| 1 | /* $NetBSD: kern_exec.c,v 1.438 2016/11/03 22:08:30 kamil Exp $ */ |
| 2 | |
| 3 | /*- |
| 4 | * Copyright (c) 2008 The NetBSD Foundation, Inc. |
| 5 | * All rights reserved. |
| 6 | * |
| 7 | * Redistribution and use in source and binary forms, with or without |
| 8 | * modification, are permitted provided that the following conditions |
| 9 | * are met: |
| 10 | * 1. Redistributions of source code must retain the above copyright |
| 11 | * notice, this list of conditions and the following disclaimer. |
| 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer in the |
| 14 | * documentation and/or other materials provided with the distribution. |
| 15 | * |
| 16 | * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS |
| 17 | * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED |
| 18 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 19 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS |
| 20 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
| 21 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| 22 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
| 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
| 24 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 25 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
| 26 | * POSSIBILITY OF SUCH DAMAGE. |
| 27 | */ |
| 28 | |
| 29 | /*- |
| 30 | * Copyright (C) 1993, 1994, 1996 Christopher G. Demetriou |
| 31 | * Copyright (C) 1992 Wolfgang Solfrank. |
| 32 | * Copyright (C) 1992 TooLs GmbH. |
| 33 | * All rights reserved. |
| 34 | * |
| 35 | * Redistribution and use in source and binary forms, with or without |
| 36 | * modification, are permitted provided that the following conditions |
| 37 | * are met: |
| 38 | * 1. Redistributions of source code must retain the above copyright |
| 39 | * notice, this list of conditions and the following disclaimer. |
| 40 | * 2. Redistributions in binary form must reproduce the above copyright |
| 41 | * notice, this list of conditions and the following disclaimer in the |
| 42 | * documentation and/or other materials provided with the distribution. |
| 43 | * 3. All advertising materials mentioning features or use of this software |
| 44 | * must display the following acknowledgement: |
| 45 | * This product includes software developed by TooLs GmbH. |
| 46 | * 4. The name of TooLs GmbH may not be used to endorse or promote products |
| 47 | * derived from this software without specific prior written permission. |
| 48 | * |
| 49 | * THIS SOFTWARE IS PROVIDED BY TOOLS GMBH ``AS IS'' AND ANY EXPRESS OR |
| 50 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 51 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| 52 | * IN NO EVENT SHALL TOOLS GMBH BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 53 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
| 54 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; |
| 55 | * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
| 56 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR |
| 57 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF |
| 58 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 59 | */ |
| 60 | |
| 61 | #include <sys/cdefs.h> |
| 62 | __KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.438 2016/11/03 22:08:30 kamil Exp $" ); |
| 63 | |
| 64 | #include "opt_exec.h" |
| 65 | #include "opt_execfmt.h" |
| 66 | #include "opt_ktrace.h" |
| 67 | #include "opt_modular.h" |
| 68 | #include "opt_syscall_debug.h" |
| 69 | #include "veriexec.h" |
| 70 | #include "opt_pax.h" |
| 71 | |
| 72 | #include <sys/param.h> |
| 73 | #include <sys/systm.h> |
| 74 | #include <sys/filedesc.h> |
| 75 | #include <sys/kernel.h> |
| 76 | #include <sys/proc.h> |
| 77 | #include <sys/mount.h> |
| 78 | #include <sys/kmem.h> |
| 79 | #include <sys/namei.h> |
| 80 | #include <sys/vnode.h> |
| 81 | #include <sys/file.h> |
| 82 | #include <sys/filedesc.h> |
| 83 | #include <sys/acct.h> |
| 84 | #include <sys/atomic.h> |
| 85 | #include <sys/exec.h> |
| 86 | #include <sys/ktrace.h> |
| 87 | #include <sys/uidinfo.h> |
| 88 | #include <sys/wait.h> |
| 89 | #include <sys/mman.h> |
| 90 | #include <sys/ras.h> |
| 91 | #include <sys/signalvar.h> |
| 92 | #include <sys/stat.h> |
| 93 | #include <sys/syscall.h> |
| 94 | #include <sys/kauth.h> |
| 95 | #include <sys/lwpctl.h> |
| 96 | #include <sys/pax.h> |
| 97 | #include <sys/cpu.h> |
| 98 | #include <sys/module.h> |
| 99 | #include <sys/syscallvar.h> |
| 100 | #include <sys/syscallargs.h> |
| 101 | #if NVERIEXEC > 0 |
| 102 | #include <sys/verified_exec.h> |
| 103 | #endif /* NVERIEXEC > 0 */ |
| 104 | #include <sys/sdt.h> |
| 105 | #include <sys/spawn.h> |
| 106 | #include <sys/prot.h> |
| 107 | #include <sys/cprng.h> |
| 108 | |
| 109 | #include <uvm/uvm_extern.h> |
| 110 | |
| 111 | #include <machine/reg.h> |
| 112 | |
| 113 | #include <compat/common/compat_util.h> |
| 114 | |
| 115 | #ifndef MD_TOPDOWN_INIT |
| 116 | #ifdef __USE_TOPDOWN_VM |
| 117 | #define MD_TOPDOWN_INIT(epp) (epp)->ep_flags |= EXEC_TOPDOWN_VM |
| 118 | #else |
| 119 | #define MD_TOPDOWN_INIT(epp) |
| 120 | #endif |
| 121 | #endif |
| 122 | |
| 123 | struct execve_data; |
| 124 | |
| 125 | extern int user_va0_disable; |
| 126 | |
| 127 | static size_t calcargs(struct execve_data * restrict, const size_t); |
| 128 | static size_t calcstack(struct execve_data * restrict, const size_t); |
| 129 | static int copyoutargs(struct execve_data * restrict, struct lwp *, |
| 130 | char * const); |
| 131 | static int copyoutpsstrs(struct execve_data * restrict, struct proc *); |
| 132 | static int copyinargs(struct execve_data * restrict, char * const *, |
| 133 | char * const *, execve_fetch_element_t, char **); |
| 134 | static int copyinargstrs(struct execve_data * restrict, char * const *, |
| 135 | execve_fetch_element_t, char **, size_t *, void (*)(const void *, size_t)); |
| 136 | static int exec_sigcode_map(struct proc *, const struct emul *); |
| 137 | |
| 138 | #if defined(DEBUG) && !defined(DEBUG_EXEC) |
| 139 | #define DEBUG_EXEC |
| 140 | #endif |
| 141 | #ifdef DEBUG_EXEC |
| 142 | #define DPRINTF(a) printf a |
| 143 | #define COPYPRINTF(s, a, b) printf("%s, %d: copyout%s @%p %zu\n", __func__, \ |
| 144 | __LINE__, (s), (a), (b)) |
| 145 | static void dump_vmcmds(const struct exec_package * const, size_t, int); |
| 146 | #define DUMPVMCMDS(p, x, e) do { dump_vmcmds((p), (x), (e)); } while (0) |
| 147 | #else |
| 148 | #define DPRINTF(a) |
| 149 | #define COPYPRINTF(s, a, b) |
| 150 | #define DUMPVMCMDS(p, x, e) do {} while (0) |
| 151 | #endif /* DEBUG_EXEC */ |
| 152 | |
| 153 | /* |
| 154 | * DTrace SDT provider definitions |
| 155 | */ |
| 156 | SDT_PROVIDER_DECLARE(proc); |
| 157 | SDT_PROBE_DEFINE1(proc, kernel, , exec, "char *" ); |
| 158 | SDT_PROBE_DEFINE1(proc, kernel, , exec__success, "char *" ); |
| 159 | SDT_PROBE_DEFINE1(proc, kernel, , exec__failure, "int" ); |
| 160 | |
| 161 | /* |
| 162 | * Exec function switch: |
| 163 | * |
| 164 | * Note that each makecmds function is responsible for loading the |
| 165 | * exec package with the necessary functions for any exec-type-specific |
| 166 | * handling. |
| 167 | * |
| 168 | * Functions for specific exec types should be defined in their own |
| 169 | * header file. |
| 170 | */ |
| 171 | static const struct execsw **execsw = NULL; |
| 172 | static int nexecs; |
| 173 | |
| 174 | u_int exec_maxhdrsz; /* must not be static - used by netbsd32 */ |
| 175 | |
| 176 | /* list of dynamically loaded execsw entries */ |
| 177 | static LIST_HEAD(execlist_head, exec_entry) ex_head = |
| 178 | LIST_HEAD_INITIALIZER(ex_head); |
| 179 | struct exec_entry { |
| 180 | LIST_ENTRY(exec_entry) ex_list; |
| 181 | SLIST_ENTRY(exec_entry) ex_slist; |
| 182 | const struct execsw *ex_sw; |
| 183 | }; |
| 184 | |
| 185 | #ifndef __HAVE_SYSCALL_INTERN |
| 186 | void syscall(void); |
| 187 | #endif |
| 188 | |
| 189 | /* NetBSD autoloadable syscalls */ |
| 190 | #ifdef MODULAR |
| 191 | #include <kern/syscalls_autoload.c> |
| 192 | #endif |
| 193 | |
| 194 | /* NetBSD emul struct */ |
| 195 | struct emul emul_netbsd = { |
| 196 | .e_name = "netbsd" , |
| 197 | #ifdef EMUL_NATIVEROOT |
| 198 | .e_path = EMUL_NATIVEROOT, |
| 199 | #else |
| 200 | .e_path = NULL, |
| 201 | #endif |
| 202 | #ifndef __HAVE_MINIMAL_EMUL |
| 203 | .e_flags = EMUL_HAS_SYS___syscall, |
| 204 | .e_errno = NULL, |
| 205 | .e_nosys = SYS_syscall, |
| 206 | .e_nsysent = SYS_NSYSENT, |
| 207 | #endif |
| 208 | #ifdef MODULAR |
| 209 | .e_sc_autoload = netbsd_syscalls_autoload, |
| 210 | #endif |
| 211 | .e_sysent = sysent, |
| 212 | #ifdef SYSCALL_DEBUG |
| 213 | .e_syscallnames = syscallnames, |
| 214 | #else |
| 215 | .e_syscallnames = NULL, |
| 216 | #endif |
| 217 | .e_sendsig = sendsig, |
| 218 | .e_trapsignal = trapsignal, |
| 219 | .e_tracesig = NULL, |
| 220 | .e_sigcode = NULL, |
| 221 | .e_esigcode = NULL, |
| 222 | .e_sigobject = NULL, |
| 223 | .e_setregs = setregs, |
| 224 | .e_proc_exec = NULL, |
| 225 | .e_proc_fork = NULL, |
| 226 | .e_proc_exit = NULL, |
| 227 | .e_lwp_fork = NULL, |
| 228 | .e_lwp_exit = NULL, |
| 229 | #ifdef __HAVE_SYSCALL_INTERN |
| 230 | .e_syscall_intern = syscall_intern, |
| 231 | #else |
| 232 | .e_syscall = syscall, |
| 233 | #endif |
| 234 | .e_sysctlovly = NULL, |
| 235 | .e_fault = NULL, |
| 236 | .e_vm_default_addr = uvm_default_mapaddr, |
| 237 | .e_usertrap = NULL, |
| 238 | .e_ucsize = sizeof(ucontext_t), |
| 239 | .e_startlwp = startlwp |
| 240 | }; |
| 241 | |
| 242 | /* |
| 243 | * Exec lock. Used to control access to execsw[] structures. |
| 244 | * This must not be static so that netbsd32 can access it, too. |
| 245 | */ |
| 246 | krwlock_t exec_lock; |
| 247 | |
| 248 | static kmutex_t sigobject_lock; |
| 249 | |
| 250 | /* |
| 251 | * Data used between a loadvm and execve part of an "exec" operation |
| 252 | */ |
| 253 | struct execve_data { |
| 254 | struct exec_package ed_pack; |
| 255 | struct pathbuf *ed_pathbuf; |
| 256 | struct vattr ed_attr; |
| 257 | struct ps_strings ed_arginfo; |
| 258 | char *ed_argp; |
| 259 | const char *ed_pathstring; |
| 260 | char *ed_resolvedpathbuf; |
| 261 | size_t ed_ps_strings_sz; |
| 262 | int ed_szsigcode; |
| 263 | size_t ed_argslen; |
| 264 | long ed_argc; |
| 265 | long ed_envc; |
| 266 | }; |
| 267 | |
| 268 | /* |
| 269 | * data passed from parent lwp to child during a posix_spawn() |
| 270 | */ |
| 271 | struct spawn_exec_data { |
| 272 | struct execve_data sed_exec; |
| 273 | struct posix_spawn_file_actions |
| 274 | *sed_actions; |
| 275 | struct posix_spawnattr *sed_attrs; |
| 276 | struct proc *sed_parent; |
| 277 | kcondvar_t sed_cv_child_ready; |
| 278 | kmutex_t sed_mtx_child; |
| 279 | int sed_error; |
| 280 | volatile uint32_t sed_refcnt; |
| 281 | }; |
| 282 | |
| 283 | static void * |
| 284 | exec_pool_alloc(struct pool *pp, int flags) |
| 285 | { |
| 286 | |
| 287 | return (void *)uvm_km_alloc(kernel_map, NCARGS, 0, |
| 288 | UVM_KMF_PAGEABLE | UVM_KMF_WAITVA); |
| 289 | } |
| 290 | |
| 291 | static void |
| 292 | exec_pool_free(struct pool *pp, void *addr) |
| 293 | { |
| 294 | |
| 295 | uvm_km_free(kernel_map, (vaddr_t)addr, NCARGS, UVM_KMF_PAGEABLE); |
| 296 | } |
| 297 | |
| 298 | static struct pool exec_pool; |
| 299 | |
| 300 | static struct pool_allocator exec_palloc = { |
| 301 | .pa_alloc = exec_pool_alloc, |
| 302 | .pa_free = exec_pool_free, |
| 303 | .pa_pagesz = NCARGS |
| 304 | }; |
| 305 | |
| 306 | /* |
| 307 | * check exec: |
| 308 | * given an "executable" described in the exec package's namei info, |
| 309 | * see what we can do with it. |
| 310 | * |
| 311 | * ON ENTRY: |
| 312 | * exec package with appropriate namei info |
| 313 | * lwp pointer of exec'ing lwp |
| 314 | * NO SELF-LOCKED VNODES |
| 315 | * |
| 316 | * ON EXIT: |
| 317 | * error: nothing held, etc. exec header still allocated. |
| 318 | * ok: filled exec package, executable's vnode (unlocked). |
| 319 | * |
| 320 | * EXEC SWITCH ENTRY: |
