FreeBSD/Linux Kernel Cross Reference
sys/kern/kern_exec.c
1 /* $NetBSD: kern_exec.c,v 1.185.2.3 2005/10/31 20:53:02 tron Exp $ */
2
3 /*-
4 * Copyright (C) 1993, 1994, 1996 Christopher G. Demetriou
5 * Copyright (C) 1992 Wolfgang Solfrank.
6 * Copyright (C) 1992 TooLs GmbH.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed by TooLs GmbH.
20 * 4. The name of TooLs GmbH may not be used to endorse or promote products
21 * derived from this software without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY TOOLS GMBH ``AS IS'' AND ANY EXPRESS OR
24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
26 * IN NO EVENT SHALL TOOLS GMBH BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
27 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
28 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
29 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
30 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
31 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
32 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 */
34
35 #include <sys/cdefs.h>
36 __KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.185.2.3 2005/10/31 20:53:02 tron Exp $");
37
38 #include "opt_ktrace.h"
39 #include "opt_syscall_debug.h"
40 #include "opt_compat_netbsd.h"
41
42 #include <sys/param.h>
43 #include <sys/systm.h>
44 #include <sys/filedesc.h>
45 #include <sys/kernel.h>
46 #include <sys/proc.h>
47 #include <sys/mount.h>
48 #include <sys/malloc.h>
49 #include <sys/namei.h>
50 #include <sys/vnode.h>
51 #include <sys/file.h>
52 #include <sys/acct.h>
53 #include <sys/exec.h>
54 #include <sys/ktrace.h>
55 #include <sys/resourcevar.h>
56 #include <sys/wait.h>
57 #include <sys/mman.h>
58 #include <sys/ras.h>
59 #include <sys/signalvar.h>
60 #include <sys/stat.h>
61 #include <sys/syscall.h>
62
63 #include <sys/sa.h>
64 #include <sys/savar.h>
65 #include <sys/syscallargs.h>
66
67 #include <uvm/uvm_extern.h>
68
69 #include <machine/cpu.h>
70 #include <machine/reg.h>
71
72 static int exec_sigcode_map(struct proc *, const struct emul *);
73
74 #ifdef DEBUG_EXEC
75 #define DPRINTF(a) uprintf a
76 #else
77 #define DPRINTF(a)
78 #endif /* DEBUG_EXEC */
79
80 MALLOC_DEFINE(M_EXEC, "exec", "argument lists & other mem used by exec");
81
82 /*
83 * Exec function switch:
84 *
85 * Note that each makecmds function is responsible for loading the
86 * exec package with the necessary functions for any exec-type-specific
87 * handling.
88 *
89 * Functions for specific exec types should be defined in their own
90 * header file.
91 */
92 extern const struct execsw execsw_builtin[];
93 extern int nexecs_builtin;
94 static const struct execsw **execsw = NULL;
95 static int nexecs;
96
97 u_int exec_maxhdrsz; /* must not be static - netbsd32 needs it */
98
99 #ifdef LKM
100 /* list of supported emulations */
101 static
102 LIST_HEAD(emlist_head, emul_entry) el_head = LIST_HEAD_INITIALIZER(el_head);
103 struct emul_entry {
104 LIST_ENTRY(emul_entry) el_list;
105 const struct emul *el_emul;
106 int ro_entry;
107 };
108
109 /* list of dynamically loaded execsw entries */
110 static
111 LIST_HEAD(execlist_head, exec_entry) ex_head = LIST_HEAD_INITIALIZER(ex_head);
112 struct exec_entry {
113 LIST_ENTRY(exec_entry) ex_list;
114 const struct execsw *es;
115 };
116
117 /* structure used for building execw[] */
118 struct execsw_entry {
119 struct execsw_entry *next;
120 const struct execsw *es;
121 };
122 #endif /* LKM */
123
124 #ifdef SYSCALL_DEBUG
125 extern const char * const syscallnames[];
126 #endif
127 #ifdef __HAVE_SYSCALL_INTERN
128 void syscall_intern(struct proc *);
129 #else
130 void syscall(void);
131 #endif
132
133 #ifdef COMPAT_16
134 extern char sigcode[], esigcode[];
135 struct uvm_object *emul_netbsd_object;
136 #endif
137
138 /* NetBSD emul struct */
139 const struct emul emul_netbsd = {
140 "netbsd",
141 NULL, /* emulation path */
142 #ifndef __HAVE_MINIMAL_EMUL
143 EMUL_HAS_SYS___syscall,
144 NULL,
145 SYS_syscall,
146 SYS_NSYSENT,
147 #endif
148 sysent,
149 #ifdef SYSCALL_DEBUG
150 syscallnames,
151 #else
152 NULL,
153 #endif
154 sendsig,
155 trapsignal,
156 NULL,
157 #ifdef COMPAT_16
158 sigcode,
159 esigcode,
160 &emul_netbsd_object,
161 #else
162 NULL,
163 NULL,
164 NULL,
165 #endif
166 setregs,
167 NULL,
168 NULL,
169 NULL,
170 NULL,
171 NULL,
172 #ifdef __HAVE_SYSCALL_INTERN
173 syscall_intern,
174 #else
175 syscall,
176 #endif
177 NULL,
178 NULL,
179 };
180
181 #ifdef LKM
182 /*
183 * Exec lock. Used to control access to execsw[] structures.
184 * This must not be static so that netbsd32 can access it, too.
185 */
186 struct lock exec_lock;
187
188 static void link_es(struct execsw_entry **, const struct execsw *);
189 #endif /* LKM */
190
191 /*
192 * check exec:
193 * given an "executable" described in the exec package's namei info,
194 * see what we can do with it.
195 *
196 * ON ENTRY:
197 * exec package with appropriate namei info
198 * proc pointer of exec'ing proc
199 * iff verified exec enabled then flag indicating a direct exec or
200 * an indirect exec (i.e. for a shell script interpreter)
201 * NO SELF-LOCKED VNODES
202 *
203 * ON EXIT:
204 * error: nothing held, etc. exec header still allocated.
