1 /* $NetBSD: kern_exec.c,v 1.290 2009/08/06 21:33:54 dsl Exp $ */ 2 3 /*- 4 * Copyright (c) 2008 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 /*- 30 * Copyright (C) 1993, 1994, 1996 Christopher G. Demetriou 31 * Copyright (C) 1992 Wolfgang Solfrank. 32 * Copyright (C) 1992 TooLs GmbH. 33 * All rights reserved. 34 * 35 * Redistribution and use in source and binary forms, with or without 36 * modification, are permitted provided that the following conditions 37 * are met: 38 * 1. Redistributions of source code must retain the above copyright 39 * notice, this list of conditions and the following disclaimer. 40 * 2. Redistributions in binary form must reproduce the above copyright 41 * notice, this list of conditions and the following disclaimer in the 42 * documentation and/or other materials provided with the distribution. 43 * 3. All advertising materials mentioning features or use of this software 44 * must display the following acknowledgement: 45 * This product includes software developed by TooLs GmbH. 46 * 4. The name of TooLs GmbH may not be used to endorse or promote products 47 * derived from this software without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY TOOLS GMBH ``AS IS'' AND ANY EXPRESS OR 50 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 51 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 52 * IN NO EVENT SHALL TOOLS GMBH BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 53 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 54 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 55 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 56 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 57 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 58 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 59 */ 60 61 #include <sys/cdefs.h> 62 __KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.290 2009/08/06 21:33:54 dsl Exp $"); 63 64 #include "opt_ktrace.h" 65 #include "opt_modular.h" 66 #include "opt_syscall_debug.h" 67 #include "veriexec.h" 68 #include "opt_pax.h" 69 #include "opt_sa.h" 70 71 #include <sys/param.h> 72 #include <sys/systm.h> 73 #include <sys/filedesc.h> 74 #include <sys/kernel.h> 75 #include <sys/proc.h> 76 #include <sys/mount.h> 77 #include <sys/malloc.h> 78 #include <sys/kmem.h> 79 #include <sys/namei.h> 80 #include <sys/vnode.h> 81 #include <sys/file.h> 82 #include <sys/acct.h> 83 #include <sys/exec.h> 84 #include <sys/ktrace.h> 85 #include <sys/uidinfo.h> 86 #include <sys/wait.h> 87 #include <sys/mman.h> 88 #include <sys/ras.h> 89 #include <sys/signalvar.h> 90 #include <sys/stat.h> 91 #include <sys/syscall.h> 92 #include <sys/kauth.h> 93 #include <sys/lwpctl.h> 94 #include <sys/pax.h> 95 #include <sys/cpu.h> 96 #include <sys/module.h> 97 #include <sys/sa.h> 98 #include <sys/savar.h> 99 #include <sys/syscallvar.h> 100 #include <sys/syscallargs.h> 101 #if NVERIEXEC > 0 102 #include <sys/verified_exec.h> 103 #endif /* NVERIEXEC > 0 */ 104 105 #include <uvm/uvm_extern.h> 106 107 #include <machine/reg.h> 108 109 #include <compat/common/compat_util.h> 110 111 static int exec_sigcode_map(struct proc *, const struct emul *); 112 113 #ifdef DEBUG_EXEC 114 #define DPRINTF(a) uprintf a 115 #else 116 #define DPRINTF(a) 117 #endif /* DEBUG_EXEC */ 118 119 /* 120 * Exec function switch: 121 * 122 * Note that each makecmds function is responsible for loading the 123 * exec package with the necessary functions for any exec-type-specific 124 * handling. 125 * 126 * Functions for specific exec types should be defined in their own 127 * header file. 128 */ 129 static const struct execsw **execsw = NULL; 130 static int nexecs; 131 132 u_int exec_maxhdrsz; /* must not be static - used by netbsd32 */ 133 134 /* list of dynamically loaded execsw entries */ 135 static LIST_HEAD(execlist_head, exec_entry) ex_head = 136 LIST_HEAD_INITIALIZER(ex_head); 137 struct exec_entry { 138 LIST_ENTRY(exec_entry) ex_list; 139 SLIST_ENTRY(exec_entry) ex_slist; 140 const struct execsw *ex_sw; 141 }; 142 143 #ifndef __HAVE_SYSCALL_INTERN 144 void syscall(void); 145 #endif 146 147 #ifdef KERN_SA 148 static struct sa_emul saemul_netbsd = { 149 sizeof(ucontext_t), 150 sizeof(struct sa_t), 151 sizeof(struct sa_t *), 152 NULL, 153 NULL, 154 cpu_upcall, 155 (void (*)(struct lwp *, void *))getucontext_sa, 156 sa_ucsp 157 }; 158 #endif /* KERN_SA */ 159 160 /* NetBSD emul struct */ 161 struct emul emul_netbsd = { 162 "netbsd", 163 NULL, /* emulation path */ 164 #ifndef __HAVE_MINIMAL_EMUL 165 EMUL_HAS_SYS___syscall, 166 NULL, 167 SYS_syscall, 168 SYS_NSYSENT, 169 #endif 170 sysent, 171 #ifdef SYSCALL_DEBUG 172 syscallnames, 173 #else 174 NULL, 175 #endif 176 sendsig, 177 trapsignal, 178 NULL, 179 NULL, 180 NULL, 181 NULL, 182 setregs, 183 NULL, 184 NULL, 185 NULL, 186 NULL, 187 NULL, 188 #ifdef __HAVE_SYSCALL_INTERN 189 syscall_intern, 190 #else 191 syscall, 192 #endif 193 NULL, 194 NULL, 195 196 uvm_default_mapaddr, 197 NULL, 198 #ifdef KERN_SA 199 &saemul_netbsd, 200 #else 201 NULL, 202 #endif 203 sizeof(ucontext_t), 204 startlwp, 205 }; 206 207 /* 208 * Exec lock. Used to control access to execsw[] structures. 