| 321 | * Locked vnode to check, exec package, proc. |
| 322 | * |
| 323 | * EXEC SWITCH EXIT: |
| 324 | * ok: return 0, filled exec package, executable's vnode (unlocked). |
| 325 | * error: destructive: |
| 326 | * everything deallocated execept exec header. |
| 327 | * non-destructive: |
| 328 | * error code, executable's vnode (unlocked), |
| 329 | * exec header unmodified. |
| 330 | */ |
| 331 | int |
| 332 | /*ARGSUSED*/ |
| 333 | check_exec(struct lwp *l, struct exec_package *epp, struct pathbuf *pb) |
| 334 | { |
| 335 | int error, i; |
| 336 | struct vnode *vp; |
| 337 | struct nameidata nd; |
| 338 | size_t resid; |
| 339 | |
| 340 | NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | TRYEMULROOT, pb); |
| 341 | |
| 342 | /* first get the vnode */ |
| 343 | if ((error = namei(&nd)) != 0) |
| 344 | return error; |
| 345 | epp->ep_vp = vp = nd.ni_vp; |
| 346 | /* normally this can't fail */ |
| 347 | error = copystr(nd.ni_pnbuf, epp->ep_resolvedname, PATH_MAX, NULL); |
| 348 | KASSERT(error == 0); |
| 349 | |
| 350 | #ifdef DIAGNOSTIC |
| 351 | /* paranoia (take this out once namei stuff stabilizes) */ |
| 352 | memset(nd.ni_pnbuf, '~', PATH_MAX); |
| 353 | #endif |
| 354 | |
| 355 | /* check access and type */ |
| 356 | if (vp->v_type != VREG) { |
| 357 | error = EACCES; |
| 358 | goto bad1; |
| 359 | } |
| 360 | if ((error = VOP_ACCESS(vp, VEXEC, l->l_cred)) != 0) |
| 361 | goto bad1; |
| 362 | |
| 363 | /* get attributes */ |
| 364 | if ((error = VOP_GETATTR(vp, epp->ep_vap, l->l_cred)) != 0) |
| 365 | goto bad1; |
| 366 | |
| 367 | /* Check mount point */ |
| 368 | if (vp->v_mount->mnt_flag & MNT_NOEXEC) { |
| 369 | error = EACCES; |
| 370 | goto bad1; |
| 371 | } |
| 372 | if (vp->v_mount->mnt_flag & MNT_NOSUID) |
| 373 | epp->ep_vap->va_mode &= ~(S_ISUID | S_ISGID); |
| 374 | |
| 375 | /* try to open it */ |
| 376 | if ((error = VOP_OPEN(vp, FREAD, l->l_cred)) != 0) |
| 377 | goto bad1; |
| 378 | |
| 379 | /* unlock vp, since we need it unlocked from here on out. */ |
| 380 | VOP_UNLOCK(vp); |
| 381 | |
| 382 | #if NVERIEXEC > 0 |
| 383 | error = veriexec_verify(l, vp, epp->ep_resolvedname, |
| 384 | epp->ep_flags & EXEC_INDIR ? VERIEXEC_INDIRECT : VERIEXEC_DIRECT, |
| 385 | NULL); |
| 386 | if (error) |
| 387 | goto bad2; |
| 388 | #endif /* NVERIEXEC > 0 */ |
| 389 | |
| 390 | #ifdef PAX_SEGVGUARD |
| 391 | error = pax_segvguard(l, vp, epp->ep_resolvedname, false); |
| 392 | if (error) |
| 393 | goto bad2; |
| 394 | #endif /* PAX_SEGVGUARD */ |
| 395 | |
| 396 | /* now we have the file, get the exec header */ |
| 397 | error = vn_rdwr(UIO_READ, vp, epp->ep_hdr, epp->ep_hdrlen, 0, |
| 398 | UIO_SYSSPACE, 0, l->l_cred, &resid, NULL); |
| 399 | if (error) |
| 400 | goto bad2; |
| 401 | epp->ep_hdrvalid = epp->ep_hdrlen - resid; |
| 402 | |
| 403 | /* |
| 404 | * Set up default address space limits. Can be overridden |
| 405 | * by individual exec packages. |
| 406 | */ |
| 407 | epp->ep_vm_minaddr = exec_vm_minaddr(VM_MIN_ADDRESS); |
| 408 | epp->ep_vm_maxaddr = VM_MAXUSER_ADDRESS; |
| 409 | |
| 410 | /* |
| 411 | * set up the vmcmds for creation of the process |
| 412 | * address space |
| 413 | */ |
| 414 | error = ENOEXEC; |
| 415 | for (i = 0; i < nexecs; i++) { |
| 416 | int newerror; |
| 417 | |
| 418 | epp->ep_esch = execsw[i]; |
| 419 | newerror = (*execsw[i]->es_makecmds)(l, epp); |
| 420 | |
| 421 | if (!newerror) { |
| 422 | /* Seems ok: check that entry point is not too high */ |
| 423 | if (epp->ep_entry > epp->ep_vm_maxaddr) { |
| 424 | #ifdef DIAGNOSTIC |
| 425 | printf("%s: rejecting %p due to " |
| 426 | "too high entry address (> %p)\n" , |
| 427 | __func__, (void *)epp->ep_entry, |
| 428 | (void *)epp->ep_vm_maxaddr); |
| 429 | #endif |
| 430 | error = ENOEXEC; |
| 431 | break; |
| 432 | } |
| 433 | /* Seems ok: check that entry point is not too low */ |
| 434 | if (epp->ep_entry < epp->ep_vm_minaddr) { |
| 435 | #ifdef DIAGNOSTIC |
| 436 | printf("%s: rejecting %p due to " |
| 437 | "too low entry address (< %p)\n" , |
| 438 | __func__, (void *)epp->ep_entry, |
| 439 | (void *)epp->ep_vm_minaddr); |
| 440 | #endif |
| 441 | error = ENOEXEC; |
| 442 | break; |
| 443 | } |
| 444 | |
| 445 | /* check limits */ |
| 446 | if ((epp->ep_tsize > MAXTSIZ) || |
| 447 | (epp->ep_dsize > (u_quad_t)l->l_proc->p_rlimit |
| 448 | [RLIMIT_DATA].rlim_cur)) { |
| 449 | #ifdef DIAGNOSTIC |
| 450 | printf("%s: rejecting due to " |
| 451 | "limits (t=%llu > %llu || d=%llu > %llu)\n" , |
| 452 | __func__, |
| 453 | (unsigned long long)epp->ep_tsize, |
| 454 | (unsigned long long)MAXTSIZ, |
| 455 | (unsigned long long)epp->ep_dsize, |
| 456 | (unsigned long long) |
| 457 | l->l_proc->p_rlimit[RLIMIT_DATA].rlim_cur); |
| 458 | #endif |
| 459 | error = ENOMEM; |
| 460 | break; |
| 461 | } |
| 462 | return 0; |
| 463 | } |
| 464 | |
| 465 | /* |
| 466 | * Reset all the fields that may have been modified by the |
| 467 | * loader. |
| 468 | */ |
| 469 | KASSERT(epp->ep_emul_arg == NULL); |
| 470 | if (epp->ep_emul_root != NULL) { |
| 471 | vrele(epp->ep_emul_root); |
| 472 | epp->ep_emul_root = NULL; |
| 473 | } |
| 474 | if (epp->ep_interp != NULL) { |
| 475 | vrele(epp->ep_interp); |
| 476 | epp->ep_interp = NULL; |
| 477 | } |
| 478 | epp->ep_pax_flags = 0; |
| 479 | |
| 480 | /* make sure the first "interesting" error code is saved. */ |
| 481 | if (error == ENOEXEC) |
| 482 | error = newerror; |
| 483 | |
| 484 | if (epp->ep_flags & EXEC_DESTR) |
| 485 | /* Error from "#!" code, tidied up by recursive call */ |
| 486 | return error; |
| 487 | } |
| 488 | |
| 489 | /* not found, error */ |
| 490 | |
| 491 | /* |
| 492 | * free any vmspace-creation commands, |
| 493 | * and release their references |
| 494 | */ |
| 495 | kill_vmcmds(&epp->ep_vmcmds); |
| 496 | |
| 497 | bad2: |
| 498 | /* |
| 499 | * close and release the vnode, restore the old one, free the |
| 500 | * pathname buf, and punt. |
| 501 | */ |
| 502 | vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); |
| 503 | VOP_CLOSE(vp, FREAD, l->l_cred); |
| 504 | vput(vp); |
| 505 | return error; |
| 506 | |
| 507 | bad1: |
| 508 | /* |
| 509 | * free the namei pathname buffer, and put the vnode |
| 510 | * (which we don't yet have open). |
| 511 | */ |
| 512 | vput(vp); /* was still locked */ |
| 513 | return error; |
| 514 | } |
| 515 | |
| 516 | #ifdef __MACHINE_STACK_GROWS_UP |
| 517 | #define STACK_PTHREADSPACE NBPG |
| 518 | #else |
| 519 | #define STACK_PTHREADSPACE 0 |
| 520 | #endif |
| 521 | |
| 522 | static int |
| 523 | execve_fetch_element(char * const *array, size_t index, char **value) |
| 524 | { |
| 525 | return copyin(array + index, value, sizeof(*value)); |
| 526 | } |
| 527 | |
| 528 | /* |
| 529 | * exec system call |
| 530 | */ |
| 531 | int |
| 532 | sys_execve(struct lwp *l, const struct sys_execve_args *uap, register_t *retval) |
| 533 | { |
| 534 | /* { |
| 535 | syscallarg(const char *) path; |
| 536 | syscallarg(char * const *) argp; |
| 537 | syscallarg(char * const *) envp; |
| 538 | } */ |
| 539 | |
| 540 | return execve1(l, SCARG(uap, path), SCARG(uap, argp), |
| 541 | SCARG(uap, envp), execve_fetch_element); |
| 542 | } |
| 543 | |
| 544 | int |
| 545 | sys_fexecve(struct lwp *l, const struct sys_fexecve_args *uap, |
| 546 | register_t *retval) |
| 547 | { |
| 548 | /* { |
| 549 | syscallarg(int) fd; |
| 550 | syscallarg(char * const *) argp; |
| 551 | syscallarg(char * const *) envp; |
| 552 | } */ |
| 553 | |
| 554 | return ENOSYS; |
| 555 | } |
| 556 | |
| 557 | /* |
| 558 | * Load modules to try and execute an image that we do not understand. |
| 559 | * If no execsw entries are present, we load those likely to be needed |
| 560 | * in order to run native images only. Otherwise, we autoload all |
| 561 | * possible modules that could let us run the binary. XXX lame |
| 562 | */ |
| 563 | static void |
| 564 | exec_autoload(void) |
| 565 | { |
| 566 | #ifdef MODULAR |
| 567 | static const char * const native[] = { |
| 568 | "exec_elf32" , |
| 569 | "exec_elf64" , |
| 570 | "exec_script" , |
| 571 | NULL |
| 572 | }; |
| 573 | static const char * const compat[] = { |
| 574 | "exec_elf32" , |
| 575 | "exec_elf64" , |
| 576 | "exec_script" , |
| 577 | "exec_aout" , |
| 578 | "exec_coff" , |
| 579 | "exec_ecoff" , |
| 580 | "compat_aoutm68k" , |
| 581 | "compat_freebsd" , |
| 582 | "compat_ibcs2" , |
| 583 | "compat_linux" , |
| 584 | "compat_linux32" , |
| 585 | "compat_netbsd32" , |
| 586 | "compat_sunos" , |
| 587 | "compat_sunos32" , |
| 588 | "compat_svr4" , |
| 589 | "compat_svr4_32" , |
| 590 | "compat_ultrix" , |
| 591 | NULL |
| 592 | }; |
| 593 | char const * const *list; |
| 594 | int i; |
| 595 | |
| 596 | list = (nexecs == 0 ? native : compat); |
| 597 | for (i = 0; list[i] != NULL; i++) { |
| 598 | if (module_autoload(list[i], MODULE_CLASS_EXEC) != 0) { |
| 599 | continue; |
| 600 | } |
| 601 | yield(); |
| 602 | } |
| 603 | #endif |
| 604 | } |
| 605 | |
| 606 | static int |
| 607 | makepathbuf(struct lwp *l, const char *upath, struct pathbuf **pbp, |
| 608 | size_t *offs) |
| 609 | { |
| 610 | char *path, *bp; |
| 611 | size_t len, tlen; |
| 612 | int error; |
| 613 | struct cwdinfo *cwdi; |
| 614 | |
| 615 | path = PNBUF_GET(); |
| 616 | error = copyinstr(upath, path, MAXPATHLEN, &len); |
| 617 | if (error) { |
| 618 | PNBUF_PUT(path); |
| 619 | DPRINTF(("%s: copyin path @%p %d\n" , __func__, upath, error)); |
| 620 | return error; |
| 621 | } |
| 622 | |
| 623 | if (path[0] == '/') { |
| 624 | *offs = 0; |
| 625 | goto out; |
| 626 | } |
| 627 | |
| 628 | len++; |
| 629 | if (len + 1 >= MAXPATHLEN) |
| 630 | goto out; |
| 631 | bp = path + MAXPATHLEN - len; |
| 632 | memmove(bp, path, len); |
| 633 | *(--bp) = '/'; |
| 634 | |
| 635 | cwdi = l->l_proc->p_cwdi; |
| 636 | rw_enter(&cwdi->cwdi_lock, RW_READER); |
| 637 | error = getcwd_common(cwdi->cwdi_cdir, NULL, &bp, path, MAXPATHLEN / 2, |
| 638 | GETCWD_CHECK_ACCESS, l); |
| 639 | rw_exit(&cwdi->cwdi_lock); |
| 640 | |
| 641 | if (error) { |
| 642 | DPRINTF(("%s: getcwd_common path %s %d\n" , __func__, path, |
| 643 | error)); |
| 644 | goto out; |
| 645 | } |
| 646 | tlen = path + MAXPATHLEN - bp; |
| 647 | |
| 648 | memmove(path, bp, tlen); |
| 649 | path[tlen] = '\0'; |
| 650 | *offs = tlen - len; |
| 651 | out: |
| 652 | *pbp = pathbuf_assimilate(path); |
| 653 | return 0; |
| 654 | } |
| 655 | |
| 656 | vaddr_t |
| 657 | exec_vm_minaddr(vaddr_t va_min) |
| 658 | { |
| 659 | /* |
| 660 | * Increase va_min if we don't want NULL to be mappable by the |
| 661 | * process. |
| 662 | */ |
| 663 | #define VM_MIN_GUARD PAGE_SIZE |
| 664 | if (user_va0_disable && (va_min < VM_MIN_GUARD)) |
| 665 | return VM_MIN_GUARD; |
| 666 | return va_min; |
| 667 | } |
| 668 | |
| 669 | static int |
| 670 | execve_loadvm(struct lwp *l, const char *path, char * const *args, |
| 671 | char * const *envs, execve_fetch_element_t fetch_element, |
| 672 | struct execve_data * restrict data) |
| 673 | { |
| 674 | struct exec_package * const epp = &data->ed_pack; |
| 675 | int error; |
| 676 | struct proc *p; |
| 677 | char *dp; |
| 678 | u_int modgen; |
| 679 | size_t offs = 0; // XXX: GCC |
| 680 | |
| 681 | KASSERT(data != NULL); |
| 682 | |
| 683 | p = l->l_proc; |
| 684 | modgen = 0; |
| 685 | |
| 686 | SDT_PROBE(proc, kernel, , exec, path, 0, 0, 0, 0); |
| 687 | |
| 688 | /* |
| 689 | * Check if we have exceeded our number of processes limit. |
| 690 | * This is so that we handle the case where a root daemon |
| 691 | * forked, ran setuid to become the desired user and is trying |
| 692 | * to exec. The obvious place to do the reference counting check |
| 693 | * is setuid(), but we don't do the reference counting check there |
| 694 | * like other OS's do because then all the programs that use setuid() |
| 695 | * must be modified to check the return code of setuid() and exit(). |
| 696 | * It is dangerous to make setuid() fail, because it fails open and |
