1 /* $NetBSD: linux_exec_elf32.c,v 1.90 2014/02/23 11:09:42 njoly Exp $ */ 2 3 /*- 4 * Copyright (c) 1995, 1998, 2000, 2001 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Christos Zoulas, Frank van der Linden, Eric Haszlakiewicz and 9 * Emmanuel Dreyfus. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 /* 34 * based on exec_aout.c, sunos_exec.c and svr4_exec.c 35 */ 36 37 #include <sys/cdefs.h> 38 __KERNEL_RCSID(0, "$NetBSD: linux_exec_elf32.c,v 1.90 2014/02/23 11:09:42 njoly Exp $"); 39 40 #ifndef ELFSIZE 41 /* XXX should die */ 42 #define ELFSIZE 32 43 #endif 44 45 #include <sys/param.h> 46 #include <sys/systm.h> 47 #include <sys/kernel.h> 48 #include <sys/proc.h> 49 #include <sys/malloc.h> 50 #include <sys/namei.h> 51 #include <sys/vnode.h> 52 #include <sys/mount.h> 53 #include <sys/exec.h> 54 #include <sys/exec_elf.h> 55 #include <sys/stat.h> 56 #include <sys/kauth.h> 57 #include <sys/cprng.h> 58 59 #include <sys/mman.h> 60 #include <sys/syscallargs.h> 61 62 #include <sys/cpu.h> 63 #include <machine/reg.h> 64 65 #include <compat/linux/common/linux_types.h> 66 #include <compat/linux/common/linux_signal.h> 67 #include <compat/linux/common/linux_util.h> 68 #include <compat/linux/common/linux_exec.h> 69 #include <compat/linux/common/linux_machdep.h> 70 #include <compat/linux/common/linux_ipc.h> 71 #include <compat/linux/common/linux_sem.h> 72 73 #include <compat/linux/linux_syscallargs.h> 74 #include <compat/linux/linux_syscall.h> 75 76 #ifdef DEBUG_LINUX 77 #define DPRINTF(a) uprintf a 78 #else 79 #define DPRINTF(a) 80 #endif 81 82 #ifdef LINUX_ATEXIT_SIGNATURE 83 /* 84 * On the PowerPC, statically linked Linux binaries are not recognized 85 * by linux_signature nor by linux_gcc_signature. Fortunately, thoses 86 * binaries features a __libc_atexit ELF section. We therefore assume we 87 * have a Linux binary if we find this section. 88 */ 89 int 90 ELFNAME2(linux,atexit_signature)( 91 struct lwp *l, 92 struct exec_package *epp, 93 Elf_Ehdr *eh) 94 { 95 size_t shsize; 96 int strndx; 97 size_t i; 98 static const char signature[] = "__libc_atexit"; 99 char *strtable = NULL; 100 Elf_Shdr *sh; 101 102 int error; 103 104 /* 105 * load the section header table 106 */ 107 shsize = eh->e_shnum * sizeof(Elf_Shdr); 108 sh = (Elf_Shdr *) malloc(shsize, M_TEMP, M_WAITOK); 109 error = exec_read_from(l, epp->ep_vp, eh->e_shoff, sh, shsize); 110 if (error) 111 goto out; 112 113 /* 114 * Now let's find the string table. If it does not exists, give up. 115 */ 116 strndx = (int)(eh->e_shstrndx); 117 if (strndx == SHN_UNDEF) { 118 error = ENOEXEC; 119 goto out; 120 } 121 122 /* 123 * strndx is the index in section header table of the string table 124 * section get the whole string table in strtable, and then we get access to the names 125 * s->sh_name is the offset of the section name in strtable. 