xref: /netbsd-src/sys/compat/linux/common/linux_exec_elf32.c (revision 181254a7b1bdde6873432bffef2d2decc4b5c22f)
1 /*	$NetBSD: linux_exec_elf32.c,v 1.100 2020/01/12 18:30:58 ad Exp $	*/
2 
3 /*-
4  * Copyright (c) 1995, 1998, 2000, 2001 The NetBSD Foundation, Inc.
5  * All rights reserved.
6  *
7  * This code is derived from software contributed to The NetBSD Foundation
8  * by Christos Zoulas, Frank van der Linden, Eric Haszlakiewicz and
9  * Emmanuel Dreyfus.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted provided that the following conditions
13  * are met:
14  * 1. Redistributions of source code must retain the above copyright
15  *    notice, this list of conditions and the following disclaimer.
16  * 2. Redistributions in binary form must reproduce the above copyright
17  *    notice, this list of conditions and the following disclaimer in the
18  *    documentation and/or other materials provided with the distribution.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
21  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
22  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
23  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
24  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30  * POSSIBILITY OF SUCH DAMAGE.
31  */
32 
33 /*
34  * based on exec_aout.c, sunos_exec.c and svr4_exec.c
35  */
36 
37 #include <sys/cdefs.h>
38 __KERNEL_RCSID(0, "$NetBSD: linux_exec_elf32.c,v 1.100 2020/01/12 18:30:58 ad Exp $");
39 
40 #ifndef ELFSIZE
41 /* XXX should die */
42 #define	ELFSIZE		32
43 #endif
44 
45 #include <sys/param.h>
46 #include <sys/systm.h>
47 #include <sys/kernel.h>
48 #include <sys/proc.h>
49 #include <sys/malloc.h>
50 #include <sys/namei.h>
51 #include <sys/vnode.h>
52 #include <sys/mount.h>
53 #include <sys/exec.h>
54 #include <sys/exec_elf.h>
55 #include <sys/stat.h>
56 #include <sys/kauth.h>
57 #include <sys/cprng.h>
58 #include <sys/compat_stub.h>
59 
60 #include <sys/mman.h>
61 #include <sys/syscallargs.h>
62 
63 #include <sys/cpu.h>
64 #include <machine/reg.h>
65 
66 #include <compat/linux/common/linux_types.h>
67 #include <compat/linux/common/linux_signal.h>
68 #include <compat/linux/common/linux_util.h>
69 #include <compat/linux/common/linux_exec.h>
70 #include <compat/linux/common/linux_machdep.h>
71 #include <compat/linux/common/linux_ipc.h>
72 #include <compat/linux/common/linux_sem.h>
73 
74 #include <compat/linux/linux_syscallargs.h>
75 #include <compat/linux/linux_syscall.h>
76 
77 #define LINUX_GO_RT0_SIGNATURE
78 
79 #ifdef DEBUG_LINUX
80 #define DPRINTF(a)	uprintf a
81 #else
82 #define DPRINTF(a)	do {} while (0)
83 #endif
84 
85 #ifdef LINUX_ATEXIT_SIGNATURE
86 /*
87  * On the PowerPC, statically linked Linux binaries are not recognized
88  * by linux_signature nor by linux_gcc_signature. Fortunately, thoses
89  * binaries features a __libc_atexit ELF section. We therefore assume we
90  * have a Linux binary if we find this section.