| 697 | * the program will continue to run as root. If we make it succeed |
| 698 | * and return an error code, again we are not enforcing the limit. |
| 699 | * The best place to enforce the limit is here, when the process tries |
| 700 | * to execute a new image, because eventually the process will need |
| 701 | * to call exec in order to do something useful. |
| 702 | */ |
| 703 | retry: |
| 704 | if (p->p_flag & PK_SUGID) { |
| 705 | if (kauth_authorize_process(l->l_cred, KAUTH_PROCESS_RLIMIT, |
| 706 | p, KAUTH_ARG(KAUTH_REQ_PROCESS_RLIMIT_BYPASS), |
| 707 | &p->p_rlimit[RLIMIT_NPROC], |
| 708 | KAUTH_ARG(RLIMIT_NPROC)) != 0 && |
| 709 | chgproccnt(kauth_cred_getuid(l->l_cred), 0) > |
| 710 | p->p_rlimit[RLIMIT_NPROC].rlim_cur) |
| 711 | return EAGAIN; |
| 712 | } |
| 713 | |
| 714 | /* |
| 715 | * Drain existing references and forbid new ones. The process |
| 716 | * should be left alone until we're done here. This is necessary |
| 717 | * to avoid race conditions - e.g. in ptrace() - that might allow |
| 718 | * a local user to illicitly obtain elevated privileges. |
| 719 | */ |
| 720 | rw_enter(&p->p_reflock, RW_WRITER); |
| 721 | |
| 722 | /* |
| 723 | * Init the namei data to point the file user's program name. |
| 724 | * This is done here rather than in check_exec(), so that it's |
| 725 | * possible to override this settings if any of makecmd/probe |
| 726 | * functions call check_exec() recursively - for example, |
| 727 | * see exec_script_makecmds(). |
| 728 | */ |
| 729 | if ((error = makepathbuf(l, path, &data->ed_pathbuf, &offs)) != 0) |
| 730 | goto clrflg; |
| 731 | data->ed_pathstring = pathbuf_stringcopy_get(data->ed_pathbuf); |
| 732 | data->ed_resolvedpathbuf = PNBUF_GET(); |
| 733 | |
| 734 | /* |
| 735 | * initialize the fields of the exec package. |
| 736 | */ |
| 737 | epp->ep_kname = data->ed_pathstring + offs; |
| 738 | epp->ep_resolvedname = data->ed_resolvedpathbuf; |
| 739 | epp->ep_hdr = kmem_alloc(exec_maxhdrsz, KM_SLEEP); |
| 740 | epp->ep_hdrlen = exec_maxhdrsz; |
| 741 | epp->ep_hdrvalid = 0; |
| 742 | epp->ep_emul_arg = NULL; |
| 743 | epp->ep_emul_arg_free = NULL; |
| 744 | memset(&epp->ep_vmcmds, 0, sizeof(epp->ep_vmcmds)); |
| 745 | epp->ep_vap = &data->ed_attr; |
| 746 | epp->ep_flags = (p->p_flag & PK_32) ? EXEC_FROM32 : 0; |
| 747 | MD_TOPDOWN_INIT(epp); |
| 748 | epp->ep_emul_root = NULL; |
| 749 | epp->ep_interp = NULL; |
| 750 | epp->ep_esch = NULL; |
| 751 | epp->ep_pax_flags = 0; |
| 752 | memset(epp->ep_machine_arch, 0, sizeof(epp->ep_machine_arch)); |
| 753 | |
| 754 | rw_enter(&exec_lock, RW_READER); |
| 755 | |
| 756 | /* see if we can run it. */ |
| 757 | if ((error = check_exec(l, epp, data->ed_pathbuf)) != 0) { |
| 758 | if (error != ENOENT && error != EACCES) { |
| 759 | DPRINTF(("%s: check exec failed %d\n" , |
| 760 | __func__, error)); |
| 761 | } |
| 762 | goto freehdr; |
| 763 | } |
| 764 | |
| 765 | /* allocate an argument buffer */ |
| 766 | data->ed_argp = pool_get(&exec_pool, PR_WAITOK); |
| 767 | KASSERT(data->ed_argp != NULL); |
| 768 | dp = data->ed_argp; |
| 769 | |
| 770 | if ((error = copyinargs(data, args, envs, fetch_element, &dp)) != 0) { |
| 771 | goto bad; |
| 772 | } |
| 773 | |
| 774 | /* |
| 775 | * Calculate the new stack size. |
| 776 | */ |
| 777 | |
| 778 | #ifdef __MACHINE_STACK_GROWS_UP |
| 779 | /* |
| 780 | * copyargs() fills argc/argv/envp from the lower address even on |
| 781 | * __MACHINE_STACK_GROWS_UP machines. Reserve a few words just below the SP |
| 782 | * so that _rtld() use it. |
| 783 | */ |
| 784 | #define RTLD_GAP 32 |
| 785 | #else |
| 786 | #define RTLD_GAP 0 |
| 787 | #endif |
| 788 | |
| 789 | const size_t argenvstrlen = (char *)ALIGN(dp) - data->ed_argp; |
| 790 | |
| 791 | data->ed_argslen = calcargs(data, argenvstrlen); |
| 792 | |
| 793 | const size_t len = calcstack(data, pax_aslr_stack_gap(epp) + RTLD_GAP); |
| 794 | |
| 795 | if (len > epp->ep_ssize) { |
| 796 | /* in effect, compare to initial limit */ |
| 797 | DPRINTF(("%s: stack limit exceeded %zu\n" , __func__, len)); |
| 798 | error = ENOMEM; |
| 799 | goto bad; |
| 800 | } |
| 801 | /* adjust "active stack depth" for process VSZ */ |
| 802 | epp->ep_ssize = len; |
| 803 | |
| 804 | return 0; |
| 805 | |
| 806 | bad: |
| 807 | /* free the vmspace-creation commands, and release their references */ |
| 808 | kill_vmcmds(&epp->ep_vmcmds); |
| 809 | /* kill any opened file descriptor, if necessary */ |
| 810 | if (epp->ep_flags & EXEC_HASFD) { |
| 811 | epp->ep_flags &= ~EXEC_HASFD; |
| 812 | fd_close(epp->ep_fd); |
| 813 | } |
| 814 | /* close and put the exec'd file */ |
| 815 | vn_lock(epp->ep_vp, LK_EXCLUSIVE | LK_RETRY); |
| 816 | VOP_CLOSE(epp->ep_vp, FREAD, l->l_cred); |
| 817 | vput(epp->ep_vp); |
| 818 | pool_put(&exec_pool, data->ed_argp); |
| 819 | |
| 820 | freehdr: |
| 821 | kmem_free(epp->ep_hdr, epp->ep_hdrlen); |
| 822 | if (epp->ep_emul_root != NULL) |
| 823 | vrele(epp->ep_emul_root); |
| 824 | if (epp->ep_interp != NULL) |
| 825 | vrele(epp->ep_interp); |
| 826 | |
| 827 | rw_exit(&exec_lock); |
| 828 | |
| 829 | pathbuf_stringcopy_put(data->ed_pathbuf, data->ed_pathstring); |
| 830 | pathbuf_destroy(data->ed_pathbuf); |
| 831 | PNBUF_PUT(data->ed_resolvedpathbuf); |
| 832 | |
| 833 | clrflg: |
| 834 | rw_exit(&p->p_reflock); |
| 835 | |
| 836 | if (modgen != module_gen && error == ENOEXEC) { |
| 837 | modgen = module_gen; |
| 838 | exec_autoload(); |
| 839 | goto retry; |
| 840 | } |
| 841 | |
| 842 | SDT_PROBE(proc, kernel, , exec__failure, error, 0, 0, 0, 0); |
| 843 | return error; |
| 844 | } |
| 845 | |
| 846 | static int |
| 847 | execve_dovmcmds(struct lwp *l, struct execve_data * restrict data) |
| 848 | { |
| 849 | struct exec_package * const epp = &data->ed_pack; |
| 850 | struct proc *p = l->l_proc; |
| 851 | struct exec_vmcmd *base_vcp; |
| 852 | int error = 0; |
| 853 | size_t i; |
| 854 | |
| 855 | /* record proc's vnode, for use by procfs and others */ |
| 856 | if (p->p_textvp) |
| 857 | vrele(p->p_textvp); |
| 858 | vref(epp->ep_vp); |
| 859 | p->p_textvp = epp->ep_vp; |
| 860 | |
| 861 | /* create the new process's VM space by running the vmcmds */ |
| 862 | KASSERTMSG(epp->ep_vmcmds.evs_used != 0, "%s: no vmcmds" , __func__); |
| 863 | |
| 864 | #ifdef TRACE_EXEC |
| 865 | DUMPVMCMDS(epp, 0, 0); |
| 866 | #endif |
| 867 | |
| 868 | base_vcp = NULL; |
| 869 | |
| 870 | for (i = 0; i < epp->ep_vmcmds.evs_used && !error; i++) { |
| 871 | struct exec_vmcmd *vcp; |
| 872 | |
| 873 | vcp = &epp->ep_vmcmds.evs_cmds[i]; |
| 874 | if (vcp->ev_flags & VMCMD_RELATIVE) { |
| 875 | KASSERTMSG(base_vcp != NULL, |
| 876 | "%s: relative vmcmd with no base" , __func__); |
| 877 | KASSERTMSG((vcp->ev_flags & VMCMD_BASE) == 0, |
| 878 | "%s: illegal base & relative vmcmd" , __func__); |
| 879 | vcp->ev_addr += base_vcp->ev_addr; |
| 880 | } |
| 881 | error = (*vcp->ev_proc)(l, vcp); |
| 882 | if (error) |
| 883 | DUMPVMCMDS(epp, i, error); |
| 884 | if (vcp->ev_flags & VMCMD_BASE) |
| 885 | base_vcp = vcp; |
| 886 | } |
| 887 | |
| 888 | /* free the vmspace-creation commands, and release their references */ |
| 889 | kill_vmcmds(&epp->ep_vmcmds); |
| 890 | |
| 891 | vn_lock(epp->ep_vp, LK_EXCLUSIVE | LK_RETRY); |
| 892 | VOP_CLOSE(epp->ep_vp, FREAD, l->l_cred); |
| 893 | vput(epp->ep_vp); |
| 894 | |
| 895 | /* if an error happened, deallocate and punt */ |
| 896 | if (error != 0) { |
| 897 | DPRINTF(("%s: vmcmd %zu failed: %d\n" , __func__, i - 1, error)); |
| 898 | } |
| 899 | return error; |
| 900 | } |
| 901 | |
| 902 | static void |
| 903 | execve_free_data(struct execve_data *data) |
| 904 | { |
| 905 | struct exec_package * const epp = &data->ed_pack; |
| 906 | |
| 907 | /* free the vmspace-creation commands, and release their references */ |
| 908 | kill_vmcmds(&epp->ep_vmcmds); |
| 909 | /* kill any opened file descriptor, if necessary */ |
| 910 | if (epp->ep_flags & EXEC_HASFD) { |
| 911 | epp->ep_flags &= ~EXEC_HASFD; |
| 912 | fd_close(epp->ep_fd); |
| 913 | } |
| 914 | |
| 915 | /* close and put the exec'd file */ |
| 916 | vn_lock(epp->ep_vp, LK_EXCLUSIVE | LK_RETRY); |
| 917 | VOP_CLOSE(epp->ep_vp, FREAD, curlwp->l_cred); |
| 918 | vput(epp->ep_vp); |
| 919 | pool_put(&exec_pool, data->ed_argp); |
| 920 | |
| 921 | kmem_free(epp->ep_hdr, epp->ep_hdrlen); |
| 922 | if (epp->ep_emul_root != NULL) |
| 923 | vrele(epp->ep_emul_root); |
| 924 | if (epp->ep_interp != NULL) |
| 925 | vrele(epp->ep_interp); |
| 926 | |
| 927 | pathbuf_stringcopy_put(data->ed_pathbuf, data->ed_pathstring); |
| 928 | pathbuf_destroy(data->ed_pathbuf); |
| 929 | PNBUF_PUT(data->ed_resolvedpathbuf); |
| 930 | } |
| 931 | |
| 932 | static void |
| 933 | pathexec(struct exec_package *epp, struct lwp *l, const char *pathstring) |
| 934 | { |
| 935 | const char *commandname; |
| 936 | size_t commandlen; |
| 937 | char *path; |
| 938 | struct proc *p = l->l_proc; |
| 939 | |
| 940 | /* set command name & other accounting info */ |
| 941 | commandname = strrchr(epp->ep_resolvedname, '/'); |
| 942 | if (commandname != NULL) { |
| 943 | commandname++; |
| 944 | } else { |
| 945 | commandname = epp->ep_resolvedname; |
| 946 | } |
| 947 | commandlen = min(strlen(commandname), MAXCOMLEN); |
| 948 | (void)memcpy(p->p_comm, commandname, commandlen); |
| 949 | p->p_comm[commandlen] = '\0'; |
| 950 | |
| 951 | |
| 952 | /* |
| 953 | * If the path starts with /, we don't need to do any work. |
| 954 | * This handles the majority of the cases. |
| 955 | * In the future perhaps we could canonicalize it? |
| 956 | */ |
| 957 | path = PNBUF_GET(); |
| 958 | if (pathstring[0] == '/') { |
| 959 | (void)strlcpy(path, pathstring, MAXPATHLEN); |
| 960 | epp->ep_path = path; |
| 961 | } |
| 962 | #ifdef notyet |
| 963 | /* |
| 964 | * Although this works most of the time [since the entry was just |
| 965 | * entered in the cache] we don't use it because it will fail for |
| 966 | * entries that are not placed in the cache because their name is |
| 967 | * longer than NCHNAMLEN and it is not the cleanest interface, |
| 968 | * because there could be races. When the namei cache is re-written, |
| 969 | * this can be changed to use the appropriate function. |
| 970 | */ |
| 971 | else if (!(error = vnode_to_path(path, MAXPATHLEN, p->p_textvp, l, p))) |
| 972 | epp->ep_path = path; |
| 973 | #endif |
| 974 | else { |
| 975 | #ifdef notyet |
| 976 | printf("Cannot get path for pid %d [%s] (error %d)\n" , |
| 977 | (int)p->p_pid, p->p_comm, error); |
| 978 | #endif |
| 979 | PNBUF_PUT(path); |
| 980 | epp->ep_path = NULL; |
| 981 | } |
| 982 | } |
| 983 | |
| 984 | /* XXX elsewhere */ |
| 985 | static int |
| 986 | credexec(struct lwp *l, struct vattr *attr) |
| 987 | { |
| 988 | struct proc *p = l->l_proc; |
| 989 | int error; |
| 990 | |
| 991 | /* |
| 992 | * Deal with set[ug]id. MNT_NOSUID has already been used to disable |
| 993 | * s[ug]id. It's OK to check for PSL_TRACED here as we have blocked |
| 994 | * out additional references on the process for the moment. |
| 995 | */ |
| 996 | if ((p->p_slflag & PSL_TRACED) == 0 && |
| 997 | |
| 998 | (((attr->va_mode & S_ISUID) != 0 && |
| 999 | kauth_cred_geteuid(l->l_cred) != attr->va_uid) || |
| 1000 | |
| 1001 | ((attr->va_mode & S_ISGID) != 0 && |
| 1002 | kauth_cred_getegid(l->l_cred) != attr->va_gid))) { |
| 1003 | /* |
| 1004 | * Mark the process as SUGID before we do |
| 1005 | * anything that might block. |
| 1006 | */ |
| 1007 | proc_crmod_enter(); |
| 1008 | proc_crmod_leave(NULL, NULL, true); |
| 1009 | |
| 1010 | /* Make sure file descriptors 0..2 are in use. */ |
| 1011 | if ((error = fd_checkstd()) != 0) { |
| 1012 | DPRINTF(("%s: fdcheckstd failed %d\n" , |
| 1013 | __func__, error)); |
| 1014 | return error; |
| 1015 | } |
| 1016 | |
| 1017 | /* |
| 1018 | * Copy the credential so other references don't see our |
| 1019 | * changes. |
| 1020 | */ |
| 1021 | l->l_cred = kauth_cred_copy(l->l_cred); |
| 1022 | #ifdef KTRACE |
| 1023 | /* |