209 * This must not be static so that netbsd32 can access it, too. 210 */ 211 krwlock_t exec_lock; 212 213 static kmutex_t sigobject_lock; 214 215 static void * 216 exec_pool_alloc(struct pool *pp, int flags) 217 { 218 219 return (void *)uvm_km_alloc(kernel_map, NCARGS, 0, 220 UVM_KMF_PAGEABLE | UVM_KMF_WAITVA); 221 } 222 223 static void 224 exec_pool_free(struct pool *pp, void *addr) 225 { 226 227 uvm_km_free(kernel_map, (vaddr_t)addr, NCARGS, UVM_KMF_PAGEABLE); 228 } 229 230 static struct pool exec_pool; 231 232 static struct pool_allocator exec_palloc = { 233 .pa_alloc = exec_pool_alloc, 234 .pa_free = exec_pool_free, 235 .pa_pagesz = NCARGS 236 }; 237 238 /* 239 * check exec: 240 * given an "executable" described in the exec package's namei info, 241 * see what we can do with it. 242 * 243 * ON ENTRY: 244 * exec package with appropriate namei info 245 * lwp pointer of exec'ing lwp 246 * NO SELF-LOCKED VNODES 247 * 248 * ON EXIT: 249 * error: nothing held, etc. exec header still allocated. 250 * ok: filled exec package, executable's vnode (unlocked). 251 * 252 * EXEC SWITCH ENTRY: 253 * Locked vnode to check, exec package, proc. 254 * 255 * EXEC SWITCH EXIT: 256 * ok: return 0, filled exec package, executable's vnode (unlocked). 257 * error: destructive: 258 * everything deallocated execept exec header. 259 * non-destructive: 260 * error code, executable's vnode (unlocked), 261 * exec header unmodified. 262 */ 263 int 264 /*ARGSUSED*/ 265 check_exec(struct lwp *l, struct exec_package *epp) 266 { 267 int error, i; 268 struct vnode *vp; 269 struct nameidata *ndp; 270 size_t resid; 271 272 ndp = epp->ep_ndp; 273 ndp->ni_cnd.cn_nameiop = LOOKUP; 274 ndp->ni_cnd.cn_flags = FOLLOW | LOCKLEAF | SAVENAME | TRYEMULROOT; 275 /* first get the vnode */ 276 if ((error = namei(ndp)) != 0) 277 return error; 278 epp->ep_vp = vp = ndp->ni_vp; 279 280 /* check access and type */ 281 if (vp->v_type != VREG) { 282 error = EACCES; 283 goto bad1; 284 } 285 if ((error = VOP_ACCESS(vp, VEXEC, l->l_cred)) != 0) 286 goto bad1; 287 288 /* get attributes */ 289 if ((error = VOP_GETATTR(vp, epp->ep_vap, l->l_cred)) != 0) 290 goto bad1; 291 292 /* Check mount point */ 293 if (vp->v_mount->mnt_flag & MNT_NOEXEC) { 294 error = EACCES; 295 goto bad1; 296 } 297 if (vp->v_mount->mnt_flag & MNT_NOSUID) 298 epp->ep_vap->va_mode &= ~(S_ISUID | S_ISGID); 299 300 /* try to open it */ 301 if ((error = VOP_OPEN(vp, FREAD, l->l_cred)) != 0) 302 goto bad1; 303 304 /* unlock vp, since we need it unlocked from here on out. */ 305 VOP_UNLOCK(vp, 0); 306 307 #if NVERIEXEC > 0 308 error = veriexec_verify(l, vp, ndp->ni_cnd.cn_pnbuf, 309 epp->ep_flags & EXEC_INDIR ? VERIEXEC_INDIRECT : VERIEXEC_DIRECT, 310 NULL); 311 if (error) 312 goto bad2; 313 #endif /* NVERIEXEC > 0 */ 314 315 #ifdef PAX_SEGVGUARD 316 error = pax_segvguard(l, vp, ndp->ni_cnd.cn_pnbuf, false); 317 if (error) 318 goto bad2; 319 #endif /* PAX_SEGVGUARD */ 320 321 /* now we have the file, get the exec header */ 322 error = vn_rdwr(UIO_READ, vp, epp->ep_hdr, epp->ep_hdrlen, 0, 323 UIO_SYSSPACE, 0, l->l_cred, &resid, NULL); 324 if (error) 325 goto bad2; 326 epp->ep_hdrvalid = epp->ep_hdrlen - resid; 327 328 /* 329 * Set up default address space limits. Can be overridden 330 * by individual exec packages. 331 * 332 * XXX probably should be all done in the exec packages. 333 */ 334 epp->ep_vm_minaddr = VM_MIN_ADDRESS; 335 epp->ep_vm_maxaddr = VM_MAXUSER_ADDRESS; 336 /* 337 * set up the vmcmds for creation of the process 338 * address space 339 */ 340 error = ENOEXEC; 341 for (i = 0; i < nexecs; i++) { 342 int newerror; 343 344 epp->ep_esch = execsw[i]; 345 newerror = (*execsw[i]->es_makecmds)(l, epp); 346 347 if (!newerror) { 348 /* Seems ok: check that entry point is sane */ 349 if (epp->ep_entry > VM_MAXUSER_ADDRESS) { 350 error = ENOEXEC; 351 break; 352 } 353 354 /* check limits */ 355 if ((epp->ep_tsize > MAXTSIZ) || 356 (epp->ep_dsize > (u_quad_t)l->l_proc->p_rlimit 357 [RLIMIT_DATA].rlim_cur)) { 358 error = ENOMEM; 359 break; 360 } 361 return 0; 362 } 363 364 if (epp->ep_emul_root != NULL) { 365 vrele(epp->ep_emul_root); 366 epp->ep_emul_root = NULL; 367 } 368 if (epp->ep_interp != NULL) { 369 vrele(epp->ep_interp); 370 epp->ep_interp = NULL; 371 } 372 373 /* make sure the first "interesting" error code is saved. */ 374 if (error == ENOEXEC) 375 error = newerror; 376 377 if (epp->ep_flags & EXEC_DESTR) 378 /* Error from "#!" code, tidied up by recursive call */ 379 return error; 380 } 381 382 /* not found, error */ 383 384 /* 385 * free any vmspace-creation commands, 386 * and release their references 387 */ 388 kill_vmcmds(&epp->ep_vmcmds); 389 390 bad2: 391 /* 392 * close and release the vnode, restore the old one, free the 393 * pathname buf, and punt. 394 */ 395 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 396 VOP_CLOSE(vp, FREAD, l->l_cred); 397 vput(vp); 398 PNBUF_PUT(ndp->ni_cnd.cn_pnbuf); 399 return error; 400 401 bad1: 402 /* 403 * free the namei pathname buffer, and put the vnode 404 * (which we don't yet have open). 