91  */
92 int
93 ELFNAME2(linux,atexit_signature)(
94 	struct lwp *l,
95 	struct exec_package *epp,
96 	Elf_Ehdr *eh)
97 {
98 	Elf_Shdr *sh;
99 	size_t shsize;
100 	u_int shstrndx;
101 	size_t i;
102 	static const char signature[] = "__libc_atexit";
103 	const size_t sigsz = sizeof(signature);
104 	char tbuf[sizeof(signature)];
105 	int error;
106 
107 	/* Load the section header table. */
108 	shsize = eh->e_shnum * sizeof(Elf_Shdr);
109 	sh = (Elf_Shdr *) malloc(shsize, M_TEMP, M_WAITOK);
110 	error = exec_read(l, epp->ep_vp, eh->e_shoff, sh, shsize,
111 	    IO_NODELOCKED);
112 	if (error)
113 		goto out;
114 
115 	/* Now let's find the string table. If it does not exist, give up. */
116 	shstrndx = eh->e_shstrndx;
117 	if (shstrndx == SHN_UNDEF || shstrndx >= eh->e_shnum) {
118 		error = ENOEXEC;
119 		goto out;
120 	}
121 
122 	/* Check if any section has the name we're looking for. */
123 	const off_t stroff = sh[shstrndx].sh_offset;
124 	for (i = 0; i < eh->e_shnum; i++) {
125 		Elf_Shdr *s = &sh[i];
126 
127 		if (s->sh_name + sigsz > sh[shstrndx].sh_size)
128 			continue;
129 
130 		error = exec_read(l, epp->ep_vp, stroff + s->sh_name, tbuf,
131 		    sigsz, IO_NODELOCKED);
132 		if (error)
133 			goto out;
134 		if (!memcmp(tbuf, signature, sigsz)) {
135 			DPRINTF(("linux_atexit_sig=%s\n", tbuf));
136 			error = 0;
137 			goto out;
138 		}
139 	}
140 	error = ENOEXEC;
141 
142 out:
143 	free(sh, M_TEMP);
144 	return (error);
145 }
146 #endif
147 
148 #ifdef LINUX_GCC_SIGNATURE
149 /*
150  * Take advantage of the fact that all the linux binaries are compiled
151  * with gcc, and gcc sticks in the comment field a signature. Note that
152  * on SVR4 binaries, the gcc signature will follow the OS name signature,
153  * that will not be a problem. We don't bother to read in the string table,
154  * but we check all the progbits headers.
155  *
156  * XXX This only works in the i386.  On the alpha (at least)
157  * XXX we have the same gcc signature which incorrectly identifies
158  * XXX NetBSD binaries as Linux.
159  */
160 int
161 ELFNAME2(linux,gcc_signature)(
162 	struct lwp *l,
163 	struct exec_package *epp,
164 	Elf_Ehdr *eh)
165 {
166 	size_t shsize;
167 	size_t i;
168 	static const char signature[] = "\0GCC: (GNU) ";
169 	char tbuf[sizeof(signature) - 1];
170 	Elf_Shdr *sh;
171 	int error;
172 
173 	shsize = eh->e_shnum * sizeof(Elf_Shdr);
174 	sh = (Elf_Shdr *) malloc(shsize, M_TEMP, M_WAITOK);
175 	error = exec_read(l, epp->ep_vp, eh->e_shoff, sh, shsize,
176 	    IO_NODELOCKED);
177 	if (error)
178 		goto out;
179 
180 	for (i = 0; i < eh->e_shnum; i++) {
181 		Elf_Shdr *s = &sh[i];
182 
183 		/*
184 		 * Identify candidates for the comment header;
185 		 * Header cannot have a load address, or flags and
186 		 * it must be large enough.
187 		 */
188 		if (s->sh_type != SHT_PROGBITS ||
189 		    s->sh_addr != 0 ||
190 		    s->sh_flags != 0 ||
191 		    s->sh_size < sizeof(signature) - 1)
192 			continue;
193 
194 		error = exec_read(l, epp->ep_vp, s->sh_offset, tbuf,
195 		    sizeof(signature) - 1, IO_NODELOCKED);
196 		if (error)
197 			continue;
198 
199 		/*
200 		 * error is 0, if the signatures match we are done.
201 		 */
202 		DPRINTF(("linux_gcc_sig: sig=%s\n", tbuf));
203 		if (!memcmp(tbuf, signature, sizeof(signature) - 1)) {
204 			error = 0;
205 			goto out;
206 		}
207 	}
208 	error = ENOEXEC;
209 
210 out:
211 	free(sh, M_TEMP);
212 	return (error);
213 }
214 #endif
215 
216 #ifdef LINUX_DEBUGLINK_SIGNATURE
217 /*
218  * Look for a .gnu_debuglink, specific to x86_64 interpreter
