Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap. Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/exec/elf/elf.c
+++ new/usr/src/uts/common/exec/elf/elf.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright (c) 1989, 2010, Oracle and/or its affiliates. All rights reserved.
24 24 */
25 25
26 26 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
27 27 /* All Rights Reserved */
28 28 /*
29 29 * Copyright (c) 2013, Joyent, Inc. All rights reserved.
30 30 */
31 31
32 32 #include <sys/types.h>
33 33 #include <sys/param.h>
34 34 #include <sys/thread.h>
35 35 #include <sys/sysmacros.h>
36 36 #include <sys/signal.h>
37 37 #include <sys/cred.h>
38 38 #include <sys/user.h>
39 39 #include <sys/errno.h>
40 40 #include <sys/vnode.h>
41 41 #include <sys/mman.h>
42 42 #include <sys/kmem.h>
43 43 #include <sys/proc.h>
44 44 #include <sys/pathname.h>
45 45 #include <sys/cmn_err.h>
46 46 #include <sys/systm.h>
47 47 #include <sys/elf.h>
48 48 #include <sys/vmsystm.h>
49 49 #include <sys/debug.h>
50 50 #include <sys/auxv.h>
51 51 #include <sys/exec.h>
52 52 #include <sys/prsystm.h>
53 53 #include <vm/as.h>
54 54 #include <vm/rm.h>
55 55 #include <vm/seg.h>
56 56 #include <vm/seg_vn.h>
57 57 #include <sys/modctl.h>
|
↓ open down ↓ |
57 lines elided |
↑ open up ↑ |
58 58 #include <sys/systeminfo.h>
59 59 #include <sys/vmparam.h>
60 60 #include <sys/machelf.h>
61 61 #include <sys/shm_impl.h>
62 62 #include <sys/archsystm.h>
63 63 #include <sys/fasttrap.h>
64 64 #include <sys/brand.h>
65 65 #include "elf_impl.h"
66 66 #include <sys/sdt.h>
67 67 #include <sys/siginfo.h>
68 +#include <sys/random.h>
68 69
69 70 extern int at_flags;
71 +extern volatile size_t aslr_max_brk_skew;
70 72
71 73 #define ORIGIN_STR "ORIGIN"
72 74 #define ORIGIN_STR_SIZE 6
73 75
74 76 static int getelfhead(vnode_t *, cred_t *, Ehdr *, int *, int *, int *);
75 77 static int getelfphdr(vnode_t *, cred_t *, const Ehdr *, int, caddr_t *,
76 78 ssize_t *);
77 79 static int getelfshdr(vnode_t *, cred_t *, const Ehdr *, int, int, caddr_t *,
78 80 ssize_t *, caddr_t *, ssize_t *);
79 81 static size_t elfsize(Ehdr *, int, caddr_t, uintptr_t *);
80 82 static int mapelfexec(vnode_t *, Ehdr *, int, caddr_t,
81 83 Phdr **, Phdr **, Phdr **, Phdr **, Phdr *,
82 84 caddr_t *, caddr_t *, intptr_t *, intptr_t *, size_t, long *, size_t *);
83 85
84 86 typedef enum {
85 87 STR_CTF,
86 88 STR_SYMTAB,
87 89 STR_DYNSYM,
88 90 STR_STRTAB,
89 91 STR_DYNSTR,
90 92 STR_SHSTRTAB,
91 93 STR_NUM
92 94 } shstrtype_t;
93 95
94 96 static const char *shstrtab_data[] = {
95 97 ".SUNW_ctf",
96 98 ".symtab",
97 99 ".dynsym",
98 100 ".strtab",
99 101 ".dynstr",
100 102 ".shstrtab"
101 103 };
102 104
103 105 typedef struct shstrtab {
104 106 int sst_ndx[STR_NUM];
105 107 int sst_cur;
106 108 } shstrtab_t;
107 109
108 110 static void
109 111 shstrtab_init(shstrtab_t *s)
110 112 {
111 113 bzero(&s->sst_ndx, sizeof (s->sst_ndx));
112 114 s->sst_cur = 1;
113 115 }
114 116
115 117 static int
116 118 shstrtab_ndx(shstrtab_t *s, shstrtype_t type)
117 119 {
118 120 int ret;
119 121
