1 /* $NetBSD: kern_exec.c,v 1.309 2011/03/01 18:53:10 joerg Exp $ */ 2 3 /*- 4 * Copyright (c) 2008 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 /*- 30 * Copyright (C) 1993, 1994, 1996 Christopher G. Demetriou 31 * Copyright (C) 1992 Wolfgang Solfrank. 32 * Copyright (C) 1992 TooLs GmbH. 33 * All rights reserved. 34 * 35 * Redistribution and use in source and binary forms, with or without 36 * modification, are permitted provided that the following conditions 37 * are met: 38 * 1. Redistributions of source code must retain the above copyright 39 * notice, this list of conditions and the following disclaimer. 40 * 2. Redistributions in binary form must reproduce the above copyright 41 * notice, this list of conditions and the following disclaimer in the 42 * documentation and/or other materials provided with the distribution. 43 * 3. All advertising materials mentioning features or use of this software 44 * must display the following acknowledgement: 45 * This product includes software developed by TooLs GmbH. 46 * 4. The name of TooLs GmbH may not be used to endorse or promote products 47 * derived from this software without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY TOOLS GMBH ``AS IS'' AND ANY EXPRESS OR 50 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 51 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 52 * IN NO EVENT SHALL TOOLS GMBH BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 53 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 54 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 55 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 56 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 57 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 58 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 59 */ 60 61 #include <sys/cdefs.h> 62 __KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.309 2011/03/01 18:53:10 joerg Exp $"); 63 64 #include "opt_ktrace.h" 65 #include "opt_modular.h" 66 #include "opt_syscall_debug.h" 67 #include "veriexec.h" 68 #include "opt_pax.h" 69 #include "opt_sa.h" 70 71 #include <sys/param.h> 72 #include <sys/systm.h> 73 #include <sys/filedesc.h> 74 #include <sys/kernel.h> 75 #include <sys/proc.h> 76 #include <sys/mount.h> 77 #include <sys/malloc.h> 78 #include <sys/kmem.h> 79 #include <sys/namei.h> 80 #include <sys/vnode.h> 81 #include <sys/file.h> 82 #include <sys/acct.h> 83 #include <sys/exec.h> 84 #include <sys/ktrace.h> 85 #include <sys/uidinfo.h> 86 #include <sys/wait.h> 87 #include <sys/mman.h> 88 #include <sys/ras.h> 89 #include <sys/signalvar.h> 90 #include <sys/stat.h> 91 #include <sys/syscall.h> 92 #include <sys/kauth.h> 93 #include <sys/lwpctl.h> 94 #include <sys/pax.h> 95 #include <sys/cpu.h> 96 #include <sys/module.h> 97 #include <sys/sa.h> 98 #include <sys/savar.h> 99 #include <sys/syscallvar.h> 100 #include <sys/syscallargs.h> 101 #if NVERIEXEC > 0 102 #include <sys/verified_exec.h> 103 #endif /* NVERIEXEC > 0 */ 104 #include <sys/sdt.h> 105 106 #include <uvm/uvm_extern.h> 107 108 #include <machine/reg.h> 109 110 #include <compat/common/compat_util.h> 111 112 static int exec_sigcode_map(struct proc *, const struct emul *); 113 114 #ifdef DEBUG_EXEC 115 #define DPRINTF(a) printf a 116 #else 117 #define DPRINTF(a) 118 #endif /* DEBUG_EXEC */ 119 120 /* 121 * DTrace SDT provider definitions 122 */ 123 SDT_PROBE_DEFINE(proc,,,exec, 124 "char *", NULL, 125 NULL, NULL, NULL, NULL, 126 NULL, NULL, NULL, NULL); 127 SDT_PROBE_DEFINE(proc,,,exec_success, 128 "char *", NULL, 129 NULL, NULL, NULL, NULL, 130 NULL, NULL, NULL, NULL); 131 SDT_PROBE_DEFINE(proc,,,exec_failure, 132 "int", NULL, 133 NULL, NULL, NULL, NULL, 134 NULL, NULL, NULL, NULL); 135 136 /* 137 * Exec function switch: 138 * 139 * Note that each makecmds function is responsible for loading the 140 * exec package with the necessary functions for any exec-type-specific 141 * handling. 142 * 143 * Functions for specific exec types should be defined in their own 144 * header file. 145 */ 146 static const struct execsw **execsw = NULL; 147 static int nexecs; 148 149 u_int exec_maxhdrsz; /* must not be static - used by netbsd32 */ 150 151 /* list of dynamically loaded execsw entries */ 152 static LIST_HEAD(execlist_head, exec_entry) ex_head = 153 LIST_HEAD_INITIALIZER(ex_head); 154 struct exec_entry { 155 LIST_ENTRY(exec_entry) ex_list; 156 SLIST_ENTRY(exec_entry) ex_slist; 157 const struct execsw *ex_sw; 158 }; 159 160 #ifndef __HAVE_SYSCALL_INTERN 161 void syscall(void); 162 #endif 163 164 #ifdef KERN_SA 165 static struct sa_emul saemul_netbsd = { 166 sizeof(ucontext_t), 167 sizeof(struct sa_t), 168 sizeof(struct sa_t *), 169 NULL, 170 NULL, 171 cpu_upcall, 172 (void (*)(struct lwp *, void *))getucontext_sa, 173 sa_ucsp 174 }; 175 #endif /* KERN_SA */ 176 177 /* NetBSD emul struct */ 178 struct emul emul_netbsd = { 179 .e_name = "netbsd", 180 .e_path = NULL, 181 #ifndef __HAVE_MINIMAL_EMUL 182 .e_flags = EMUL_HAS_SYS___syscall, 183 .e_errno = NULL, 184 .e_nosys = SYS_syscall, 185 .e_nsysent = SYS_NSYSENT, 186 #endif 187 .e_sysent = sysent, 188 #ifdef SYSCALL_DEBUG 189 .e_syscallnames = syscallnames, 190 #else 191 .e_syscallnames = NULL, 192 #endif 193 .e_sendsig = sendsig, 194 .e_trapsignal = trapsignal, 195 .e_tracesig = NULL, 196 .e_sigcode = NULL, 197 .e_esigcode = NULL, 198 .e_sigobject = NULL, 199 .e_setregs = setregs, 200 .e_proc_exec = NULL, 201 .e_proc_fork = NULL, 202 .e_proc_exit = NULL, 203 .e_lwp_fork = NULL, 204 .e_lwp_exit = NULL, 205 #ifdef __HAVE_SYSCALL_INTERN 206 .e_syscall_intern = syscall_intern, 207 #else 208 .e_syscall = syscall, 209 #endif 210 .e_sysctlovly = NULL, 211 .e_fault = NULL, 212 .e_vm_default_addr = uvm_default_mapaddr, 213 .e_usertrap = NULL, 214 #ifdef KERN_SA 215 .e_sa = &saemul_netbsd, 216 #else 217 .e_sa = NULL, 218 #endif 219 .e_ucsize = sizeof(ucontext_t), 220 .e_startlwp = startlwp 221 }; 222 223 /* 224 * Exec lock. Used to control access to execsw[] structures. 