126 */ 127 strtable = malloc(sh[strndx].sh_size, M_TEMP, M_WAITOK); 128 error = exec_read_from(l, epp->ep_vp, sh[strndx].sh_offset, strtable, 129 sh[strndx].sh_size); 130 if (error) 131 goto out; 132 133 for (i = 0; i < eh->e_shnum; i++) { 134 Elf_Shdr *s = &sh[i]; 135 if (!memcmp((void*)(&(strtable[s->sh_name])), signature, 136 sizeof(signature))) { 137 DPRINTF(("linux_atexit_sig=%s\n", 138 &(strtable[s->sh_name]))); 139 error = 0; 140 goto out; 141 } 142 } 143 error = ENOEXEC; 144 145 out: 146 free(sh, M_TEMP); 147 if (strtable) 148 free(strtable, M_TEMP); 149 return (error); 150 } 151 #endif 152 153 #ifdef LINUX_GCC_SIGNATURE 154 /* 155 * Take advantage of the fact that all the linux binaries are compiled 156 * with gcc, and gcc sticks in the comment field a signature. Note that 157 * on SVR4 binaries, the gcc signature will follow the OS name signature, 158 * that will not be a problem. We don't bother to read in the string table, 159 * but we check all the progbits headers. 160 * 161 * XXX This only works in the i386. On the alpha (at least) 162 * XXX we have the same gcc signature which incorrectly identifies 163 * XXX NetBSD binaries as Linux. 164 */ 165 int 166 ELFNAME2(linux,gcc_signature)( 167 struct lwp *l, 168 struct exec_package *epp, 169 Elf_Ehdr *eh) 170 { 171 size_t shsize; 172 size_t i; 173 static const char signature[] = "\0GCC: (GNU) "; 174 char tbuf[sizeof(signature) - 1]; 175 Elf_Shdr *sh; 176 int error; 177 178 shsize = eh->e_shnum * sizeof(Elf_Shdr); 179 sh = (Elf_Shdr *) malloc(shsize, M_TEMP, M_WAITOK); 180 error = exec_read_from(l, epp->ep_vp, eh->e_shoff, sh, shsize); 181 if (error) 182 goto out; 183 184 for (i = 0; i < eh->e_shnum; i++) { 185 Elf_Shdr *s = &sh[i]; 186 187 /* 188 * Identify candidates for the comment header; 189 * Header cannot have a load address, or flags and 190 * it must be large enough. 191 */ 192 if (s->sh_type != SHT_PROGBITS || 193 s->sh_addr != 0 || 194 s->sh_flags != 0 || 195 s->sh_size < sizeof(signature) - 1) 196 continue; 197 198 error = exec_read_from(l, epp->ep_vp, s->sh_offset, tbuf, 199 sizeof(signature) - 1); 200 if (error) 201 continue; 202 203 /* 204 * error is 0, if the signatures match we are done. 205 */ 206 DPRINTF(("linux_gcc_sig: sig=%s\n", tbuf)); 207 if (!memcmp(tbuf, signature, sizeof(signature) - 1)) { 208 error = 0; 209 goto out; 210 } 211 } 212 error = ENOEXEC; 213 214 out: 215 free(sh, M_TEMP); 216 return (error); 217 } 218 #endif 219 220 #ifdef LINUX_DEBUGLINK_SIGNATURE 221 /* 222 * Look for a .gnu_debuglink, specific to x86_64 interpeter 223 */ 224 int 225 ELFNAME2(linux,debuglink_signature)(struct lwp *l, struct exec_package *epp, Elf_Ehdr *eh) 226 { 227 size_t shsize; 228 int strndx; 229 size_t i; 230 static const char signature[] = ".gnu_debuglink"; 231 char *strtable = NULL; 232 Elf_Shdr *sh; 233 234 int error; 235 236 /* 237 * load the section header table 238 */ 239 shsize = eh->e_shnum * sizeof(Elf_Shdr); 240 sh = (Elf_Shdr *) malloc(shsize, M_TEMP, M_WAITOK); 241 error = exec_read_from(l, epp->ep_vp, eh->e_shoff, sh, shsize); 242 if (error) 243 goto out; 244 245 /* 246 * Now let's find the string table. If it does not exists, give up. 247 */ 248 strndx = (int)(eh->e_shstrndx); 249 if (strndx == SHN_UNDEF) { 250 error = ENOEXEC; 251 goto out; 252 } 253 254 /* 255 * strndx is the index in section header table of the string table 256 * section get the whole string table in strtable, and then we get access to the names 257 * s->sh_name is the offset of the section name in strtable. 