205 * ok: filled exec package, executable's vnode (unlocked).
206 *
207 * EXEC SWITCH ENTRY:
208 * Locked vnode to check, exec package, proc.
209 *
210 * EXEC SWITCH EXIT:
211 * ok: return 0, filled exec package, executable's vnode (unlocked).
212 * error: destructive:
213 * everything deallocated execept exec header.
214 * non-destructive:
215 * error code, executable's vnode (unlocked),
216 * exec header unmodified.
217 */
218 int
219 #ifdef VERIFIED_EXEC
220 check_exec(struct proc *p, struct exec_package *epp, int direct_exec)
221 #else
222 check_exec(struct proc *p, struct exec_package *epp)
223 #endif
224 {
225 int error, i;
226 struct vnode *vp;
227 struct nameidata *ndp;
228 size_t resid;
229
230 ndp = epp->ep_ndp;
231 ndp->ni_cnd.cn_nameiop = LOOKUP;
232 ndp->ni_cnd.cn_flags = FOLLOW | LOCKLEAF | SAVENAME;
233 /* first get the vnode */
234 if ((error = namei(ndp)) != 0)
235 return error;
236 epp->ep_vp = vp = ndp->ni_vp;
237
238 /* check access and type */
239 if (vp->v_type != VREG) {
240 error = EACCES;
241 goto bad1;
242 }
243 if ((error = VOP_ACCESS(vp, VEXEC, p->p_ucred, p)) != 0)
244 goto bad1;
245
246 /* get attributes */
247 if ((error = VOP_GETATTR(vp, epp->ep_vap, p->p_ucred, p)) != 0)
248 goto bad1;
249
250 /* Check mount point */
251 if (vp->v_mount->mnt_flag & MNT_NOEXEC) {
252 error = EACCES;
253 goto bad1;
254 }
255 if (vp->v_mount->mnt_flag & MNT_NOSUID)
256 epp->ep_vap->va_mode &= ~(S_ISUID | S_ISGID);
257
258 /* try to open it */
259 if ((error = VOP_OPEN(vp, FREAD, p->p_ucred, p)) != 0)
260 goto bad1;
261
262 /* unlock vp, since we need it unlocked from here on out. */
263 VOP_UNLOCK(vp, 0);
264
265
266 #ifdef VERIFIED_EXEC
267 /* Evaluate signature for file... */
268 if ((error = check_veriexec(p, vp, epp, direct_exec)) != 0)
269 goto bad2;
270 #endif
271
272 /* now we have the file, get the exec header */
273 uvn_attach(vp, VM_PROT_READ);
274 error = vn_rdwr(UIO_READ, vp, epp->ep_hdr, epp->ep_hdrlen, 0,
275 UIO_SYSSPACE, 0, p->p_ucred, &resid, p);
276 if (error)
277 goto bad2;
278 epp->ep_hdrvalid = epp->ep_hdrlen - resid;
279
280 /*
281 * Set up default address space limits. Can be overridden
282 * by individual exec packages.
283 *
284 * XXX probably should be all done in the exec pakages.
285 */
286 epp->ep_vm_minaddr = VM_MIN_ADDRESS;
287 epp->ep_vm_maxaddr = VM_MAXUSER_ADDRESS;
288 /*
289 * set up the vmcmds for creation of the process
290 * address space
291 */
292 error = ENOEXEC;
293 for (i = 0; i < nexecs && error != 0; i++) {
294 int newerror;
295
296 epp->ep_esch = execsw[i];
297 newerror = (*execsw[i]->es_makecmds)(p, epp);
298 /* make sure the first "interesting" error code is saved. */
299 if (!newerror || error == ENOEXEC)
300 error = newerror;
301
302 /* if es_makecmds call was successful, update epp->ep_es */
303 if (!newerror && (epp->ep_flags & EXEC_HASES) == 0)
304 epp->ep_es = execsw[i];
305
306 if (epp->ep_flags & EXEC_DESTR && error != 0)
307 return error;
308 }
309 if (!error) {
310 /* check that entry point is sane */
311 if (epp->ep_entry > VM_MAXUSER_ADDRESS)
312 error = ENOEXEC;
313
314 /* check limits */
315 if ((epp->ep_tsize > MAXTSIZ) ||
316 (epp->ep_dsize >
317 (u_quad_t)p->p_rlimit[RLIMIT_DATA].rlim_cur))
318 error = ENOMEM;
319
320 if (!error)
321 return (0);
322 }
323
324 /*
325 * free any vmspace-creation commands,
326 * and release their references
327 */
328 kill_vmcmds(&epp->ep_vmcmds);
329
330 bad2:
331 /*
332 * close and release the vnode, restore the old one, free the
333 * pathname buf, and punt.
334 */
335 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
336 VOP_CLOSE(vp, FREAD, p->p_ucred, p);
337 vput(vp);
338 PNBUF_PUT(ndp->ni_cnd.cn_pnbuf);
339 return error;
340
341 bad1:
342 /*
343 * free the namei pathname buffer, and put the vnode
344 * (which we don't yet have open).
345 */
346 vput(vp); /* was still locked */
347 PNBUF_PUT(ndp->ni_cnd.cn_pnbuf);
348 return error;
349 }
350
351 /*
352 * exec system call
353 */
354 /* ARGSUSED */
355 int
356 sys_execve(struct lwp *l, void *v, register_t *retval)
357 {
358 struct sys_execve_args /* {
359 syscallarg(const char *) path;
360 syscallarg(char * const *) argp;
361 syscallarg(char * const *) envp;
362 } */ *uap = v;
363 int error;
364 u_int i;
365 struct exec_package pack;
366 struct nameidata nid;
367 struct vattr attr;
368 struct proc *p;
369 struct ucred *cred;
370 char *argp;
371 char * const *cpp;
372 char *dp, *sp;
373 long argc, envc;
374 size_t len;
375 char *stack;
376 struct ps_strings arginfo;
377 struct vmspace *vm;
378 char **tmpfap;
379 int szsigcode;
380 struct exec_vmcmd *base_vcp;
381 int oldlwpflags;
382
383 /* Disable scheduler activation upcalls. */
384 oldlwpflags = l->l_flag & (L_SA | L_SA_UPCALL);
385 if (l->l_flag & L_SA)
386 l->l_flag &= ~(L_SA | L_SA_UPCALL);
387
388 p = l->l_proc;
389 /*
390 * Lock the process and set the P_INEXEC flag to indicate that
391 * it should be left alone until we're done here. This is
392 * necessary to avoid race conditions - e.g. in ptrace() -
393 * that might allow a local user to illicitly obtain elevated
394 * privileges.