225 * This must not be static so that netbsd32 can access it, too. 226 */ 227 krwlock_t exec_lock; 228 229 static kmutex_t sigobject_lock; 230 231 static void * 232 exec_pool_alloc(struct pool *pp, int flags) 233 { 234 235 return (void *)uvm_km_alloc(kernel_map, NCARGS, 0, 236 UVM_KMF_PAGEABLE | UVM_KMF_WAITVA); 237 } 238 239 static void 240 exec_pool_free(struct pool *pp, void *addr) 241 { 242 243 uvm_km_free(kernel_map, (vaddr_t)addr, NCARGS, UVM_KMF_PAGEABLE); 244 } 245 246 static struct pool exec_pool; 247 248 static struct pool_allocator exec_palloc = { 249 .pa_alloc = exec_pool_alloc, 250 .pa_free = exec_pool_free, 251 .pa_pagesz = NCARGS 252 }; 253 254 /* 255 * check exec: 256 * given an "executable" described in the exec package's namei info, 257 * see what we can do with it. 258 * 259 * ON ENTRY: 260 * exec package with appropriate namei info 261 * lwp pointer of exec'ing lwp 262 * NO SELF-LOCKED VNODES 263 * 264 * ON EXIT: 265 * error: nothing held, etc. exec header still allocated. 266 * ok: filled exec package, executable's vnode (unlocked). 267 * 268 * EXEC SWITCH ENTRY: 269 * Locked vnode to check, exec package, proc. 270 * 271 * EXEC SWITCH EXIT: 272 * ok: return 0, filled exec package, executable's vnode (unlocked). 273 * error: destructive: 274 * everything deallocated execept exec header. 275 * non-destructive: 276 * error code, executable's vnode (unlocked), 277 * exec header unmodified. 278 */ 279 int 280 /*ARGSUSED*/ 281 check_exec(struct lwp *l, struct exec_package *epp, struct pathbuf *pb) 282 { 283 int error, i; 284 struct vnode *vp; 285 struct nameidata nd; 286 size_t resid; 287 288 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | TRYEMULROOT, pb); 289 290 /* first get the vnode */ 291 if ((error = namei(&nd)) != 0) 292 return error; 293 epp->ep_vp = vp = nd.ni_vp; 294 /* this cannot overflow as both are size PATH_MAX */ 295 strcpy(epp->ep_resolvedname, nd.ni_pnbuf); 296 297 #ifdef DIAGNOSTIC 298 /* paranoia (take this out once namei stuff stabilizes) */ 299 memset(nd.ni_pnbuf, '~', PATH_MAX); 300 #endif 301 302 /* check access and type */ 303 if (vp->v_type != VREG) { 304 error = EACCES; 305 goto bad1; 306 } 307 if ((error = VOP_ACCESS(vp, VEXEC, l->l_cred)) != 0) 308 goto bad1; 309 310 /* get attributes */ 311 if ((error = VOP_GETATTR(vp, epp->ep_vap, l->l_cred)) != 0) 312 goto bad1; 313 314 /* Check mount point */ 315 if (vp->v_mount->mnt_flag & MNT_NOEXEC) { 316 error = EACCES; 317 goto bad1; 318 } 319 if (vp->v_mount->mnt_flag & MNT_NOSUID) 320 epp->ep_vap->va_mode &= ~(S_ISUID | S_ISGID); 321 322 /* try to open it */ 323 if ((error = VOP_OPEN(vp, FREAD, l->l_cred)) != 0) 324 goto bad1; 325 326 /* unlock vp, since we need it unlocked from here on out. */ 327 VOP_UNLOCK(vp); 328 329 #if NVERIEXEC > 0 330 error = veriexec_verify(l, vp, epp->ep_resolvedname, 331 epp->ep_flags & EXEC_INDIR ? VERIEXEC_INDIRECT : VERIEXEC_DIRECT, 332 NULL); 333 if (error) 334 goto bad2; 335 #endif /* NVERIEXEC > 0 */ 336 337 #ifdef PAX_SEGVGUARD 338 error = pax_segvguard(l, vp, epp->ep_resolvedname, false); 339 if (error) 340 goto bad2; 341 #endif /* PAX_SEGVGUARD */ 342 343 /* now we have the file, get the exec header */ 344 error = vn_rdwr(UIO_READ, vp, epp->ep_hdr, epp->ep_hdrlen, 0, 345 UIO_SYSSPACE, 0, l->l_cred, &resid, NULL); 346 if (error) 347 goto bad2; 348 epp->ep_hdrvalid = epp->ep_hdrlen - resid; 349 350 /* 351 * Set up default address space limits. Can be overridden 352 * by individual exec packages. 353 * 354 * XXX probably should be all done in the exec packages. 355 */ 356 epp->ep_vm_minaddr = VM_MIN_ADDRESS; 357 epp->ep_vm_maxaddr = VM_MAXUSER_ADDRESS; 358 /* 359 * set up the vmcmds for creation of the process 360 * address space 361 */ 362 error = ENOEXEC; 363 for (i = 0; i < nexecs; i++) { 364 int newerror; 365 366 epp->ep_esch = execsw[i]; 367 newerror = (*execsw[i]->es_makecmds)(l, epp); 368 369 if (!newerror) { 370 /* Seems ok: check that entry point is sane */ 371 if (epp->ep_entry > VM_MAXUSER_ADDRESS) { 372 error = ENOEXEC; 373 break; 374 } 375 376 /* check limits */ 377 if ((epp->ep_tsize > MAXTSIZ) || 378 (epp->ep_dsize > (u_quad_t)l->l_proc->p_rlimit 379 [RLIMIT_DATA].rlim_cur)) { 380 error = ENOMEM; 381 break; 382 } 383 return 0; 384 } 385 386 if (epp->ep_emul_root != NULL) { 387 vrele(epp->ep_emul_root); 388 epp->ep_emul_root = NULL; 389 } 390 if (epp->ep_interp != NULL) { 391 vrele(epp->ep_interp); 392 epp->ep_interp = NULL; 393 } 394 395 /* make sure the first "interesting" error code is saved. */ 396 if (error == ENOEXEC) 397 error = newerror; 398 399 if (epp->ep_flags & EXEC_DESTR) 400 /* Error from "#!" code, tidied up by recursive call */ 401 return error; 402 } 403 404 /* not found, error */ 405 406 /* 407 * free any vmspace-creation commands, 408 * and release their references 409 */ 410 kill_vmcmds(&epp->ep_vmcmds); 411 412 bad2: 413 /* 414 * close and release the vnode, restore the old one, free the 415 * pathname buf, and punt. 416 */ 417 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 418 VOP_CLOSE(vp, FREAD, l->l_cred); 419 vput(vp); 420 return error; 421 422 bad1: 423 /* 424 * free the namei pathname buffer, and put the vnode 425 * (which we don't yet have open). 