| 1024 | * If the persistent trace flag isn't set, turn off. |
| 1025 | */ |
| 1026 | if (p->p_tracep) { |
| 1027 | mutex_enter(&ktrace_lock); |
| 1028 | if (!(p->p_traceflag & KTRFAC_PERSISTENT)) |
| 1029 | ktrderef(p); |
| 1030 | mutex_exit(&ktrace_lock); |
| 1031 | } |
| 1032 | #endif |
| 1033 | if (attr->va_mode & S_ISUID) |
| 1034 | kauth_cred_seteuid(l->l_cred, attr->va_uid); |
| 1035 | if (attr->va_mode & S_ISGID) |
| 1036 | kauth_cred_setegid(l->l_cred, attr->va_gid); |
| 1037 | } else { |
| 1038 | if (kauth_cred_geteuid(l->l_cred) == |
| 1039 | kauth_cred_getuid(l->l_cred) && |
| 1040 | kauth_cred_getegid(l->l_cred) == |
| 1041 | kauth_cred_getgid(l->l_cred)) |
| 1042 | p->p_flag &= ~PK_SUGID; |
| 1043 | } |
| 1044 | |
| 1045 | /* |
| 1046 | * Copy the credential so other references don't see our changes. |
| 1047 | * Test to see if this is necessary first, since in the common case |
| 1048 | * we won't need a private reference. |
| 1049 | */ |
| 1050 | if (kauth_cred_geteuid(l->l_cred) != kauth_cred_getsvuid(l->l_cred) || |
| 1051 | kauth_cred_getegid(l->l_cred) != kauth_cred_getsvgid(l->l_cred)) { |
| 1052 | l->l_cred = kauth_cred_copy(l->l_cred); |
| 1053 | kauth_cred_setsvuid(l->l_cred, kauth_cred_geteuid(l->l_cred)); |
| 1054 | kauth_cred_setsvgid(l->l_cred, kauth_cred_getegid(l->l_cred)); |
| 1055 | } |
| 1056 | |
| 1057 | /* Update the master credentials. */ |
| 1058 | if (l->l_cred != p->p_cred) { |
| 1059 | kauth_cred_t ocred; |
| 1060 | |
| 1061 | kauth_cred_hold(l->l_cred); |
| 1062 | mutex_enter(p->p_lock); |
| 1063 | ocred = p->p_cred; |
| 1064 | p->p_cred = l->l_cred; |
| 1065 | mutex_exit(p->p_lock); |
| 1066 | kauth_cred_free(ocred); |
| 1067 | } |
| 1068 | |
| 1069 | return 0; |
| 1070 | } |
| 1071 | |
| 1072 | static void |
| 1073 | emulexec(struct lwp *l, struct exec_package *epp) |
| 1074 | { |
| 1075 | struct proc *p = l->l_proc; |
| 1076 | |
| 1077 | /* The emulation root will usually have been found when we looked |
| 1078 | * for the elf interpreter (or similar), if not look now. */ |
| 1079 | if (epp->ep_esch->es_emul->e_path != NULL && |
| 1080 | epp->ep_emul_root == NULL) |
| 1081 | emul_find_root(l, epp); |
| 1082 | |
| 1083 | /* Any old emulation root got removed by fdcloseexec */ |
| 1084 | rw_enter(&p->p_cwdi->cwdi_lock, RW_WRITER); |
| 1085 | p->p_cwdi->cwdi_edir = epp->ep_emul_root; |
| 1086 | rw_exit(&p->p_cwdi->cwdi_lock); |
| 1087 | epp->ep_emul_root = NULL; |
| 1088 | if (epp->ep_interp != NULL) |
| 1089 | vrele(epp->ep_interp); |
| 1090 | |
| 1091 | /* |
| 1092 | * Call emulation specific exec hook. This can setup per-process |
| 1093 | * p->p_emuldata or do any other per-process stuff an emulation needs. |
| 1094 | * |
| 1095 | * If we are executing process of different emulation than the |
| 1096 | * original forked process, call e_proc_exit() of the old emulation |
| 1097 | * first, then e_proc_exec() of new emulation. If the emulation is |
| 1098 | * same, the exec hook code should deallocate any old emulation |
| 1099 | * resources held previously by this process. |
| 1100 | */ |
| 1101 | if (p->p_emul && p->p_emul->e_proc_exit |
| 1102 | && p->p_emul != epp->ep_esch->es_emul) |
| 1103 | (*p->p_emul->e_proc_exit)(p); |
| 1104 | |
| 1105 | /* |
| 1106 | * This is now LWP 1. |
| 1107 | */ |
| 1108 | /* XXX elsewhere */ |
| 1109 | mutex_enter(p->p_lock); |
| 1110 | p->p_nlwpid = 1; |
| 1111 | l->l_lid = 1; |
| 1112 | mutex_exit(p->p_lock); |
| 1113 | |
| 1114 | /* |
| 1115 | * Call exec hook. Emulation code may NOT store reference to anything |
| 1116 | * from &pack. |
| 1117 | */ |
| 1118 | if (epp->ep_esch->es_emul->e_proc_exec) |
| 1119 | (*epp->ep_esch->es_emul->e_proc_exec)(p, epp); |
| 1120 | |
| 1121 | /* update p_emul, the old value is no longer needed */ |
| 1122 | p->p_emul = epp->ep_esch->es_emul; |
| 1123 | |
| 1124 | /* ...and the same for p_execsw */ |
| 1125 | p->p_execsw = epp->ep_esch; |
| 1126 | |
| 1127 | #ifdef __HAVE_SYSCALL_INTERN |
| 1128 | (*p->p_emul->e_syscall_intern)(p); |
| 1129 | #endif |
| 1130 | ktremul(); |
| 1131 | } |
| 1132 | |
| 1133 | static int |
| 1134 | execve_runproc(struct lwp *l, struct execve_data * restrict data, |
| 1135 | bool no_local_exec_lock, bool is_spawn) |
| 1136 | { |
| 1137 | struct exec_package * const epp = &data->ed_pack; |
| 1138 | int error = 0; |
| 1139 | struct proc *p; |
| 1140 | |
| 1141 | /* |
| 1142 | * In case of a posix_spawn operation, the child doing the exec |
| 1143 | * might not hold the reader lock on exec_lock, but the parent |
| 1144 | * will do this instead. |
| 1145 | */ |
| 1146 | KASSERT(no_local_exec_lock || rw_lock_held(&exec_lock)); |
| 1147 | KASSERT(!no_local_exec_lock || is_spawn); |
| 1148 | KASSERT(data != NULL); |
| 1149 | |
| 1150 | p = l->l_proc; |
| 1151 | |
| 1152 | /* Get rid of other LWPs. */ |
| 1153 | if (p->p_nlwps > 1) { |
| 1154 | mutex_enter(p->p_lock); |
| 1155 | exit_lwps(l); |
| 1156 | mutex_exit(p->p_lock); |
| 1157 | } |
| 1158 | KDASSERT(p->p_nlwps == 1); |
| 1159 | |
| 1160 | /* Destroy any lwpctl info. */ |
| 1161 | if (p->p_lwpctl != NULL) |
| 1162 | lwp_ctl_exit(); |
| 1163 | |
| 1164 | /* Remove POSIX timers */ |
| 1165 | timers_free(p, TIMERS_POSIX); |
| 1166 | |
| 1167 | /* Set the PaX flags. */ |
| 1168 | pax_set_flags(epp, p); |
| 1169 | |
| 1170 | /* |
| 1171 | * Do whatever is necessary to prepare the address space |
| 1172 | * for remapping. Note that this might replace the current |
| 1173 | * vmspace with another! |
| 1174 | */ |
| 1175 | if (is_spawn) |
| 1176 | uvmspace_spawn(l, epp->ep_vm_minaddr, |
| 1177 | epp->ep_vm_maxaddr, |
| 1178 | epp->ep_flags & EXEC_TOPDOWN_VM); |
| 1179 | else |
| 1180 | uvmspace_exec(l, epp->ep_vm_minaddr, |
| 1181 | epp->ep_vm_maxaddr, |
| 1182 | epp->ep_flags & EXEC_TOPDOWN_VM); |
| 1183 | |
| 1184 | struct vmspace *vm; |
| 1185 | vm = p->p_vmspace; |
| 1186 | vm->vm_taddr = (void *)epp->ep_taddr; |
| 1187 | vm->vm_tsize = btoc(epp->ep_tsize); |
| 1188 | vm->vm_daddr = (void*)epp->ep_daddr; |
| 1189 | vm->vm_dsize = btoc(epp->ep_dsize); |
| 1190 | vm->vm_ssize = btoc(epp->ep_ssize); |
| 1191 | vm->vm_issize = 0; |
| 1192 | vm->vm_maxsaddr = (void *)epp->ep_maxsaddr; |
| 1193 | vm->vm_minsaddr = (void *)epp->ep_minsaddr; |
| 1194 | |
| 1195 | pax_aslr_init_vm(l, vm, epp); |
| 1196 | |
| 1197 | /* Now map address space. */ |
| 1198 | error = execve_dovmcmds(l, data); |
| 1199 | if (error != 0) |
| 1200 | goto exec_abort; |
| 1201 | |
| 1202 | pathexec(epp, l, data->ed_pathstring); |
| 1203 | |
| 1204 | char * const newstack = STACK_GROW(vm->vm_minsaddr, epp->ep_ssize); |
| 1205 | |
| 1206 | error = copyoutargs(data, l, newstack); |
| 1207 | if (error != 0) |
| 1208 | goto exec_abort; |
| 1209 | |
| 1210 | cwdexec(p); |
| 1211 | fd_closeexec(); /* handle close on exec */ |
| 1212 | |
| 1213 | if (__predict_false(ktrace_on)) |
| 1214 | fd_ktrexecfd(); |
| 1215 | |
| 1216 | execsigs(p); /* reset caught signals */ |
| 1217 | |
| 1218 | mutex_enter(p->p_lock); |
| 1219 | l->l_ctxlink = NULL; /* reset ucontext link */ |
| 1220 | p->p_acflag &= ~AFORK; |
| 1221 | p->p_flag |= PK_EXEC; |
| 1222 | mutex_exit(p->p_lock); |
| 1223 | |
| 1224 | /* |
| 1225 | * Stop profiling. |
| 1226 | */ |
| 1227 | if ((p->p_stflag & PST_PROFIL) != 0) { |
| 1228 | mutex_spin_enter(&p->p_stmutex); |
| 1229 | stopprofclock(p); |
| 1230 | mutex_spin_exit(&p->p_stmutex); |
| 1231 | } |
| 1232 | |
| 1233 | /* |
| 1234 | * It's OK to test PL_PPWAIT unlocked here, as other LWPs have |
| 1235 | * exited and exec()/exit() are the only places it will be cleared. |
| 1236 | */ |
| 1237 | if ((p->p_lflag & PL_PPWAIT) != 0) { |
| 1238 | #if 0 |
| 1239 | lwp_t *lp; |
| 1240 | |
| 1241 | mutex_enter(proc_lock); |
| 1242 | lp = p->p_vforklwp; |
| 1243 | p->p_vforklwp = NULL; |
| 1244 | |
| 1245 | l->l_lwpctl = NULL; /* was on loan from blocked parent */ |
| 1246 | p->p_lflag &= ~PL_PPWAIT; |
| 1247 | |
| 1248 | lp->l_pflag &= ~LP_VFORKWAIT; /* XXX */ |
| 1249 | cv_broadcast(&lp->l_waitcv); |
| 1250 | mutex_exit(proc_lock); |
| 1251 | #else |
| 1252 | mutex_enter(proc_lock); |
| 1253 | l->l_lwpctl = NULL; /* was on loan from blocked parent */ |
| 1254 | p->p_lflag &= ~PL_PPWAIT; |
| 1255 | cv_broadcast(&p->p_pptr->p_waitcv); |
| 1256 | mutex_exit(proc_lock); |
| 1257 | #endif |
| 1258 | } |
| 1259 | |
| 1260 | error = credexec(l, &data->ed_attr); |
| 1261 | if (error) |
| 1262 | goto exec_abort; |
| 1263 | |
| 1264 | #if defined(__HAVE_RAS) |
| 1265 | /* |
| 1266 | * Remove all RASs from the address space. |
| 1267 | */ |
| 1268 | ras_purgeall(); |
| 1269 | #endif |
| 1270 | |
| 1271 | doexechooks(p); |
| 1272 | |
| 1273 | /* |
| 1274 | * Set initial SP at the top of the stack. |
| 1275 | * |
| 1276 | * Note that on machines where stack grows up (e.g. hppa), SP points to |
| 1277 | * the end of arg/env strings. Userland guesses the address of argc |
| 1278 | * via ps_strings::ps_argvstr. |
| 1279 | */ |
| 1280 | |
| 1281 | /* Setup new registers and do misc. setup. */ |
| 1282 | (*epp->ep_esch->es_emul->e_setregs)(l, epp, (vaddr_t)newstack); |
| 1283 | if (epp->ep_esch->es_setregs) |
| 1284 | (*epp->ep_esch->es_setregs)(l, epp, (vaddr_t)newstack); |
| 1285 | |
| 1286 | /* Provide a consistent LWP private setting */ |
| 1287 | (void)lwp_setprivate(l, NULL); |
| 1288 | |
| 1289 | /* Discard all PCU state; need to start fresh */ |
| 1290 | pcu_discard_all(l); |
| 1291 | |
| 1292 | /* map the process's signal trampoline code */ |
| 1293 | if ((error = exec_sigcode_map(p, epp->ep_esch->es_emul)) != 0) { |
| 1294 | DPRINTF(("%s: map sigcode failed %d\n" , __func__, error)); |
| 1295 | goto exec_abort; |
| 1296 | } |
| 1297 | |
| 1298 | pool_put(&exec_pool, data->ed_argp); |
| 1299 | |
| 1300 | /* notify others that we exec'd */ |
| 1301 | KNOTE(&p->p_klist, NOTE_EXEC); |
| 1302 | |
| 1303 | kmem_free(epp->ep_hdr, epp->ep_hdrlen); |
| 1304 | |
| 1305 | SDT_PROBE(proc, kernel, , exec__success, epp->ep_kname, 0, 0, 0, 0); |
| 1306 | |
| 1307 | emulexec(l, epp); |
| 1308 | |
| 1309 | /* Allow new references from the debugger/procfs. */ |
| 1310 | rw_exit(&p->p_reflock); |
| 1311 | if (!no_local_exec_lock) |
| 1312 | rw_exit(&exec_lock); |
| 1313 | |
| 1314 | mutex_enter(proc_lock); |
| 1315 | |
| 1316 | if ((p->p_slflag & (PSL_TRACED|PSL_SYSCALL)) == PSL_TRACED) { |
| 1317 | ksiginfo_t ksi; |
| 1318 | |
| 1319 | KSI_INIT_EMPTY(&ksi); |
| 1320 | ksi.ksi_signo = SIGTRAP; |
| 1321 | ksi.ksi_lid = l->l_lid; |
| 1322 | kpsignal(p, &ksi, NULL); |
| 1323 | } |
| 1324 | |
| 1325 | if (p->p_sflag & PS_STOPEXEC) { |
| 1326 | ksiginfoq_t kq; |
| 1327 | |
| 1328 | KERNEL_UNLOCK_ALL(l, &l->l_biglocks); |
| 1329 | p->p_pptr->p_nstopchild++; |
| 1330 | p->p_waited = 0; |
| 1331 | mutex_enter(p->p_lock); |
| 1332 | ksiginfo_queue_init(&kq); |
| 1333 | sigclearall(p, &contsigmask, &kq); |
| 1334 | lwp_lock(l); |
| 1335 | l->l_stat = LSSTOP; |
| 1336 | p->p_stat = SSTOP; |
| 1337 | p->p_nrlwps--; |
| 1338 | lwp_unlock(l); |
| 1339 | mutex_exit(p->p_lock); |
| 1340 | mutex_exit(proc_lock); |
| 1341 | lwp_lock(l); |
| 1342 | mi_switch(l); |
| 1343 | ksiginfo_queue_drain(&kq); |
| 1344 | KERNEL_LOCK(l->l_biglocks, l); |
| 1345 | } else { |
| 1346 | mutex_exit(proc_lock); |
| 1347 | } |
| 1348 | |
| 1349 | pathbuf_stringcopy_put(data->ed_pathbuf, data->ed_pathstring); |
| 1350 | pathbuf_destroy(data->ed_pathbuf); |
| 1351 | PNBUF_PUT(data->ed_resolvedpathbuf); |
| 1352 | #ifdef TRACE_EXEC |
| 1353 | DPRINTF(("%s finished\n" , __func__)); |
| 1354 | #endif |
| 1355 | return EJUSTRETURN; |
| 1356 | |
| 1357 | exec_abort: |
| 1358 | SDT_PROBE(proc, kernel, , exec__failure, error, 0, 0, 0, 0); |
| 1359 | rw_exit(&p->p_reflock); |
| 1360 | if (!no_local_exec_lock) |
| 1361 | rw_exit(&exec_lock); |
| 1362 | |
| 1363 | pathbuf_stringcopy_put(data->ed_pathbuf, data->ed_pathstring); |
| 1364 | pathbuf_destroy(data->ed_pathbuf); |
| 1365 | PNBUF_PUT(data->ed_resolvedpathbuf); |
| 1366 | |
| 1367 | /* |
| 1368 | * the old process doesn't exist anymore. exit gracefully. |