395 */
396 p->p_flag |= P_INEXEC;
397
398 cred = p->p_ucred;
399 base_vcp = NULL;
400 /*
401 * Init the namei data to point the file user's program name.
402 * This is done here rather than in check_exec(), so that it's
403 * possible to override this settings if any of makecmd/probe
404 * functions call check_exec() recursively - for example,
405 * see exec_script_makecmds().
406 */
407 NDINIT(&nid, LOOKUP, NOFOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
408
409 /*
410 * initialize the fields of the exec package.
411 */
412 pack.ep_name = SCARG(uap, path);
413 pack.ep_hdr = malloc(exec_maxhdrsz, M_EXEC, M_WAITOK);
414 pack.ep_hdrlen = exec_maxhdrsz;
415 pack.ep_hdrvalid = 0;
416 pack.ep_ndp = &nid;
417 pack.ep_emul_arg = NULL;
418 pack.ep_vmcmds.evs_cnt = 0;
419 pack.ep_vmcmds.evs_used = 0;
420 pack.ep_vap = &attr;
421 pack.ep_flags = 0;
422
423 #ifdef LKM
424 lockmgr(&exec_lock, LK_SHARED, NULL);
425 #endif
426
427 /* see if we can run it. */
428 #ifdef VERIFIED_EXEC
429 if ((error = check_exec(p, &pack, 1)) != 0)
430 /* if ((error = check_exec(p, &pack, 0)) != 0) */
431 #else
432 if ((error = check_exec(p, &pack)) != 0)
433 #endif
434 goto freehdr;
435
436 /* XXX -- THE FOLLOWING SECTION NEEDS MAJOR CLEANUP */
437
438 /* allocate an argument buffer */
439 argp = (char *) uvm_km_valloc_wait(exec_map, NCARGS);
440 #ifdef DIAGNOSTIC
441 if (argp == (vaddr_t) 0)
442 panic("execve: argp == NULL");
443 #endif
444 dp = argp;
445 argc = 0;
446
447 /* copy the fake args list, if there's one, freeing it as we go */
448 if (pack.ep_flags & EXEC_HASARGL) {
449 tmpfap = pack.ep_fa;
450 while (*tmpfap != NULL) {
451 char *cp;
452
453 cp = *tmpfap;
454 while (*cp)
455 *dp++ = *cp++;
456 dp++;
457
458 FREE(*tmpfap, M_EXEC);
459 tmpfap++; argc++;
460 }
461 FREE(pack.ep_fa, M_EXEC);
462 pack.ep_flags &= ~EXEC_HASARGL;
463 }
464
465 /* Now get argv & environment */
466 if (!(cpp = SCARG(uap, argp))) {
467 error = EINVAL;
468 goto bad;
469 }
470
471 if (pack.ep_flags & EXEC_SKIPARG)
472 cpp++;
473
474 while (1) {
475 len = argp + ARG_MAX - dp;
476 if ((error = copyin(cpp, &sp, sizeof(sp))) != 0)
477 goto bad;
478 if (!sp)
479 break;
480 if ((error = copyinstr(sp, dp, len, &len)) != 0) {
481 if (error == ENAMETOOLONG)
482 error = E2BIG;
483 goto bad;
484 }
485 #ifdef KTRACE
486 if (KTRPOINT(p, KTR_EXEC_ARG))
487 ktrkmem(p, KTR_EXEC_ARG, dp, len - 1);
488 #endif
489 dp += len;
490 cpp++;
491 argc++;
492 }
493
494 envc = 0;
495 /* environment need not be there */
496 if ((cpp = SCARG(uap, envp)) != NULL ) {
497 while (1) {
498 len = argp + ARG_MAX - dp;
499 if ((error = copyin(cpp, &sp, sizeof(sp))) != 0)
500 goto bad;
501 if (!sp)
502 break;
503 if ((error = copyinstr(sp, dp, len, &len)) != 0) {
504 if (error == ENAMETOOLONG)
505 error = E2BIG;
506 goto bad;
507 }
508 #ifdef KTRACE
509 if (KTRPOINT(p, KTR_EXEC_ENV))
510 ktrkmem(p, KTR_EXEC_ENV, dp, len - 1);
511 #endif
512 dp += len;
513 cpp++;
514 envc++;
515 }
516 }
517
518 dp = (char *) ALIGN(dp);
519
520 szsigcode = pack.ep_es->es_emul->e_esigcode -
521 pack.ep_es->es_emul->e_sigcode;
522
523 /* Now check if args & environ fit into new stack */
524 if (pack.ep_flags & EXEC_32)
525 len = ((argc + envc + 2 + pack.ep_es->es_arglen) *
526 sizeof(int) + sizeof(int) + dp + STACKGAPLEN +
527 szsigcode + sizeof(struct ps_strings)) - argp;
528 else
529 len = ((argc + envc + 2 + pack.ep_es->es_arglen) *
530 sizeof(char *) + sizeof(int) + dp + STACKGAPLEN +
531 szsigcode + sizeof(struct ps_strings)) - argp;
532
533 len = ALIGN(len); /* make the stack "safely" aligned */
534
535 if (len > pack.ep_ssize) { /* in effect, compare to initial limit */
536 error = ENOMEM;
537 goto bad;
538 }
539
540 /* Get rid of other LWPs/ */
541 p->p_flag |= P_WEXIT; /* XXX hack. lwp-exit stuff wants to see it. */
542 exit_lwps(l);
543 p->p_flag &= ~P_WEXIT;
544 KDASSERT(p->p_nlwps == 1);
545
546 /* This is now LWP 1 */
547 l->l_lid = 1;
548 p->p_nlwpid = 1;
549
550 /* Release any SA state. */
551 if (p->p_sa)
552 sa_release(p);
553
554 /* Remove POSIX timers */
555 timers_free(p, TIMERS_POSIX);
556
557 /* adjust "active stack depth" for process VSZ */
558 pack.ep_ssize = len; /* maybe should go elsewhere, but... */
559
560 /*
561 * Do whatever is necessary to prepare the address space
562 * for remapping. Note that this might replace the current
563 * vmspace with another!