426 */ 427 vput(vp); /* was still locked */ 428 return error; 429 } 430 431 #ifdef __MACHINE_STACK_GROWS_UP 432 #define STACK_PTHREADSPACE NBPG 433 #else 434 #define STACK_PTHREADSPACE 0 435 #endif 436 437 static int 438 execve_fetch_element(char * const *array, size_t index, char **value) 439 { 440 return copyin(array + index, value, sizeof(*value)); 441 } 442 443 /* 444 * exec system call 445 */ 446 /* ARGSUSED */ 447 int 448 sys_execve(struct lwp *l, const struct sys_execve_args *uap, register_t *retval) 449 { 450 /* { 451 syscallarg(const char *) path; 452 syscallarg(char * const *) argp; 453 syscallarg(char * const *) envp; 454 } */ 455 456 return execve1(l, SCARG(uap, path), SCARG(uap, argp), 457 SCARG(uap, envp), execve_fetch_element); 458 } 459 460 /* 461 * Load modules to try and execute an image that we do not understand. 462 * If no execsw entries are present, we load those likely to be needed 463 * in order to run native images only. Otherwise, we autoload all 464 * possible modules that could let us run the binary. XXX lame 465 */ 466 static void 467 exec_autoload(void) 468 { 469 #ifdef MODULAR 470 static const char * const native[] = { 471 "exec_elf32", 472 "exec_elf64", 473 "exec_script", 474 NULL 475 }; 476 static const char * const compat[] = { 477 "exec_elf32", 478 "exec_elf64", 479 "exec_script", 480 "exec_aout", 481 "exec_coff", 482 "exec_ecoff", 483 "compat_aoutm68k", 484 "compat_freebsd", 485 "compat_ibcs2", 486 "compat_irix", 487 "compat_linux", 488 "compat_linux32", 489 "compat_netbsd32", 490 "compat_sunos", 491 "compat_sunos32", 492 "compat_svr4", 493 "compat_svr4_32", 494 "compat_ultrix", 495 NULL 496 }; 497 char const * const *list; 498 int i; 499 500 list = (nexecs == 0 ? native : compat); 501 for (i = 0; list[i] != NULL; i++) { 502 if (module_autoload(list[i], MODULE_CLASS_MISC) != 0) { 503 continue; 504 } 505 yield(); 506 } 507 #endif 508 } 509 510 int 511 execve1(struct lwp *l, const char *path, char * const *args, 512 char * const *envs, execve_fetch_element_t fetch_element) 513 { 514 int error; 515 struct exec_package pack; 516 struct pathbuf *pb; 517 struct vattr attr; 518 struct proc *p; 519 char *argp; 520 char *dp, *sp; 521 long argc, envc; 522 size_t i, len; 523 char *stack; 524 struct ps_strings arginfo; 525 struct ps_strings *aip = &arginfo; 526 struct vmspace *vm; 527 struct exec_fakearg *tmpfap; 528 int szsigcode; 529 struct exec_vmcmd *base_vcp; 530 int oldlwpflags; 531 ksiginfo_t ksi; 532 ksiginfoq_t kq; 533 const char *pathstring; 534 char *resolvedpathbuf; 535 const char *commandname; 536 u_int modgen; 537 538 p = l->l_proc; 539 modgen = 0; 540 541 SDT_PROBE(proc,,,exec, path, 0, 0, 0, 0); 542 543 /* 544 * Check if we have exceeded our number of processes limit. 545 * This is so that we handle the case where a root daemon 546 * forked, ran setuid to become the desired user and is trying 547 * to exec. The obvious place to do the reference counting check 548 * is setuid(), but we don't do the reference counting check there 549 * like other OS's do because then all the programs that use setuid() 550 * must be modified to check the return code of setuid() and exit(). 551 * It is dangerous to make setuid() fail, because it fails open and 552 * the program will continue to run as root. If we make it succeed 553 * and return an error code, again we are not enforcing the limit. 554 * The best place to enforce the limit is here, when the process tries 555 * to execute a new image, because eventually the process will need 556 * to call exec in order to do something useful. 557 */ 558 retry: 559 if ((p->p_flag & PK_SUGID) && kauth_authorize_generic(l->l_cred, 560 KAUTH_GENERIC_ISSUSER, NULL) != 0 && chgproccnt(kauth_cred_getuid( 561 l->l_cred), 0) > p->p_rlimit[RLIMIT_NPROC].rlim_cur) 562 return EAGAIN; 563 564 oldlwpflags = l->l_flag & (LW_SA | LW_SA_UPCALL); 565 if (l->l_flag & LW_SA) { 566 lwp_lock(l); 567 l->l_flag &= ~(LW_SA | LW_SA_UPCALL); 568 lwp_unlock(l); 569 } 570 571 /* 572 * Drain existing references and forbid new ones. The process 573 * should be left alone until we're done here. This is necessary 574 * to avoid race conditions - e.g. in ptrace() - that might allow 575 * a local user to illicitly obtain elevated privileges. 576 */ 577 rw_enter(&p->p_reflock, RW_WRITER); 578 579 base_vcp = NULL; 580 /* 581 * Init the namei data to point the file user's program name. 582 * This is done here rather than in check_exec(), so that it's 583 * possible to override this settings if any of makecmd/probe 584 * functions call check_exec() recursively - for example, 585 * see exec_script_makecmds(). 586 */ 587 error = pathbuf_copyin(path, &pb); 588 if (error) { 589 DPRINTF(("execve: pathbuf_copyin path @%p %d\n", path, error)); 590 goto clrflg; 591 } 592 pathstring = pathbuf_stringcopy_get(pb); 593 resolvedpathbuf = PNBUF_GET(); 594 #ifdef DIAGNOSTIC 595 strcpy(resolvedpathbuf, "/wrong"); 596 #endif 597 598 /* 599 * initialize the fields of the exec package. 