120 122 if ((ret = s->sst_ndx[type]) != 0)
121 123 return (ret);
122 124
123 125 ret = s->sst_ndx[type] = s->sst_cur;
124 126 s->sst_cur += strlen(shstrtab_data[type]) + 1;
125 127
126 128 return (ret);
127 129 }
128 130
129 131 static size_t
130 132 shstrtab_size(const shstrtab_t *s)
131 133 {
132 134 return (s->sst_cur);
133 135 }
134 136
135 137 static void
136 138 shstrtab_dump(const shstrtab_t *s, char *buf)
137 139 {
138 140 int i, ndx;
139 141
140 142 *buf = '\0';
141 143 for (i = 0; i < STR_NUM; i++) {
142 144 if ((ndx = s->sst_ndx[i]) != 0)
143 145 (void) strcpy(buf + ndx, shstrtab_data[i]);
144 146 }
145 147 }
146 148
147 149 static int
148 150 dtrace_safe_phdr(Phdr *phdrp, struct uarg *args, uintptr_t base)
149 151 {
150 152 ASSERT(phdrp->p_type == PT_SUNWDTRACE);
151 153
152 154 /*
153 155 * See the comment in fasttrap.h for information on how to safely
154 156 * update this program header.
155 157 */
156 158 if (phdrp->p_memsz < PT_SUNWDTRACE_SIZE ||
157 159 (phdrp->p_flags & (PF_R | PF_W | PF_X)) != (PF_R | PF_W | PF_X))
158 160 return (-1);
159 161
160 162 args->thrptr = phdrp->p_vaddr + base;
161 163
162 164 return (0);
163 165 }
164 166
165 167 /*
166 168 * Map in the executable pointed to by vp. Returns 0 on success.
167 169 */
168 170 int
169 171 mapexec_brand(vnode_t *vp, uarg_t *args, Ehdr *ehdr, Addr *uphdr_vaddr,
170 172 intptr_t *voffset, caddr_t exec_file, int *interp, caddr_t *bssbase,
171 173 caddr_t *brkbase, size_t *brksize, uintptr_t *lddatap)
172 174 {
173 175 size_t len;
174 176 struct vattr vat;
175 177 caddr_t phdrbase = NULL;
176 178 ssize_t phdrsize;
177 179 int nshdrs, shstrndx, nphdrs;
178 180 int error = 0;
179 181 Phdr *uphdr = NULL;
180 182 Phdr *junk = NULL;
181 183 Phdr *dynphdr = NULL;
182 184 Phdr *dtrphdr = NULL;
183 185 uintptr_t lddata;
184 186 long execsz;
185 187 intptr_t minaddr;
186 188
187 189 if (lddatap != NULL)
188 190 *lddatap = NULL;
189 191
190 192 if (error = execpermissions(vp, &vat, args)) {
191 193 uprintf("%s: Cannot execute %s\n", exec_file, args->pathname);
192 194 return (error);
193 195 }
194 196
195 197 if ((error = getelfhead(vp, CRED(), ehdr, &nshdrs, &shstrndx,
196 198 &nphdrs)) != 0 ||
197 199 (error = getelfphdr(vp, CRED(), ehdr, nphdrs, &phdrbase,
198 200 &phdrsize)) != 0) {
199 201 uprintf("%s: Cannot read %s\n", exec_file, args->pathname);
200 202 return (error);
201 203 }
202 204
203 205 if ((len = elfsize(ehdr, nphdrs, phdrbase, &lddata)) == 0) {
204 206 uprintf("%s: Nothing to load in %s", exec_file, args->pathname);
205 207 kmem_free(phdrbase, phdrsize);
206 208 return (ENOEXEC);
207 209 }
208 210 if (lddatap != NULL)
209 211 *lddatap = lddata;
210 212
211 213 if (error = mapelfexec(vp, ehdr, nphdrs, phdrbase, &uphdr, &dynphdr,
212 214 &junk, &dtrphdr, NULL, bssbase, brkbase, voffset, &minaddr,
213 215 len, &execsz, brksize)) {
214 216 uprintf("%s: Cannot map %s\n", exec_file, args->pathname);
215 217 kmem_free(phdrbase, phdrsize);
216 218 return (error);
217 219 }
218 220
219 221 /*
220 222 * Inform our caller if the executable needs an interpreter.