564 */
565 uvmspace_exec(l, pack.ep_vm_minaddr, pack.ep_vm_maxaddr);
566
567 /* record proc's vnode, for use by procfs and others */
568 if (p->p_textvp)
569 vrele(p->p_textvp);
570 VREF(pack.ep_vp);
571 p->p_textvp = pack.ep_vp;
572
573 /* Now map address space */
574 vm = p->p_vmspace;
575 vm->vm_taddr = (caddr_t) pack.ep_taddr;
576 vm->vm_tsize = btoc(pack.ep_tsize);
577 vm->vm_daddr = (caddr_t) pack.ep_daddr;
578 vm->vm_dsize = btoc(pack.ep_dsize);
579 vm->vm_ssize = btoc(pack.ep_ssize);
580 vm->vm_maxsaddr = (caddr_t) pack.ep_maxsaddr;
581 vm->vm_minsaddr = (caddr_t) pack.ep_minsaddr;
582
583 /* create the new process's VM space by running the vmcmds */
584 #ifdef DIAGNOSTIC
585 if (pack.ep_vmcmds.evs_used == 0)
586 panic("execve: no vmcmds");
587 #endif
588 for (i = 0; i < pack.ep_vmcmds.evs_used && !error; i++) {
589 struct exec_vmcmd *vcp;
590
591 vcp = &pack.ep_vmcmds.evs_cmds[i];
592 if (vcp->ev_flags & VMCMD_RELATIVE) {
593 #ifdef DIAGNOSTIC
594 if (base_vcp == NULL)
595 panic("execve: relative vmcmd with no base");
596 if (vcp->ev_flags & VMCMD_BASE)
597 panic("execve: illegal base & relative vmcmd");
598 #endif
599 vcp->ev_addr += base_vcp->ev_addr;
600 }
601 error = (*vcp->ev_proc)(p, vcp);
602 #ifdef DEBUG_EXEC
603 if (error) {
604 int j;
605 struct exec_vmcmd *vp = &pack.ep_vmcmds.evs_cmds[0];
606 for (j = 0; j <= i; j++)
607 uprintf(
608 "vmcmd[%d] = %#lx/%#lx fd@%#lx prot=0%o flags=%d\n",
609 j, vp[j].ev_addr, vp[j].ev_len,
610 vp[j].ev_offset, vp[j].ev_prot,
611 vp[j].ev_flags);
612 }
613 #endif /* DEBUG_EXEC */
614 if (vcp->ev_flags & VMCMD_BASE)
615 base_vcp = vcp;
616 }
617
618 /* free the vmspace-creation commands, and release their references */
619 kill_vmcmds(&pack.ep_vmcmds);
620
621 vn_lock(pack.ep_vp, LK_EXCLUSIVE | LK_RETRY);
622 VOP_CLOSE(pack.ep_vp, FREAD, cred, p);
623 vput(pack.ep_vp);
624
625 /* if an error happened, deallocate and punt */
626 if (error) {
627 DPRINTF(("execve: vmcmd %i failed: %d\n", i - 1, error));
628 goto exec_abort;
629 }
630
631 /* remember information about the process */
632 arginfo.ps_nargvstr = argc;
633 arginfo.ps_nenvstr = envc;
634
635 stack = (char *)STACK_ALLOC(STACK_GROW(vm->vm_minsaddr,
636 sizeof(struct ps_strings) + szsigcode),
637 len - (sizeof(struct ps_strings) + szsigcode));
638 #ifdef __MACHINE_STACK_GROWS_UP
639 /*
640 * The copyargs call always copies into lower addresses
641 * first, moving towards higher addresses, starting with
642 * the stack pointer that we give. When the stack grows
643 * down, this puts argc/argv/envp very shallow on the
644 * stack, right at the first user stack pointer, and puts
645 * STACKGAPLEN very deep in the stack. When the stack
646 * grows up, the situation is reversed.
647 *
648 * Normally, this is no big deal. But the ld_elf.so _rtld()
649 * function expects to be called with a single pointer to
650 * a region that has a few words it can stash values into,
651 * followed by argc/argv/envp. When the stack grows down,
652 * it's easy to decrement the stack pointer a little bit to
653 * allocate the space for these few words and pass the new
654 * stack pointer to _rtld. When the stack grows up, however,
655 * a few words before argc is part of the signal trampoline, XXX
656 * so we have a problem.
657 *
658 * Instead of changing how _rtld works, we take the easy way
659 * out and steal 32 bytes before we call copyargs. This
660 * space is effectively stolen from STACKGAPLEN.