600 */ 601 pack.ep_name = path; 602 pack.ep_kname = pathstring; 603 pack.ep_resolvedname = resolvedpathbuf; 604 pack.ep_hdr = kmem_alloc(exec_maxhdrsz, KM_SLEEP); 605 pack.ep_hdrlen = exec_maxhdrsz; 606 pack.ep_hdrvalid = 0; 607 pack.ep_emul_arg = NULL; 608 pack.ep_vmcmds.evs_cnt = 0; 609 pack.ep_vmcmds.evs_used = 0; 610 pack.ep_vap = &attr; 611 pack.ep_flags = 0; 612 pack.ep_emul_root = NULL; 613 pack.ep_interp = NULL; 614 pack.ep_esch = NULL; 615 pack.ep_pax_flags = 0; 616 617 rw_enter(&exec_lock, RW_READER); 618 619 /* see if we can run it. */ 620 if ((error = check_exec(l, &pack, pb)) != 0) { 621 if (error != ENOENT) { 622 DPRINTF(("execve: check exec failed %d\n", error)); 623 } 624 goto freehdr; 625 } 626 627 /* XXX -- THE FOLLOWING SECTION NEEDS MAJOR CLEANUP */ 628 629 /* allocate an argument buffer */ 630 argp = pool_get(&exec_pool, PR_WAITOK); 631 KASSERT(argp != NULL); 632 dp = argp; 633 argc = 0; 634 635 /* copy the fake args list, if there's one, freeing it as we go */ 636 if (pack.ep_flags & EXEC_HASARGL) { 637 tmpfap = pack.ep_fa; 638 while (tmpfap->fa_arg != NULL) { 639 const char *cp; 640 641 cp = tmpfap->fa_arg; 642 while (*cp) 643 *dp++ = *cp++; 644 *dp++ = '\0'; 645 ktrexecarg(tmpfap->fa_arg, cp - tmpfap->fa_arg); 646 647 kmem_free(tmpfap->fa_arg, tmpfap->fa_len); 648 tmpfap++; argc++; 649 } 650 kmem_free(pack.ep_fa, pack.ep_fa_len); 651 pack.ep_flags &= ~EXEC_HASARGL; 652 } 653 654 /* Now get argv & environment */ 655 if (args == NULL) { 656 DPRINTF(("execve: null args\n")); 657 error = EINVAL; 658 goto bad; 659 } 660 /* 'i' will index the argp/envp element to be retrieved */ 661 i = 0; 662 if (pack.ep_flags & EXEC_SKIPARG) 663 i++; 664 665 while (1) { 666 len = argp + ARG_MAX - dp; 667 if ((error = (*fetch_element)(args, i, &sp)) != 0) { 668 DPRINTF(("execve: fetch_element args %d\n", error)); 669 goto bad; 670 } 671 if (!sp) 672 break; 673 if ((error = copyinstr(sp, dp, len, &len)) != 0) { 674 DPRINTF(("execve: copyinstr args %d\n", error)); 675 if (error == ENAMETOOLONG) 676 error = E2BIG; 677 goto bad; 678 } 679 ktrexecarg(dp, len - 1); 680 dp += len; 681 i++; 682 argc++; 683 } 684 685 envc = 0; 686 /* environment need not be there */ 687 if (envs != NULL) { 688 i = 0; 689 while (1) { 690 len = argp + ARG_MAX - dp; 691 if ((error = (*fetch_element)(envs, i, &sp)) != 0) { 692 DPRINTF(("execve: fetch_element env %d\n", error)); 693 goto bad; 694 } 695 if (!sp) 696 break; 697 if ((error = copyinstr(sp, dp, len, &len)) != 0) { 698 DPRINTF(("execve: copyinstr env %d\n", error)); 699 if (error == ENAMETOOLONG) 700 error = E2BIG; 701 goto bad; 702 } 703 ktrexecenv(dp, len - 1); 704 dp += len; 705 i++; 706 envc++; 707 } 708 } 709 710 dp = (char *) ALIGN(dp); 711 712 szsigcode = pack.ep_esch->es_emul->e_esigcode - 713 pack.ep_esch->es_emul->e_sigcode; 714 715 #ifdef __MACHINE_STACK_GROWS_UP 716 /* See big comment lower down */ 717 #define RTLD_GAP 32 718 #else 719 #define RTLD_GAP 0 720 #endif 721 722 /* Now check if args & environ fit into new stack */ 723 if (pack.ep_flags & EXEC_32) 724 len = ((argc + envc + 2 + pack.ep_esch->es_arglen) * 725 sizeof(int) + sizeof(int) + dp + RTLD_GAP + 726 szsigcode + sizeof(struct ps_strings) + STACK_PTHREADSPACE) 727 - argp; 728 else 729 len = ((argc + envc + 2 + pack.ep_esch->es_arglen) * 730 sizeof(char *) + sizeof(int) + dp + RTLD_GAP + 731 szsigcode + sizeof(struct ps_strings) + STACK_PTHREADSPACE) 732 - argp; 733 734 #ifdef PAX_ASLR 735 if (pax_aslr_active(l)) 736 len += (arc4random() % PAGE_SIZE); 737 #endif /* PAX_ASLR */ 738 739 #ifdef STACKLALIGN /* arm, etc. */ 740 len = STACKALIGN(len); /* make the stack "safely" aligned */ 741 #else 742 len = ALIGN(len); /* make the stack "safely" aligned */ 743 #endif 744 745 if (len > pack.ep_ssize) { /* in effect, compare to initial limit */ 746 DPRINTF(("execve: stack limit exceeded %zu\n", len)); 747 error = ENOMEM; 748 goto bad; 749 } 750 751 /* Get rid of other LWPs. */ 752 if (p->p_sa || p->p_nlwps > 1) { 753 mutex_enter(p->p_lock); 754 exit_lwps(l); 755 mutex_exit(p->p_lock); 756 } 757 KDASSERT(p->p_nlwps == 1); 758 759 /* Destroy any lwpctl info. */ 760 if (p->p_lwpctl != NULL) 761 lwp_ctl_exit(); 762 763 #ifdef KERN_SA 764 /* Release any SA state. */ 765 if (p->p_sa) 766 sa_release(p); 767 #endif /* KERN_SA */ 768 769 /* Remove POSIX timers */ 770 timers_free(p, TIMERS_POSIX); 771 772 /* adjust "active stack depth" for process VSZ */ 773 pack.ep_ssize = len; /* maybe should go elsewhere, but... */ 774 775 /* 776 * Do whatever is necessary to prepare the address space 777 * for remapping. Note that this might replace the current 778 * vmspace with another! 779 */ 780 uvmspace_exec(l, pack.ep_vm_minaddr, pack.ep_vm_maxaddr); 781 782 /* record proc's vnode, for use by procfs and others */ 783 if (p->p_textvp) 784 vrele(p->p_textvp); 785 vref(pack.ep_vp); 786 p->p_textvp = pack.ep_vp; 787 788 /* Now map address space */ 789 vm = p->p_vmspace; 790 vm->vm_taddr = (void *)pack.ep_taddr; 791 vm->vm_tsize = btoc(pack.ep_tsize); 792 vm->vm_daddr = (void*)pack.ep_daddr; 793 vm->vm_dsize = btoc(pack.ep_dsize); 794 vm->vm_ssize = btoc(pack.ep_ssize); 795 vm->vm_issize = 0; 796 vm->vm_maxsaddr = (void *)pack.ep_maxsaddr; 797 vm->vm_minsaddr = (void *)pack.ep_minsaddr; 798 799 #ifdef PAX_ASLR 800 pax_aslr_init(l, vm); 801 #endif /* PAX_ASLR */ 802 803 /* create the new process's VM space by running the vmcmds */ 804 #ifdef DIAGNOSTIC 805 if (pack.ep_vmcmds.evs_used == 0) 806 panic("execve: no vmcmds"); 807 #endif 808 for (i = 0; i < pack.ep_vmcmds.evs_used && !error; i++) { 809 struct exec_vmcmd *vcp; 810 811 vcp = &pack.ep_vmcmds.evs_cmds[i]; 812 if (vcp->ev_flags & VMCMD_RELATIVE) { 813 #ifdef DIAGNOSTIC 814 if (base_vcp == NULL) 815 panic("execve: relative vmcmd with no base"); 816 if (vcp->ev_flags & VMCMD_BASE) 817 panic("execve: illegal base & relative vmcmd"); 818 #endif 819 vcp->ev_addr += base_vcp->ev_addr; 820 } 821 error = (*vcp->ev_proc)(l, vcp); 822 #ifdef DEBUG_EXEC 823 if (error) { 824 size_t j; 825 struct exec_vmcmd *vp = &pack.ep_vmcmds.evs_cmds[0]; 826 for (j = 0; j <= i; j++) 827 uprintf( 828 "vmcmd[%zu] = %#"PRIxVADDR"/%#"PRIxVSIZE" fd@%#"PRIxVSIZE" prot=0%o flags=%d\n", 829 j, vp[j].ev_addr, vp[j].ev_len, 830 vp[j].ev_offset, vp[j].ev_prot, 831 vp[j].ev_flags); 832 } 833 #endif /* DEBUG_EXEC */ 834 if (vcp->ev_flags & VMCMD_BASE) 835 base_vcp = vcp; 836 } 837 838 /* free the vmspace-creation commands, and release their references */ 839 kill_vmcmds(&pack.ep_vmcmds); 840 841 vn_lock(pack.ep_vp, LK_EXCLUSIVE | LK_RETRY); 842 VOP_CLOSE(pack.ep_vp, FREAD, l->l_cred); 843 vput(pack.ep_vp); 844 845 /* if an error happened, deallocate and punt */ 846 if (error) { 847 DPRINTF(("execve: vmcmd %zu failed: %d\n", i - 1, error)); 848 goto exec_abort; 849 } 850 851 /* remember information about the process */ 852 arginfo.ps_nargvstr = argc; 853 arginfo.ps_nenvstr = envc; 854 855 /* set command name & other accounting info */ 856 commandname = strrchr(pack.ep_resolvedname, '/'); 857 if (commandname != NULL) { 858 commandname++; 859 } else { 860 commandname = pack.ep_resolvedname; 861 } 862 i = min(strlen(commandname), MAXCOMLEN); 863 (void)memcpy(p->p_comm, commandname, i); 864 p->p_comm[i] = '\0'; 865 866 dp = PNBUF_GET(); 867 /* 868 * If the path starts with /, we don't need to do any work. 869 * This handles the majority of the cases. 870 * In the future perhaps we could canonicalize it? 871 */ 872 if (pathstring[0] == '/') 873 (void)strlcpy(pack.ep_path = dp, pathstring, MAXPATHLEN); 874 #ifdef notyet 875 /* 876 * Although this works most of the time [since the entry was just 877 * entered in the cache] we don't use it because it theoretically 878 * can fail and it is not the cleanest interface, because there 879 * could be races. When the namei cache is re-written, this can 880 * be changed to use the appropriate function. 881 */ 882 else if (!(error = vnode_to_path(dp, MAXPATHLEN, p->p_textvp, l, p))) 883 pack.ep_path = dp; 884 #endif 885 else { 886 #ifdef notyet 887 printf("Cannot get path for pid %d [%s] (error %d)", 888 (int)p->p_pid, p->p_comm, error); 889 #endif 890 pack.ep_path = NULL; 891 PNBUF_PUT(dp); 892 } 893 894 stack = (char *)STACK_ALLOC(STACK_GROW(vm->vm_minsaddr, 895 STACK_PTHREADSPACE + sizeof(struct ps_strings) + szsigcode), 896 len - (sizeof(struct ps_strings) + szsigcode)); 897 898 #ifdef __MACHINE_STACK_GROWS_UP 899 /* 900 * The copyargs call always copies into lower addresses 901 * first, moving towards higher addresses, starting with 902 * the stack pointer that we give. When the stack grows 903 * down, this puts argc/argv/envp very shallow on the 904 * stack, right at the first user stack pointer. 905 * When the stack grows up, the situation is reversed. 906 * 907 * Normally, this is no big deal. But the ld_elf.so _rtld() 908 * function expects to be called with a single pointer to 909 * a region that has a few words it can stash values into, 910 * followed by argc/argv/envp. When the stack grows down, 911 * it's easy to decrement the stack pointer a little bit to 912 * allocate the space for these few words and pass the new 913 * stack pointer to _rtld. When the stack grows up, however, 914 * a few words before argc is part of the signal trampoline, XXX 915 * so we have a problem. 916 * 917 * Instead of changing how _rtld works, we take the easy way 918 * out and steal 32 bytes before we call copyargs. 919 * This extra space was allowed for when 'len' was calculated. 920 */ 921 stack += RTLD_GAP; 922 #endif /* __MACHINE_STACK_GROWS_UP */ 923 924 /* Now copy argc, args & environ to new stack */ 925 error = (*pack.ep_esch->es_copyargs)(l, &pack, &arginfo, &stack, argp); 926 if (pack.ep_path) { 927 PNBUF_PUT(pack.ep_path); 928 pack.ep_path = NULL; 929 } 930 if (error) { 931 DPRINTF(("execve: copyargs failed %d\n", error)); 932 goto exec_abort; 933 } 934 /* Move the stack back to original point */ 935 stack = (char *)STACK_GROW(vm->vm_minsaddr, len); 936 937 /* fill process ps_strings info */ 938 p->p_psstr = (struct ps_strings *) 939 STACK_ALLOC(STACK_GROW(vm->vm_minsaddr, STACK_PTHREADSPACE), 940 sizeof(struct ps_strings)); 941 p->p_psargv = offsetof(struct ps_strings, ps_argvstr); 942 p->p_psnargv = offsetof(struct ps_strings, ps_nargvstr); 943 p->p_psenv = offsetof(struct ps_strings, ps_envstr); 944 p->p_psnenv = offsetof(struct ps_strings, ps_nenvstr); 945 946 /* copy out the process's ps_strings structure */ 947 if ((error = copyout(aip, (char *)p->p_psstr, 948 sizeof(arginfo))) != 0) { 949 DPRINTF(("execve: ps_strings copyout %p->%p size %ld failed\n", 950 aip, (char *)p->p_psstr, (long)sizeof(arginfo))); 951 goto exec_abort; 952 } 953 954 cwdexec(p); 955 fd_closeexec(); /* handle close on exec */ 956 execsigs(p); /* reset catched signals */ 957 958 l->l_ctxlink = NULL; /* reset ucontext link */ 959 960 961 p->p_acflag &= ~AFORK; 962 mutex_enter(p->p_lock); 963 p->p_flag |= PK_EXEC; 964 mutex_exit(p->p_lock); 965 966 /* 967 * Stop profiling. 968 */ 969 if ((p->p_stflag & PST_PROFIL) != 0) { 970 mutex_spin_enter(&p->p_stmutex); 971 stopprofclock(p); 972 mutex_spin_exit(&p->p_stmutex); 973 } 974 975 /* 976 * It's OK to test PL_PPWAIT unlocked here, as other LWPs have 977 * exited and exec()/exit() are the only places it will be cleared. 978 */ 979 if ((p->p_lflag & PL_PPWAIT) != 0) { 980 mutex_enter(proc_lock); 981 l->l_lwpctl = NULL; /* was on loan from blocked parent */ 982 p->p_lflag &= ~PL_PPWAIT; 983 cv_broadcast(&p->p_pptr->p_waitcv); 984 mutex_exit(proc_lock); 985 } 986 987 /* 988 * Deal with set[ug]id. MNT_NOSUID has already been used to disable 989 * s[ug]id. It's OK to check for PSL_TRACED here as we have blocked 990 * out additional references on the process for the moment. 991 */ 992 if ((p->p_slflag & PSL_TRACED) == 0 && 993 994 (((attr.va_mode & S_ISUID) != 0 && 995 kauth_cred_geteuid(l->l_cred) != attr.va_uid) || 996 997 ((attr.va_mode & S_ISGID) != 0 && 998 kauth_cred_getegid(l->l_cred) != attr.va_gid))) { 999 /* 1000 * Mark the process as SUGID before we do 1001 * anything that might block. 