219  */
220 int
221 ELFNAME2(linux,debuglink_signature)(struct lwp *l, struct exec_package *epp, Elf_Ehdr *eh)
222 {
223 	Elf_Shdr *sh;
224 	size_t shsize;
225 	u_int shstrndx;
226 	size_t i;
227 	static const char signature[] = ".gnu_debuglink";
228 	const size_t sigsz = sizeof(signature);
229 	char tbuf[sizeof(signature)];
230 	int error;
231 
232 	/* Load the section header table. */
233 	shsize = eh->e_shnum * sizeof(Elf_Shdr);
234 	sh = (Elf_Shdr *) malloc(shsize, M_TEMP, M_WAITOK);
235 	error = exec_read(l, epp->ep_vp, eh->e_shoff, sh, shsize,
236 	    IO_NODELOCKED);
237 	if (error)
238 		goto out;
239 
240 	/* Now let's find the string table. If it does not exist, give up. */
241 	shstrndx = eh->e_shstrndx;
242 	if (shstrndx == SHN_UNDEF || shstrndx >= eh->e_shnum) {
243 		error = ENOEXEC;
244 		goto out;
245 	}
246 
247 	/* Check if any section has the name we're looking for. */
248 	const off_t stroff = sh[shstrndx].sh_offset;
249 	for (i = 0; i < eh->e_shnum; i++) {
250 		Elf_Shdr *s = &sh[i];
251 
252 		if (s->sh_name + sigsz > sh[shstrndx].sh_size)
253 			continue;
254 
255 		error = exec_read(l, epp->ep_vp, stroff + s->sh_name, tbuf,
256 		    sigsz, IO_NODELOCKED);
257 		if (error)
258 			goto out;
259 		if (!memcmp(tbuf, signature, sigsz)) {
260 			DPRINTF(("linux_debuglink_sig=%s\n", tbuf));
261 			error = 0;
262 			goto out;
263 		}
264 	}
265 	error = ENOEXEC;
266 
267 out:
268 	free(sh, M_TEMP);
269 	return (error);
270 }
271 #endif
272 
273 #ifdef LINUX_GO_RT0_SIGNATURE
274 /*
275  * Look for a .gopclntab, specific to go binaries
276  * in it look for a symbol called _rt0_<cpu>_linux
277  */
278 static int
279 ELFNAME2(linux,go_rt0_signature)(struct lwp *l, struct exec_package *epp, Elf_Ehdr *eh)
280 {
281 	Elf_Shdr *sh;
282 	size_t shsize;
283 	u_int shstrndx;
284 	size_t i;
285 	static const char signature[] = ".gopclntab";
286 	const size_t sigsz = sizeof(signature);
287 	char tbuf[sizeof(signature)], *tmp = NULL;
288 	char mbuf[64];
289 	const char *m;
290 	int mlen;
291 	int error;
292 
293 	/* Load the section header table. */
294 	shsize = eh->e_shnum * sizeof(Elf_Shdr);
295 	sh = malloc(shsize, M_TEMP, M_WAITOK);
296 	error = exec_read(l, epp->ep_vp, eh->e_shoff, sh, shsize,
297 	    IO_NODELOCKED);
298 	if (error)
299 		goto out;
300 
301 	/* Now let's find the string table. If it does not exist, give up. */
302 	shstrndx = eh->e_shstrndx;
303 	if (shstrndx == SHN_UNDEF || shstrndx >= eh->e_shnum) {
304 		error = ENOEXEC;
305 		goto out;
306 	}
307 
308 	/* Check if any section has the name we're looking for. */
309 	const off_t stroff = sh[shstrndx].sh_offset;
310 	for (i = 0; i < eh->e_shnum; i++) {
311 		Elf_Shdr *s = &sh[i];
312 
313 		if (s->sh_name + sigsz > sh[shstrndx].sh_size)
314 			continue;
315 
316 		error = exec_read(l, epp->ep_vp, stroff + s->sh_name, tbuf,
317 		    sigsz, IO_NODELOCKED);
318 		if (error)
319 			goto out;
320 		if (!memcmp(tbuf, signature, sigsz)) {
321 			DPRINTF(("linux_goplcntab_sig=%s\n", tbuf));
322 			break;
323 		}
324 	}
325 
326 	if (i == eh->e_shnum) {
327 		error = ENOEXEC;
328 		goto out;
329 	}
330 
331 	// Don't scan more than 1MB
332 	if (sh[i].sh_size > 1024 * 1024)
333 		sh[i].sh_size = 1024 * 1024;
334 
335 	tmp = malloc(sh[i].sh_size, M_TEMP, M_WAITOK);
336 	error = exec_read(l, epp->ep_vp, sh[i].sh_offset, tmp,
337 	    sh[i].sh_size, IO_NODELOCKED);
338 	if (error)
339 		goto out;
340 
341 #if (ELFSIZE == 32)
342 	extern struct netbsd32_machine32_hook_t netbsd32_machine32_hook;
343 	MODULE_HOOK_CALL(netbsd32_machine32_hook, (), machine, m);