661 */
662 stack += 32;
663 #endif /* __MACHINE_STACK_GROWS_UP */
664
665 /* Now copy argc, args & environ to new stack */
666 error = (*pack.ep_es->es_copyargs)(p, &pack, &arginfo, &stack, argp);
667 if (error) {
668 DPRINTF(("execve: copyargs failed %d\n", error));
669 goto exec_abort;
670 }
671 /* Move the stack back to original point */
672 stack = (char *)STACK_GROW(vm->vm_minsaddr, len);
673
674 /* fill process ps_strings info */
675 p->p_psstr = (struct ps_strings *)STACK_ALLOC(vm->vm_minsaddr,
676 sizeof(struct ps_strings));
677 p->p_psargv = offsetof(struct ps_strings, ps_argvstr);
678 p->p_psnargv = offsetof(struct ps_strings, ps_nargvstr);
679 p->p_psenv = offsetof(struct ps_strings, ps_envstr);
680 p->p_psnenv = offsetof(struct ps_strings, ps_nenvstr);
681
682 /* copy out the process's ps_strings structure */
683 if ((error = copyout(&arginfo, (char *)p->p_psstr,
684 sizeof(arginfo))) != 0) {
685 DPRINTF(("execve: ps_strings copyout %p->%p size %ld failed\n",
686 &arginfo, (char *)p->p_psstr, (long)sizeof(arginfo)));
687 goto exec_abort;
688 }
689
690 stopprofclock(p); /* stop profiling */
691 fdcloseexec(p); /* handle close on exec */
692 execsigs(p); /* reset catched signals */
693
694 l->l_ctxlink = NULL; /* reset ucontext link */
695
696 /* set command name & other accounting info */
697 len = min(nid.ni_cnd.cn_namelen, MAXCOMLEN);
698 memcpy(p->p_comm, nid.ni_cnd.cn_nameptr, len);
699 p->p_comm[len] = 0;
700 p->p_acflag &= ~AFORK;
701
702 p->p_flag |= P_EXEC;
703 if (p->p_flag & P_PPWAIT) {
704 p->p_flag &= ~P_PPWAIT;
705 wakeup((caddr_t) p->p_pptr);
706 }
707
708 /*
709 * deal with set[ug]id.
710 * MNT_NOSUID has already been used to disable s[ug]id.
711 */
712 if ((p->p_flag & P_TRACED) == 0 &&
713
714 (((attr.va_mode & S_ISUID) != 0 &&
715 p->p_ucred->cr_uid != attr.va_uid) ||
716
717 ((attr.va_mode & S_ISGID) != 0 &&
718 p->p_ucred->cr_gid != attr.va_gid))) {
719 /*
720 * Mark the process as SUGID before we do
721 * anything that might block.
722 */
723 p_sugid(p);
724
725 /* Make sure file descriptors 0..2 are in use. */
726 if ((error = fdcheckstd(p)) != 0)
727 goto exec_abort;
728
729 p->p_ucred = crcopy(cred);
730 #ifdef KTRACE
731 /*
732 * If process is being ktraced, turn off - unless
733 * root set it.
734 */
735 if (p->p_tracep && !(p->p_traceflag & KTRFAC_ROOT))
736 ktrderef(p);
737 #endif
738 if (attr.va_mode & S_ISUID)
739 p->p_ucred->cr_uid = attr.va_uid;
740 if (attr.va_mode & S_ISGID)
741 p->p_ucred->cr_gid = attr.va_gid;
742 } else {
743 if (p->p_ucred->cr_uid == p->p_cred->p_ruid &&
744 p->p_ucred->cr_gid == p->p_cred->p_rgid)
745 p->p_flag &= ~P_SUGID;
746 }
747 p->p_cred->p_svuid = p->p_ucred->cr_uid;
748 p->p_cred->p_svgid = p->p_ucred->cr_gid;
749
750 #if defined(__HAVE_RAS)
751 /*
752 * Remove all RASs from the address space.
753 */
754 ras_purgeall(p);
755 #endif
756
757 doexechooks(p);
758
759 uvm_km_free_wakeup(exec_map, (vaddr_t) argp, NCARGS);
760
761 PNBUF_PUT(nid.ni_cnd.cn_pnbuf);
762
763 /* notify others that we exec'd */
764 KNOTE(&p->p_klist, NOTE_EXEC);
765
766 /* setup new registers and do misc. setup. */
767 (*pack.ep_es->es_emul->e_setregs)(l, &pack, (u_long) stack);
768 if (pack.ep_es->es_setregs)
769 (*pack.ep_es->es_setregs)(l, &pack, (u_long) stack);
770
771 /* map the process's signal trampoline code */
772 if (exec_sigcode_map(p, pack.ep_es->es_emul))
773 goto exec_abort;
774
775 if (p->p_flag & P_TRACED)
776 psignal(p, SIGTRAP);
777
778 free(pack.ep_hdr, M_EXEC);
779
780 /*
781 * Call emulation specific exec hook. This can setup setup per-process
782 * p->p_emuldata or do any other per-process stuff an emulation needs.
783 *
784 * If we are executing process of different emulation than the
785 * original forked process, call e_proc_exit() of the old emulation
786 * first, then e_proc_exec() of new emulation. If the emulation is
787 * same, the exec hook code should deallocate any old emulation
788 * resources held previously by this process.
789 */
790 if (p->p_emul && p->p_emul->e_proc_exit
791 && p->p_emul != pack.ep_es->es_emul)
792 (*p->p_emul->e_proc_exit)(p);
793
794 /*
795 * Call exec hook. Emulation code may NOT store reference to anything
796 * from &pack.
