>_linux 273 */ 274 static int 275 ELFNAME2(linux,go_rt0_signature)(struct lwp *l, struct exec_package *epp, Elf_Ehdr *eh) 276 { 277 Elf_Shdr *sh; 278 size_t shsize; 279 u_int shstrndx; 280 size_t i; 281 static const char signature[] = ".gopclntab"; 282 const size_t sigsz = sizeof(signature); 283 char tbuf[sizeof(signature)], *tmp = NULL; 284 char mbuf[64]; 285 const char *m; 286 int mlen; 287 int error; 288 289 /* Load the section header table. */ 290 shsize = eh->e_shnum * sizeof(Elf_Shdr); 291 sh = malloc(shsize, M_TEMP, M_WAITOK); 292 error = exec_read_from(l, epp->ep_vp, eh->e_shoff, sh, shsize); 293 if (error) 294 goto out; 295 296 /* Now let's find the string table. If it does not exist, give up. */ 297 shstrndx = eh->e_shstrndx; 298 if (shstrndx == SHN_UNDEF || shstrndx >= eh->e_shnum) { 299 error = ENOEXEC; 300 goto out; 301 } 302 303 /* Check if any section has the name we're looking for. */ 304 const off_t stroff = sh[shstrndx].sh_offset; 305 for (i = 0; i < eh->e_shnum; i++) { 306 Elf_Shdr *s = &sh[i]; 307 308 if (s->sh_name + sigsz > sh[shstrndx].sh_size) 309 continue; 310 311 error = exec_read_from(l, epp->ep_vp, stroff + s->sh_name, tbuf, 312 sigsz); 313 if (error) 314 goto out; 315 if (!memcmp(tbuf, signature, sigsz)) { 316 DPRINTF(("linux_goplcntab_sig=%s\n", tbuf)); 317 break; 318 } 319 } 320 321 if (i == eh->e_shnum) { 322 error = ENOEXEC; 323 goto out; 324 } 325 326 // Don't scan more than 1MB 327 if (sh[i].sh_size > 1024 * 1024) 328 sh[i].sh_size = 1024 * 1024; 329 330 tmp = malloc(sh[i].sh_size, M_TEMP, M_WAITOK); 331 error = exec_read_from(l, epp->ep_vp, sh[i].sh_offset, tmp, 332 sh[i].sh_size); 333 if (error) 334 goto out; 335 336 #if (ELFSIZE == 32) 337 extern const char machine32[] __weak; 338 if (machine32 != NULL) 339 m = machine32; 340 else 341 m = machine; 342 #else 343 m = machine; 344 #endif 345 mlen = snprintf(mbuf, sizeof(mbuf), "_rt0_%s_linux", m); 346 if (memmem(tmp, sh[i].sh_size, mbuf, mlen) == NULL) 347 error = ENOEXEC; 348 else 349 DPRINTF(("linux_rt0_sig=%s\n", mbuf)); 350 out: 351 if (tmp) 352 free(tmp, M_TEMP); 353 free(sh, M_TEMP); 354 return error; 355 } 356 #endif 357 358 int 359 ELFNAME2(linux,signature)(struct lwp *l, struct exec_package *epp, Elf_Ehdr *eh, char *itp) 360 { 361 size_t i; 362 Elf_Phdr *ph; 363 size_t phsize; 364 int error; 365 static const char linux[] = "Linux"; 366 367 if (eh->e_ident[EI_OSABI] == ELFOSABI_LINUX || 368 memcmp(&eh->e_ident[EI_ABIVERSION], linux, sizeof(linux)) == 0) 369 return 0; 370 371 phsize = eh->e_phnum * sizeof(Elf_Phdr); 372 ph = (Elf_Phdr *)malloc(phsize, M_TEMP, M_WAITOK); 373 error = exec_read_from(l, epp->ep_vp, eh->e_phoff, ph, phsize); 374 if (error) 375 goto out; 376 377 for (i = 0; i < eh->e_phnum; i++) { 378 Elf_Phdr *ephp = &ph[i]; 379 Elf_Nhdr *np; 380 u_int32_t *abi; 381 382 if (ephp->p_type != PT_NOTE || 383 ephp->p_filesz > 1024 || 384 ephp->p_filesz < sizeof(Elf_Nhdr) + 20) 385 continue; 386 387 np = (Elf_Nhdr *)malloc(ephp->p_filesz, M_TEMP, M_WAITOK); 388 error = exec_read_from(l, epp->ep_vp, ephp->p_offset, np, 389 ephp->p_filesz); 390 if (error) 391 goto next; 392 393 if (np->n_type != ELF_NOTE_TYPE_ABI_TAG || 394 np->n_namesz != ELF_NOTE_ABI_NAMESZ || 395 np->n_descsz != ELF_NOTE_ABI_DESCSZ || 396 memcmp((void *)(np + 1), ELF_NOTE_ABI_NAME, 397 ELF_NOTE_ABI_NAMESZ)) 398 goto next; 399 400 /* Make sure the OS is Linux. */ 401 abi = (u_int32_t *)((char *)np + sizeof(Elf_Nhdr) + 402 np->n_namesz); 403 if (abi[0] == ELF_NOTE_ABI_OS_LINUX) 404 error = 0; 405 else 406 error = ENOEXEC; 407 free(np, M_TEMP); 408 goto out; 409 410 next: 411 free(np, M_TEMP); 412 continue; 413 } 414 415 /* Check for certain interpreter names. */ 416 if (itp) { 417 if (!strncmp(itp, "/lib/ld-linux", 