| 1369 | * get rid of the (new) address space we have created, if any, get rid |
| 1370 | * of our namei data and vnode, and exit noting failure |
| 1371 | */ |
| 1372 | uvm_deallocate(&vm->vm_map, VM_MIN_ADDRESS, |
| 1373 | VM_MAXUSER_ADDRESS - VM_MIN_ADDRESS); |
| 1374 | |
| 1375 | exec_free_emul_arg(epp); |
| 1376 | pool_put(&exec_pool, data->ed_argp); |
| 1377 | kmem_free(epp->ep_hdr, epp->ep_hdrlen); |
| 1378 | if (epp->ep_emul_root != NULL) |
| 1379 | vrele(epp->ep_emul_root); |
| 1380 | if (epp->ep_interp != NULL) |
| 1381 | vrele(epp->ep_interp); |
| 1382 | |
| 1383 | /* Acquire the sched-state mutex (exit1() will release it). */ |
| 1384 | if (!is_spawn) { |
| 1385 | mutex_enter(p->p_lock); |
| 1386 | exit1(l, error, SIGABRT); |
| 1387 | } |
| 1388 | |
| 1389 | return error; |
| 1390 | } |
| 1391 | |
| 1392 | int |
| 1393 | execve1(struct lwp *l, const char *path, char * const *args, |
| 1394 | char * const *envs, execve_fetch_element_t fetch_element) |
| 1395 | { |
| 1396 | struct execve_data data; |
| 1397 | int error; |
| 1398 | |
| 1399 | error = execve_loadvm(l, path, args, envs, fetch_element, &data); |
| 1400 | if (error) |
| 1401 | return error; |
| 1402 | error = execve_runproc(l, &data, false, false); |
| 1403 | return error; |
| 1404 | } |
| 1405 | |
| 1406 | static size_t |
| 1407 | fromptrsz(const struct exec_package *epp) |
| 1408 | { |
| 1409 | return (epp->ep_flags & EXEC_FROM32) ? sizeof(int) : sizeof(char *); |
| 1410 | } |
| 1411 | |
| 1412 | static size_t |
| 1413 | ptrsz(const struct exec_package *epp) |
| 1414 | { |
| 1415 | return (epp->ep_flags & EXEC_32) ? sizeof(int) : sizeof(char *); |
| 1416 | } |
| 1417 | |
| 1418 | static size_t |
| 1419 | calcargs(struct execve_data * restrict data, const size_t argenvstrlen) |
| 1420 | { |
| 1421 | struct exec_package * const epp = &data->ed_pack; |
| 1422 | |
| 1423 | const size_t nargenvptrs = |
| 1424 | 1 + /* long argc */ |
| 1425 | data->ed_argc + /* char *argv[] */ |
| 1426 | 1 + /* \0 */ |
| 1427 | data->ed_envc + /* char *env[] */ |
| 1428 | 1 + /* \0 */ |
| 1429 | epp->ep_esch->es_arglen; /* auxinfo */ |
| 1430 | |
| 1431 | return (nargenvptrs * ptrsz(epp)) + argenvstrlen; |
| 1432 | } |
| 1433 | |
| 1434 | static size_t |
| 1435 | calcstack(struct execve_data * restrict data, const size_t gaplen) |
| 1436 | { |
| 1437 | struct exec_package * const epp = &data->ed_pack; |
| 1438 | |
| 1439 | data->ed_szsigcode = epp->ep_esch->es_emul->e_esigcode - |
| 1440 | epp->ep_esch->es_emul->e_sigcode; |
| 1441 | |
| 1442 | data->ed_ps_strings_sz = (epp->ep_flags & EXEC_32) ? |
| 1443 | sizeof(struct ps_strings32) : sizeof(struct ps_strings); |
| 1444 | |
| 1445 | const size_t sigcode_psstr_sz = |
| 1446 | data->ed_szsigcode + /* sigcode */ |
| 1447 | data->ed_ps_strings_sz + /* ps_strings */ |
| 1448 | STACK_PTHREADSPACE; /* pthread space */ |
| 1449 | |
| 1450 | const size_t stacklen = |
| 1451 | data->ed_argslen + |
| 1452 | gaplen + |
| 1453 | sigcode_psstr_sz; |
| 1454 | |
| 1455 | /* make the stack "safely" aligned */ |
| 1456 | return STACK_LEN_ALIGN(stacklen, STACK_ALIGNBYTES); |
| 1457 | } |
| 1458 | |
| 1459 | static int |
| 1460 | copyoutargs(struct execve_data * restrict data, struct lwp *l, |
| 1461 | char * const newstack) |
| 1462 | { |
| 1463 | struct exec_package * const epp = &data->ed_pack; |
| 1464 | struct proc *p = l->l_proc; |
| 1465 | int error; |
| 1466 | |
| 1467 | /* remember information about the process */ |
| 1468 | data->ed_arginfo.ps_nargvstr = data->ed_argc; |
| 1469 | data->ed_arginfo.ps_nenvstr = data->ed_envc; |
| 1470 | |
| 1471 | /* |
| 1472 | * Allocate the stack address passed to the newly execve()'ed process. |
| 1473 | * |
| 1474 | * The new stack address will be set to the SP (stack pointer) register |
| 1475 | * in setregs(). |
| 1476 | */ |
| 1477 | |
| 1478 | char *newargs = STACK_ALLOC( |
| 1479 | STACK_SHRINK(newstack, data->ed_argslen), data->ed_argslen); |
| 1480 | |
| 1481 | error = (*epp->ep_esch->es_copyargs)(l, epp, |
| 1482 | &data->ed_arginfo, &newargs, data->ed_argp); |
| 1483 | |
| 1484 | if (epp->ep_path) { |
| 1485 | PNBUF_PUT(epp->ep_path); |
| 1486 | epp->ep_path = NULL; |
| 1487 | } |
| 1488 | if (error) { |
| 1489 | DPRINTF(("%s: copyargs failed %d\n" , __func__, error)); |
| 1490 | return error; |
| 1491 | } |
| 1492 | |
| 1493 | error = copyoutpsstrs(data, p); |
| 1494 | if (error != 0) |
| 1495 | return error; |
| 1496 | |
| 1497 | return 0; |
| 1498 | } |
| 1499 | |
| 1500 | static int |
| 1501 | copyoutpsstrs(struct execve_data * restrict data, struct proc *p) |
| 1502 | { |
| 1503 | struct exec_package * const epp = &data->ed_pack; |
| 1504 | struct ps_strings32 arginfo32; |
| 1505 | void *aip; |
| 1506 | int error; |
| 1507 | |
| 1508 | /* fill process ps_strings info */ |
| 1509 | p->p_psstrp = (vaddr_t)STACK_ALLOC(STACK_GROW(epp->ep_minsaddr, |
| 1510 | STACK_PTHREADSPACE), data->ed_ps_strings_sz); |
| 1511 | |
| 1512 | if (epp->ep_flags & EXEC_32) { |
| 1513 | aip = &arginfo32; |
| 1514 | arginfo32.ps_argvstr = (vaddr_t)data->ed_arginfo.ps_argvstr; |
| 1515 | arginfo32.ps_nargvstr = data->ed_arginfo.ps_nargvstr; |
| 1516 | arginfo32.ps_envstr = (vaddr_t)data->ed_arginfo.ps_envstr; |
| 1517 | arginfo32.ps_nenvstr = data->ed_arginfo.ps_nenvstr; |
| 1518 | } else |
| 1519 | aip = &data->ed_arginfo; |
| 1520 | |
| 1521 | /* copy out the process's ps_strings structure */ |
| 1522 | if ((error = copyout(aip, (void *)p->p_psstrp, data->ed_ps_strings_sz)) |
| 1523 | != 0) { |
| 1524 | DPRINTF(("%s: ps_strings copyout %p->%p size %zu failed\n" , |
| 1525 | __func__, aip, (void *)p->p_psstrp, data->ed_ps_strings_sz)); |
| 1526 | return error; |
| 1527 | } |
| 1528 | |
| 1529 | return 0; |
| 1530 | } |
| 1531 | |
| 1532 | static int |
| 1533 | copyinargs(struct execve_data * restrict data, char * const *args, |
| 1534 | char * const *envs, execve_fetch_element_t fetch_element, char **dpp) |
| 1535 | { |
| 1536 | struct exec_package * const epp = &data->ed_pack; |
| 1537 | char *dp; |
| 1538 | size_t i; |
| 1539 | int error; |
| 1540 | |
| 1541 | dp = *dpp; |
| 1542 | |
| 1543 | data->ed_argc = 0; |
| 1544 | |
| 1545 | /* copy the fake args list, if there's one, freeing it as we go */ |
| 1546 | if (epp->ep_flags & EXEC_HASARGL) { |
| 1547 | struct exec_fakearg *fa = epp->ep_fa; |
| 1548 | |
| 1549 | while (fa->fa_arg != NULL) { |
| 1550 | const size_t maxlen = ARG_MAX - (dp - data->ed_argp); |
| 1551 | size_t len; |
| 1552 | |
| 1553 | len = strlcpy(dp, fa->fa_arg, maxlen); |
| 1554 | /* Count NUL into len. */ |
| 1555 | if (len < maxlen) |
| 1556 | len++; |
| 1557 | else { |
| 1558 | while (fa->fa_arg != NULL) { |
| 1559 | kmem_free(fa->fa_arg, fa->fa_len); |
| 1560 | fa++; |
| 1561 | } |
| 1562 | kmem_free(epp->ep_fa, epp->ep_fa_len); |
| 1563 | epp->ep_flags &= ~EXEC_HASARGL; |
| 1564 | return E2BIG; |
| 1565 | } |
| 1566 | ktrexecarg(fa->fa_arg, len - 1); |
| 1567 | dp += len; |
| 1568 | |
| 1569 | kmem_free(fa->fa_arg, fa->fa_len); |
| 1570 | fa++; |
| 1571 | data->ed_argc++; |
| 1572 | } |
| 1573 | kmem_free(epp->ep_fa, epp->ep_fa_len); |
| 1574 | epp->ep_flags &= ~EXEC_HASARGL; |
| 1575 | } |
| 1576 | |
| 1577 | /* |
| 1578 | * Read and count argument strings from user. |
| 1579 | */ |
| 1580 | |
| 1581 | if (args == NULL) { |
| 1582 | DPRINTF(("%s: null args\n" , __func__)); |
| 1583 | return EINVAL; |
| 1584 | } |
| 1585 | if (epp->ep_flags & EXEC_SKIPARG) |
| 1586 | args = (const void *)((const char *)args + fromptrsz(epp)); |
| 1587 | i = 0; |
| 1588 | error = copyinargstrs(data, args, fetch_element, &dp, &i, ktr_execarg); |
| 1589 | if (error != 0) { |
| 1590 | DPRINTF(("%s: copyin arg %d\n" , __func__, error)); |
| 1591 | return error; |
| 1592 | } |
| 1593 | data->ed_argc += i; |
| 1594 | |
| 1595 | /* |
| 1596 | * Read and count environment strings from user. |
| 1597 | */ |
| 1598 | |
| 1599 | data->ed_envc = 0; |
| 1600 | /* environment need not be there */ |
| 1601 | if (envs == NULL) |
| 1602 | goto done; |
| 1603 | i = 0; |
| 1604 | error = copyinargstrs(data, envs, fetch_element, &dp, &i, ktr_execenv); |
| 1605 | if (error != 0) { |
| 1606 | DPRINTF(("%s: copyin env %d\n" , __func__, error)); |
| 1607 | return error; |
| 1608 | } |
| 1609 | data->ed_envc += i; |
| 1610 | |
| 1611 | done: |
| 1612 | *dpp = dp; |
| 1613 | |
| 1614 | return 0; |
| 1615 | } |
| 1616 | |
| 1617 | static int |
| 1618 | copyinargstrs(struct execve_data * restrict data, char * const *strs, |
| 1619 | execve_fetch_element_t fetch_element, char **dpp, size_t *ip, |
| 1620 | void (*ktr)(const void *, size_t)) |
| 1621 | { |
| 1622 | char *dp, *sp; |
| 1623 | size_t i; |
| 1624 | int error; |
| 1625 | |
| 1626 | dp = *dpp; |
| 1627 | |
| 1628 | i = 0; |
| 1629 | while (1) { |
| 1630 | const size_t maxlen = ARG_MAX - (dp - data->ed_argp); |
| 1631 | size_t len; |
| 1632 | |
| 1633 | if ((error = (*fetch_element)(strs, i, &sp)) != 0) { |
| 1634 | return error; |
| 1635 | } |
| 1636 | if (!sp) |
| 1637 | break; |
| 1638 | if ((error = copyinstr(sp, dp, maxlen, &len)) != 0) { |
| 1639 | if (error == ENAMETOOLONG) |
| 1640 | error = E2BIG; |
| 1641 | return error; |
| 1642 | } |
| 1643 | if (__predict_false(ktrace_on)) |
| 1644 | (*ktr)(dp, len - 1); |
| 1645 | dp += len; |
| 1646 | i++; |
| 1647 | } |
| 1648 | |
| 1649 | *dpp = dp; |
| 1650 | *ip = i; |
| 1651 | |
| 1652 | return 0; |
| 1653 | } |
| 1654 | |
| 1655 | /* |
| 1656 | * Copy argv and env strings from kernel buffer (argp) to the new stack. |
| 1657 | * Those strings are located just after auxinfo. |
| 1658 | */ |
| 1659 | int |
| 1660 | copyargs(struct lwp *l, struct exec_package *pack, struct ps_strings *arginfo, |
| 1661 | char **stackp, void *argp) |
| 1662 | { |
| 1663 | char **cpp, *dp, *sp; |
| 1664 | size_t len; |
| 1665 | void *nullp; |
| 1666 | long argc, envc; |
| 1667 | int error; |
| 1668 | |
| 1669 | cpp = (char **)*stackp; |
| 1670 | nullp = NULL; |
| 1671 | argc = arginfo->ps_nargvstr; |
| 1672 | envc = arginfo->ps_nenvstr; |
| 1673 | |
| 1674 | /* argc on stack is long */ |
| 1675 | CTASSERT(sizeof(*cpp) == sizeof(argc)); |
| 1676 | |
| 1677 | dp = (char *)(cpp + |
| 1678 | 1 + /* long argc */ |
| 1679 | argc + /* char *argv[] */ |
| 1680 | 1 + /* \0 */ |
| 1681 | envc + /* char *env[] */ |
| 1682 | 1 + /* \0 */ |
| 1683 | /* XXX auxinfo multiplied by ptr size? */ |
| 1684 | pack->ep_esch->es_arglen); /* auxinfo */ |
| 1685 | sp = argp; |
| 1686 | |
| 1687 | if ((error = copyout(&argc, cpp++, sizeof(argc))) != 0) { |
| 1688 | COPYPRINTF("" , cpp - 1, sizeof(argc)); |
| 1689 | return error; |
| 1690 | } |
| 1691 | |
| 1692 | /* XXX don't copy them out, remap them! */ |
| 1693 | arginfo->ps_argvstr = cpp; /* remember location of argv for later */ |
| 1694 | |
| 1695 | for (; --argc >= 0; sp += len, dp += len) { |
| 1696 | if ((error = copyout(&dp, cpp++, sizeof(dp))) != 0) { |
| 1697 | COPYPRINTF("" , cpp - 1, sizeof(dp)); |
| 1698 | return error; |
| 1699 | } |
| 1700 | if ((error = copyoutstr(sp, dp, ARG_MAX, &len)) != 0) { |
| 1701 | COPYPRINTF("str" , dp, (size_t)ARG_MAX); |
| 1702 | return error; |
| 1703 | } |
| 1704 | } |
| 1705 | |
| 1706 | if ((error = copyout(&nullp, cpp++, sizeof(nullp))) != 0) { |
| 1707 | COPYPRINTF("" , cpp - 1, sizeof(nullp)); |
| 1708 | return error; |
| 1709 | } |
| 1710 | |
| 1711 | arginfo->ps_envstr = cpp; /* remember location of envp for later */ |
| 1712 | |
| 1713 | for (; --envc >= 0; sp += len, dp += len) { |
| 1714 | if ((error = copyout(&dp, cpp++, sizeof(dp))) != 0) { |
| 1715 | COPYPRINTF("" , cpp - 1, sizeof(dp)); |
| 1716 | return error; |
| 1717 | } |
| 1718 | if ((error = copyoutstr(sp, dp, ARG_MAX, &len)) != 0) { |
| 1719 | COPYPRINTF("str" , dp, (size_t)ARG_MAX); |
| 1720 | return error; |
| 1721 | } |
| 1722 | |
| 1723 | } |
| 1724 | |
| 1725 | if ((error = copyout(&nullp, cpp++, sizeof(nullp))) != 0) { |
| 1726 | COPYPRINTF("" , cpp - 1, sizeof(nullp)); |