797 */
798 if (pack.ep_es->es_emul->e_proc_exec)
799 (*pack.ep_es->es_emul->e_proc_exec)(p, &pack);
800
801 /* update p_emul, the old value is no longer needed */
802 p->p_emul = pack.ep_es->es_emul;
803
804 /* ...and the same for p_execsw */
805 p->p_execsw = pack.ep_es;
806
807 #ifdef __HAVE_SYSCALL_INTERN
808 (*p->p_emul->e_syscall_intern)(p);
809 #endif
810 #ifdef KTRACE
811 if (KTRPOINT(p, KTR_EMUL))
812 ktremul(p);
813 #endif
814
815 #ifdef LKM
816 lockmgr(&exec_lock, LK_RELEASE, NULL);
817 #endif
818 p->p_flag &= ~P_INEXEC;
819
820 if (p->p_flag & P_STOPEXEC) {
821 int s;
822
823 sigminusset(&contsigmask, &p->p_sigctx.ps_siglist);
824 SCHED_LOCK(s);
825 p->p_pptr->p_nstopchild++;
826 p->p_stat = SSTOP;
827 l->l_stat = LSSTOP;
828 p->p_nrlwps--;
829 mi_switch(l, NULL);
830 SCHED_ASSERT_UNLOCKED();
831 splx(s);
832 }
833
834 return (EJUSTRETURN);
835
836 bad:
837 p->p_flag &= ~P_INEXEC;
838 /* free the vmspace-creation commands, and release their references */
839 kill_vmcmds(&pack.ep_vmcmds);
840 /* kill any opened file descriptor, if necessary */
841 if (pack.ep_flags & EXEC_HASFD) {
842 pack.ep_flags &= ~EXEC_HASFD;
843 (void) fdrelease(p, pack.ep_fd);
844 }
845 /* close and put the exec'd file */
846 vn_lock(pack.ep_vp, LK_EXCLUSIVE | LK_RETRY);
847 VOP_CLOSE(pack.ep_vp, FREAD, cred, p);
848 vput(pack.ep_vp);
849 PNBUF_PUT(nid.ni_cnd.cn_pnbuf);
850 uvm_km_free_wakeup(exec_map, (vaddr_t) argp, NCARGS);
851
852 freehdr:
853 l->l_flag |= oldlwpflags;
854 p->p_flag &= ~P_INEXEC;
855 #ifdef LKM
856 lockmgr(&exec_lock, LK_RELEASE, NULL);
857 #endif
858
859 free(pack.ep_hdr, M_EXEC);
860 return error;
861
862 exec_abort:
863 p->p_flag &= ~P_INEXEC;
864 #ifdef LKM
865 lockmgr(&exec_lock, LK_RELEASE, NULL);
866 #endif
867
868 /*
869 * the old process doesn't exist anymore. exit gracefully.
870 * get rid of the (new) address space we have created, if any, get rid
871 * of our namei data and vnode, and exit noting failure
872 */
873 uvm_deallocate(&vm->vm_map, VM_MIN_ADDRESS,
874 VM_MAXUSER_ADDRESS - VM_MIN_ADDRESS);
875 if (pack.ep_emul_arg)
876 FREE(pack.ep_emul_arg, M_TEMP);
877 PNBUF_PUT(nid.ni_cnd.cn_pnbuf);
878 uvm_km_free_wakeup(exec_map, (vaddr_t) argp, NCARGS);
879 free(pack.ep_hdr, M_EXEC);
880 exit1(l, W_EXITCODE(error, SIGABRT));
881
882 /* NOTREACHED */
883 return 0;
884 }
885
886
887 int
888 copyargs(struct proc *p, struct exec_package *pack, struct ps_strings *arginfo,
889 char **stackp, void *argp)
890 {
891 char **cpp, *dp, *sp;
892 size_t len;
893 void *nullp;
894 long argc, envc;
895 int error;
896
897 cpp = (char **)*stackp;
898 nullp = NULL;
899 argc = arginfo->ps_nargvstr;
900 envc = arginfo->ps_nenvstr;
901 if ((error = copyout(&argc, cpp++, sizeof(argc))) != 0)
902 return error;
903
904 dp = (char *) (cpp + argc + envc + 2 + pack->ep_es->es_arglen);
905 sp = argp;
906
907 /* XXX don't copy them out, remap them! */
908 arginfo->ps_argvstr = cpp; /* remember location of argv for later */
909
910 for (; --argc >= 0; sp += len, dp += len)
911 if ((error = copyout(&dp, cpp++, sizeof(dp))) != 0 ||
912 (error = copyoutstr(sp, dp, ARG_MAX, &len)) != 0)
913 return error;
914
915 if ((error = copyout(&nullp, cpp++, sizeof(nullp))) != 0)
916 return error;
917
918 arginfo->ps_envstr = cpp; /* remember location of envp for later */
919
920 for (; --envc >= 0; sp += len, dp += len)
921 if ((error = copyout(&dp, cpp++, sizeof(dp))) != 0 ||
922 (error = copyoutstr(sp, dp, ARG_MAX, &len)) != 0)
923 return error;
924
925 if ((error = copyout(&nullp, cpp++, sizeof(nullp))) != 0)
926 return error;
927
928 *stackp = (char *)cpp;
929 return 0;
930 }
931
932 #ifdef LKM
933 /*
934 * Find an emulation of given name in list of emulations.
935 * Needs to be called with the exec_lock held.
936 */
937 const struct emul *
938 emul_search(const char *name)
939 {
940 struct emul_entry *it;
941
942 LIST_FOREACH(it, &el_head, el_list) {
943 if (strcmp(name, it->el_emul->e_name) == 0)
944 return it->el_emul;
945 }
946
947 return NULL;
948 }
949
950 /*
951 * Add an emulation to list, if it's not there already.
952 */
953 int
954 emul_register(const struct emul *emul, int ro_entry)
955 {
956 struct emul_entry *ee;
957 int error;
958
959 error = 0;
960 lockmgr(&exec_lock, LK_SHARED, NULL);
961
962 if (emul_search(emul->e_name)) {
963 error = EEXIST;
964 goto out;
965 }
966
967 MALLOC(ee, struct emul_entry *, sizeof(struct emul_entry),
968 M_EXEC, M_WAITOK);
969 ee->el_emul = emul;
970 ee->ro_entry = ro_entry;
971 LIST_INSERT_HEAD(&el_head, ee, el_list);
972
973 out:
974 lockmgr(&exec_lock, LK_RELEASE, NULL);
975 return error;
976 }
977
978 /*
979 * Remove emulation with name 'name' from list of supported emulations.
980 */
981 int
982 emul_unregister(const char *name)
983 {
984 const struct proclist_desc *pd;
985 struct emul_entry *it;
986 int i, error;
987 struct proc *ptmp;
988
989 error = 0;
990 lockmgr(&exec_lock, LK_SHARED, NULL);
991
992 LIST_FOREACH(it, &el_head, el_list) {
993 if (strcmp(it->el_emul->e_name, name) == 0)
994 break;
995 }
996
997 if (!it) {
998 error = ENOENT;
999 goto out;
1000 }
1001
1002 if (it->ro_entry) {
1003 error = EBUSY;
1004 goto out;
1005 }
1006
1007 /* test if any execw[] entry is still using this */
1008 for(i=0; i < nexecs; i++) {
1009 if (execsw[i]->es_emul == it->el_emul) {
1010 error = EBUSY;
1011 goto out;
1012 }
1013 }
1014
1015 /*
1016 * Test if any process is running under this emulation - since
1017 * emul_unregister() is running quite sendomly, it's better
1018 * to do expensive check here than to use any locking.