1002 */ 1003 proc_crmod_enter(); 1004 proc_crmod_leave(NULL, NULL, true); 1005 1006 /* Make sure file descriptors 0..2 are in use. */ 1007 if ((error = fd_checkstd()) != 0) { 1008 DPRINTF(("execve: fdcheckstd failed %d\n", error)); 1009 goto exec_abort; 1010 } 1011 1012 /* 1013 * Copy the credential so other references don't see our 1014 * changes. 1015 */ 1016 l->l_cred = kauth_cred_copy(l->l_cred); 1017 #ifdef KTRACE 1018 /* 1019 * If the persistent trace flag isn't set, turn off. 1020 */ 1021 if (p->p_tracep) { 1022 mutex_enter(&ktrace_lock); 1023 if (!(p->p_traceflag & KTRFAC_PERSISTENT)) 1024 ktrderef(p); 1025 mutex_exit(&ktrace_lock); 1026 } 1027 #endif 1028 if (attr.va_mode & S_ISUID) 1029 kauth_cred_seteuid(l->l_cred, attr.va_uid); 1030 if (attr.va_mode & S_ISGID) 1031 kauth_cred_setegid(l->l_cred, attr.va_gid); 1032 } else { 1033 if (kauth_cred_geteuid(l->l_cred) == 1034 kauth_cred_getuid(l->l_cred) && 1035 kauth_cred_getegid(l->l_cred) == 1036 kauth_cred_getgid(l->l_cred)) 1037 p->p_flag &= ~PK_SUGID; 1038 } 1039 1040 /* 1041 * Copy the credential so other references don't see our changes. 1042 * Test to see if this is necessary first, since in the common case 1043 * we won't need a private reference. 1044 */ 1045 if (kauth_cred_geteuid(l->l_cred) != kauth_cred_getsvuid(l->l_cred) || 1046 kauth_cred_getegid(l->l_cred) != kauth_cred_getsvgid(l->l_cred)) { 1047 l->l_cred = kauth_cred_copy(l->l_cred); 1048 kauth_cred_setsvuid(l->l_cred, kauth_cred_geteuid(l->l_cred)); 1049 kauth_cred_setsvgid(l->l_cred, kauth_cred_getegid(l->l_cred)); 1050 } 1051 1052 /* Update the master credentials. */ 1053 if (l->l_cred != p->p_cred) { 1054 kauth_cred_t ocred; 1055 1056 kauth_cred_hold(l->l_cred); 1057 mutex_enter(p->p_lock); 1058 ocred = p->p_cred; 1059 p->p_cred = l->l_cred; 1060 mutex_exit(p->p_lock); 1061 kauth_cred_free(ocred); 1062 } 1063 1064 #if defined(__HAVE_RAS) 1065 /* 1066 * Remove all RASs from the address space. 1067 */ 1068 ras_purgeall(); 1069 #endif 1070 1071 doexechooks(p); 1072 1073 /* setup new registers and do misc. setup. */ 1074 (*pack.ep_esch->es_emul->e_setregs)(l, &pack, (vaddr_t)stack); 1075 if (pack.ep_esch->es_setregs) 1076 (*pack.ep_esch->es_setregs)(l, &pack, (vaddr_t)stack); 1077 1078 /* Provide a consistent LWP private setting */ 1079 (void)lwp_setprivate(l, NULL); 1080 1081 /* map the process's signal trampoline code */ 1082 if ((error = exec_sigcode_map(p, pack.ep_esch->es_emul)) != 0) { 1083 DPRINTF(("execve: map sigcode failed %d\n", error)); 1084 goto exec_abort; 1085 } 1086 1087 pool_put(&exec_pool, argp); 1088 1089 /* notify others that we exec'd */ 1090 KNOTE(&p->p_klist, NOTE_EXEC); 1091 1092 kmem_free(pack.ep_hdr, pack.ep_hdrlen); 1093 1094 SDT_PROBE(proc,,,exec_success, path, 0, 0, 0, 0); 1095 1096 /* The emulation root will usually have been found when we looked 1097 * for the elf interpreter (or similar), if not look now. */ 1098 if (pack.ep_esch->es_emul->e_path != NULL && pack.ep_emul_root == NULL) 1099 emul_find_root(l, &pack); 1100 1101 /* Any old emulation root got removed by fdcloseexec */ 1102 rw_enter(&p->p_cwdi->cwdi_lock, RW_WRITER); 1103 p->p_cwdi->cwdi_edir = pack.ep_emul_root; 1104 rw_exit(&p->p_cwdi->cwdi_lock); 1105 pack.ep_emul_root = NULL; 1106 if (pack.ep_interp != NULL) 1107 vrele(pack.ep_interp); 1108 1109 /* 1110 * Call emulation specific exec hook. This can setup per-process 1111 * p->p_emuldata or do any other per-process stuff an emulation needs. 1112 * 1113 * If we are executing process of different emulation than the 1114 * original forked process, call e_proc_exit() of the old emulation 1115 * first, then e_proc_exec() of new emulation. If the emulation is 1116 * same, the exec hook code should deallocate any old emulation 1117 * resources held previously by this process. 1118 */ 1119 if (p->p_emul && p->p_emul->e_proc_exit 1120 && p->p_emul != pack.ep_esch->es_emul) 1121 (*p->p_emul->e_proc_exit)(p); 1122 1123 /* 1124 * This is now LWP 1. 1125 */ 1126 mutex_enter(p->p_lock); 1127 p->p_nlwpid = 1; 1128 l->l_lid = 1; 1129 mutex_exit(p->p_lock); 1130 1131 /* 1132 * Call exec hook. Emulation code may NOT store reference to anything 1133 * from &pack. 1134 */ 1135 if (pack.ep_esch->es_emul->e_proc_exec) 1136 (*pack.ep_esch->es_emul->e_proc_exec)(p, &pack); 1137 1138 /* update p_emul, the old value is no longer needed */ 1139 p->p_emul = pack.ep_esch->es_emul; 1140 1141 /* ...and the same for p_execsw */ 1142 p->p_execsw = pack.ep_esch; 1143 1144 #ifdef __HAVE_SYSCALL_INTERN 1145 (*p->p_emul->e_syscall_intern)(p); 1146 #endif 1147 ktremul(); 1148 1149 /* Allow new references from the debugger/procfs. */ 1150 rw_exit(&p->p_reflock); 1151 rw_exit(&exec_lock); 1152 1153 mutex_enter(proc_lock); 1154 1155 if ((p->p_slflag & (PSL_TRACED|PSL_SYSCALL)) == PSL_TRACED) { 1156 KSI_INIT_EMPTY(&ksi); 1157 ksi.ksi_signo = SIGTRAP; 1158 ksi.ksi_lid = l->l_lid; 1159 kpsignal(p, &ksi, NULL); 1160 } 1161 1162 if (p->p_sflag & PS_STOPEXEC) { 1163 KERNEL_UNLOCK_ALL(l, &l->l_biglocks); 1164 p->p_pptr->p_nstopchild++; 1165 p->p_pptr->p_waited = 0; 1166 mutex_enter(p->p_lock); 1167 ksiginfo_queue_init(&kq); 1168 sigclearall(p, &contsigmask, &kq); 1169 lwp_lock(l); 1170 l->l_stat = LSSTOP; 1171 p->p_stat = SSTOP; 1172 p->p_nrlwps--; 1173 lwp_unlock(l); 1174 mutex_exit(p->p_lock); 1175 mutex_exit(proc_lock); 1176 lwp_lock(l); 1177 mi_switch(l); 1178 ksiginfo_queue_drain(&kq); 1179 KERNEL_LOCK(l->l_biglocks, l); 1180 } else { 1181 mutex_exit(proc_lock); 1182 } 1183 1184 pathbuf_stringcopy_put(pb, pathstring); 1185 pathbuf_destroy(pb); 1186 