FreeBSD/Linux Kernel Cross Reference
sys/kern/exec_subr.c
1 /* $NetBSD: exec_subr.c,v 1.84 2020/04/13 19:23:18 ad Exp $ */
2
3 /*
4 * Copyright (c) 1993, 1994, 1996 Christopher G. Demetriou
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. All advertising materials mentioning features or use of this software
16 * must display the following acknowledgement:
17 * This product includes software developed by Christopher G. Demetriou.
18 * 4. The name of the author may not be used to endorse or promote products
19 * derived from this software without specific prior written permission
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 */
32
33 #include <sys/cdefs.h>
34 __KERNEL_RCSID(0, "$NetBSD: exec_subr.c,v 1.84 2020/04/13 19:23:18 ad Exp $");
35
36 #include "opt_pax.h"
37
38 #include <sys/param.h>
39 #include <sys/systm.h>
40 #include <sys/proc.h>
41 #include <sys/kmem.h>
42 #include <sys/vnode.h>
43 #include <sys/filedesc.h>
44 #include <sys/exec.h>
45 #include <sys/mman.h>
46 #include <sys/resourcevar.h>
47 #include <sys/device.h>
48 #include <sys/pax.h>
49
50 #include <uvm/uvm_extern.h>
51
52 #define VMCMD_EVCNT_DECL(name) \
53 static struct evcnt vmcmd_ev_##name = \
54 EVCNT_INITIALIZER(EVCNT_TYPE_MISC, NULL, "vmcmd", #name); \
55 EVCNT_ATTACH_STATIC(vmcmd_ev_##name)
56
57 #define VMCMD_EVCNT_INCR(name) \
58 vmcmd_ev_##name.ev_count++
59
60 VMCMD_EVCNT_DECL(calls);
61 VMCMD_EVCNT_DECL(extends);
62 VMCMD_EVCNT_DECL(kills);
63
64 #ifdef DEBUG_STACK
65 #define DPRINTF(a) uprintf a
66 #else
67 #define DPRINTF(a)
68 #endif
69
70 unsigned int user_stack_guard_size = 1024 * 1024;
71 unsigned int user_thread_stack_guard_size = 64 * 1024;
72
73 /*
74 * new_vmcmd():
75 * create a new vmcmd structure and fill in its fields based
76 * on function call arguments. make sure objects ref'd by
77 * the vmcmd are 'held'.
78 */
79
80 void
81 new_vmcmd(struct exec_vmcmd_set *evsp,
82 int (*proc)(struct lwp * l, struct exec_vmcmd *),
83 vsize_t len, vaddr_t addr, struct vnode *vp, u_long offset,
84 u_int prot, int flags)
85 {
86 struct exec_vmcmd *vcp;
87
88 VMCMD_EVCNT_INCR(calls);
89 KASSERT(proc != vmcmd_map_pagedvn || (vp->v_iflag & VI_TEXT));
90 KASSERT(vp == NULL || vrefcnt(vp) > 0);
91
92 if (evsp->evs_used >= evsp->evs_cnt)
93 vmcmdset_extend(evsp);
94 vcp = &evsp->evs_cmds[evsp->evs_used++];
95 vcp->ev_proc = proc;
96 vcp->ev_len = len;
97 vcp->ev_addr = addr;
98 if ((vcp->ev_vp = vp) != NULL)
99 vref(vp);
100 vcp->ev_offset = offset;
101 vcp->ev_prot = prot;
102 vcp->ev_flags = flags;
103 }
104
105 void
106 vmcmdset_extend(struct exec_vmcmd_set *evsp)
107 {
108 struct exec_vmcmd *nvcp;
109 u_int ocnt;
110
111 #ifdef DIAGNOSTIC
112 if (evsp->evs_used < evsp->evs_cnt)
113 panic("vmcmdset_extend: not necessary");
114 #endif
115
116 /* figure out number of entries in new set */
117 if ((ocnt = evsp->evs_cnt) != 0) {
118 evsp->evs_cnt += ocnt;
119 VMCMD_EVCNT_INCR(extends);
120 } else
121 evsp->evs_cnt = EXEC_DEFAULT_VMCMD_SETSIZE;
122
123 /* allocate it */
124 nvcp = kmem_alloc(evsp->evs_cnt * sizeof(struct exec_vmcmd), KM_SLEEP);
125
126 /* free the old struct, if there was one, and record the new one */
127 if (ocnt) {
128 memcpy(nvcp, evsp->evs_cmds,
129 (ocnt * sizeof(struct exec_vmcmd)));
130 kmem_free(evsp->evs_cmds, ocnt * sizeof(struct exec_vmcmd));
131 }
132 evsp->evs_cmds = nvcp;
133 }
134
135 void
136 kill_vmcmds(struct exec_vmcmd_set *evsp)
137 {
138 struct exec_vmcmd *vcp;
139 u_int i;
140
141 VMCMD_EVCNT_INCR(kills);
142
143 if (evsp->evs_cnt == 0)
144 return;
145
146 for (i = 0; i < evsp->evs_used; i++) {
147 vcp = &evsp->evs_cmds[i];
148 if (vcp->ev_vp != NULL)
149 vrele(vcp->ev_vp);
150 }
151 kmem_free(evsp->evs_cmds, evsp->evs_cnt * sizeof(struct exec_vmcmd));
152 evsp->evs_used = evsp->evs_cnt = 0;
153 }
154
155 /*
156 * vmcmd_map_pagedvn():
157 * handle vmcmd which specifies that a vnode should be mmap'd.