1019 */
1020 proclist_lock_read();
1021 for (pd = proclists; pd->pd_list != NULL && !error; pd++) {
1022 LIST_FOREACH(ptmp, pd->pd_list, p_list) {
1023 if (ptmp->p_emul == it->el_emul) {
1024 error = EBUSY;
1025 break;
1026 }
1027 }
1028 }
1029 proclist_unlock_read();
1030
1031 if (error)
1032 goto out;
1033
1034
1035 /* entry is not used, remove it */
1036 LIST_REMOVE(it, el_list);
1037 FREE(it, M_EXEC);
1038
1039 out:
1040 lockmgr(&exec_lock, LK_RELEASE, NULL);
1041 return error;
1042 }
1043
1044 /*
1045 * Add execsw[] entry.
1046 */
1047 int
1048 exec_add(struct execsw *esp, const char *e_name)
1049 {
1050 struct exec_entry *it;
1051 int error;
1052
1053 error = 0;
1054 lockmgr(&exec_lock, LK_EXCLUSIVE, NULL);
1055
1056 if (!esp->es_emul) {
1057 esp->es_emul = emul_search(e_name);
1058 if (!esp->es_emul) {
1059 error = ENOENT;
1060 goto out;
1061 }
1062 }
1063
1064 LIST_FOREACH(it, &ex_head, ex_list) {
1065 /* assume tuple (makecmds, probe_func, emulation) is unique */
1066 if (it->es->es_makecmds == esp->es_makecmds
1067 && it->es->u.elf_probe_func == esp->u.elf_probe_func
1068 && it->es->es_emul == esp->es_emul) {
1069 error = EEXIST;
1070 goto out;
1071 }
1072 }
1073
1074 /* if we got here, the entry doesn't exist yet */
1075 MALLOC(it, struct exec_entry *, sizeof(struct exec_entry),
1076 M_EXEC, M_WAITOK);
1077 it->es = esp;
1078 LIST_INSERT_HEAD(&ex_head, it, ex_list);
1079
1080 /* update execsw[] */
1081 exec_init(0);
1082
1083 out:
1084 lockmgr(&exec_lock, LK_RELEASE, NULL);
1085 return error;
1086 }
1087
1088 /*
1089 * Remove execsw[] entry.
1090 */
1091 int
1092 exec_remove(const struct execsw *esp)
1093 {
1094 struct exec_entry *it;
1095 int error;
1096
1097 error = 0;
1098 lockmgr(&exec_lock, LK_EXCLUSIVE, NULL);
1099
1100 LIST_FOREACH(it, &ex_head, ex_list) {
1101 /* assume tuple (makecmds, probe_func, emulation) is unique */
1102 if (it->es->es_makecmds == esp->es_makecmds
1103 && it->es->u.elf_probe_func == esp->u.elf_probe_func
1104 && it->es->es_emul == esp->es_emul)
1105 break;
1106 }
1107 if (!it) {
1108 error = ENOENT;
1109 goto out;
1110 }
1111
1112 /* remove item from list and free resources */
1113 LIST_REMOVE(it, ex_list);
1114 FREE(it, M_EXEC);
1115
1116 /* update execsw[] */
1117 exec_init(0);
1118
1119 out:
1120 lockmgr(&exec_lock, LK_RELEASE, NULL);
1121 return error;
1122 }
1123
1124 static void
1125 link_es(struct execsw_entry **listp, const struct execsw *esp)
1126 {
1127 struct execsw_entry *et, *e1;
1128
1129 MALLOC(et, struct execsw_entry *, sizeof(struct execsw_entry),
1130 M_TEMP, M_WAITOK);
1131 et->next = NULL;
1132 et->es = esp;
1133 if (*listp == NULL) {
1134 *listp = et;
1135 return;
1136 }
1137
1138 switch(et->es->es_prio) {
1139 case EXECSW_PRIO_FIRST:
1140 /* put new entry as the first */
1141 et->next = *listp;
1142 *listp = et;
1143 break;
1144 case EXECSW_PRIO_ANY:
1145 /* put new entry after all *_FIRST and *_ANY entries */
1146 for(e1 = *listp; e1->next
1147 && e1->next->es->es_prio != EXECSW_PRIO_LAST;
1148 e1 = e1->next);
1149 et->next = e1->next;
1150 e1->next = et;
1151 break;
1152 case EXECSW_PRIO_LAST:
1153 /* put new entry as the last one */
1154 for(e1 = *listp; e1->next; e1 = e1->next);
1155 e1->next = et;
1156 break;
1157 default:
1158 #ifdef DIAGNOSTIC
1159 panic("execw[] entry with unknown priority %d found",
1160 et->es->es_prio);
1161 #endif
1162 break;
1163 }
1164 }
1165
1166 /*
1167 * Initialize exec structures. If init_boot is true, also does necessary
1168 * one-time initialization (it's called from main() that way).
1169 * Once system is multiuser, this should be called with exec_lock held,
1170 * i.e. via exec_{add|remove}().
1171 */
1172 int
1173 exec_init(int init_boot)
1174 {
1175 const struct execsw **new_es, * const *old_es;
1176 struct execsw_entry *list, *e1;
1177 struct exec_entry *e2;
1178 int i, es_sz;
1179
1180 if (init_boot) {
1181 /* do one-time initializations */
1182 lockinit(&exec_lock, PWAIT, "execlck", 0, 0);
1183
1184 /* register compiled-in emulations */
1185 for(i=0; i < nexecs_builtin; i++) {
1186 if (execsw_builtin[i].es_emul)
1187 emul_register(execsw_builtin[i].es_emul, 1);
1188 }
1189 #ifdef DIAGNOSTIC
1190 if (i == 0)
1191 panic("no emulations found in execsw_builtin[]");
1192 #endif
1193 }
1194
1195 /*
1196 * Build execsw[] array from builtin entries and entries added
1197 * at runtime.