405 */ 406 vput(vp); /* was still locked */ 407 PNBUF_PUT(ndp->ni_cnd.cn_pnbuf); 408 return error; 409 } 410 411 #ifdef __MACHINE_STACK_GROWS_UP 412 #define STACK_PTHREADSPACE NBPG 413 #else 414 #define STACK_PTHREADSPACE 0 415 #endif 416 417 static int 418 execve_fetch_element(char * const *array, size_t index, char **value) 419 { 420 return copyin(array + index, value, sizeof(*value)); 421 } 422 423 /* 424 * exec system call 425 */ 426 /* ARGSUSED */ 427 int 428 sys_execve(struct lwp *l, const struct sys_execve_args *uap, register_t *retval) 429 { 430 /* { 431 syscallarg(const char *) path; 432 syscallarg(char * const *) argp; 433 syscallarg(char * const *) envp; 434 } */ 435 436 return execve1(l, SCARG(uap, path), SCARG(uap, argp), 437 SCARG(uap, envp), execve_fetch_element); 438 } 439 440 /* 441 * Load modules to try and execute an image that we do not understand. 442 * If no execsw entries are present, we load those likely to be needed 443 * in order to run native images only. Otherwise, we autoload all 444 * possible modules that could let us run the binary. XXX lame 445 */ 446 static void 447 exec_autoload(void) 448 { 449 #ifdef MODULAR 450 static const char * const native[] = { 451 "exec_elf32", 452 "exec_elf64", 453 "exec_script", 454 NULL 455 }; 456 static const char * const compat[] = { 457 "exec_elf32", 458 "exec_elf64", 459 "exec_script", 460 "exec_aout", 461 "exec_coff", 462 "exec_ecoff", 463 "compat_aoutm68k", 464 "compat_freebsd", 465 "compat_ibcs2", 466 "compat_irix", 467 "compat_linux", 468 "compat_linux32", 469 "compat_netbsd32", 470 "compat_sunos", 471 "compat_sunos32", 472 "compat_svr4", 473 "compat_svr4_32", 474 "compat_ultrix", 475 NULL 476 }; 477 char const * const *list; 478 int i; 479 480 mutex_enter(&module_lock); 481 list = (nexecs == 0 ? native : compat); 482 for (i = 0; list[i] != NULL; i++) { 483 if (module_autoload(list[i], MODULE_CLASS_MISC) != 0) { 484 continue; 485 } 486 mutex_exit(&module_lock); 487 yield(); 488 mutex_enter(&module_lock); 489 } 490 mutex_exit(&module_lock); 491 #endif 492 } 493 494 int 495 execve1(struct lwp *l, const char *path, char * const *args, 496 char * const *envs, execve_fetch_element_t fetch_element) 497 { 498 int error; 499 struct exec_package pack; 500 struct nameidata nid; 501 struct vattr attr; 502 struct proc *p; 503 char *argp; 504 char *dp, *sp; 505 long argc, envc; 506 size_t i, len; 507 char *stack; 508 struct ps_strings arginfo; 509 struct ps_strings *aip = &arginfo; 510 struct vmspace *vm; 511 struct exec_fakearg *tmpfap; 512 int szsigcode; 513 struct exec_vmcmd *base_vcp; 514 int oldlwpflags; 515 ksiginfo_t ksi; 516 ksiginfoq_t kq; 517 char *pathbuf; 518 size_t pathbuflen; 519 u_int modgen; 520 521 p = l->l_proc; 522 modgen = 0; 523 524 /* 525 * Check if we have exceeded our number of processes limit. 526 * This is so that we handle the case where a root daemon 527 * forked, ran setuid to become the desired user and is trying 528 * to exec. The obvious place to do the reference counting check 529 * is setuid(), but we don't do the reference counting check there 530 * like other OS's do because then all the programs that use setuid() 531 * must be modified to check the return code of setuid() and exit(). 532 * It is dangerous to make setuid() fail, because it fails open and 533 * the program will continue to run as root. If we make it succeed 534 * and return an error code, again we are not enforcing the limit. 535 * The best place to enforce the limit is here, when the process tries 536 * to execute a new image, because eventually the process will need 537 * to call exec in order to do something useful. 538 */ 539 retry: 540 if ((p->p_flag & PK_SUGID) && kauth_authorize_generic(l->l_cred, 541 KAUTH_GENERIC_ISSUSER, NULL) != 0 && chgproccnt(kauth_cred_getuid( 542 l->l_cred), 0) > p->p_rlimit[RLIMIT_NPROC].rlim_cur) 543 return EAGAIN; 544 545 oldlwpflags = l->l_flag & (LW_SA | LW_SA_UPCALL); 546 if (l->l_flag & LW_SA) { 547 lwp_lock(l); 548 l->l_flag &= ~(LW_SA | LW_SA_UPCALL); 549 lwp_unlock(l); 550 } 551 552 /* 553 * Drain existing references and forbid new ones. The process 554 * should be left alone until we're done here. This is necessary 555 * to avoid race conditions - e.g. in ptrace() - that might allow 556 * a local user to illicitly obtain elevated privileges. 557 */ 558 rw_enter(&p->p_reflock, RW_WRITER); 559 560 base_vcp = NULL; 561 /* 562 * Init the namei data to point the file user's program name. 563 * This is done here rather than in check_exec(), so that it's 564 * possible to override this settings if any of makecmd/probe 565 * functions call check_exec() recursively - for example, 566 * see exec_script_makecmds(). 567 */ 568 pathbuf = PNBUF_GET(); 569 error = copyinstr(path, pathbuf, MAXPATHLEN, &pathbuflen); 570 if (error) { 571 DPRINTF(("execve: copyinstr path %d", error)); 572 goto clrflg; 573 } 574 575 NDINIT(&nid, LOOKUP, NOFOLLOW | TRYEMULROOT, UIO_SYSSPACE, pathbuf); 576 577 /* 578 * initialize the fields of the exec package. 