258 */ 259 strtable = malloc(sh[strndx].sh_size, M_TEMP, M_WAITOK); 260 error = exec_read_from(l, epp->ep_vp, sh[strndx].sh_offset, strtable, 261 sh[strndx].sh_size); 262 if (error) 263 goto out; 264 265 for (i = 0; i < eh->e_shnum; i++) { 266 Elf_Shdr *s = &sh[i]; 267 268 if (!memcmp((void*)(&(strtable[s->sh_name])), signature, 269 sizeof(signature))) { 270 DPRINTF(("linux_debuglink_sig=%s\n", 271 &(strtable[s->sh_name]))); 272 error = 0; 273 goto out; 274 } 275 } 276 error = ENOEXEC; 277 278 out: 279 free(sh, M_TEMP); 280 if (strtable) 281 free(strtable, M_TEMP); 282 return (error); 283 } 284 #endif 285 286 int 287 ELFNAME2(linux,signature)(struct lwp *l, struct exec_package *epp, Elf_Ehdr *eh, char *itp) 288 { 289 size_t i; 290 Elf_Phdr *ph; 291 size_t phsize; 292 int error; 293 static const char linux[] = "Linux"; 294 295 if (eh->e_ident[EI_OSABI] == 3 || 296 memcmp(&eh->e_ident[EI_ABIVERSION], linux, sizeof(linux)) == 0) 297 return 0; 298 299 phsize = eh->e_phnum * sizeof(Elf_Phdr); 300 ph = (Elf_Phdr *)malloc(phsize, M_TEMP, M_WAITOK); 301 error = exec_read_from(l, epp->ep_vp, eh->e_phoff, ph, phsize); 302 if (error) 303 goto out; 304 305 for (i = 0; i < eh->e_phnum; i++) { 306 Elf_Phdr *ephp = &ph[i]; 307 Elf_Nhdr *np; 308 u_int32_t *abi; 309 310 if (ephp->p_type != PT_NOTE || 311 ephp->p_filesz > 1024 || 312 ephp->p_filesz < sizeof(Elf_Nhdr) + 20) 313 continue; 314 315 np = (Elf_Nhdr *)malloc(ephp->p_filesz, M_TEMP, M_WAITOK); 316 error = exec_read_from(l, epp->ep_vp, ephp->p_offset, np, 317 ephp->p_filesz); 318 if (error) 319 goto next; 320 321 if (np->n_type != ELF_NOTE_TYPE_ABI_TAG || 322 np->n_namesz != ELF_NOTE_ABI_NAMESZ || 323 np->n_descsz != ELF_NOTE_ABI_DESCSZ || 324 memcmp((void *)(np + 1), ELF_NOTE_ABI_NAME, 325 ELF_NOTE_ABI_NAMESZ)) 326 goto next; 327 328 /* Make sure the OS is Linux. */ 329 abi = (u_int32_t *)((char *)np + sizeof(Elf_Nhdr) + 330 np->n_namesz); 331 if (abi[0] == ELF_NOTE_ABI_OS_LINUX) 332 error = 0; 333 else 334 error = ENOEXEC; 335 free(np, M_TEMP); 336 goto out; 337 338 next: 339 free(np, M_TEMP); 340 continue; 341 } 342 343 /* Check for certain intepreter names. */ 344 if (itp) { 345 if (!strncmp(itp, "/lib/ld-linux", 13) || 346 #if (ELFSIZE == 64) 347 !strncmp(itp, "/lib64/ld-linux", 15) || 348 #endif 349 !strncmp(itp, "/lib/ld.so.", 11)) 350 error = 0; 351 else 352 error = ENOEXEC; 353 goto out; 354 } 355 356 error = ENOEXEC; 357 out: 358 free(ph, M_TEMP); 359 return (error); 360 } 361 362 int 363 ELFNAME2(linux,probe)(struct lwp *l, struct exec_package *epp, void *eh, 364 char *itp, vaddr_t *pos) 365 { 366 int error; 367 368 if (((error = ELFNAME2(linux,signature)(l, epp, eh, itp)) != 0) && 369 #ifdef LINUX_GCC_SIGNATURE 370 ((error = ELFNAME2(linux,gcc_signature)(l, epp, eh)) != 0) && 371 #endif 372 #ifdef LINUX_ATEXIT_SIGNATURE 373 ((error = ELFNAME2(linux,atexit_signature)(l, epp, eh)) != 0) && 374 #endif 375 #ifdef LINUX_DEBUGLINK_SIGNATURE 376 ((error = ELFNAME2(linux,debuglink_signature)(l, epp, eh)) != 0) && 377 #endif 378 1) { 379 DPRINTF(("linux_probe: returning %d\n", error)); 380 return error; 381 } 382 383 if (itp) { 384 if ((error = emul_find_interp(l, epp, itp))) 385 return (error); 386 } 387 epp->ep_flags |= EXEC_FORCEAUX; 388 DPRINTF(("linux_probe: returning 0\n")); 389 return 0; 390 } 391 392 #ifndef LINUX_MACHDEP_ELF_COPYARGS 393 /* 394 * Copy arguments onto the stack in the normal way, but add some 395 * extra information in case of dynamic binding. 396 */ 397 int 398 ELFNAME2(linux,copyargs)(struct lwp *l, struct exec_package *pack, 399 struct ps_strings *arginfo, char **stackp, void *argp) 400 { 401 size_t len; 402 AuxInfo ai[LINUX_ELF_AUX_ENTRIES], *a; 403 struct elf_args *ap; 404 int error; 405 struct vattr *vap; 406 uint32_t randbytes[4]; 407 408 if ((error = copyargs(l, pack, arginfo, stackp, argp)) != 0) 409 return error; 410 411 a = ai; 412 413 /* 414 * Push extra arguments used by glibc on the stack. 415 */ 416 417 a->a_type = AT_PAGESZ; 418 a->a_v = PAGE_SIZE; 419 a++; 420 421 if ((ap = (struct elf_args *)pack->ep_emul_arg)) { 422 423 a->a_type = AT_PHDR; 424 a->a_v = ap->arg_phaddr; 425 a++; 426 427 a->a_type = AT_PHENT; 428 a->a_v = ap->arg_phentsize; 429 a++; 430 431 a->a_type = AT_PHNUM; 432 a->a_v = ap->arg_phnum; 433 a++; 434 435 a->a_type = AT_BASE; 436 a->a_v = ap->arg_interp; 437 a++; 438 439 a->a_type = AT_FLAGS; 440 a->a_v = 0; 441 a++; 442 443 a->a_type = AT_ENTRY; 444 a->a_v = ap->arg_entry; 445 a++; 446 447 exec_free_emul_arg(pack); 448 } 449 450 /* Linux-specific items */ 451 a->a_type = LINUX_AT_CLKTCK; 452 a->a_v = hz; 453 a++; 454 455 vap = pack->ep_vap; 456 457 a->a_type = LINUX_AT_UID; 458 a->a_v = kauth_cred_getuid(l->l_cred); 459 a++; 460 461 a->a_type = LINUX_AT_EUID; 462 if (vap->va_mode & S_ISUID) 463 a->a_v = vap->va_uid; 464 else 465 a->a_v = kauth_cred_geteuid(l->l_cred); 466 a++; 467 468 a->a_type = LINUX_AT_GID; 469 a->a_v = kauth_cred_getgid(l->l_cred); 470 a++; 471 472 a->a_type = LINUX_AT_EGID; 473 if (vap->va_mode & S_ISGID) 474 a->a_v = vap->va_gid; 475 else 476 a->a_v = kauth_cred_getegid(l->l_cred); 477 a++; 478 479 a->a_type = LINUX_AT_RANDOM; 480 a->a_v = (Elf_Addr)*stackp; 481 a++; 482 483 a->a_type = AT_NULL; 484 a->a_v = 0; 485 a++; 486 487 randbytes[0] = cprng_strong32(); 488 randbytes[1] = cprng_strong32(); 489 randbytes[2] = cprng_strong32(); 490 randbytes[3] = cprng_strong32(); 491 492 len = sizeof(randbytes); 493 if ((error = copyout(randbytes, *stackp, len)) != 0) 494 return error; 495 *stackp += len; 496 497 len = (a - ai) * sizeof(AuxInfo); 498 KASSERT(len <= LINUX_ELF_AUX_ENTRIES * sizeof(AuxInfo)); 499 if ((error = copyout(ai, *stackp, len)) != 0) 500 return error; 501 *stackp += len; 502 503 return 0; 504 } 505 #endif /* !LINUX_MACHDEP_ELF_COPYARGS */ 506