221 223 */
222 224 *interp = (dynphdr == NULL) ? 0 : 1;
223 225
224 226 /*
225 227 * If this is a statically linked executable, voffset should indicate
226 228 * the address of the executable itself (it normally holds the address
227 229 * of the interpreter).
228 230 */
229 231 if (ehdr->e_type == ET_EXEC && *interp == 0)
230 232 *voffset = minaddr;
231 233
232 234 if (uphdr != NULL) {
233 235 *uphdr_vaddr = uphdr->p_vaddr;
234 236 } else {
235 237 *uphdr_vaddr = (Addr)-1;
236 238 }
237 239
238 240 kmem_free(phdrbase, phdrsize);
239 241 return (error);
240 242 }
241 243
242 244 /*ARGSUSED*/
243 245 int
244 246 elfexec(vnode_t *vp, execa_t *uap, uarg_t *args, intpdata_t *idatap,
245 247 int level, long *execsz, int setid, caddr_t exec_file, cred_t *cred,
246 248 int brand_action)
247 249 {
|
↓ open down ↓ |
168 lines elided |
↑ open up ↑ |
248 250 caddr_t phdrbase = NULL;
249 251 caddr_t bssbase = 0;
250 252 caddr_t brkbase = 0;
251 253 size_t brksize = 0;
252 254 ssize_t dlnsize;
253 255 aux_entry_t *aux;
254 256 int error;
255 257 ssize_t resid;
256 258 int fd = -1;
257 259 intptr_t voffset;
258 - Phdr *dyphdr = NULL;
260 + Phdr *intphdr = NULL;
261 + Phdr *dynamicphdr = NULL;
259 262 Phdr *stphdr = NULL;
260 263 Phdr *uphdr = NULL;
261 264 Phdr *junk = NULL;
262 265 size_t len;
263 266 ssize_t phdrsize;
264 267 int postfixsize = 0;
265 268 int i, hsize;
266 269 Phdr *phdrp;
267 270 Phdr *dataphdrp = NULL;
268 271 Phdr *dtrphdr;
269 272 Phdr *capphdr = NULL;
270 273 Cap *cap = NULL;
271 274 ssize_t capsize;
275 + Dyn *dyn = NULL;
276 + ssize_t dynsize;
272 277 int hasu = 0;
273 278 int hasauxv = 0;
274 - int hasdy = 0;
279 + int hasintp = 0;
275 280 int branded = 0;
276 281
277 282 struct proc *p = ttoproc(curthread);
278 283 struct user *up = PTOU(p);
279 284 struct bigwad {
280 285 Ehdr ehdr;
281 286 aux_entry_t elfargs[__KERN_NAUXV_IMPL];
282 287 char dl_name[MAXPATHLEN];
283 288 char pathbuf[MAXPATHLEN];
284 289 struct vattr vattr;
285 290 struct execenv exenv;
286 291 } *bigwad; /* kmem_alloc this behemoth so we don't blow stack */
287 292 Ehdr *ehdrp;
288 293 int nshdrs, shstrndx, nphdrs;
289 294 char *dlnp;
290 295 char *pathbufp;
291 296 rlim64_t limit;
292 297 rlim64_t roundlimit;
293 298
294 299 ASSERT(p->p_model == DATAMODEL_ILP32 || p->p_model == DATAMODEL_LP64);
295 300
296 301 bigwad = kmem_alloc(sizeof (struct bigwad), KM_SLEEP);
297 302 ehdrp = &bigwad->ehdr;
298 303 dlnp = bigwad->dl_name;
299 304 pathbufp = bigwad->pathbuf;
300 305
301 306 /*
302 307 * Obtain ELF and program header information.