PNBUF_PUT(resolvedpathbuf); 1187 return (EJUSTRETURN); 1188 1189 bad: 1190 /* free the vmspace-creation commands, and release their references */ 1191 kill_vmcmds(&pack.ep_vmcmds); 1192 /* kill any opened file descriptor, if necessary */ 1193 if (pack.ep_flags & EXEC_HASFD) { 1194 pack.ep_flags &= ~EXEC_HASFD; 1195 fd_close(pack.ep_fd); 1196 } 1197 /* close and put the exec'd file */ 1198 vn_lock(pack.ep_vp, LK_EXCLUSIVE | LK_RETRY); 1199 VOP_CLOSE(pack.ep_vp, FREAD, l->l_cred); 1200 vput(pack.ep_vp); 1201 pool_put(&exec_pool, argp); 1202 1203 freehdr: 1204 kmem_free(pack.ep_hdr, pack.ep_hdrlen); 1205 if (pack.ep_emul_root != NULL) 1206 vrele(pack.ep_emul_root); 1207 if (pack.ep_interp != NULL) 1208 vrele(pack.ep_interp); 1209 1210 rw_exit(&exec_lock); 1211 1212 pathbuf_stringcopy_put(pb, pathstring); 1213 pathbuf_destroy(pb); 1214 PNBUF_PUT(resolvedpathbuf); 1215 1216 clrflg: 1217 lwp_lock(l); 1218 l->l_flag |= oldlwpflags; 1219 lwp_unlock(l); 1220 rw_exit(&p->p_reflock); 1221 1222 if (modgen != module_gen && error == ENOEXEC) { 1223 modgen = module_gen; 1224 exec_autoload(); 1225 goto retry; 1226 } 1227 1228 SDT_PROBE(proc,,,exec_failure, error, 0, 0, 0, 0); 1229 return error; 1230 1231 exec_abort: 1232 SDT_PROBE(proc,,,exec_failure, error, 0, 0, 0, 0); 1233 rw_exit(&p->p_reflock); 1234 rw_exit(&exec_lock); 1235 1236 pathbuf_stringcopy_put(pb, pathstring); 1237 pathbuf_destroy(pb); 1238 PNBUF_PUT(resolvedpathbuf); 1239 1240 /* 1241 * the old process doesn't exist anymore. exit gracefully. 1242 * get rid of the (new) address space we have created, if any, get rid 1243 * of our namei data and vnode, and exit noting failure 1244 */ 1245 uvm_deallocate(&vm->vm_map, VM_MIN_ADDRESS, 1246 VM_MAXUSER_ADDRESS - VM_MIN_ADDRESS); 1247 if (pack.ep_emul_arg) 1248 free(pack.ep_emul_arg, M_TEMP); 1249 pool_put(&exec_pool, argp); 1250 kmem_free(pack.ep_hdr, pack.ep_hdrlen); 1251 if (pack.ep_emul_root != NULL) 1252 vrele(pack.ep_emul_root); 1253 if (pack.ep_interp != NULL) 1254 vrele(pack.ep_interp); 1255 1256 /* Acquire the sched-state mutex (exit1() will release it). */ 1257 mutex_enter(p->p_lock); 1258 exit1(l, W_EXITCODE(error, SIGABRT)); 1259 1260 /* NOTREACHED */ 1261 return 0; 1262 } 1263 1264 1265 int 1266 copyargs(struct lwp *l, struct exec_package *pack, struct ps_strings *arginfo, 1267 char **stackp, void *argp) 1268 { 1269 char **cpp, *dp, *sp; 1270 size_t len; 1271 void *nullp; 1272 long argc, envc; 1273 int error; 1274 1275 cpp = (char **)*stackp; 1276 nullp = NULL; 1277 argc = arginfo->ps_nargvstr; 1278 envc = arginfo->ps_nenvstr; 1279 if ((error = copyout(&argc, cpp++, sizeof(argc))) != 0) { 1280 DPRINTF(("copyargs:%d copyout @%p %zu\n", __LINE__, cpp-1, sizeof(argc))); 1281 return error; 1282 } 1283 1284 dp = (char *) (cpp + argc + envc + 2 + pack->ep_esch->es_arglen); 1285 sp = argp; 1286 1287 /* XXX don't copy them out, remap them! */ 1288 arginfo->ps_argvstr = cpp; /* remember location of argv for later */ 1289 1290 for (; --argc >= 0; sp += len, dp += len) { 1291 if ((error = copyout(&dp, cpp++, sizeof(dp))) != 0) { 1292 DPRINTF(("copyargs:%d copyout @%p %zu\n", __LINE__, cpp-1, sizeof(dp))); 1293 return error; 1294 } 1295 if ((error = copyoutstr(sp, dp, ARG_MAX, &len)) != 0) { 1296 DPRINTF(("copyargs:%d copyoutstr @%p %u\n", __LINE__, dp, ARG_MAX)); 1297 return error; 1298 } 1299 } 1300 1301 if ((error = copyout(&nullp, cpp++, sizeof(nullp))) != 0) { 1302 DPRINTF(("copyargs:%d copyout @%p %zu\n", __LINE__, cpp-1, sizeof(nullp))); 1303 return error; 1304 } 1305 1306 arginfo->ps_envstr = cpp; /* remember location of envp for later */ 1307 1308 for (; --envc >= 0; sp += len, dp += len) { 1309 if ((error = copyout(&dp, cpp++, sizeof(dp))) != 0) { 1310 DPRINTF(("copyargs:%d copyout @%p %zu\n", __LINE__, cpp-1, sizeof(dp))); 1311 return error; 1312 } 1313 if ((error = copyoutstr(sp, dp, ARG_MAX, &len)) != 0) { 1314 DPRINTF(("copyargs:%d copyoutstr @%p %u\n", __LINE__, dp, ARG_MAX)); 1315 return error; 1316 } 1317 } 1318 1319 if ((error = copyout(&nullp, cpp++, sizeof(nullp))) != 0) { 1320 DPRINTF(("copyargs:%d copyout @%p %zu\n", __LINE__, cpp-1, sizeof(nullp))); 1321 return error; 1322 } 1323 1324 *stackp = (char *)cpp; 1325 return 0; 1326 } 1327 1328 1329 /* 1330 * Add execsw[] entries. 1331 */ 1332 int 1333 exec_add(struct execsw *esp, int count) 1334 { 1335 struct exec_entry *it; 1336 int i; 1337 1338 if (count == 0) { 1339 return 0; 1340 } 1341 1342 /* Check for duplicates. */ 1343 rw_enter(&exec_lock, RW_WRITER); 1344 for (i = 0; i < count; i++) { 1345 LIST_FOREACH(it, &ex_head, ex_list) { 1346 /* assume unique (makecmds, probe_func, emulation) */ 1347 if (it->ex_sw->es_makecmds == esp[i].es_makecmds && 1348 it->ex_sw->u.elf_probe_func == 1349 esp[i].u.elf_probe_func && 1350 it->ex_sw->es_emul == esp[i].es_emul) { 1351 rw_exit(&exec_lock); 1352 return EEXIST; 1353 } 1354 } 1355 } 1356 1357 /* Allocate new entries. */ 1358 for (i = 0; i < count; i++) { 1359 it = kmem_alloc(sizeof(*it), KM_SLEEP); 1360 it->ex_sw = &esp[i]; 1361 LIST_INSERT_HEAD(&ex_head, it, ex_list); 1362 } 1363 1364 /* update execsw[] */ 1365 exec_init(0); 1366 rw_exit(&exec_lock); 1367 return 0; 1368 } 1369 1370 /* 1371 * Remove execsw[] entry. 