158 * appropriate for handling demand-paged text and data segments.
159 */
160
161 static int
162 vmcmd_get_prot(struct lwp *l, const struct exec_vmcmd *cmd, vm_prot_t *prot,
163 vm_prot_t *maxprot)
164 {
165
166 *prot = cmd->ev_prot;
167 *maxprot = PAX_MPROTECT_MAXPROTECT(l, *prot, 0, UVM_PROT_ALL);
168
169 if ((*prot & *maxprot) != *prot)
170 return EACCES;
171 return PAX_MPROTECT_VALIDATE(l, *prot);
172 }
173
174 int
175 vmcmd_map_pagedvn(struct lwp *l, struct exec_vmcmd *cmd)
176 {
177 struct uvm_object *uobj;
178 struct vnode *vp = cmd->ev_vp;
179 struct proc *p = l->l_proc;
180 int error;
181 vm_prot_t prot, maxprot;
182
183 KASSERT(vp->v_iflag & VI_TEXT);
184
185 /*
186 * map the vnode in using uvm_map.
187 */
188
189 if (cmd->ev_len == 0)
190 return 0;
191 if (cmd->ev_offset & PAGE_MASK)
192 return EINVAL;
193 if (cmd->ev_addr & PAGE_MASK)
194 return EINVAL;
195 if (cmd->ev_len & PAGE_MASK)
196 return EINVAL;
197
198 if ((error = vmcmd_get_prot(l, cmd, &prot, &maxprot)) != 0)
199 return error;
200
201 /*
202 * check the file system's opinion about mmapping the file
203 */
204
205 error = VOP_MMAP(vp, prot, l->l_cred);
206 if (error)
207 return error;
208
209 if ((vp->v_vflag & VV_MAPPED) == 0) {
210 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
211 vp->v_vflag |= VV_MAPPED;
212 VOP_UNLOCK(vp);
213 }
214
215 /*
216 * do the map, reference the object for this map entry
217 */
218 uobj = &vp->v_uobj;
219 vref(vp);
220
221 error = uvm_map(&p->p_vmspace->vm_map, &cmd->ev_addr, cmd->ev_len,
222 uobj, cmd->ev_offset, 0,
223 UVM_MAPFLAG(prot, maxprot, UVM_INH_COPY,
224 UVM_ADV_NORMAL, UVM_FLAG_COPYONW|UVM_FLAG_FIXED));
225 if (error) {
226 uobj->pgops->pgo_detach(uobj);
227 }
228 return error;
229 }
230
231 /*
232 * vmcmd_map_readvn():
233 * handle vmcmd which specifies that a vnode should be read from.
234 * appropriate for non-demand-paged text/data segments, i.e. impure
235 * objects (a la OMAGIC and NMAGIC).