303 308 */
304 309 if ((error = getelfhead(vp, CRED(), ehdrp, &nshdrs, &shstrndx,
305 310 &nphdrs)) != 0 ||
306 311 (error = getelfphdr(vp, CRED(), ehdrp, nphdrs, &phdrbase,
307 312 &phdrsize)) != 0)
308 313 goto out;
309 314
310 315 /*
311 316 * Prevent executing an ELF file that has no entry point.
312 317 */
313 318 if (ehdrp->e_entry == 0) {
314 319 uprintf("%s: Bad entry point\n", exec_file);
315 320 goto bad;
316 321 }
317 322
318 323 /*
319 324 * Put data model that we're exec-ing to into the args passed to
320 325 * exec_args(), so it will know what it is copying to on new stack.
321 326 * Now that we know whether we are exec-ing a 32-bit or 64-bit
322 327 * executable, we can set execsz with the appropriate NCARGS.
323 328 */
324 329 #ifdef _LP64
325 330 if (ehdrp->e_ident[EI_CLASS] == ELFCLASS32) {
326 331 args->to_model = DATAMODEL_ILP32;
327 332 *execsz = btopr(SINCR) + btopr(SSIZE) + btopr(NCARGS32-1);
328 333 } else {
329 334 args->to_model = DATAMODEL_LP64;
330 335 args->stk_prot &= ~PROT_EXEC;
331 336 #if defined(__i386) || defined(__amd64)
332 337 args->dat_prot &= ~PROT_EXEC;
333 338 #endif
334 339 *execsz = btopr(SINCR) + btopr(SSIZE) + btopr(NCARGS64-1);
335 340 }
336 341 #else /* _LP64 */
337 342 args->to_model = DATAMODEL_ILP32;
338 343 *execsz = btopr(SINCR) + btopr(SSIZE) + btopr(NCARGS-1);
339 344 #endif /* _LP64 */
340 345
341 346 /*
342 347 * We delay invoking the brand callback until we've figured out
343 348 * what kind of elf binary we're trying to run, 32-bit or 64-bit.
344 349 * We do this because now the brand library can just check
345 350 * args->to_model to see if the target is 32-bit or 64-bit without
346 351 * having do duplicate all the code above.
347 352 */
348 353 if ((level < 2) &&
349 354 (brand_action != EBA_NATIVE) && (PROC_IS_BRANDED(p))) {
350 355 error = BROP(p)->b_elfexec(vp, uap, args,
351 356 idatap, level + 1, execsz, setid, exec_file, cred,
352 357 brand_action);
353 358 goto out;
354 359 }
355 360
356 361 /*
|
↓ open down ↓ |
72 lines elided |
↑ open up ↑ |
357 362 * Determine aux size now so that stack can be built
358 363 * in one shot (except actual copyout of aux image),
359 364 * determine any non-default stack protections,
360 365 * and still have this code be machine independent.
361 366 */
362 367 hsize = ehdrp->e_phentsize;
363 368 phdrp = (Phdr *)phdrbase;
364 369 for (i = nphdrs; i > 0; i--) {
365 370 switch (phdrp->p_type) {
366 371 case PT_INTERP:
367 - hasauxv = hasdy = 1;
372 + hasauxv = hasintp = 1;
368 373 break;
369 374 case PT_PHDR:
370 375 hasu = 1;
371 376 break;
372 377 case PT_SUNWSTACK:
373 378 args->stk_prot = PROT_USER;
374 379 if (phdrp->p_flags & PF_R)
375 380 args->stk_prot |= PROT_READ;
376 381 if (phdrp->p_flags & PF_W)
377 382 args->stk_prot |= PROT_WRITE;
378 383 if (phdrp->p_flags & PF_X)
379 384 args->stk_prot |= PROT_EXEC;
380 385 break;
381 386 case PT_LOAD:
382 387 dataphdrp = phdrp;
383 388 break;
384 389 case PT_SUNWCAP:
385 390 capphdr = phdrp;
386 391 break;
392 + case PT_DYNAMIC:
393 + dynamicphdr = phdrp;
394 + break;
387 395 }
388 396 phdrp = (Phdr *)((caddr_t)phdrp + hsize);
389 397 }
390 398
391 399 if (ehdrp->e_type != ET_EXEC) {
392 400 dataphdrp = NULL;
393 401 hasauxv = 1;
394 402 }
395 403
396 404 /* Copy BSS permissions to args->dat_prot */
397 405 if (dataphdrp != NULL) {
398 406 args->dat_prot = PROT_USER;
399 407 if (dataphdrp->p_flags & PF_R)
400 408 args->dat_prot |= PROT_READ;
401 409 if (dataphdrp->p_flags & PF_W)
402 410 args->dat_prot |= PROT_WRITE;
403 411 if (dataphdrp->p_flags & PF_X)
404 412 args->dat_prot |= PROT_EXEC;
405 413 }
406 414
407 415 /*
408 416 * If a auxvector will be required - reserve the space for
409 417 * it now. This may be increased by exec_args if there are
410 418 * ISA-specific types (included in __KERN_NAUXV_IMPL).