1372 */ 1373 int 1374 exec_remove(struct execsw *esp, int count) 1375 { 1376 struct exec_entry *it, *next; 1377 int i; 1378 const struct proclist_desc *pd; 1379 proc_t *p; 1380 1381 if (count == 0) { 1382 return 0; 1383 } 1384 1385 /* Abort if any are busy. */ 1386 rw_enter(&exec_lock, RW_WRITER); 1387 for (i = 0; i < count; i++) { 1388 mutex_enter(proc_lock); 1389 for (pd = proclists; pd->pd_list != NULL; pd++) { 1390 PROCLIST_FOREACH(p, pd->pd_list) { 1391 if (p->p_execsw == &esp[i]) { 1392 mutex_exit(proc_lock); 1393 rw_exit(&exec_lock); 1394 return EBUSY; 1395 } 1396 } 1397 } 1398 mutex_exit(proc_lock); 1399 } 1400 1401 /* None are busy, so remove them all. */ 1402 for (i = 0; i < count; i++) { 1403 for (it = LIST_FIRST(&ex_head); it != NULL; it = next) { 1404 next = LIST_NEXT(it, ex_list); 1405 if (it->ex_sw == &esp[i]) { 1406 LIST_REMOVE(it, ex_list); 1407 kmem_free(it, sizeof(*it)); 1408 break; 1409 } 1410 } 1411 } 1412 1413 /* update execsw[] */ 1414 exec_init(0); 1415 rw_exit(&exec_lock); 1416 return 0; 1417 } 1418 1419 /* 1420 * Initialize exec structures. If init_boot is true, also does necessary 1421 * one-time initialization (it's called from main() that way). 1422 * Once system is multiuser, this should be called with exec_lock held, 1423 * i.e. via exec_{add|remove}(). 1424 */ 1425 int 1426 exec_init(int init_boot) 1427 { 1428 const struct execsw **sw; 1429 struct exec_entry *ex; 1430 SLIST_HEAD(,exec_entry) first; 1431 SLIST_HEAD(,exec_entry) any; 1432 SLIST_HEAD(,exec_entry) last; 1433 int i, sz; 1434 1435 if (init_boot) { 1436 /* do one-time initializations */ 1437 rw_init(&exec_lock); 1438 mutex_init(&sigobject_lock, MUTEX_DEFAULT, IPL_NONE); 1439 pool_init(&exec_pool, NCARGS, 0, 0, PR_NOALIGN|PR_NOTOUCH, 1440 "execargs", &exec_palloc, IPL_NONE); 1441 pool_sethardlimit(&exec_pool, maxexec, "should not happen", 0); 1442 } else { 1443 KASSERT(rw_write_held(&exec_lock)); 1444 } 1445 1446 /* Sort each entry onto the appropriate queue. */ 1447 SLIST_INIT(&first); 1448 SLIST_INIT(&any); 1449 SLIST_INIT(&last); 1450 sz = 0; 1451 LIST_FOREACH(ex, &ex_head, ex_list) { 1452 switch(ex->ex_sw->es_prio) { 1453 case EXECSW_PRIO_FIRST: 1454 SLIST_INSERT_HEAD(&first, ex, ex_slist); 1455 break; 1456 case EXECSW_PRIO_ANY: 1457 SLIST_INSERT_HEAD(&any, ex, ex_slist); 1458 break; 1459 case EXECSW_PRIO_LAST: 1460 SLIST_INSERT_HEAD(&last, ex, ex_slist); 1461 break; 1462 default: 1463 panic("exec_init"); 1464 break; 1465 } 1466 sz++; 1467 } 1468 1469 /* 1470 * Create new execsw[]. Ensure we do not try a zero-sized 1471 * allocation. 1472 */ 1473 sw = kmem_alloc(sz * sizeof(struct execsw *) + 1, KM_SLEEP); 1474 i = 0; 1475 SLIST_FOREACH(ex, &first, ex_slist) { 1476 sw[i++] = ex->ex_sw; 1477 } 1478 SLIST_FOREACH(ex, &any, ex_slist) { 1479 sw[i++] = ex->ex_sw; 1480 } 1481 SLIST_FOREACH(ex, &last, ex_slist) { 1482 sw[i++] = ex->ex_sw; 1483 } 1484 1485 /* Replace old execsw[] and free used memory. */ 1486 if (execsw != NULL) { 1487 kmem_free(__UNCONST(execsw), 1488 nexecs * sizeof(struct execsw *) + 1); 1489 } 1490 execsw = sw; 1491 nexecs = sz; 1492 1493 /* Figure out the maximum size of an exec header. */ 1494 exec_maxhdrsz = sizeof(int); 1495 for (i = 0; i < nexecs; i++) { 1496 if (execsw[i]->es_hdrsz > exec_maxhdrsz) 1497 exec_maxhdrsz = execsw[i]->es_hdrsz; 1498 } 1499 1500 return 0; 1501 } 1502 1503 static int 1504 exec_sigcode_map(struct proc *p, const struct emul *e) 1505 { 1506 vaddr_t va; 1507 vsize_t sz; 1508 int error; 1509 struct uvm_object *uobj; 1510 1511 sz = (vaddr_t)e->e_esigcode - (vaddr_t)e->e_sigcode; 1512 1513 if (e->e_sigobject == NULL || sz == 0) { 1514 return 0; 1515 } 1516 1517 /* 1518 * If we don't have a sigobject for this emulation, create one. 1519 * 1520 * sigobject is an anonymous memory object (just like SYSV shared 1521 * memory) that we keep a permanent reference to and that we map 1522 * in all processes that need this sigcode. The creation is simple, 1523 * we create an object, add a permanent reference to it, map it in 1524 * kernel space, copy out the sigcode to it and unmap it. 1525 * We map it with PROT_READ|PROT_EXEC into the process just 1526 * the way sys_mmap() would map it. 1527 */ 1528 1529 uobj = *e->e_sigobject; 1530 if (uobj == NULL) { 1531 mutex_enter(&sigobject_lock); 1532 if ((uobj = *e->e_sigobject) == NULL) { 1533 uobj = uao_create(sz, 0); 1534 (*uobj->pgops->pgo_reference)(uobj); 1535 va = vm_map_min(kernel_map); 1536 if ((error = uvm_map(kernel_map, &va, round_page(sz), 1537 uobj, 0, 0, 1538 UVM_MAPFLAG(UVM_PROT_RW, UVM_PROT_RW, 1539 UVM_INH_SHARE, UVM_ADV_RANDOM, 0)))) { 1540 printf("kernel mapping failed %d\n", error); 1541 (*uobj->pgops->pgo_detach)(uobj); 1542 mutex_exit(&sigobject_lock); 1543 return (error); 1544 } 1545 memcpy((void *)va, e->e_sigcode, sz); 1546 #ifdef PMAP_NEED_PROCWR 1547 pmap_procwr(&proc0, va, sz); 1548 #endif 1549 uvm_unmap(kernel_map, va, va + round_page(sz)); 1550 *e->e_sigobject = uobj; 1551 } 1552 mutex_exit(&sigobject_lock); 1553 } 1554 1555 /* Just a hint to uvm_map where to put it. */ 1556 va = e->e_vm_default_addr(p, (vaddr_t)p->p_vmspace->vm_daddr, 1557 round_page(sz)); 1558 1559 #ifdef __alpha__ 1560 /* 1561 * Tru64 puts /sbin/loader at the end of user virtual memory, 1562 * which causes the above calculation to put the sigcode at 1563 * an invalid address. Put it just below the text instead. 1564 */ 1565 if (va == (vaddr_t)vm_map_max(&p->p_vmspace->vm_map)) { 1566 va = (vaddr_t)p->p_vmspace->vm_taddr - round_page(sz); 1567 } 1568 #endif 1569 1570 (*uobj->pgops->pgo_reference)(uobj); 1571 error = uvm_map(&p->p_vmspace->vm_map, &va, round_page(sz), 1572 uobj, 0, 0, 1573 UVM_MAPFLAG(UVM_PROT_RX, UVM_PROT_RX, UVM_INH_SHARE, 1574 UVM_ADV_RANDOM, 0)); 1575 if (error) { 1576 DPRINTF(("exec_sigcode_map:%d map %p " 1577 "uvm_map %#"PRIxVSIZE"@%#"PRIxVADDR" failed %d\n", 1578 __LINE__, &p->p_vmspace->vm_map, round_page(sz), va, 1579 error)); 1580 (*uobj->pgops->pgo_detach)(uobj); 1581 return (error); 1582 } 1583 p->p_sigctx.ps_sigcode = (void *)va; 1584 return (0); 1585 } 1586