236 */
237 int
238 vmcmd_map_readvn(struct lwp *l, struct exec_vmcmd *cmd)
239 {
240 struct proc *p = l->l_proc;
241 int error;
242 long diff;
243
244 if (cmd->ev_len == 0)
245 return 0;
246
247 diff = cmd->ev_addr - trunc_page(cmd->ev_addr);
248 cmd->ev_addr -= diff; /* required by uvm_map */
249 cmd->ev_offset -= diff;
250 cmd->ev_len += diff;
251
252 error = uvm_map(&p->p_vmspace->vm_map, &cmd->ev_addr,
253 round_page(cmd->ev_len), NULL, UVM_UNKNOWN_OFFSET, 0,
254 UVM_MAPFLAG(UVM_PROT_ALL, UVM_PROT_ALL, UVM_INH_COPY,
255 UVM_ADV_NORMAL,
256 UVM_FLAG_FIXED|UVM_FLAG_OVERLAY|UVM_FLAG_COPYONW));
257
258 if (error)
259 return error;
260
261 return vmcmd_readvn(l, cmd);
262 }
263
264 int
265 vmcmd_readvn(struct lwp *l, struct exec_vmcmd *cmd)
266 {
267 struct proc *p = l->l_proc;
268 int error;
269 vm_prot_t prot, maxprot;
270
271 error = vn_rdwr(UIO_READ, cmd->ev_vp, (void *)cmd->ev_addr,
272 cmd->ev_len, cmd->ev_offset, UIO_USERSPACE, IO_UNIT,
273 l->l_cred, NULL, l);
274 if (error)
275 return error;
276
277 if ((error = vmcmd_get_prot(l, cmd, &prot, &maxprot)) != 0)
278 return error;
279
280 #ifdef PMAP_NEED_PROCWR
281 /*
282 * we had to write the process, make sure the pages are synched
283 * with the instruction cache.
284 */
285 if (prot & VM_PROT_EXECUTE)
286 pmap_procwr(p, cmd->ev_addr, cmd->ev_len);
287 #endif
288
289 /*
290 * we had to map in the area at PROT_ALL so that vn_rdwr()
291 * could write to it. however, the caller seems to want
292 * it mapped read-only, so now we are going to have to call
293 * uvm_map_protect() to fix up the protection. ICK.
294 */
295 if (maxprot != VM_PROT_ALL) {
296 error = uvm_map_protect(&p->p_vmspace->vm_map,
297 trunc_page(cmd->ev_addr),
298 round_page(cmd->ev_addr + cmd->ev_len),
299 maxprot, true);
300 if (error)
301 return error;
302 }
303
304 if (prot != maxprot) {
305 error = uvm_map_protect(&p->p_vmspace->vm_map,
306 trunc_page(cmd->ev_addr),
307 round_page(cmd->ev_addr + cmd->ev_len),
308 prot, false);
309 if (error)
310 return error;
311 }
312
313 return 0;
314 }
315
316 /*
317 * vmcmd_map_zero():
318 * handle vmcmd which specifies a zero-filled address space region. The
319 * address range must be first allocated, then protected appropriately.
320 */
321
322 int
323 vmcmd_map_zero(struct lwp *l, struct exec_vmcmd *cmd)
324 {
325 struct proc *p = l->l_proc;
326 int error;
327 long diff;
328 vm_prot_t prot, maxprot;
329
330 diff = cmd->ev_addr - trunc_page(cmd->ev_addr);
331 cmd->ev_addr -= diff; /* required by uvm_map */
332 cmd->ev_len += diff;
333
334 if ((error = vmcmd_get_prot(l, cmd, &prot, &maxprot)) != 0)
335 return error;
336
337 error = uvm_map(&p->p_vmspace->vm_map, &cmd->ev_addr,
338 round_page(cmd->ev_len), NULL, UVM_UNKNOWN_OFFSET, 0,
339 UVM_MAPFLAG(prot, maxprot, UVM_INH_COPY,
340 UVM_ADV_NORMAL,
341 UVM_FLAG_FIXED|UVM_FLAG_COPYONW));
342 if (cmd->ev_flags & VMCMD_STACK)
343 curproc->p_vmspace->vm_issize += atop(round_page(cmd->ev_len));
344 return error;
345 }
346
347 /*
348 * exec_read():
349 *
350 * Read from vnode into buffer at offset.
351 */
352 int
353 exec_read(struct lwp *l, struct vnode *vp, u_long off, void *bf, size_t size,
354 int ioflg)
355 {
356 int error;
357 size_t resid;
358
359 KASSERT((ioflg & IO_NODELOCKED) == 0 || VOP_ISLOCKED(vp) != LK_NONE);
360
361 if ((error = vn_rdwr(UIO_READ, vp, bf, size, off, UIO_SYSSPACE,
362 ioflg, l->l_cred, &resid, NULL)) != 0)
363 return error;
364 /*
365 * See if we got all of it
366 */
367 if (resid != 0)
368 return ENOEXEC;
369 return 0;
370 }
371
372 /*
373 * exec_setup_stack(): Set up the stack segment for an elf
374 * executable.
375 *
376 * Note that the ep_ssize parameter must be set to be the current stack
377 * limit; this is adjusted in the body of execve() to yield the
378 * appropriate stack segment usage once the argument length is
379 * calculated.
380 *
381 * This function returns an int for uniformity with other (future) formats'
382 * stack setup functions. They might have errors to return.