13) || 418 #if (ELFSIZE == 64) 419 !strncmp(itp, "/lib64/ld-linux", 15) || 420 #endif 421 !strncmp(itp, "/lib/ld.so.", 11)) 422 error = 0; 423 else 424 error = ENOEXEC; 425 goto out; 426 } 427 428 error = ENOEXEC; 429 out: 430 free(ph, M_TEMP); 431 return (error); 432 } 433 434 int 435 ELFNAME2(linux,probe)(struct lwp *l, struct exec_package *epp, void *eh, 436 char *itp, vaddr_t *pos) 437 { 438 int error; 439 440 if (((error = ELFNAME2(linux,signature)(l, epp, eh, itp)) != 0) && 441 #ifdef LINUX_GCC_SIGNATURE 442 ((error = ELFNAME2(linux,gcc_signature)(l, epp, eh)) != 0) && 443 #endif 444 #ifdef LINUX_ATEXIT_SIGNATURE 445 ((error = ELFNAME2(linux,atexit_signature)(l, epp, eh)) != 0) && 446 #endif 447 #ifdef LINUX_DEBUGLINK_SIGNATURE 448 ((error = ELFNAME2(linux,debuglink_signature)(l, epp, eh)) != 0) && 449 #endif 450 #ifdef LINUX_GO_RT0_SIGNATURE 451 ((error = ELFNAME2(linux,go_rt0_signature)(l, epp, eh)) != 0) && 452 #endif 453 1) { 454 DPRINTF(("linux_probe: returning %d\n", error)); 455 return error; 456 } 457 458 if (itp) { 459 if ((error = emul_find_interp(l, epp, itp))) 460 return (error); 461 } 462 epp->ep_flags |= EXEC_FORCEAUX; 463 DPRINTF(("linux_probe: returning 0\n")); 464 return 0; 465 } 466 467 #ifndef LINUX_MACHDEP_ELF_COPYARGS 468 /* 469 * Copy arguments onto the stack in the normal way, but add some 470 * extra information in case of dynamic binding. 471 */ 472 int 473 ELFNAME2(linux,copyargs)(struct lwp *l, struct exec_package *pack, 474 struct ps_strings *arginfo, char **stackp, void *argp) 475 { 476 size_t len; 477 AuxInfo ai[LINUX_ELF_AUX_ENTRIES], *a; 478 struct elf_args *ap; 479 int error; 480 struct vattr *vap; 481 uint32_t randbytes[4]; 482 483 if ((error = copyargs(l, pack, arginfo, stackp, argp)) != 0) 484 return error; 485 486 a = ai; 487 488 memset(ai, 0, sizeof(ai)); 489 490 /* 491 * Push extra arguments used by glibc on the stack. 492 */ 493 494 a->a_type = AT_PAGESZ; 495 a->a_v = PAGE_SIZE; 496 a++; 497 498 if ((ap = (struct elf_args *)pack->ep_emul_arg)) { 499 500 a->a_type = AT_PHDR; 501 a->a_v = ap->arg_phaddr; 502 a++; 503 504 a->a_type = AT_PHENT; 505 a->a_v = ap->arg_phentsize; 506 a++; 507 508 a->a_type = AT_PHNUM; 509 a->a_v = ap->arg_phnum; 510 a++; 511 512 a->a_type = AT_BASE; 513 a->a_v = ap->arg_interp; 514 a++; 515 516 a->a_type = AT_FLAGS; 517 a->a_v = 0; 518 a++; 519 520 a->a_type = AT_ENTRY; 521 a->a_v = ap->arg_entry; 522 a++; 523 524 exec_free_emul_arg(pack); 525 } 526 527 /* Linux-specific items */ 528 a->a_type = LINUX_AT_CLKTCK; 529 a->a_v = hz; 530 a++; 531 532 vap = pack->ep_vap; 533 534 a->a_type = LINUX_AT_UID; 535 a->a_v = kauth_cred_getuid(l->l_cred); 536 a++; 537 538 a->a_type = LINUX_AT_EUID; 539 if (vap->va_mode & S_ISUID) 540 a->a_v = vap->va_uid; 541 else 542 a->a_v = kauth_cred_geteuid(l->l_cred); 543 a++; 544 545 a->a_type = LINUX_AT_GID; 546 a->a_v = kauth_cred_getgid(l->l_cred); 547 a++; 548 549 a->a_type = LINUX_AT_EGID; 550 if (vap->va_mode & S_ISGID) 551 a->a_v = vap->va_gid; 552 else 553 a->a_v = kauth_cred_getegid(l->l_cred); 554 a++; 555 556 a->a_type = LINUX_AT_RANDOM; 557 a->a_v = (Elf_Addr)(uintptr_t)*stackp; 558 a++; 559 560 a->a_type = AT_NULL; 561 a->a_v = 0; 562 a++; 563 564 randbytes[0] = cprng_strong32(); 565 randbytes[1] = cprng_strong32(); 566 randbytes[2] = cprng_strong32(); 567 randbytes[3] = cprng_strong32(); 568 569 len = sizeof(randbytes); 570 if ((error = copyout(randbytes, *stackp, len)) != 0) 571 return error; 572 *stackp += len; 573 574 len = (a - ai) * sizeof(AuxInfo); 575 KASSERT(len <= LINUX_ELF_AUX_ENTRIES * sizeof(AuxInfo)); 576 if ((error = copyout(ai, *stackp, len)) != 0) 577 return error; 578 *stackp += len; 579 580 return 0; 581 } 582 #endif /* !LINUX_MACHDEP_ELF_COPYARGS */ 583