344 #else
345 	m = machine;
346 #endif
347 	mlen = snprintf(mbuf, sizeof(mbuf), "_rt0_%s_linux", m);
348 	if (memmem(tmp, sh[i].sh_size, mbuf, mlen) == NULL)
349 		error = ENOEXEC;
350 	else
351 		DPRINTF(("linux_rt0_sig=%s\n", mbuf));
352 out:
353 	if (tmp)
354 		free(tmp, M_TEMP);
355 	free(sh, M_TEMP);
356 	return error;
357 }
358 #endif
359 
360 int
361 ELFNAME2(linux,signature)(struct lwp *l, struct exec_package *epp, Elf_Ehdr *eh, char *itp)
362 {
363 	size_t i;
364 	Elf_Phdr *ph;
365 	size_t phsize;
366 	int error;
367 	static const char linux[] = "Linux";
368 
369 	if (eh->e_ident[EI_OSABI] == ELFOSABI_LINUX ||
370 	    memcmp(&eh->e_ident[EI_ABIVERSION], linux, sizeof(linux)) == 0)
371 		return 0;
372 
373 	phsize = eh->e_phnum * sizeof(Elf_Phdr);
374 	ph = (Elf_Phdr *)malloc(phsize, M_TEMP, M_WAITOK);
375 	error = exec_read(l, epp->ep_vp, eh->e_phoff, ph, phsize,
376 	    IO_NODELOCKED);
377 	if (error)
378 		goto out;
379 
380 	for (i = 0; i < eh->e_phnum; i++) {
381 		Elf_Phdr *ephp = &ph[i];
382 		Elf_Nhdr *np;
383 		u_int32_t *abi;
384 
385 		if (ephp->p_type != PT_NOTE ||
386 		    ephp->p_filesz > 1024 ||
387 		    ephp->p_filesz < sizeof(Elf_Nhdr) + 20)
388 			continue;
389 
390 		np = (Elf_Nhdr *)malloc(ephp->p_filesz, M_TEMP, M_WAITOK);
391 		error = exec_read(l, epp->ep_vp, ephp->p_offset, np,
392 		    ephp->p_filesz, IO_NODELOCKED);
393 		if (error)
394 			goto next;
395 
396 		if (np->n_type != ELF_NOTE_TYPE_ABI_TAG ||
397 		    np->n_namesz != ELF_NOTE_ABI_NAMESZ ||
398 		    np->n_descsz != ELF_NOTE_ABI_DESCSZ ||
399 		    memcmp((void *)(np + 1), ELF_NOTE_ABI_NAME,
400 		    ELF_NOTE_ABI_NAMESZ))
401 			goto next;
402 
403 		/* Make sure the OS is Linux. */
404 		abi = (u_int32_t *)((char *)np + sizeof(Elf_Nhdr) +
405 		    np->n_namesz);
406 		if (abi[0] == ELF_NOTE_ABI_OS_LINUX)
407 			error = 0;
408 		else
409 			error = ENOEXEC;
410 		free(np, M_TEMP);
411 		goto out;
412 
413 	next:
414 		free(np, M_TEMP);
415 		continue;
416 	}
417 
418 	/* Check for certain interpreter names. */
419 	if (itp) {
420 		if (!strncmp(itp, "/lib/ld-linux", 13) ||
421 #if (ELFSIZE == 64)
422 		    !strncmp(itp, "/lib64/ld-linux", 15) ||
423 #endif
424 		    !strncmp(itp, "/lib/ld.so.", 11))
425 			error = 0;
426 		else
427 			error = ENOEXEC;
428 		goto out;
429 	}
430 
431 	error = ENOEXEC;
432 out:
433 	free(ph, M_TEMP);
434 	return (error);
435 }
436 
437 int
438 ELFNAME2(linux,probe)(struct lwp *l, struct exec_package *epp, void *eh,
439     char *itp, vaddr_t *pos)
440 {
441 	int error;
442 
443 	if (((error = ELFNAME2(linux,signature)(l, epp, eh, itp)) != 0) &&
444 #ifdef LINUX_GCC_SIGNATURE
445 	    ((error = ELFNAME2(linux,gcc_signature)(l, epp, eh)) != 0) &&
446 #endif
447 #ifdef LINUX_ATEXIT_SIGNATURE
448 	    ((error = ELFNAME2(linux,atexit_signature)(l, epp, eh)) != 0) &&
449 #endif
450 #ifdef LINUX_DEBUGLINK_SIGNATURE
451 	    ((error = ELFNAME2(linux,debuglink_signature)(l, epp, eh)) != 0) &&
452 #endif
453 #ifdef LINUX_GO_RT0_SIGNATURE
454 	    ((error = ELFNAME2(linux,go_rt0_signature)(l, epp, eh)) != 0) &&
455 #endif
456 	    1) {
457 			DPRINTF(("linux_probe: returning %d\n", error));
458 			return error;
459 	}
460 
461 	if (itp) {
462 		if ((error = emul_find_interp(l, epp, itp)))
463 			return (error);
464 	}
465 	epp->ep_flags |= EXEC_FORCEAUX;
466 	DPRINTF(("linux_probe: returning 0\n"));
467 	return 0;
468 }
469 
470 #ifndef LINUX_MACHDEP_ELF_COPYARGS
471 /*
472  * Copy arguments onto the stack in the normal way, but add some
473  * extra information in case of dynamic binding.