383 */
384
385 int
386 exec_setup_stack(struct lwp *l, struct exec_package *epp)
387 {
388 vsize_t max_stack_size;
389 vaddr_t access_linear_min;
390 vsize_t access_size;
391 vaddr_t noaccess_linear_min;
392 vsize_t noaccess_size;
393
394 #ifndef USRSTACK32
395 #define USRSTACK32 (0x00000000ffffffffL&~PGOFSET)
396 #endif
397 #ifndef MAXSSIZ32
398 #define MAXSSIZ32 (MAXSSIZ >> 2)
399 #endif
400
401 if (epp->ep_flags & EXEC_32) {
402 epp->ep_minsaddr = USRSTACK32;
403 max_stack_size = MAXSSIZ32;
404 } else {
405 epp->ep_minsaddr = USRSTACK;
406 max_stack_size = MAXSSIZ;
407 }
408
409 DPRINTF(("ep_minsaddr=%#jx max_stack_size=%#jx\n",
410 (uintmax_t)epp->ep_minsaddr, (uintmax_t)max_stack_size));
411
412 pax_aslr_stack(epp, &max_stack_size);
413
414 DPRINTF(("[RLIMIT_STACK].lim_cur=%#jx max_stack_size=%#jx\n",
415 (uintmax_t)l->l_proc->p_rlimit[RLIMIT_STACK].rlim_cur,
416 (uintmax_t)max_stack_size));
417 epp->ep_ssize = MIN(l->l_proc->p_rlimit[RLIMIT_STACK].rlim_cur,
418 max_stack_size);
419
420 l->l_proc->p_stackbase = epp->ep_minsaddr;
421
422 epp->ep_maxsaddr = (vaddr_t)STACK_GROW(epp->ep_minsaddr,
423 max_stack_size);
424
425 DPRINTF(("ep_ssize=%#jx ep_minsaddr=%#jx ep_maxsaddr=%#jx\n",
426 (uintmax_t)epp->ep_ssize, (uintmax_t)epp->ep_minsaddr,
427 (uintmax_t)epp->ep_maxsaddr));
428
429 /*
430 * set up commands for stack. note that this takes *two*, one to
431 * map the part of the stack which we can access, and one to map
432 * the part which we can't.
433 *
434 * arguably, it could be made into one, but that would require the
435 * addition of another mapping proc, which is unnecessary
436 */
437 access_size = epp->ep_ssize;
438 access_linear_min = (vaddr_t)STACK_ALLOC(epp->ep_minsaddr, access_size);
439 noaccess_size = max_stack_size - access_size;
440 noaccess_linear_min = (vaddr_t)STACK_ALLOC(STACK_GROW(epp->ep_minsaddr,
441 access_size), noaccess_size);
442
443 DPRINTF(("access_size=%#jx, access_linear_min=%#jx, "
444 "noaccess_size=%#jx, noaccess_linear_min=%#jx\n",
445 (uintmax_t)access_size, (uintmax_t)access_linear_min,
446 (uintmax_t)noaccess_size, (uintmax_t)noaccess_linear_min));
447
448 if (user_stack_guard_size > 0) {
449 #ifdef __MACHINE_STACK_GROWS_UP
450 vsize_t guard_size = MIN(VM_MAXUSER_ADDRESS - epp->ep_maxsaddr, user_stack_guard_size);
451 if (guard_size > 0)
452 NEW_VMCMD(&epp->ep_vmcmds, vmcmd_map_zero, guard_size,
453 epp->ep_maxsaddr, NULL, 0, VM_PROT_NONE);
454 #else
455 NEW_VMCMD(&epp->ep_vmcmds, vmcmd_map_zero, user_stack_guard_size,
456 epp->ep_maxsaddr - user_stack_guard_size, NULL, 0, VM_PROT_NONE);
457 #endif
458 }
459 if (noaccess_size > 0 && noaccess_size <= MAXSSIZ) {
460 NEW_VMCMD2(&epp->ep_vmcmds, vmcmd_map_zero, noaccess_size,
461 noaccess_linear_min, NULL, 0, VM_PROT_NONE, VMCMD_STACK);
462 }
463 KASSERT(access_size > 0 && access_size <= MAXSSIZ);
464 NEW_VMCMD2(&epp->ep_vmcmds, vmcmd_map_zero, access_size,
465 access_linear_min, NULL, 0, VM_PROT_READ | VM_PROT_WRITE,
466 VMCMD_STACK);
467
468 return 0;
469 }
Cache object: c9900d32dd4c3df031097a6aad2dce52
|