| 1727 | return error; |
| 1728 | } |
| 1729 | |
| 1730 | *stackp = (char *)cpp; |
| 1731 | return 0; |
| 1732 | } |
| 1733 | |
| 1734 | |
| 1735 | /* |
| 1736 | * Add execsw[] entries. |
| 1737 | */ |
| 1738 | int |
| 1739 | exec_add(struct execsw *esp, int count) |
| 1740 | { |
| 1741 | struct exec_entry *it; |
| 1742 | int i; |
| 1743 | |
| 1744 | if (count == 0) { |
| 1745 | return 0; |
| 1746 | } |
| 1747 | |
| 1748 | /* Check for duplicates. */ |
| 1749 | rw_enter(&exec_lock, RW_WRITER); |
| 1750 | for (i = 0; i < count; i++) { |
| 1751 | LIST_FOREACH(it, &ex_head, ex_list) { |
| 1752 | /* assume unique (makecmds, probe_func, emulation) */ |
| 1753 | if (it->ex_sw->es_makecmds == esp[i].es_makecmds && |
| 1754 | it->ex_sw->u.elf_probe_func == |
| 1755 | esp[i].u.elf_probe_func && |
| 1756 | it->ex_sw->es_emul == esp[i].es_emul) { |
| 1757 | rw_exit(&exec_lock); |
| 1758 | return EEXIST; |
| 1759 | } |
| 1760 | } |
| 1761 | } |
| 1762 | |
| 1763 | /* Allocate new entries. */ |
| 1764 | for (i = 0; i < count; i++) { |
| 1765 | it = kmem_alloc(sizeof(*it), KM_SLEEP); |
| 1766 | it->ex_sw = &esp[i]; |
| 1767 | LIST_INSERT_HEAD(&ex_head, it, ex_list); |
| 1768 | } |
| 1769 | |
| 1770 | /* update execsw[] */ |
| 1771 | exec_init(0); |
| 1772 | rw_exit(&exec_lock); |
| 1773 | return 0; |
| 1774 | } |
| 1775 | |
| 1776 | /* |
| 1777 | * Remove execsw[] entry. |
| 1778 | */ |
| 1779 | int |
| 1780 | exec_remove(struct execsw *esp, int count) |
| 1781 | { |
| 1782 | struct exec_entry *it, *next; |
| 1783 | int i; |
| 1784 | const struct proclist_desc *pd; |
| 1785 | proc_t *p; |
| 1786 | |
| 1787 | if (count == 0) { |
| 1788 | return 0; |
| 1789 | } |
| 1790 | |
| 1791 | /* Abort if any are busy. */ |
| 1792 | rw_enter(&exec_lock, RW_WRITER); |
| 1793 | for (i = 0; i < count; i++) { |
| 1794 | mutex_enter(proc_lock); |
| 1795 | for (pd = proclists; pd->pd_list != NULL; pd++) { |
| 1796 | PROCLIST_FOREACH(p, pd->pd_list) { |
| 1797 | if (p->p_execsw == &esp[i]) { |
| 1798 | mutex_exit(proc_lock); |
| 1799 | rw_exit(&exec_lock); |
| 1800 | return EBUSY; |
| 1801 | } |
| 1802 | } |
| 1803 | } |
| 1804 | mutex_exit(proc_lock); |
| 1805 | } |
| 1806 | |
| 1807 | /* None are busy, so remove them all. */ |
| 1808 | for (i = 0; i < count; i++) { |
| 1809 | for (it = LIST_FIRST(&ex_head); it != NULL; it = next) { |
| 1810 | next = LIST_NEXT(it, ex_list); |
| 1811 | if (it->ex_sw == &esp[i]) { |
| 1812 | LIST_REMOVE(it, ex_list); |
| 1813 | kmem_free(it, sizeof(*it)); |
| 1814 | break; |
| 1815 | } |
| 1816 | } |
| 1817 | } |
| 1818 | |
| 1819 | /* update execsw[] */ |
| 1820 | exec_init(0); |
| 1821 | rw_exit(&exec_lock); |
| 1822 | return 0; |
| 1823 | } |
| 1824 | |
| 1825 | /* |
| 1826 | * Initialize exec structures. If init_boot is true, also does necessary |
| 1827 | * one-time initialization (it's called from main() that way). |
| 1828 | * Once system is multiuser, this should be called with exec_lock held, |
| 1829 | * i.e. via exec_{add|remove}(). |
| 1830 | */ |
| 1831 | int |
| 1832 | exec_init(int init_boot) |
| 1833 | { |
| 1834 | const struct execsw **sw; |
| 1835 | struct exec_entry *ex; |
| 1836 | SLIST_HEAD(,exec_entry) first; |
| 1837 | SLIST_HEAD(,exec_entry) any; |
| 1838 | SLIST_HEAD(,exec_entry) last; |
| 1839 | int i, sz; |
| 1840 | |
| 1841 | if (init_boot) { |
| 1842 | /* do one-time initializations */ |
| 1843 | rw_init(&exec_lock); |
| 1844 | mutex_init(&sigobject_lock, MUTEX_DEFAULT, IPL_NONE); |
| 1845 | pool_init(&exec_pool, NCARGS, 0, 0, PR_NOALIGN|PR_NOTOUCH, |
| 1846 | "execargs" , &exec_palloc, IPL_NONE); |
| 1847 | pool_sethardlimit(&exec_pool, maxexec, "should not happen" , 0); |
| 1848 | } else { |
| 1849 | KASSERT(rw_write_held(&exec_lock)); |
| 1850 | } |
| 1851 | |
| 1852 | /* Sort each entry onto the appropriate queue. */ |
| 1853 | SLIST_INIT(&first); |
| 1854 | SLIST_INIT(&any); |
| 1855 | SLIST_INIT(&last); |
| 1856 | sz = 0; |
| 1857 | LIST_FOREACH(ex, &ex_head, ex_list) { |
| 1858 | switch(ex->ex_sw->es_prio) { |
| 1859 | case EXECSW_PRIO_FIRST: |
| 1860 | SLIST_INSERT_HEAD(&first, ex, ex_slist); |
| 1861 | break; |
| 1862 | case EXECSW_PRIO_ANY: |
| 1863 | SLIST_INSERT_HEAD(&any, ex, ex_slist); |
| 1864 | break; |
| 1865 | case EXECSW_PRIO_LAST: |
| 1866 | SLIST_INSERT_HEAD(&last, ex, ex_slist); |
| 1867 | break; |
| 1868 | default: |
| 1869 | panic("%s" , __func__); |
| 1870 | break; |
| 1871 | } |
| 1872 | sz++; |
| 1873 | } |
| 1874 | |
| 1875 | /* |
| 1876 | * Create new execsw[]. Ensure we do not try a zero-sized |
| 1877 | * allocation. |
| 1878 | */ |
| 1879 | sw = kmem_alloc(sz * sizeof(struct execsw *) + 1, KM_SLEEP); |
| 1880 | i = 0; |
| 1881 | SLIST_FOREACH(ex, &first, ex_slist) { |
| 1882 | sw[i++] = ex->ex_sw; |
| 1883 | } |
| 1884 | SLIST_FOREACH(ex, &any, ex_slist) { |
| 1885 | sw[i++] = ex->ex_sw; |
| 1886 | } |
| 1887 | SLIST_FOREACH(ex, &last, ex_slist) { |
| 1888 | sw[i++] = ex->ex_sw; |
| 1889 | } |
| 1890 | |
| 1891 | /* Replace old execsw[] and free used memory. */ |
| 1892 | if (execsw != NULL) { |
| 1893 | kmem_free(__UNCONST(execsw), |
| 1894 | nexecs * sizeof(struct execsw *) + 1); |
| 1895 | } |
| 1896 | execsw = sw; |
| 1897 | nexecs = sz; |
| 1898 | |
| 1899 | /* Figure out the maximum size of an exec header. */ |
| 1900 | exec_maxhdrsz = sizeof(int); |
| 1901 | for (i = 0; i < nexecs; i++) { |
| 1902 | if (execsw[i]->es_hdrsz > exec_maxhdrsz) |
| 1903 | exec_maxhdrsz = execsw[i]->es_hdrsz; |
| 1904 | } |
| 1905 | |
| 1906 | return 0; |
| 1907 | } |
| 1908 | |
| 1909 | static int |
| 1910 | exec_sigcode_map(struct proc *p, const struct emul *e) |
| 1911 | { |
| 1912 | vaddr_t va; |
| 1913 | vsize_t sz; |
| 1914 | int error; |
| 1915 | struct uvm_object *uobj; |
| 1916 | |
| 1917 | sz = (vaddr_t)e->e_esigcode - (vaddr_t)e->e_sigcode; |
| 1918 | |
| 1919 | if (e->e_sigobject == NULL || sz == 0) { |
| 1920 | return 0; |
| 1921 | } |
| 1922 | |
| 1923 | /* |
| 1924 | * If we don't have a sigobject for this emulation, create one. |
| 1925 | * |
| 1926 | * sigobject is an anonymous memory object (just like SYSV shared |
| 1927 | * memory) that we keep a permanent reference to and that we map |
| 1928 | * in all processes that need this sigcode. The creation is simple, |
| 1929 | * we create an object, add a permanent reference to it, map it in |
| 1930 | * kernel space, copy out the sigcode to it and unmap it. |
| 1931 | * We map it with PROT_READ|PROT_EXEC into the process just |
| 1932 | * the way sys_mmap() would map it. |
| 1933 | */ |
| 1934 | |
| 1935 | uobj = *e->e_sigobject; |
| 1936 | if (uobj == NULL) { |
| 1937 | mutex_enter(&sigobject_lock); |
| 1938 | if ((uobj = *e->e_sigobject) == NULL) { |
| 1939 | uobj = uao_create(sz, 0); |
| 1940 | (*uobj->pgops->pgo_reference)(uobj); |
| 1941 | va = vm_map_min(kernel_map); |
| 1942 | if ((error = uvm_map(kernel_map, &va, round_page(sz), |
| 1943 | uobj, 0, 0, |
| 1944 | UVM_MAPFLAG(UVM_PROT_RW, UVM_PROT_RW, |
| 1945 | UVM_INH_SHARE, UVM_ADV_RANDOM, 0)))) { |
| 1946 | printf("kernel mapping failed %d\n" , error); |
| 1947 | (*uobj->pgops->pgo_detach)(uobj); |
| 1948 | mutex_exit(&sigobject_lock); |
| 1949 | return error; |
| 1950 | } |
| 1951 | memcpy((void *)va, e->e_sigcode, sz); |
| 1952 | #ifdef PMAP_NEED_PROCWR |
| 1953 | pmap_procwr(&proc0, va, sz); |
| 1954 | #endif |
| 1955 | uvm_unmap(kernel_map, va, va + round_page(sz)); |
| 1956 | *e->e_sigobject = uobj; |
| 1957 | } |
| 1958 | mutex_exit(&sigobject_lock); |
| 1959 | } |
| 1960 | |
| 1961 | /* Just a hint to uvm_map where to put it. */ |
| 1962 | va = e->e_vm_default_addr(p, (vaddr_t)p->p_vmspace->vm_daddr, |
| 1963 | round_page(sz), p->p_vmspace->vm_map.flags & VM_MAP_TOPDOWN); |
| 1964 | |
| 1965 | #ifdef __alpha__ |
| 1966 | /* |
| 1967 | * Tru64 puts /sbin/loader at the end of user virtual memory, |
| 1968 | * which causes the above calculation to put the sigcode at |
| 1969 | * an invalid address. Put it just below the text instead. |
| 1970 | */ |
| 1971 | if (va == (vaddr_t)vm_map_max(&p->p_vmspace->vm_map)) { |
| 1972 | va = (vaddr_t)p->p_vmspace->vm_taddr - round_page(sz); |
| 1973 | } |
| 1974 | #endif |
| 1975 | |
| 1976 | (*uobj->pgops->pgo_reference)(uobj); |
| 1977 | error = uvm_map(&p->p_vmspace->vm_map, &va, round_page(sz), |
| 1978 | uobj, 0, 0, |
| 1979 | UVM_MAPFLAG(UVM_PROT_RX, UVM_PROT_RX, UVM_INH_SHARE, |
| 1980 | UVM_ADV_RANDOM, 0)); |
| 1981 | if (error) { |
| 1982 | DPRINTF(("%s, %d: map %p " |
| 1983 | "uvm_map %#" PRIxVSIZE"@%#" PRIxVADDR" failed %d\n" , |
| 1984 | __func__, __LINE__, &p->p_vmspace->vm_map, round_page(sz), |
| 1985 | va, error)); |
| 1986 | (*uobj->pgops->pgo_detach)(uobj); |
| 1987 | return error; |
| 1988 | } |
| 1989 | p->p_sigctx.ps_sigcode = (void *)va; |
| 1990 | return 0; |
| 1991 | } |
| 1992 | |
| 1993 | /* |
| 1994 | * Release a refcount on spawn_exec_data and destroy memory, if this |
| 1995 | * was the last one. |
| 1996 | */ |
| 1997 | static void |
| 1998 | spawn_exec_data_release(struct spawn_exec_data *data) |
| 1999 | { |
| 2000 | if (atomic_dec_32_nv(&data->sed_refcnt) != 0) |
| 2001 | return; |
| 2002 | |
| 2003 | cv_destroy(&data->sed_cv_child_ready); |
| 2004 | mutex_destroy(&data->sed_mtx_child); |
| 2005 | |
| 2006 | if (data->sed_actions) |
| 2007 | posix_spawn_fa_free(data->sed_actions, |
| 2008 | data->sed_actions->len); |
| 2009 | if (data->sed_attrs) |
| 2010 | kmem_free(data->sed_attrs, |
| 2011 | sizeof(*data->sed_attrs)); |
| 2012 | kmem_free(data, sizeof(*data)); |
| 2013 | } |
| 2014 | |
| 2015 | /* |
| 2016 | * A child lwp of a posix_spawn operation starts here and ends up in |
| 2017 | * cpu_spawn_return, dealing with all filedescriptor and scheduler |
| 2018 | * manipulations in between. |
| 2019 | * The parent waits for the child, as it is not clear whether the child |
| 2020 | * will be able to acquire its own exec_lock. If it can, the parent can |
| 2021 | * be released early and continue running in parallel. If not (or if the |
| 2022 | * magic debug flag is passed in the scheduler attribute struct), the |
| 2023 | * child rides on the parent's exec lock until it is ready to return to |
| 2024 | * to userland - and only then releases the parent. This method loses |
| 2025 | * concurrency, but improves error reporting. |
| 2026 | */ |
| 2027 | static void |
| 2028 | spawn_return(void *arg) |
| 2029 | { |
| 2030 | struct spawn_exec_data *spawn_data = arg; |
| 2031 | struct lwp *l = curlwp; |
| 2032 | int error, newfd; |
| 2033 | int ostat; |
| 2034 | size_t i; |
| 2035 | const struct posix_spawn_file_actions_entry *fae; |
| 2036 | pid_t ppid; |
| 2037 | register_t retval; |
| 2038 | bool have_reflock; |
| 2039 | bool parent_is_waiting = true; |
| 2040 | |
| 2041 | /* |
| 2042 | * Check if we can release parent early. |
| 2043 | * We either need to have no sed_attrs, or sed_attrs does not |
| 2044 | * have POSIX_SPAWN_RETURNERROR or one of the flags, that require |
| 2045 | * safe access to the parent proc (passed in sed_parent). |
| 2046 | * We then try to get the exec_lock, and only if that works, we can |
| 2047 | * release the parent here already. |
| 2048 | */ |
| 2049 | ppid = spawn_data->sed_parent->p_pid; |
| 2050 | if ((!spawn_data->sed_attrs |
| 2051 | || (spawn_data->sed_attrs->sa_flags |
| 2052 | & (POSIX_SPAWN_RETURNERROR|POSIX_SPAWN_SETPGROUP)) == 0) |
| 2053 | && rw_tryenter(&exec_lock, RW_READER)) { |
| 2054 | parent_is_waiting = false; |
| 2055 | mutex_enter(&spawn_data->sed_mtx_child); |
| 2056 | cv_signal(&spawn_data->sed_cv_child_ready); |
| 2057 | mutex_exit(&spawn_data->sed_mtx_child); |
| 2058 | } |
| 2059 | |
| 2060 | /* don't allow debugger access yet */ |
| 2061 | rw_enter(&l->l_proc->p_reflock, RW_WRITER); |
| 2062 | have_reflock = true; |
| 2063 | |
| 2064 | error = 0; |
| 2065 | /* handle posix_spawn_file_actions */ |
| 2066 | if (spawn_data->sed_actions != NULL) { |
| 2067 | for (i = 0; i < spawn_data->sed_actions->len; i++) { |
| 2068 | fae = &spawn_data->sed_actions->fae[i]; |