579 */ 580 pack.ep_name = path; 581 pack.ep_hdr = kmem_alloc(exec_maxhdrsz, KM_SLEEP); 582 pack.ep_hdrlen = exec_maxhdrsz; 583 pack.ep_hdrvalid = 0; 584 pack.ep_ndp = &nid; 585 pack.ep_emul_arg = NULL; 586 pack.ep_vmcmds.evs_cnt = 0; 587 pack.ep_vmcmds.evs_used = 0; 588 pack.ep_vap = &attr; 589 pack.ep_flags = 0; 590 pack.ep_emul_root = NULL; 591 pack.ep_interp = NULL; 592 pack.ep_esch = NULL; 593 pack.ep_pax_flags = 0; 594 595 rw_enter(&exec_lock, RW_READER); 596 597 /* see if we can run it. */ 598 if ((error = check_exec(l, &pack)) != 0) { 599 if (error != ENOENT) { 600 DPRINTF(("execve: check exec failed %d\n", error)); 601 } 602 goto freehdr; 603 } 604 605 /* XXX -- THE FOLLOWING SECTION NEEDS MAJOR CLEANUP */ 606 607 /* allocate an argument buffer */ 608 argp = pool_get(&exec_pool, PR_WAITOK); 609 KASSERT(argp != NULL); 610 dp = argp; 611 argc = 0; 612 613 /* copy the fake args list, if there's one, freeing it as we go */ 614 if (pack.ep_flags & EXEC_HASARGL) { 615 tmpfap = pack.ep_fa; 616 while (tmpfap->fa_arg != NULL) { 617 const char *cp; 618 619 cp = tmpfap->fa_arg; 620 while (*cp) 621 *dp++ = *cp++; 622 *dp++ = '\0'; 623 ktrexecarg(tmpfap->fa_arg, cp - tmpfap->fa_arg); 624 625 kmem_free(tmpfap->fa_arg, tmpfap->fa_len); 626 tmpfap++; argc++; 627 } 628 kmem_free(pack.ep_fa, pack.ep_fa_len); 629 pack.ep_flags &= ~EXEC_HASARGL; 630 } 631 632 /* Now get argv & environment */ 633 if (args == NULL) { 634 DPRINTF(("execve: null args\n")); 635 error = EINVAL; 636 goto bad; 637 } 638 /* 'i' will index the argp/envp element to be retrieved */ 639 i = 0; 640 if (pack.ep_flags & EXEC_SKIPARG) 641 i++; 642 643 while (1) { 644 len = argp + ARG_MAX - dp; 645 if ((error = (*fetch_element)(args, i, &sp)) != 0) { 646 DPRINTF(("execve: fetch_element args %d\n", error)); 647 goto bad; 648 } 649 if (!sp) 650 break; 651 if ((error = copyinstr(sp, dp, len, &len)) != 0) { 652 DPRINTF(("execve: copyinstr args %d\n", error)); 653 if (error == ENAMETOOLONG) 654 error = E2BIG; 655 goto bad; 656 } 657 ktrexecarg(dp, len - 1); 658 dp += len; 659 i++; 660 argc++; 661 } 662 663 envc = 0; 664 /* environment need not be there */ 665 if (envs != NULL) { 666 i = 0; 667 while (1) { 668 len = argp + ARG_MAX - dp; 669 if ((error = (*fetch_element)(envs, i, &sp)) != 0) { 670 DPRINTF(("execve: fetch_element env %d\n", error)); 671 goto bad; 672 } 673 if (!sp) 674 break; 675 if ((error = copyinstr(sp, dp, len, &len)) != 0) { 676 DPRINTF(("execve: copyinstr env %d\n", error)); 677 if (error == ENAMETOOLONG) 678 error = E2BIG; 679 goto bad; 680 } 681 ktrexecenv(dp, len - 1); 682 dp += len; 683 i++; 684 envc++; 685 } 686 } 687 688 dp = (char *) ALIGN(dp); 689 690 szsigcode = pack.ep_esch->es_emul->e_esigcode - 691 pack.ep_esch->es_emul->e_sigcode; 692 693 #ifdef __MACHINE_STACK_GROWS_UP 694 /* See big comment lower down */ 695 #define RTLD_GAP 32 696 #else 697 #define RTLD_GAP 0 698 #endif 699 700 /* Now check if args & environ fit into new stack */ 701 if (pack.ep_flags & EXEC_32) 702 len = ((argc + envc + 2 + pack.ep_esch->es_arglen) * 703 sizeof(int) + sizeof(int) + dp + RTLD_GAP + 704 szsigcode + sizeof(struct ps_strings) + STACK_PTHREADSPACE) 705 - argp; 706 else 707 len = ((argc + envc + 2 + pack.ep_esch->es_arglen) * 708 sizeof(char *) + sizeof(int) + dp + RTLD_GAP + 709 szsigcode + sizeof(struct ps_strings) + STACK_PTHREADSPACE) 710 - argp; 711 712 #ifdef PAX_ASLR 713 if (pax_aslr_active(l)) 714 len += (arc4random() % PAGE_SIZE); 715 #endif /* PAX_ASLR */ 716 717 #ifdef STACKLALIGN /* arm, etc. */ 718 len = STACKALIGN(len); /* make the stack "safely" aligned */ 719 #else 720 len = ALIGN(len); /* make the stack "safely" aligned */ 721 #endif 722 723 if (len > pack.ep_ssize) { /* in effect, compare to initial limit */ 724 DPRINTF(("execve: stack limit exceeded %zu\n", len)); 725 error = ENOMEM; 726 goto bad; 727 } 728 729 /* Get rid of other LWPs. */ 730 if (p->p_sa || p->p_nlwps > 1) { 731 mutex_enter(p->p_lock); 732 exit_lwps(l); 733 mutex_exit(p->p_lock); 734 } 735 KDASSERT(p->p_nlwps == 1); 736 737 /* Destroy any lwpctl info. */ 738 if (p->p_lwpctl != NULL) 739 lwp_ctl_exit(); 740 741 /* This is now LWP 1 */ 742 l->l_lid = 1; 743 p->p_nlwpid = 1; 744 745 #ifdef KERN_SA 746 /* Release any SA state. */ 747 if (p->p_sa) 748 sa_release(p); 749 #endif /* KERN_SA */ 750 751 /* Remove POSIX timers */ 752 timers_free(p, TIMERS_POSIX); 753 754 /* adjust "active stack depth" for process VSZ */ 755 pack.ep_ssize = len; /* maybe should go elsewhere, but... */ 756 757 /* 758 * Do whatever is necessary to prepare the address space 759 * for remapping. Note that this might replace the current 760 * vmspace with another! 761 */ 762 uvmspace_exec(l, pack.ep_vm_minaddr, pack.ep_vm_maxaddr); 763 764 /* record proc's vnode, for use by procfs and others */ 765 if (p->p_textvp) 766 vrele(p->p_textvp); 767 VREF(pack.ep_vp); 768 p->p_textvp = pack.ep_vp; 769 770 /* Now map address space */ 771 vm = p->p_vmspace; 772 vm->vm_taddr = (void *)pack.ep_taddr; 773 vm->vm_tsize = btoc(pack.ep_tsize); 774 vm->vm_daddr = (void*)pack.ep_daddr; 775 vm->vm_dsize = btoc(pack.ep_dsize); 776 vm->vm_ssize = btoc(pack.ep_ssize); 777 vm->vm_issize = 0; 778 vm->vm_maxsaddr = (void *)pack.ep_maxsaddr; 779 vm->vm_minsaddr = (void *)pack.ep_minsaddr; 780 781 #ifdef PAX_ASLR 782 pax_aslr_init(l, vm); 783 #endif /* PAX_ASLR */ 784 785 /* create the new process's VM space by running the vmcmds */ 786 #ifdef DIAGNOSTIC 787 if (pack.ep_vmcmds.evs_used == 0) 788 panic("execve: no vmcmds"); 789 #endif 790 for (i = 0; i < pack.ep_vmcmds.evs_used && !error; i++) { 791 struct exec_vmcmd *vcp; 792 793 vcp = &pack.ep_vmcmds.evs_cmds[i]; 794 if (vcp->ev_flags & VMCMD_RELATIVE) { 795 #ifdef DIAGNOSTIC 796 if (base_vcp == NULL) 797 panic("execve: relative vmcmd with no base"); 798 if (vcp->ev_flags & VMCMD_BASE) 799 panic("execve: illegal base & relative vmcmd"); 800 #endif 801 vcp->ev_addr += base_vcp->ev_addr; 802 } 803 error = (*vcp->ev_proc)(l, vcp); 804 #ifdef DEBUG_EXEC 805 