411 419 */
412 420 if (hasauxv) {
|
↓ open down ↓ |
16 lines elided |
↑ open up ↑ |
413 421 /*
414 422 * If a AUX vector is being built - the base AUX
415 423 * entries are:
416 424 *
417 425 * AT_BASE
418 426 * AT_FLAGS
419 427 * AT_PAGESZ
420 428 * AT_SUN_AUXFLAGS
421 429 * AT_SUN_HWCAP
422 430 * AT_SUN_HWCAP2
431 + * AT_SUN_SECFLAGS
423 432 * AT_SUN_PLATFORM (added in stk_copyout)
424 433 * AT_SUN_EXECNAME (added in stk_copyout)
425 434 * AT_NULL
426 435 *
427 - * total == 9
436 + * total == 10
428 437 */
429 - if (hasdy && hasu) {
438 + if (hasintp && hasu) {
430 439 /*
431 440 * Has PT_INTERP & PT_PHDR - the auxvectors that
432 441 * will be built are:
433 442 *
434 443 * AT_PHDR
435 444 * AT_PHENT
436 445 * AT_PHNUM
437 446 * AT_ENTRY
438 447 * AT_LDDATA
439 448 *
440 449 * total = 5
441 450 */
442 - args->auxsize = (9 + 5) * sizeof (aux_entry_t);
443 - } else if (hasdy) {
451 + args->auxsize = (10 + 5) * sizeof (aux_entry_t);
452 + } else if (hasintp) {
444 453 /*
445 454 * Has PT_INTERP but no PT_PHDR
446 455 *
447 456 * AT_EXECFD
448 457 * AT_LDDATA
449 458 *
450 459 * total = 2
451 460 */
452 - args->auxsize = (9 + 2) * sizeof (aux_entry_t);
461 + args->auxsize = (10 + 2) * sizeof (aux_entry_t);
453 462 } else {
454 - args->auxsize = 9 * sizeof (aux_entry_t);
463 + args->auxsize = 10 * sizeof (aux_entry_t);
455 464 }
456 465 } else {
457 466 args->auxsize = 0;
458 467 }
459 468
460 469 /*
461 470 * If this binary is using an emulator, we need to add an
462 471 * AT_SUN_EMULATOR aux entry.
463 472 */
464 473 if (args->emulator != NULL)
465 474 args->auxsize += sizeof (aux_entry_t);
|
↓ open down ↓ |
1 lines elided |
↑ open up ↑ |
466 475
467 476 if ((brand_action != EBA_NATIVE) && (PROC_IS_BRANDED(p))) {
468 477 branded = 1;
469 478 /*
470 479 * We will be adding 4 entries to the aux vectors. One for
471 480 * the the brandname and 3 for the brand specific aux vectors.