1198 */
1199 list = NULL;
1200 for(i=0; i < nexecs_builtin; i++)
1201 link_es(&list, &execsw_builtin[i]);
1202
1203 /* Add dynamically loaded entries */
1204 es_sz = nexecs_builtin;
1205 LIST_FOREACH(e2, &ex_head, ex_list) {
1206 link_es(&list, e2->es);
1207 es_sz++;
1208 }
1209
1210 /*
1211 * Now that we have sorted all execw entries, create new execsw[]
1212 * and free no longer needed memory in the process.
1213 */
1214 new_es = malloc(es_sz * sizeof(struct execsw *), M_EXEC, M_WAITOK);
1215 for(i=0; list; i++) {
1216 new_es[i] = list->es;
1217 e1 = list->next;
1218 FREE(list, M_TEMP);
1219 list = e1;
1220 }
1221
1222 /*
1223 * New execsw[] array built, now replace old execsw[] and free
1224 * used memory.
1225 */
1226 old_es = execsw;
1227 execsw = new_es;
1228 nexecs = es_sz;
1229 if (old_es)
1230 free((void *)old_es, M_EXEC);
1231
1232 /*
1233 * Figure out the maximum size of an exec header.
1234 */
1235 exec_maxhdrsz = 0;
1236 for (i = 0; i < nexecs; i++) {
1237 if (execsw[i]->es_hdrsz > exec_maxhdrsz)
1238 exec_maxhdrsz = execsw[i]->es_hdrsz;
1239 }
1240
1241 return 0;
1242 }
1243 #endif
1244
1245 #ifndef LKM
1246 /*
1247 * Simplified exec_init() for kernels without LKMs. Only initialize
1248 * exec_maxhdrsz and execsw[].
1249 */
1250 int
1251 exec_init(int init_boot)
1252 {
1253 int i;
1254
1255 #ifdef DIAGNOSTIC
1256 if (!init_boot)
1257 panic("exec_init(): called with init_boot == 0");
1258 #endif
1259
1260 /* do one-time initializations */
1261 nexecs = nexecs_builtin;
1262 execsw = malloc(nexecs*sizeof(struct execsw *), M_EXEC, M_WAITOK);
1263
1264 /*
1265 * Fill in execsw[] and figure out the maximum size of an exec header.
1266 */
1267 exec_maxhdrsz = 0;
1268 for(i=0; i < nexecs; i++) {
1269 execsw[i] = &execsw_builtin[i];
1270 if (execsw_builtin[i].es_hdrsz > exec_maxhdrsz)
1271 exec_maxhdrsz = execsw_builtin[i].es_hdrsz;
1272 }
1273
1274 return 0;
1275
1276 }
1277 #endif /* !LKM */
1278
1279 static int
1280 exec_sigcode_map(struct proc *p, const struct emul *e)
1281 {
1282 vaddr_t va;
1283 vsize_t sz;
1284 int error;
1285 struct uvm_object *uobj;
1286
1287 sz = (vaddr_t)e->e_esigcode - (vaddr_t)e->e_sigcode;
1288
1289 if (e->e_sigobject == NULL || sz == 0) {
1290 return 0;
1291 }
1292
1293 /*
1294 * If we don't have a sigobject for this emulation, create one.
1295 *
1296 * sigobject is an anonymous memory object (just like SYSV shared
1297 * memory) that we keep a permanent reference to and that we map
1298 * in all processes that need this sigcode. The creation is simple,
1299 * we create an object, add a permanent reference to it, map it in
1300 * kernel space, copy out the sigcode to it and unmap it.
1301 * The we map it with PROT_READ|PROT_EXEC into the process just
1302 * the way sys_mmap would map it.
1303 */
1304
1305 uobj = *e->e_sigobject;
1306 if (uobj == NULL) {
1307 uobj = uao_create(sz, 0);
1308 (*uobj->pgops->pgo_reference)(uobj);
1309 va = vm_map_min(kernel_map);
1310 if ((error = uvm_map(kernel_map, &va, round_page(sz),
1311 uobj, 0, 0,
1312 UVM_MAPFLAG(UVM_PROT_RW, UVM_PROT_RW,
1313 UVM_INH_SHARE, UVM_ADV_RANDOM, 0)))) {
1314 printf("kernel mapping failed %d\n", error);
1315 (*uobj->pgops->pgo_detach)(uobj);
1316 return (error);
1317 }
1318 memcpy((void *)va, e->e_sigcode, sz);
1319 #ifdef PMAP_NEED_PROCWR
1320 pmap_procwr(&proc0, va, sz);
1321 #endif
1322 uvm_unmap(kernel_map, va, va + round_page(sz));
1323 *e->e_sigobject = uobj;
1324 }
1325
1326 /* Just a hint to uvm_map where to put it. */
1327 va = VM_DEFAULT_ADDRESS(p->p_vmspace->vm_daddr, round_page(sz));
1328
1329 #ifdef __alpha__
1330 /*
1331 * Tru64 puts /sbin/loader at the end of user virtual memory,
1332 * which causes the above calculation to put the sigcode at
1333 * an invalid address. Put it just below the text instead.
1334 */
1335 if (va == (vaddr_t)p->p_vmspace->vm_map.max_offset) {
1336 va = (vaddr_t)p->p_vmspace->vm_taddr - round_page(sz);
1337 }
1338 #endif
1339
1340 (*uobj->pgops->pgo_reference)(uobj);
1341 error = uvm_map(&p->p_vmspace->vm_map, &va, round_page(sz),
1342 uobj, 0, 0,
1343 UVM_MAPFLAG(UVM_PROT_RX, UVM_PROT_RX, UVM_INH_SHARE,
1344 UVM_ADV_RANDOM, 0));
1345 if (error) {
1346 (*uobj->pgops->pgo_detach)(uobj);
1347 return (error);
1348 }
1349 p->p_sigctx.ps_sigcode = (void *)va;
1350 return (0);
1351 }
Cache object: 1bfc9405e6e39ab3faa96418ec7cb165
|