if (error) { 806 size_t j; 807 struct exec_vmcmd *vp = &pack.ep_vmcmds.evs_cmds[0]; 808 for (j = 0; j <= i; j++) 809 uprintf( 810 "vmcmd[%zu] = %#lx/%#lx fd@%#lx prot=0%o flags=%d\n", 811 j, vp[j].ev_addr, vp[j].ev_len, 812 vp[j].ev_offset, vp[j].ev_prot, 813 vp[j].ev_flags); 814 } 815 #endif /* DEBUG_EXEC */ 816 if (vcp->ev_flags & VMCMD_BASE) 817 base_vcp = vcp; 818 } 819 820 /* free the vmspace-creation commands, and release their references */ 821 kill_vmcmds(&pack.ep_vmcmds); 822 823 vn_lock(pack.ep_vp, LK_EXCLUSIVE | LK_RETRY); 824 VOP_CLOSE(pack.ep_vp, FREAD, l->l_cred); 825 vput(pack.ep_vp); 826 827 /* if an error happened, deallocate and punt */ 828 if (error) { 829 DPRINTF(("execve: vmcmd %zu failed: %d\n", i - 1, error)); 830 goto exec_abort; 831 } 832 833 /* remember information about the process */ 834 arginfo.ps_nargvstr = argc; 835 arginfo.ps_nenvstr = envc; 836 837 /* set command name & other accounting info */ 838 i = min(nid.ni_cnd.cn_namelen, MAXCOMLEN); 839 (void)memcpy(p->p_comm, nid.ni_cnd.cn_nameptr, i); 840 p->p_comm[i] = '\0'; 841 842 dp = PNBUF_GET(); 843 /* 844 * If the path starts with /, we don't need to do any work. 845 * This handles the majority of the cases. 846 * In the future perhaps we could canonicalize it? 847 */ 848 if (pathbuf[0] == '/') 849 (void)strlcpy(pack.ep_path = dp, pathbuf, MAXPATHLEN); 850 #ifdef notyet 851 /* 852 * Although this works most of the time [since the entry was just 853 * entered in the cache] we don't use it because it theoretically 854 * can fail and it is not the cleanest interface, because there 855 * could be races. When the namei cache is re-written, this can 856 * be changed to use the appropriate function. 857 */ 858 else if (!(error = vnode_to_path(dp, MAXPATHLEN, p->p_textvp, l, p))) 859 pack.ep_path = dp; 860 #endif 861 else { 862 #ifdef notyet 863 printf("Cannot get path for pid %d [%s] (error %d)", 864 (int)p->p_pid, p->p_comm, error); 865 #endif 866 pack.ep_path = NULL; 867 PNBUF_PUT(dp); 868 } 869 870 stack = (char *)STACK_ALLOC(STACK_GROW(vm->vm_minsaddr, 871 STACK_PTHREADSPACE + sizeof(struct ps_strings) + szsigcode), 872 len - (sizeof(struct ps_strings) + szsigcode)); 873 874 #ifdef __MACHINE_STACK_GROWS_UP 875 /* 876 * The copyargs call always copies into lower addresses 877 * first, moving towards higher addresses, starting with 878 * the stack pointer that we give. When the stack grows 879 * down, this puts argc/argv/envp very shallow on the 880 * stack, right at the first user stack pointer. 881 * When the stack grows up, the situation is reversed. 882 * 883 * Normally, this is no big deal. But the ld_elf.so _rtld() 884 * function expects to be called with a single pointer to 885 * a region that has a few words it can stash values into, 886 * followed by argc/argv/envp. When the stack grows down, 887 * it's easy to decrement the stack pointer a little bit to 888 * allocate the space for these few words and pass the new 889 * stack pointer to _rtld. When the stack grows up, however, 890 * a few words before argc is part of the signal trampoline, XXX 891 * so we have a problem. 892 * 893 * Instead of changing how _rtld works, we take the easy way 894 * out and steal 32 bytes before we call copyargs. 895 * This extra space was allowed for when 'len' was calculated. 896 */ 897 stack += RTLD_GAP; 898 #endif /* __MACHINE_STACK_GROWS_UP */ 899 900 /* Now copy argc, args & environ to new stack */ 901 error = (*pack.ep_esch->es_copyargs)(l, &pack, &arginfo, &stack, argp); 902 if (pack.ep_path) { 903 PNBUF_PUT(pack.ep_path); 904 pack.ep_path = NULL; 905 } 906 if (error) { 907 DPRINTF(("execve: copyargs failed %d\n", error)); 908 goto exec_abort; 909 } 910 /* Move the stack back to original point */ 911 stack = (char *)STACK_GROW(vm->vm_minsaddr, len); 912 913 /* fill process ps_strings info */ 914 p->p_psstr = (struct ps_strings *) 915 STACK_ALLOC(STACK_GROW(vm->vm_minsaddr, STACK_PTHREADSPACE), 916 sizeof(struct ps_strings)); 917 p->p_psargv = offsetof(struct ps_strings, ps_argvstr); 918 p->p_psnargv = offsetof(struct ps_strings, ps_nargvstr); 919 p->p_psenv = offsetof(struct ps_strings, ps_envstr); 920 p->p_psnenv = offsetof(struct ps_strings, ps_nenvstr); 921 922 /* copy out the process's ps_strings structure */ 923 if ((error = copyout(aip, (char *)p->p_psstr, 924 sizeof(arginfo))) != 0) { 925 DPRINTF(("execve: ps_strings copyout %p->%p size %ld failed\n", 926 aip, (char *)p->p_psstr, (long)sizeof(arginfo))); 927 goto exec_abort; 928 } 929 930 fd_closeexec(); /* handle close on exec */ 931 execsigs(p); /* reset catched signals */ 932 933 l->l_ctxlink = NULL; /* reset ucontext link */ 934 935 936 p->p_acflag &= ~AFORK; 937 mutex_enter(p->p_lock); 938 p->p_flag |= PK_EXEC; 939 mutex_exit(p->p_lock); 940 941 /* 942 * Stop profiling. 943 */ 944 if ((p->p_stflag & PST_PROFIL) != 0) { 945 mutex_spin_enter(&p->p_stmutex); 946 stopprofclock(p); 947 mutex_spin_exit(&p->p_stmutex); 948 } 949 950 /* 951 * It's OK to test PL_PPWAIT unlocked here, as other LWPs have 952 * exited and exec()/exit() are the only places it will be cleared. 953 */ 954 if ((p->p_lflag & PL_PPWAIT) != 0) { 955 mutex_enter(proc_lock); 956 p->p_lflag &= ~PL_PPWAIT; 957 cv_broadcast(&p->p_pptr->p_waitcv); 958 mutex_exit(proc_lock); 959 } 960 961 /* 962 * Deal with set[ug]id. MNT_NOSUID has already been used to disable 963 * s[ug]id. It's OK to check for PSL_TRACED here as we have blocked 964 * out additional references on the process for the moment. 