474  */
475 int
476 ELFNAME2(linux,copyargs)(struct lwp *l, struct exec_package *pack,
477     struct ps_strings *arginfo, char **stackp, void *argp)
478 {
479 	size_t len;
480 	AuxInfo ai[LINUX_ELF_AUX_ENTRIES], *a;
481 	struct elf_args *ap;
482 	int error;
483 	struct vattr *vap;
484 	uint32_t randbytes[4];
485 
486 	if ((error = copyargs(l, pack, arginfo, stackp, argp)) != 0)
487 		return error;
488 
489 	a = ai;
490 
491 	memset(ai, 0, sizeof(ai));
492 
493 	/*
494 	 * Push extra arguments used by glibc on the stack.
495 	 */
496 
497 	a->a_type = AT_PAGESZ;
498 	a->a_v = PAGE_SIZE;
499 	a++;
500 
501 	if ((ap = (struct elf_args *)pack->ep_emul_arg)) {
502 
503 		a->a_type = AT_PHDR;
504 		a->a_v = ap->arg_phaddr;
505 		a++;
506 
507 		a->a_type = AT_PHENT;
508 		a->a_v = ap->arg_phentsize;
509 		a++;
510 
511 		a->a_type = AT_PHNUM;
512 		a->a_v = ap->arg_phnum;
513 		a++;
514 
515 		a->a_type = AT_BASE;
516 		a->a_v = ap->arg_interp;
517 		a++;
518 
519 		a->a_type = AT_FLAGS;
520 		a->a_v = 0;
521 		a++;
522 
523 		a->a_type = AT_ENTRY;
524 		a->a_v = ap->arg_entry;
525 		a++;
526 
527 		exec_free_emul_arg(pack);
528 	}
529 
530 	/* Linux-specific items */
531 	a->a_type = LINUX_AT_CLKTCK;
532 	a->a_v = hz;
533 	a++;
534 
535 	vap = pack->ep_vap;
536 
537 	a->a_type = LINUX_AT_UID;
538 	a->a_v = kauth_cred_getuid(l->l_cred);
539 	a++;
540 
541 	a->a_type = LINUX_AT_EUID;
542 	if (vap->va_mode & S_ISUID)
543 		a->a_v = vap->va_uid;
544 	else
545 		a->a_v = kauth_cred_geteuid(l->l_cred);
546 	a++;
547 
548 	a->a_type = LINUX_AT_GID;
549 	a->a_v = kauth_cred_getgid(l->l_cred);
550 	a++;
551 
552 	a->a_type = LINUX_AT_EGID;
553 	if (vap->va_mode & S_ISGID)
554 		a->a_v = vap->va_gid;
555 	else
556 		a->a_v = kauth_cred_getegid(l->l_cred);
557 	a++;
558 
559 	a->a_type = LINUX_AT_RANDOM;
560 	a->a_v = (Elf_Addr)(uintptr_t)*stackp;
561 	a++;
562 
563 	a->a_type = AT_NULL;
564 	a->a_v = 0;
565 	a++;
566 
567 	randbytes[0] = cprng_strong32();
568 	randbytes[1] = cprng_strong32();
569 	randbytes[2] = cprng_strong32();
570 	randbytes[3] = cprng_strong32();
571 
572 	len = sizeof(randbytes);
573 	if ((error = copyout(randbytes, *stackp, len)) != 0)
574 		return error;
575 	*stackp += len;
576 
577 	len = (a - ai) * sizeof(AuxInfo);
578 	KASSERT(len <= LINUX_ELF_AUX_ENTRIES * sizeof(AuxInfo));
579 	if ((error = copyout(ai, *stackp, len)) != 0)
580 		return error;
581 	*stackp += len;
582 
583 	return 0;
584 }
585 #endif /* !LINUX_MACHDEP_ELF_COPYARGS */
586