| 2069 | switch (fae->fae_action) { |
| 2070 | case FAE_OPEN: |
| 2071 | if (fd_getfile(fae->fae_fildes) != NULL) { |
| 2072 | error = fd_close(fae->fae_fildes); |
| 2073 | if (error) |
| 2074 | break; |
| 2075 | } |
| 2076 | error = fd_open(fae->fae_path, fae->fae_oflag, |
| 2077 | fae->fae_mode, &newfd); |
| 2078 | if (error) |
| 2079 | break; |
| 2080 | if (newfd != fae->fae_fildes) { |
| 2081 | error = dodup(l, newfd, |
| 2082 | fae->fae_fildes, 0, &retval); |
| 2083 | if (fd_getfile(newfd) != NULL) |
| 2084 | fd_close(newfd); |
| 2085 | } |
| 2086 | break; |
| 2087 | case FAE_DUP2: |
| 2088 | error = dodup(l, fae->fae_fildes, |
| 2089 | fae->fae_newfildes, 0, &retval); |
| 2090 | break; |
| 2091 | case FAE_CLOSE: |
| 2092 | if (fd_getfile(fae->fae_fildes) == NULL) { |
| 2093 | error = EBADF; |
| 2094 | break; |
| 2095 | } |
| 2096 | error = fd_close(fae->fae_fildes); |
| 2097 | break; |
| 2098 | } |
| 2099 | if (error) |
| 2100 | goto report_error; |
| 2101 | } |
| 2102 | } |
| 2103 | |
| 2104 | /* handle posix_spawnattr */ |
| 2105 | if (spawn_data->sed_attrs != NULL) { |
| 2106 | struct sigaction sigact; |
| 2107 | sigact._sa_u._sa_handler = SIG_DFL; |
| 2108 | sigact.sa_flags = 0; |
| 2109 | |
| 2110 | /* |
| 2111 | * set state to SSTOP so that this proc can be found by pid. |
| 2112 | * see proc_enterprp, do_sched_setparam below |
| 2113 | */ |
| 2114 | mutex_enter(proc_lock); |
| 2115 | /* |
| 2116 | * p_stat should be SACTIVE, so we need to adjust the |
| 2117 | * parent's p_nstopchild here. For safety, just make |
| 2118 | * we're on the good side of SDEAD before we adjust. |
| 2119 | */ |
| 2120 | ostat = l->l_proc->p_stat; |
| 2121 | KASSERT(ostat < SSTOP); |
| 2122 | l->l_proc->p_stat = SSTOP; |
| 2123 | l->l_proc->p_waited = 0; |
| 2124 | l->l_proc->p_pptr->p_nstopchild++; |
| 2125 | mutex_exit(proc_lock); |
| 2126 | |
| 2127 | /* Set process group */ |
| 2128 | if (spawn_data->sed_attrs->sa_flags & POSIX_SPAWN_SETPGROUP) { |
| 2129 | pid_t mypid = l->l_proc->p_pid, |
| 2130 | pgrp = spawn_data->sed_attrs->sa_pgroup; |
| 2131 | |
| 2132 | if (pgrp == 0) |
| 2133 | pgrp = mypid; |
| 2134 | |
| 2135 | error = proc_enterpgrp(spawn_data->sed_parent, |
| 2136 | mypid, pgrp, false); |
| 2137 | if (error) |
| 2138 | goto report_error_stopped; |
| 2139 | } |
| 2140 | |
| 2141 | /* Set scheduler policy */ |
| 2142 | if (spawn_data->sed_attrs->sa_flags & POSIX_SPAWN_SETSCHEDULER) |
| 2143 | error = do_sched_setparam(l->l_proc->p_pid, 0, |
| 2144 | spawn_data->sed_attrs->sa_schedpolicy, |
| 2145 | &spawn_data->sed_attrs->sa_schedparam); |
| 2146 | else if (spawn_data->sed_attrs->sa_flags |
| 2147 | & POSIX_SPAWN_SETSCHEDPARAM) { |
| 2148 | error = do_sched_setparam(ppid, 0, |
| 2149 | SCHED_NONE, &spawn_data->sed_attrs->sa_schedparam); |
| 2150 | } |
| 2151 | if (error) |
| 2152 | goto report_error_stopped; |
| 2153 | |
| 2154 | /* Reset user ID's */ |
| 2155 | if (spawn_data->sed_attrs->sa_flags & POSIX_SPAWN_RESETIDS) { |
| 2156 | error = do_setresuid(l, -1, |
| 2157 | kauth_cred_getgid(l->l_cred), -1, |
| 2158 | ID_E_EQ_R | ID_E_EQ_S); |
| 2159 | if (error) |
| 2160 | goto report_error_stopped; |
| 2161 | error = do_setresuid(l, -1, |
| 2162 | kauth_cred_getuid(l->l_cred), -1, |
| 2163 | ID_E_EQ_R | ID_E_EQ_S); |
| 2164 | if (error) |
| 2165 | goto report_error_stopped; |
| 2166 | } |
| 2167 | |
| 2168 | /* Set signal masks/defaults */ |
| 2169 | if (spawn_data->sed_attrs->sa_flags & POSIX_SPAWN_SETSIGMASK) { |
| 2170 | mutex_enter(l->l_proc->p_lock); |
| 2171 | error = sigprocmask1(l, SIG_SETMASK, |
| 2172 | &spawn_data->sed_attrs->sa_sigmask, NULL); |
| 2173 | mutex_exit(l->l_proc->p_lock); |
| 2174 | if (error) |
| 2175 | goto report_error_stopped; |
| 2176 | } |
| 2177 | |
| 2178 | if (spawn_data->sed_attrs->sa_flags & POSIX_SPAWN_SETSIGDEF) { |
| 2179 | /* |
| 2180 | * The following sigaction call is using a sigaction |
| 2181 | * version 0 trampoline which is in the compatibility |
| 2182 | * code only. This is not a problem because for SIG_DFL |
| 2183 | * and SIG_IGN, the trampolines are now ignored. If they |
| 2184 | * were not, this would be a problem because we are |
| 2185 | * holding the exec_lock, and the compat code needs |
| 2186 | * to do the same in order to replace the trampoline |
| 2187 | * code of the process. |
| 2188 | */ |
| 2189 | for (i = 1; i <= NSIG; i++) { |
| 2190 | if (sigismember( |
| 2191 | &spawn_data->sed_attrs->sa_sigdefault, i)) |
| 2192 | sigaction1(l, i, &sigact, NULL, NULL, |
| 2193 | 0); |
| 2194 | } |
| 2195 | } |
| 2196 | mutex_enter(proc_lock); |
| 2197 | l->l_proc->p_stat = ostat; |
| 2198 | l->l_proc->p_pptr->p_nstopchild--; |
| 2199 | mutex_exit(proc_lock); |
| 2200 | } |
| 2201 | |
| 2202 | /* now do the real exec */ |
| 2203 | error = execve_runproc(l, &spawn_data->sed_exec, parent_is_waiting, |
| 2204 | true); |
| 2205 | have_reflock = false; |
| 2206 | if (error == EJUSTRETURN) |
| 2207 | error = 0; |
| 2208 | else if (error) |
| 2209 | goto report_error; |
| 2210 | |
| 2211 | if (parent_is_waiting) { |
| 2212 | mutex_enter(&spawn_data->sed_mtx_child); |
| 2213 | cv_signal(&spawn_data->sed_cv_child_ready); |
| 2214 | mutex_exit(&spawn_data->sed_mtx_child); |
| 2215 | } |
| 2216 | |
| 2217 | /* release our refcount on the data */ |
| 2218 | spawn_exec_data_release(spawn_data); |
| 2219 | |
| 2220 | /* and finally: leave to userland for the first time */ |
| 2221 | cpu_spawn_return(l); |
| 2222 | |
| 2223 | /* NOTREACHED */ |
| 2224 | return; |
| 2225 | |
| 2226 | report_error_stopped: |
| 2227 | mutex_enter(proc_lock); |
| 2228 | l->l_proc->p_stat = ostat; |
| 2229 | l->l_proc->p_pptr->p_nstopchild--; |
| 2230 | mutex_exit(proc_lock); |
| 2231 | report_error: |
| 2232 | if (have_reflock) { |
| 2233 | /* |
| 2234 | * We have not passed through execve_runproc(), |
| 2235 | * which would have released the p_reflock and also |
| 2236 | * taken ownership of the sed_exec part of spawn_data, |
| 2237 | * so release/free both here. |
| 2238 | */ |
| 2239 | rw_exit(&l->l_proc->p_reflock); |
| 2240 | execve_free_data(&spawn_data->sed_exec); |
| 2241 | } |
| 2242 | |
| 2243 | if (parent_is_waiting) { |
| 2244 | /* pass error to parent */ |
| 2245 | mutex_enter(&spawn_data->sed_mtx_child); |
| 2246 | spawn_data->sed_error = error; |
| 2247 | cv_signal(&spawn_data->sed_cv_child_ready); |
| 2248 | mutex_exit(&spawn_data->sed_mtx_child); |
| 2249 | } else { |
| 2250 | rw_exit(&exec_lock); |
| 2251 | } |
| 2252 | |
| 2253 | /* release our refcount on the data */ |
| 2254 | spawn_exec_data_release(spawn_data); |
| 2255 | |
| 2256 | /* done, exit */ |
| 2257 | mutex_enter(l->l_proc->p_lock); |
| 2258 | /* |
| 2259 | * Posix explicitly asks for an exit code of 127 if we report |
| 2260 | * errors from the child process - so, unfortunately, there |
| 2261 | * is no way to report a more exact error code. |
| 2262 | * A NetBSD specific workaround is POSIX_SPAWN_RETURNERROR as |
| 2263 | * flag bit in the attrp argument to posix_spawn(2), see above. |
| 2264 | */ |
| 2265 | exit1(l, 127, 0); |
| 2266 | } |
| 2267 | |
| 2268 | void |
| 2269 | posix_spawn_fa_free(struct posix_spawn_file_actions *fa, size_t len) |
| 2270 | { |
| 2271 | |
| 2272 | for (size_t i = 0; i < len; i++) { |
| 2273 | struct posix_spawn_file_actions_entry *fae = &fa->fae[i]; |
| 2274 | if (fae->fae_action != FAE_OPEN) |
| 2275 | continue; |
| 2276 | kmem_free(fae->fae_path, strlen(fae->fae_path) + 1); |
| 2277 | } |
| 2278 | if (fa->len > 0) |
| 2279 | kmem_free(fa->fae, sizeof(*fa->fae) * fa->len); |
| 2280 | kmem_free(fa, sizeof(*fa)); |
| 2281 | } |
| 2282 | |
| 2283 | static int |
| 2284 | posix_spawn_fa_alloc(struct posix_spawn_file_actions **fap, |
| 2285 | const struct posix_spawn_file_actions *ufa, rlim_t lim) |
| 2286 | { |
| 2287 | struct posix_spawn_file_actions *fa; |
| 2288 | struct posix_spawn_file_actions_entry *fae; |
| 2289 | char *pbuf = NULL; |
| 2290 | int error; |
| 2291 | size_t i = 0; |
| 2292 | |
| 2293 | fa = kmem_alloc(sizeof(*fa), KM_SLEEP); |
| 2294 | error = copyin(ufa, fa, sizeof(*fa)); |
| 2295 | if (error || fa->len == 0) { |
| 2296 | kmem_free(fa, sizeof(*fa)); |
| 2297 | return error; /* 0 if not an error, and len == 0 */ |
| 2298 | } |
| 2299 | |
| 2300 | if (fa->len > lim) { |
| 2301 | kmem_free(fa, sizeof(*fa)); |
| 2302 | return EINVAL; |
| 2303 | } |
| 2304 | |
| 2305 | fa->size = fa->len; |
| 2306 | size_t fal = fa->len * sizeof(*fae); |
| 2307 | fae = fa->fae; |
| 2308 | fa->fae = kmem_alloc(fal, KM_SLEEP); |
| 2309 | error = copyin(fae, fa->fae, fal); |
| 2310 | if (error) |
| 2311 | goto out; |
| 2312 | |
| 2313 | pbuf = PNBUF_GET(); |
| 2314 | for (; i < fa->len; i++) { |
| 2315 | fae = &fa->fae[i]; |
| 2316 | if (fae->fae_action != FAE_OPEN) |
| 2317 | continue; |
| 2318 | error = copyinstr(fae->fae_path, pbuf, MAXPATHLEN, &fal); |
| 2319 | if (error) |
| 2320 | goto out; |
| 2321 | fae->fae_path = kmem_alloc(fal, KM_SLEEP); |
| 2322 | memcpy(fae->fae_path, pbuf, fal); |
| 2323 | } |
| 2324 | PNBUF_PUT(pbuf); |
| 2325 | |
| 2326 | *fap = fa; |
| 2327 | return 0; |
| 2328 | out: |
| 2329 | if (pbuf) |
| 2330 | PNBUF_PUT(pbuf); |
| 2331 | posix_spawn_fa_free(fa, i); |
| 2332 | return error; |
| 2333 | } |
| 2334 | |
| 2335 | int |
| 2336 | check_posix_spawn(struct lwp *l1) |
| 2337 | { |
| 2338 | int error, tnprocs, count; |
| 2339 | uid_t uid; |
| 2340 | struct proc *p1; |
| 2341 | |
| 2342 | p1 = l1->l_proc; |
| 2343 | uid = kauth_cred_getuid(l1->l_cred); |
| 2344 | tnprocs = atomic_inc_uint_nv(&nprocs); |
| 2345 | |
| 2346 | /* |
| 2347 | * Although process entries are dynamically created, we still keep |
| 2348 | * a global limit on the maximum number we will create. |
| 2349 | */ |
| 2350 | if (__predict_false(tnprocs >= maxproc)) |
| 2351 | error = -1; |
| 2352 | else |
| 2353 | error = kauth_authorize_process(l1->l_cred, |
| 2354 | KAUTH_PROCESS_FORK, p1, KAUTH_ARG(tnprocs), NULL, NULL); |
| 2355 | |
| 2356 | if (error) { |
| 2357 | atomic_dec_uint(&nprocs); |
| 2358 | return EAGAIN; |
| 2359 | } |
| 2360 | |
| 2361 | /* |
| 2362 | * Enforce limits. |
| 2363 | */ |
| 2364 | count = chgproccnt(uid, 1); |
| 2365 | if (kauth_authorize_process(l1->l_cred, KAUTH_PROCESS_RLIMIT, |
| 2366 | p1, KAUTH_ARG(KAUTH_REQ_PROCESS_RLIMIT_BYPASS), |
| 2367 | &p1->p_rlimit[RLIMIT_NPROC], KAUTH_ARG(RLIMIT_NPROC)) != 0 && |
| 2368 | __predict_false(count > p1->p_rlimit[RLIMIT_NPROC].rlim_cur)) { |
| 2369 | (void)chgproccnt(uid, -1); |
| 2370 | atomic_dec_uint(&nprocs); |
| 2371 | return EAGAIN; |
| 2372 | } |
| 2373 | |
| 2374 | return 0; |
| 2375 | } |
| 2376 | |
| 2377 | int |
| 2378 | do_posix_spawn(struct lwp *l1, pid_t *pid_res, bool *child_ok, const char *path, |
| 2379 | struct posix_spawn_file_actions *fa, |
| 2380 | struct posix_spawnattr *sa, |
| 2381 | char *const *argv, char *const *envp, |
| 2382 | execve_fetch_element_t fetch) |
| 2383 | { |
| 2384 | |
| 2385 | struct proc *p1, *p2; |
| 2386 | struct lwp *l2; |
| 2387 | int error; |
| 2388 | struct spawn_exec_data *spawn_data; |
| 2389 | vaddr_t uaddr; |
| 2390 | pid_t pid; |
| 2391 | bool have_exec_lock = false; |
| 2392 | |
| 2393 | p1 = l1->l_proc; |
| 2394 | |
| 2395 | /* Allocate and init spawn_data */ |
| 2396 | spawn_data = kmem_zalloc(sizeof(*spawn_data), KM_SLEEP); |
| 2397 | spawn_data->sed_refcnt = 1; /* only parent so far */ |
| 2398 | cv_init(&spawn_data->sed_cv_child_ready, "pspawn" ); |
| 2399 | mutex_init(&spawn_data->sed_mtx_child, MUTEX_DEFAULT, IPL_NONE); |
| 2400 | mutex_enter(&spawn_data->sed_mtx_child); |
| 2401 | |
| 2402 | /* |
| 2403 | * Do the first part of the exec now, collect state |
| 2404 | * in spawn_data. |
| 2405 | */ |
| 2406 | error = execve_loadvm(l1, path, argv, |
| 2407 | envp, fetch, &spawn_data->sed_exec); |
| 2408 | if (error == EJUSTRETURN) |
| 2409 | error = 0; |
| 2410 | else if (error) |
| 2411 | goto error_exit; |
| 2412 | |
| 2413 | have_exec_lock = true; |
| 2414 | |