965 */ 966 if ((p->p_slflag & PSL_TRACED) == 0 && 967 968 (((attr.va_mode & S_ISUID) != 0 && 969 kauth_cred_geteuid(l->l_cred) != attr.va_uid) || 970 971 ((attr.va_mode & S_ISGID) != 0 && 972 kauth_cred_getegid(l->l_cred) != attr.va_gid))) { 973 /* 974 * Mark the process as SUGID before we do 975 * anything that might block. 976 */ 977 proc_crmod_enter(); 978 proc_crmod_leave(NULL, NULL, true); 979 980 /* Make sure file descriptors 0..2 are in use. */ 981 if ((error = fd_checkstd()) != 0) { 982 DPRINTF(("execve: fdcheckstd failed %d\n", error)); 983 goto exec_abort; 984 } 985 986 /* 987 * Copy the credential so other references don't see our 988 * changes. 989 */ 990 l->l_cred = kauth_cred_copy(l->l_cred); 991 #ifdef KTRACE 992 /* 993 * If the persistent trace flag isn't set, turn off. 994 */ 995 if (p->p_tracep) { 996 mutex_enter(&ktrace_lock); 997 if (!(p->p_traceflag & KTRFAC_PERSISTENT)) 998 ktrderef(p); 999 mutex_exit(&ktrace_lock); 1000 } 1001 #endif 1002 if (attr.va_mode & S_ISUID) 1003 kauth_cred_seteuid(l->l_cred, attr.va_uid); 1004 if (attr.va_mode & S_ISGID) 1005 kauth_cred_setegid(l->l_cred, attr.va_gid); 1006 } else { 1007 if (kauth_cred_geteuid(l->l_cred) == 1008 kauth_cred_getuid(l->l_cred) && 1009 kauth_cred_getegid(l->l_cred) == 1010 kauth_cred_getgid(l->l_cred)) 1011 p->p_flag &= ~PK_SUGID; 1012 } 1013 1014 /* 1015 * Copy the credential so other references don't see our changes. 1016 * Test to see if this is necessary first, since in the common case 1017 * we won't need a private reference. 1018 */ 1019 if (kauth_cred_geteuid(l->l_cred) != kauth_cred_getsvuid(l->l_cred) || 1020 kauth_cred_getegid(l->l_cred) != kauth_cred_getsvgid(l->l_cred)) { 1021 l->l_cred = kauth_cred_copy(l->l_cred); 1022 kauth_cred_setsvuid(l->l_cred, kauth_cred_geteuid(l->l_cred)); 1023 kauth_cred_setsvgid(l->l_cred, kauth_cred_getegid(l->l_cred)); 1024 } 1025 1026 /* Update the master credentials. */ 1027 if (l->l_cred != p->p_cred) { 1028 kauth_cred_t ocred; 1029 1030 kauth_cred_hold(l->l_cred); 1031 mutex_enter(p->p_lock); 1032 ocred = p->p_cred; 1033 p->p_cred = l->l_cred; 1034 mutex_exit(p->p_lock); 1035 kauth_cred_free(ocred); 1036 } 1037 1038 #if defined(__HAVE_RAS) 1039 /* 1040 * Remove all RASs from the address space. 1041 */ 1042 ras_purgeall(); 1043 #endif 1044 1045 doexechooks(p); 1046 1047 /* setup new registers and do misc. setup. */ 1048 (*pack.ep_esch->es_emul->e_setregs)(l, &pack, (u_long) stack); 1049 if (pack.ep_esch->es_setregs) 1050 (*pack.ep_esch->es_setregs)(l, &pack, (u_long) stack); 1051 1052 /* map the process's signal trampoline code */ 1053 if (exec_sigcode_map(p, pack.ep_esch->es_emul)) { 1054 DPRINTF(("execve: map sigcode failed %d\n", error)); 1055 goto exec_abort; 1056 } 1057 1058 pool_put(&exec_pool, argp); 1059 1060 PNBUF_PUT(nid.ni_cnd.cn_pnbuf); 1061 1062 /* notify others that we exec'd */ 1063 KNOTE(&p->p_klist, NOTE_EXEC); 1064 1065 kmem_free(pack.ep_hdr, pack.ep_hdrlen); 1066 1067 /* The emulation root will usually have been found when we looked 1068 * for the elf interpreter (or similar), if not look now. */ 1069 if (pack.ep_esch->es_emul->e_path != NULL && pack.ep_emul_root == NULL) 1070 emul_find_root(l, &pack); 1071 1072 /* Any old emulation root got removed by fdcloseexec */ 1073 rw_enter(&p->p_cwdi->cwdi_lock, RW_WRITER); 1074 p->p_cwdi->cwdi_edir = pack.ep_emul_root; 1075 rw_exit(&p->p_cwdi->cwdi_lock); 1076 pack.ep_emul_root = NULL; 1077 if (pack.ep_interp != NULL) 1078 vrele(pack.ep_interp); 1079 1080 /* 1081 * Call emulation specific exec hook. This can setup per-process 1082 * p->p_emuldata or do any other per-process stuff an emulation needs. 1083 * 1084 * If we are executing process of different emulation than the 1085 * original forked process, call e_proc_exit() of the old emulation 1086 * first, then e_proc_exec() of new emulation. If the emulation is 1087 * same, the exec hook code should deallocate any old emulation 1088 * resources held previously by this process. 1089 */ 1090 if (p->p_emul && p->p_emul->e_proc_exit 1091 && p->p_emul != pack.ep_esch->es_emul) 1092 (*p->p_emul->e_proc_exit)(p); 1093 1094 /* 1095 * Call exec hook. Emulation code may NOT store reference to anything 1096 * from &pack. 1097 */ 1098 if (pack.ep_esch->es_emul->e_proc_exec) 1099 (*pack.ep_esch->es_emul->e_proc_exec)(p, &pack); 1100 1101 /* update p_emul, the old value is no longer needed */ 1102 p->p_emul = pack.ep_esch->es_emul; 1103 1104 /* ...and the same for p_execsw */ 1105 p->p_execsw = pack.ep_esch; 1106 1107 #ifdef __HAVE_SYSCALL_INTERN 1108 (*p->p_emul->e_syscall_intern)(p); 1109 #endif 1110 ktremul(); 1111 1112 /* Allow new references from the debugger/procfs. */ 1113 rw_exit(&p->p_reflock); 1114 rw_exit(&exec_lock); 1115 1116 mutex_enter(proc_lock); 1117 1118 if ((p->p_slflag & (PSL_TRACED|PSL_SYSCALL)) == PSL_TRACED) { 1119 KSI_INIT_EMPTY(&ksi); 1120 ksi.ksi_signo = SIGTRAP; 1121 ksi.ksi_lid = l->l_lid; 1122 kpsignal(p, &ksi, NULL); 1123 } 1124 1125 if (p->p_sflag & PS_STOPEXEC) { 1126 KERNEL_UNLOCK_ALL(l, &l->l_biglocks); 1127 p->p_pptr->p_nstopchild++; 1128 p->p_pptr->p_waited = 0; 1129 mutex_enter(p->p_lock); 1130 ksiginfo_queue_init(&kq); 1131 sigclearall(p, &contsigmask, &kq); 1132 lwp_lock(l); 1133 l->l_stat = LSSTOP; 1134 p->p_stat = SSTOP; 1135 p->p_nrlwps--; 1136 mutex_exit(p->p_lock); 1137 mutex_exit(proc_lock); 1138 mi_switch(l); 1139 ksiginfo_queue_drain(&kq); 1140 KERNEL_LOCK(l->l_biglocks, l); 1141 } else { 1142 mutex_exit(proc_lock); 1143 } 1144 1145 PNBUF_PUT(pathbuf); 1146 return (EJUSTRETURN); 1147 1148 bad: 1149 /* free the vmspace-creation commands, and release their references */ 1150 kill_vmcmds(&pack.ep_vmcmds); 1151 /* kill any opened file descriptor, if necessary */ 1152 if (pack.ep_flags & EXEC_HASFD) { 1153 pack.ep_flags &= ~EXEC_HASFD; 1154 fd_close(pack.ep_fd); 1155 } 1156 /* close and put the exec'd file */ 1157 vn_lock(pack.ep_vp, LK_EXCLUSIVE | LK_RETRY); 1158 VOP_CLOSE(pack.ep_vp, FREAD, l->l_cred); 1159 vput(pack.ep_vp); 1160 PNBUF_PUT(nid.ni_cnd.cn_pnbuf); 1161 pool_put(&exec_pool, argp); 1162 1163 freehdr: 1164 kmem_free(pack.ep_hdr, pack.ep_hdrlen); 1165 if (pack.ep_emul_root != NULL) 1166 vrele(pack.ep_emul_root); 1167 if (pack.ep_interp != NULL) 1168 vrele(pack.ep_interp); 1169 1170 rw_exit(&exec_lock); 1171 1172 clrflg: 1173 lwp_lock(l); 1174 l->l_flag |= oldlwpflags; 1175 lwp_unlock(l); 1176 PNBUF_PUT(pathbuf); 1177 rw_exit(&p->p_reflock); 1178 1179 if (modgen != module_gen && error == ENOEXEC) { 1180 modgen = module_gen; 1181 exec_autoload(); 1182 goto retry; 1183 } 1184 1185 return error; 1186 1187 exec_abort: 1188 PNBUF_PUT(pathbuf); 1189 rw_exit(&p->p_reflock); 1190 rw_exit(&exec_lock); 1191 1192 /* 1193 * the old process doesn't exist anymore. exit gracefully. 1194 * get rid of the (new) address space we have created, if any, get rid 1195 * of our namei data and vnode, and exit noting failure 1196 */ 1197 uvm_deallocate(&vm->vm_map, VM_MIN_ADDRESS, 1198 VM_MAXUSER_ADDRESS - VM_MIN_ADDRESS); 1199 if (pack.ep_emul_arg) 1200 free(pack.ep_emul_arg, M_TEMP); 1201 PNBUF_PUT(nid.ni_cnd.cn_pnbuf); 1202 pool_put(&exec_pool, argp); 1203 kmem_free(pack.ep_hdr, pack.ep_hdrlen); 1204 if (pack.ep_emul_root != NULL) 1205 vrele(pack.ep_emul_root); 1206 if (pack.ep_interp != NULL) 1207 vrele(pack.ep_interp); 1208 1209 /* Acquire the sched-state mutex (exit1() will release it). */ 1210 mutex_enter(p->p_lock); 1211 exit1(l, W_EXITCODE(error, SIGABRT)); 1212 1213 /* NOTREACHED */ 1214 return 0; 1215 } 1216 1217 1218 int 1219 copyargs(struct lwp *l, struct exec_package *pack, struct ps_strings *arginfo, 1220 char **stackp, void *argp) 1221 { 1222 char **cpp, *dp, *sp; 1223 size_t len; 1224 void *nullp; 1225 long argc, envc; 1226 int error; 1227 1228 cpp = (char **)*stackp; 1229 nullp = NULL; 1230 argc = arginfo->ps_nargvstr; 1231 envc = arginfo->ps_nenvstr; 1232 if ((error = copyout(&argc, cpp++, sizeof(argc))) != 0) 1233 return error; 1234 1235 dp = (char *) (cpp + argc + envc + 2 + pack->ep_esch->es_arglen); 1236 sp = argp; 1237 1238 /* XXX don't copy them out, remap them! */ 1239 arginfo->ps_argvstr = cpp; /* remember location of argv for later */ 1240 1241 for (; --argc >= 0; sp += len, dp += len) 1242 if ((error = copyout(&dp, cpp++, sizeof(dp))) != 0 || 1243 (error = copyoutstr(sp, dp, ARG_MAX, &len)) != 0) 1244 return error; 1245 1246 if ((error = copyout(&nullp, cpp++, sizeof(nullp))) != 0) 1247 return error; 1248 1249 arginfo->ps_envstr = cpp; /* remember location of envp for later */ 1250 1251 for (; --envc >= 0; sp += len, dp += len) 1252 if ((error = copyout(&dp, cpp++, sizeof(dp))) != 0 || 1253 (error = copyoutstr(sp, dp, ARG_MAX, &len)) != 0) 1254 return error; 1255 1256 if ((error = copyout(&nullp, cpp++, sizeof(nullp))) != 0) 1257 return error; 1258 1259 *stackp = (char *)cpp; 1260 return 0; 1261 } 1262 1263 1264 /* 1265 * Add execsw[] entries. 1266 */ 1267 int 1268 exec_add(struct execsw *esp, int count) 1269 { 1270 struct exec_entry *it; 1271 int i; 1272 1273 if (count == 0) { 1274 return 0; 1275 } 1276 1277 /* Check for duplicates. */ 1278 rw_enter(&exec_lock, RW_WRITER); 1279 for (i = 0; i < count; i++) { 1280 LIST_FOREACH(it, &ex_head, ex_list) { 1281 /* assume unique (makecmds, probe_func, emulation) */ 1282 if (it->ex_sw->es_makecmds == esp[i].es_makecmds && 1283 it->ex_sw->u.elf_probe_func == 1284 esp[i].u.elf_probe_func && 1285 it->ex_sw->es_emul == esp[i].es_emul) { 1286 rw_exit(&exec_lock); 1287 return EEXIST; 1288 } 1289 } 1290 } 1291 1292 /* Allocate new entries. */ 1293 for (i = 0; i < count; i++) { 1294 it = kmem_alloc(sizeof(*it), KM_SLEEP); 1295 it->ex_sw = &esp[i]; 1296 LIST_INSERT_HEAD(&ex_head, it, ex_list); 1297 } 1298 1299 /* update execsw[] */ 1300 exec_init(0); 1301 rw_exit(&exec_lock); 1302 return 0; 1303 } 1304 1305 /* 1306 * Remove execsw[] entry. 