| 2415 | /* |
| 2416 | * Allocate virtual address space for the U-area now, while it |
| 2417 | * is still easy to abort the fork operation if we're out of |
| 2418 | * kernel virtual address space. |
| 2419 | */ |
| 2420 | uaddr = uvm_uarea_alloc(); |
| 2421 | if (__predict_false(uaddr == 0)) { |
| 2422 | error = ENOMEM; |
| 2423 | goto error_exit; |
| 2424 | } |
| 2425 | |
| 2426 | /* |
| 2427 | * Allocate new proc. Borrow proc0 vmspace for it, we will |
| 2428 | * replace it with its own before returning to userland |
| 2429 | * in the child. |
| 2430 | * This is a point of no return, we will have to go through |
| 2431 | * the child proc to properly clean it up past this point. |
| 2432 | */ |
| 2433 | p2 = proc_alloc(); |
| 2434 | pid = p2->p_pid; |
| 2435 | |
| 2436 | /* |
| 2437 | * Make a proc table entry for the new process. |
| 2438 | * Start by zeroing the section of proc that is zero-initialized, |
| 2439 | * then copy the section that is copied directly from the parent. |
| 2440 | */ |
| 2441 | memset(&p2->p_startzero, 0, |
| 2442 | (unsigned) ((char *)&p2->p_endzero - (char *)&p2->p_startzero)); |
| 2443 | memcpy(&p2->p_startcopy, &p1->p_startcopy, |
| 2444 | (unsigned) ((char *)&p2->p_endcopy - (char *)&p2->p_startcopy)); |
| 2445 | p2->p_vmspace = proc0.p_vmspace; |
| 2446 | |
| 2447 | TAILQ_INIT(&p2->p_sigpend.sp_info); |
| 2448 | |
| 2449 | LIST_INIT(&p2->p_lwps); |
| 2450 | LIST_INIT(&p2->p_sigwaiters); |
| 2451 | |
| 2452 | /* |
| 2453 | * Duplicate sub-structures as needed. |
| 2454 | * Increase reference counts on shared objects. |
| 2455 | * Inherit flags we want to keep. The flags related to SIGCHLD |
| 2456 | * handling are important in order to keep a consistent behaviour |
| 2457 | * for the child after the fork. If we are a 32-bit process, the |
| 2458 | * child will be too. |
| 2459 | */ |
| 2460 | p2->p_flag = |
| 2461 | p1->p_flag & (PK_SUGID | PK_NOCLDWAIT | PK_CLDSIGIGN | PK_32); |
| 2462 | p2->p_emul = p1->p_emul; |
| 2463 | p2->p_execsw = p1->p_execsw; |
| 2464 | |
| 2465 | mutex_init(&p2->p_stmutex, MUTEX_DEFAULT, IPL_HIGH); |
| 2466 | mutex_init(&p2->p_auxlock, MUTEX_DEFAULT, IPL_NONE); |
| 2467 | rw_init(&p2->p_reflock); |
| 2468 | cv_init(&p2->p_waitcv, "wait" ); |
| 2469 | cv_init(&p2->p_lwpcv, "lwpwait" ); |
| 2470 | |
| 2471 | p2->p_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_NONE); |
| 2472 | |
| 2473 | kauth_proc_fork(p1, p2); |
| 2474 | |
| 2475 | p2->p_raslist = NULL; |
| 2476 | p2->p_fd = fd_copy(); |
| 2477 | |
| 2478 | /* XXX racy */ |
| 2479 | p2->p_mqueue_cnt = p1->p_mqueue_cnt; |
| 2480 | |
| 2481 | p2->p_cwdi = cwdinit(); |
| 2482 | |
| 2483 | /* |
| 2484 | * Note: p_limit (rlimit stuff) is copy-on-write, so normally |
| 2485 | * we just need increase pl_refcnt. |
| 2486 | */ |
| 2487 | if (!p1->p_limit->pl_writeable) { |
| 2488 | lim_addref(p1->p_limit); |
| 2489 | p2->p_limit = p1->p_limit; |
| 2490 | } else { |
| 2491 | p2->p_limit = lim_copy(p1->p_limit); |
| 2492 | } |
| 2493 | |
| 2494 | p2->p_lflag = 0; |
| 2495 | p2->p_sflag = 0; |
| 2496 | p2->p_slflag = 0; |
| 2497 | p2->p_pptr = p1; |
| 2498 | p2->p_ppid = p1->p_pid; |
| 2499 | LIST_INIT(&p2->p_children); |
| 2500 | |
| 2501 | p2->p_aio = NULL; |
| 2502 | |
| 2503 | #ifdef KTRACE |
| 2504 | /* |
| 2505 | * Copy traceflag and tracefile if enabled. |
| 2506 | * If not inherited, these were zeroed above. |
| 2507 | */ |
| 2508 | if (p1->p_traceflag & KTRFAC_INHERIT) { |
| 2509 | mutex_enter(&ktrace_lock); |
| 2510 | p2->p_traceflag = p1->p_traceflag; |
| 2511 | if ((p2->p_tracep = p1->p_tracep) != NULL) |
| 2512 | ktradref(p2); |
| 2513 | mutex_exit(&ktrace_lock); |
| 2514 | } |
| 2515 | #endif |
| 2516 | |
| 2517 | /* |
| 2518 | * Create signal actions for the child process. |
| 2519 | */ |
| 2520 | p2->p_sigacts = sigactsinit(p1, 0); |
| 2521 | mutex_enter(p1->p_lock); |
| 2522 | p2->p_sflag |= |
| 2523 | (p1->p_sflag & (PS_STOPFORK | PS_STOPEXEC | PS_NOCLDSTOP)); |
| 2524 | sched_proc_fork(p1, p2); |
| 2525 | mutex_exit(p1->p_lock); |
| 2526 | |
| 2527 | p2->p_stflag = p1->p_stflag; |
| 2528 | |
| 2529 | /* |
| 2530 | * p_stats. |
| 2531 | * Copy parts of p_stats, and zero out the rest. |
| 2532 | */ |
| 2533 | p2->p_stats = pstatscopy(p1->p_stats); |
| 2534 | |
| 2535 | /* copy over machdep flags to the new proc */ |
| 2536 | cpu_proc_fork(p1, p2); |
| 2537 | |
| 2538 | /* |
| 2539 | * Prepare remaining parts of spawn data |
| 2540 | */ |
| 2541 | spawn_data->sed_actions = fa; |
| 2542 | spawn_data->sed_attrs = sa; |
| 2543 | |
| 2544 | spawn_data->sed_parent = p1; |
| 2545 | |
| 2546 | /* create LWP */ |
| 2547 | lwp_create(l1, p2, uaddr, 0, NULL, 0, spawn_return, spawn_data, |
| 2548 | &l2, l1->l_class); |
| 2549 | l2->l_ctxlink = NULL; /* reset ucontext link */ |
| 2550 | |
| 2551 | /* |
| 2552 | * Copy the credential so other references don't see our changes. |
| 2553 | * Test to see if this is necessary first, since in the common case |
| 2554 | * we won't need a private reference. |
| 2555 | */ |
| 2556 | if (kauth_cred_geteuid(l2->l_cred) != kauth_cred_getsvuid(l2->l_cred) || |
| 2557 | kauth_cred_getegid(l2->l_cred) != kauth_cred_getsvgid(l2->l_cred)) { |
| 2558 | l2->l_cred = kauth_cred_copy(l2->l_cred); |
| 2559 | kauth_cred_setsvuid(l2->l_cred, kauth_cred_geteuid(l2->l_cred)); |
| 2560 | kauth_cred_setsvgid(l2->l_cred, kauth_cred_getegid(l2->l_cred)); |
| 2561 | } |
| 2562 | |
| 2563 | /* Update the master credentials. */ |
| 2564 | if (l2->l_cred != p2->p_cred) { |
| 2565 | kauth_cred_t ocred; |
| 2566 | |
| 2567 | kauth_cred_hold(l2->l_cred); |
| 2568 | mutex_enter(p2->p_lock); |
| 2569 | ocred = p2->p_cred; |
| 2570 | p2->p_cred = l2->l_cred; |
| 2571 | mutex_exit(p2->p_lock); |
| 2572 | kauth_cred_free(ocred); |
| 2573 | } |
| 2574 | |
| 2575 | *child_ok = true; |
| 2576 | spawn_data->sed_refcnt = 2; /* child gets it as well */ |
| 2577 | #if 0 |
| 2578 | l2->l_nopreempt = 1; /* start it non-preemptable */ |
| 2579 | #endif |
| 2580 | |
| 2581 | /* |
| 2582 | * It's now safe for the scheduler and other processes to see the |
| 2583 | * child process. |
| 2584 | */ |
| 2585 | mutex_enter(proc_lock); |
| 2586 | |
| 2587 | if (p1->p_session->s_ttyvp != NULL && p1->p_lflag & PL_CONTROLT) |
| 2588 | p2->p_lflag |= PL_CONTROLT; |
| 2589 | |
| 2590 | LIST_INSERT_HEAD(&p1->p_children, p2, p_sibling); |
| 2591 | p2->p_exitsig = SIGCHLD; /* signal for parent on exit */ |
| 2592 | |
| 2593 | LIST_INSERT_AFTER(p1, p2, p_pglist); |
| 2594 | LIST_INSERT_HEAD(&allproc, p2, p_list); |
| 2595 | |
| 2596 | p2->p_trace_enabled = trace_is_enabled(p2); |
| 2597 | #ifdef __HAVE_SYSCALL_INTERN |
| 2598 | (*p2->p_emul->e_syscall_intern)(p2); |
| 2599 | #endif |
| 2600 | |
| 2601 | /* |
| 2602 | * Make child runnable, set start time, and add to run queue except |
| 2603 | * if the parent requested the child to start in SSTOP state. |
| 2604 | */ |
| 2605 | mutex_enter(p2->p_lock); |
| 2606 | |
| 2607 | getmicrotime(&p2->p_stats->p_start); |
| 2608 | |
| 2609 | lwp_lock(l2); |
| 2610 | KASSERT(p2->p_nrlwps == 1); |
| 2611 | p2->p_nrlwps = 1; |
| 2612 | p2->p_stat = SACTIVE; |
| 2613 | l2->l_stat = LSRUN; |
| 2614 | sched_enqueue(l2, false); |
| 2615 | lwp_unlock(l2); |
| 2616 | |
| 2617 | mutex_exit(p2->p_lock); |
| 2618 | mutex_exit(proc_lock); |
| 2619 | |
| 2620 | cv_wait(&spawn_data->sed_cv_child_ready, &spawn_data->sed_mtx_child); |
| 2621 | error = spawn_data->sed_error; |
| 2622 | mutex_exit(&spawn_data->sed_mtx_child); |
| 2623 | spawn_exec_data_release(spawn_data); |
| 2624 | |
| 2625 | rw_exit(&p1->p_reflock); |
| 2626 | rw_exit(&exec_lock); |
| 2627 | have_exec_lock = false; |
| 2628 | |
| 2629 | *pid_res = pid; |
| 2630 | return error; |
| 2631 | |
| 2632 | error_exit: |
| 2633 | if (have_exec_lock) { |
| 2634 | execve_free_data(&spawn_data->sed_exec); |
| 2635 | rw_exit(&p1->p_reflock); |
| 2636 | rw_exit(&exec_lock); |
| 2637 | } |
| 2638 | mutex_exit(&spawn_data->sed_mtx_child); |
| 2639 | spawn_exec_data_release(spawn_data); |
| 2640 | |
| 2641 | return error; |
| 2642 | } |
| 2643 | |
| 2644 | int |
| 2645 | sys_posix_spawn(struct lwp *l1, const struct sys_posix_spawn_args *uap, |
| 2646 | register_t *retval) |
| 2647 | { |
| 2648 | /* { |
| 2649 | syscallarg(pid_t *) pid; |
| 2650 | syscallarg(const char *) path; |
| 2651 | syscallarg(const struct posix_spawn_file_actions *) file_actions; |
| 2652 | syscallarg(const struct posix_spawnattr *) attrp; |
| 2653 | syscallarg(char *const *) argv; |
| 2654 | syscallarg(char *const *) envp; |
| 2655 | } */ |
| 2656 | |
| 2657 | int error; |
| 2658 | struct posix_spawn_file_actions *fa = NULL; |
| 2659 | struct posix_spawnattr *sa = NULL; |
| 2660 | pid_t pid; |
| 2661 | bool child_ok = false; |
| 2662 | rlim_t max_fileactions; |
| 2663 | proc_t *p = l1->l_proc; |
| 2664 | |
| 2665 | error = check_posix_spawn(l1); |
| 2666 | if (error) { |
| 2667 | *retval = error; |
| 2668 | return 0; |
| 2669 | } |
| 2670 | |
| 2671 | /* copy in file_actions struct */ |
| 2672 | if (SCARG(uap, file_actions) != NULL) { |
| 2673 | max_fileactions = 2 * min(p->p_rlimit[RLIMIT_NOFILE].rlim_cur, |
| 2674 | maxfiles); |
| 2675 | error = posix_spawn_fa_alloc(&fa, SCARG(uap, file_actions), |
| 2676 | max_fileactions); |
| 2677 | if (error) |
| 2678 | goto error_exit; |
| 2679 | } |
| 2680 | |
| 2681 | /* copyin posix_spawnattr struct */ |
| 2682 | if (SCARG(uap, attrp) != NULL) { |
| 2683 | sa = kmem_alloc(sizeof(*sa), KM_SLEEP); |
| 2684 | error = copyin(SCARG(uap, attrp), sa, sizeof(*sa)); |
| 2685 | if (error) |
| 2686 | goto error_exit; |
| 2687 | } |
| 2688 | |
| 2689 | /* |
| 2690 | * Do the spawn |
| 2691 | */ |
| 2692 | error = do_posix_spawn(l1, &pid, &child_ok, SCARG(uap, path), fa, sa, |
| 2693 | SCARG(uap, argv), SCARG(uap, envp), execve_fetch_element); |
| 2694 | if (error) |
| 2695 | goto error_exit; |
| 2696 | |
| 2697 | if (error == 0 && SCARG(uap, pid) != NULL) |
| 2698 | error = copyout(&pid, SCARG(uap, pid), sizeof(pid)); |
| 2699 | |
| 2700 | *retval = error; |
| 2701 | return 0; |
| 2702 | |
| 2703 | error_exit: |
| 2704 | if (!child_ok) { |
| 2705 | (void)chgproccnt(kauth_cred_getuid(l1->l_cred), -1); |
| 2706 | atomic_dec_uint(&nprocs); |
| 2707 | |
| 2708 | if (sa) |
| 2709 | kmem_free(sa, sizeof(*sa)); |
| 2710 | if (fa) |
| 2711 | posix_spawn_fa_free(fa, fa->len); |
| 2712 | } |
| 2713 | |
| 2714 | *retval = error; |
| 2715 | return 0; |
| 2716 | } |
| 2717 | |
| 2718 | void |
| 2719 | exec_free_emul_arg(struct exec_package *epp) |
| 2720 | { |
| 2721 | if (epp->ep_emul_arg_free != NULL) { |
| 2722 | KASSERT(epp->ep_emul_arg != NULL); |
| 2723 | (*epp->ep_emul_arg_free)(epp->ep_emul_arg); |
| 2724 | epp->ep_emul_arg_free = NULL; |
| 2725 | epp->ep_emul_arg = NULL; |
| 2726 | } else { |
| 2727 | KASSERT(epp->ep_emul_arg == NULL); |
| 2728 | } |
| 2729 | } |
| 2730 | |
| 2731 | #ifdef DEBUG_EXEC |
| 2732 | static void |
| 2733 | dump_vmcmds(const struct exec_package * const epp, size_t x, int error) |
| 2734 | { |
| 2735 | struct exec_vmcmd *vp = &epp->ep_vmcmds.evs_cmds[0]; |
| 2736 | size_t j; |
| 2737 | |
| 2738 | if (error == 0) |
| 2739 | DPRINTF(("vmcmds %u\n" , epp->ep_vmcmds.evs_used)); |
| 2740 | else |
| 2741 | DPRINTF(("vmcmds %zu/%u, error %d\n" , x, |
| 2742 | epp->ep_vmcmds.evs_used, error)); |
| 2743 | |
| 2744 | for (j = 0; j < epp->ep_vmcmds.evs_used; j++) { |
| 2745 | DPRINTF(("vmcmd[%zu] = vmcmd_map_%s %#" |
| 2746 | PRIxVADDR"/%#" PRIxVSIZE" fd@%#" |
| 2747 | PRIxVSIZE" prot=0%o flags=%d\n" , j, |
| 2748 | vp[j].ev_proc == vmcmd_map_pagedvn ? |
| 2749 | "pagedvn" : |
| 2750 | vp[j].ev_proc == vmcmd_map_readvn ? |
| 2751 | "readvn" : |
| 2752 | vp[j].ev_proc == vmcmd_map_zero ? |
| 2753 | "zero" : "*unknown*" , |
| 2754 | vp[j].ev_addr, vp[j].ev_len, |
| 2755 | vp[j].ev_offset, vp[j].ev_prot, |
| 2756 | vp[j].ev_flags)); |
| 2757 | if (error != 0 && j == x) |
| 2758 | DPRINTF((" ^--- failed\n" )); |
| 2759 | } |
| 2760 | } |
| 2761 | #endif |
| 2762 | |