1307 */ 1308 int 1309 exec_remove(struct execsw *esp, int count) 1310 { 1311 struct exec_entry *it, *next; 1312 int i; 1313 const struct proclist_desc *pd; 1314 proc_t *p; 1315 1316 if (count == 0) { 1317 return 0; 1318 } 1319 1320 /* Abort if any are busy. */ 1321 rw_enter(&exec_lock, RW_WRITER); 1322 for (i = 0; i < count; i++) { 1323 mutex_enter(proc_lock); 1324 for (pd = proclists; pd->pd_list != NULL; pd++) { 1325 PROCLIST_FOREACH(p, pd->pd_list) { 1326 if (p->p_execsw == &esp[i]) { 1327 mutex_exit(proc_lock); 1328 rw_exit(&exec_lock); 1329 return EBUSY; 1330 } 1331 } 1332 } 1333 mutex_exit(proc_lock); 1334 } 1335 1336 /* None are busy, so remove them all. */ 1337 for (i = 0; i < count; i++) { 1338 for (it = LIST_FIRST(&ex_head); it != NULL; it = next) { 1339 next = LIST_NEXT(it, ex_list); 1340 if (it->ex_sw == &esp[i]) { 1341 LIST_REMOVE(it, ex_list); 1342 kmem_free(it, sizeof(*it)); 1343 break; 1344 } 1345 } 1346 } 1347 1348 /* update execsw[] */ 1349 exec_init(0); 1350 rw_exit(&exec_lock); 1351 return 0; 1352 } 1353 1354 /* 1355 * Initialize exec structures. If init_boot is true, also does necessary 1356 * one-time initialization (it's called from main() that way). 1357 * Once system is multiuser, this should be called with exec_lock held, 1358 * i.e. via exec_{add|remove}(). 1359 */ 1360 int 1361 exec_init(int init_boot) 1362 { 1363 const struct execsw **sw; 1364 struct exec_entry *ex; 1365 SLIST_HEAD(,exec_entry) first; 1366 SLIST_HEAD(,exec_entry) any; 1367 SLIST_HEAD(,exec_entry) last; 1368 int i, sz; 1369 1370 if (init_boot) { 1371 /* do one-time initializations */ 1372 rw_init(&exec_lock); 1373 mutex_init(&sigobject_lock, MUTEX_DEFAULT, IPL_NONE); 1374 pool_init(&exec_pool, NCARGS, 0, 0, PR_NOALIGN|PR_NOTOUCH, 1375 "execargs", &exec_palloc, IPL_NONE); 1376 pool_sethardlimit(&exec_pool, maxexec, "should not happen", 0); 1377 } else { 1378 KASSERT(rw_write_held(&exec_lock)); 1379 } 1380 1381 /* Sort each entry onto the appropriate queue. */ 1382 SLIST_INIT(&first); 1383 SLIST_INIT(&any); 1384 SLIST_INIT(&last); 1385 sz = 0; 1386 LIST_FOREACH(ex, &ex_head, ex_list) { 1387 switch(ex->ex_sw->es_prio) { 1388 case EXECSW_PRIO_FIRST: 1389 SLIST_INSERT_HEAD(&first, ex, ex_slist); 1390 break; 1391 case EXECSW_PRIO_ANY: 1392 SLIST_INSERT_HEAD(&any, ex, ex_slist); 1393 break; 1394 case EXECSW_PRIO_LAST: 1395 SLIST_INSERT_HEAD(&last, ex, ex_slist); 1396 break; 1397 default: 1398 panic("exec_init"); 1399 break; 1400 } 1401 sz++; 1402 } 1403 1404 /* 1405 * Create new execsw[]. Ensure we do not try a zero-sized 1406 * allocation. 1407 */ 1408 sw = kmem_alloc(sz * sizeof(struct execsw *) + 1, KM_SLEEP); 1409 i = 0; 1410 SLIST_FOREACH(ex, &first, ex_slist) { 1411 sw[i++] = ex->ex_sw; 1412 } 1413 SLIST_FOREACH(ex, &any, ex_slist) { 1414 sw[i++] = ex->ex_sw; 1415 } 1416 SLIST_FOREACH(ex, &last, ex_slist) { 1417 sw[i++] = ex->ex_sw; 1418 } 1419 1420 /* Replace old execsw[] and free used memory. */ 1421 if (execsw != NULL) { 1422 kmem_free(__UNCONST(execsw), 1423 nexecs * sizeof(struct execsw *) + 1); 1424 } 1425 execsw = sw; 1426 nexecs = sz; 1427 1428 /* Figure out the maximum size of an exec header. */ 1429 exec_maxhdrsz = sizeof(int); 1430 for (i = 0; i < nexecs; i++) { 1431 if (execsw[i]->es_hdrsz > exec_maxhdrsz) 1432 exec_maxhdrsz = execsw[i]->es_hdrsz; 1433 } 1434 1435 return 0; 1436 } 1437 1438 static int 1439 exec_sigcode_map(struct proc *p, const struct emul *e) 1440 { 1441 vaddr_t va; 1442 vsize_t sz; 1443 int error; 1444 struct uvm_object *uobj; 1445 1446 sz = (vaddr_t)e->e_esigcode - (vaddr_t)e->e_sigcode; 1447 1448 if (e->e_sigobject == NULL || sz == 0) { 1449 return 0; 1450 } 1451 1452 /* 1453 * If we don't have a sigobject for this emulation, create one. 1454 * 1455 * sigobject is an anonymous memory object (just like SYSV shared 1456 * memory) that we keep a permanent reference to and that we map 1457 * in all processes that need this sigcode. The creation is simple, 1458 * we create an object, add a permanent reference to it, map it in 1459 * kernel space, copy out the sigcode to it and unmap it. 1460 * We map it with PROT_READ|PROT_EXEC into the process just 1461 * the way sys_mmap() would map it. 1462 */ 1463 1464 uobj = *e->e_sigobject; 1465 if (uobj == NULL) { 1466 mutex_enter(&sigobject_lock); 1467 if ((uobj = *e->e_sigobject) == NULL) { 1468 uobj = uao_create(sz, 0); 1469 (*uobj->pgops->pgo_reference)(uobj); 1470 va = vm_map_min(kernel_map); 1471 if ((error = uvm_map(kernel_map, &va, round_page(sz), 1472 uobj, 0, 0, 1473 UVM_MAPFLAG(UVM_PROT_RW, UVM_PROT_RW, 1474 UVM_INH_SHARE, UVM_ADV_RANDOM, 0)))) { 1475 printf("kernel mapping failed %d\n", error); 1476 (*uobj->pgops->pgo_detach)(uobj); 1477 mutex_exit(&sigobject_lock); 1478 return (error); 1479 } 1480 memcpy((void *)va, e->e_sigcode, sz); 1481 #ifdef PMAP_NEED_PROCWR 1482 pmap_procwr(&proc0, va, sz); 1483 #endif 1484 uvm_unmap(kernel_map, va, va + round_page(sz)); 1485 *e->e_sigobject = uobj; 1486 } 1487 mutex_exit(&sigobject_lock); 1488 } 1489 1490 /* Just a hint to uvm_map where to put it. */ 1491 va = e->e_vm_default_addr(p, (vaddr_t)p->p_vmspace->vm_daddr, 1492 round_page(sz)); 1493 1494 #ifdef __alpha__ 1495 /* 1496 * Tru64 puts /sbin/loader at the end of user virtual memory, 1497 * which causes the above calculation to put the sigcode at 1498 * an invalid address. Put it just below the text instead. 1499 */ 1500 if (va == (vaddr_t)vm_map_max(&p->p_vmspace->vm_map)) { 1501 va = (vaddr_t)p->p_vmspace->vm_taddr - round_page(sz); 1502 } 1503 #endif 1504 1505 (*uobj->pgops->pgo_reference)(uobj); 1506 error = uvm_map(&p->p_vmspace->vm_map, &va, round_page(sz), 1507 uobj, 0, 0, 1508 UVM_MAPFLAG(UVM_PROT_RX, UVM_PROT_RX, UVM_INH_SHARE, 1509 UVM_ADV_RANDOM, 0)); 1510 if (error) { 1511 (*uobj->pgops->pgo_detach)(uobj); 1512 return (error); 1513 } 1514 p->p_sigctx.ps_sigcode = (void *)va; 1515 return (0); 1516 } 1517