472 481 */
473 482 args->auxsize += 4 * sizeof (aux_entry_t);
474 483 }
475 484
485 + /* If the binary has an explicit ASLR flag, it must be honoured */
486 + if (dynamicphdr != NULL) {
487 + Dyn *dp;
488 +
489 + dynsize = dynamicphdr->p_filesz;
490 + dyn = kmem_alloc(dynsize, KM_SLEEP);
491 +
492 + if ((error = vn_rdwr(UIO_READ, vp, (caddr_t)dyn, dynsize,
493 + (offset_t)dynamicphdr->p_offset, UIO_SYSSPACE, 0, (rlim64_t)0,
494 + CRED(), &resid)) != 0) {
495 + uprintf("%s: cannot read .dynamic section\n",
496 + exec_file);
497 + goto out;
498 + }
499 +
500 + if (resid != 0)
501 + goto out;
502 +
503 + dp = dyn;
504 + while (dp->d_tag != DT_NULL) {
505 + if (dp->d_tag == DT_SUNW_ASLR) {
506 + if (dp->d_un.d_val != 0) {
507 + curproc->p_secflags.psf_effective |=
508 + PROC_SEC_ASLR;
509 + curproc->p_secflags.psf_inherit |=
510 + PROC_SEC_ASLR;
511 +
512 + } else {
513 + curproc->p_secflags.psf_effective &=
514 + ~PROC_SEC_ASLR;
515 + curproc->p_secflags.psf_inherit &=
516 + ~PROC_SEC_ASLR;
517 + }
518 + }
519 + dp++;
520 + }
521 + }
522 +
476 523 /* Hardware/Software capabilities */
477 524 if (capphdr != NULL &&
478 525 (capsize = capphdr->p_filesz) > 0 &&
479 526 capsize <= 16 * sizeof (*cap)) {
480 527 int ncaps = capsize / sizeof (*cap);
481 528 Cap *cp;
482 529
483 530 cap = kmem_alloc(capsize, KM_SLEEP);
484 531 if ((error = vn_rdwr(UIO_READ, vp, (caddr_t)cap,
485 532 capsize, (offset_t)capphdr->p_offset,
486 533 UIO_SYSSPACE, 0, (rlim64_t)0, CRED(), &resid)) != 0) {
487 534 uprintf("%s: Cannot read capabilities section\n",
488 535 exec_file);
489 536 goto out;
490 537 }
491 538 for (cp = cap; cp < cap + ncaps; cp++) {
492 539 if (cp->c_tag == CA_SUNW_SF_1 &&
493 540 (cp->c_un.c_val & SF1_SUNW_ADDR32)) {
494 541 if (args->to_model == DATAMODEL_LP64)
495 542 args->addr32 = 1;
496 543 break;
497 544 }
498 545 }
499 546 }
500 547
501 548 aux = bigwad->elfargs;
502 549 /*
503 550 * Move args to the user's stack.
504 551 * This can fill in the AT_SUN_PLATFORM and AT_SUN_EXECNAME aux entries.
505 552 */
506 553 if ((error = exec_args(uap, args, idatap, (void **)&aux)) != 0) {
507 554 if (error == -1) {
508 555 error = ENOEXEC;
509 556 goto bad;
510 557 }
511 558 goto out;
512 559 }
513 560 /* we're single threaded after this point */
514 561
515 562 /*
|
↓ open down ↓ |
30 lines elided |
↑ open up ↑ |
516 563 * If this is an ET_DYN executable (shared object),
517 564 * determine its memory size so that mapelfexec() can load it.
518 565 */
519 566 if (ehdrp->e_type == ET_DYN)
520 567 len = elfsize(ehdrp, nphdrs, phdrbase, NULL);
521 568 else
522 569 len = 0;
523 570
524 571 dtrphdr = NULL;
525 572
526 - if ((error = mapelfexec(vp, ehdrp, nphdrs, phdrbase, &uphdr, &dyphdr,
573 + if ((error = mapelfexec(vp, ehdrp, nphdrs, phdrbase, &uphdr, &intphdr,
527 574 &stphdr, &dtrphdr, dataphdrp, &bssbase, &brkbase, &voffset, NULL,
528 575 len, execsz, &brksize)) != 0)
529 576 goto bad;
530 577
531 - if (uphdr != NULL && dyphdr == NULL)
578 + if (uphdr != NULL && intphdr == NULL)
532 579 goto bad;
533 580
534 581 if (dtrphdr != NULL && dtrace_safe_phdr(dtrphdr, args, voffset) != 0) {
535 582 uprintf("%s: Bad DTrace phdr in %s\n", exec_file, exec_file);
536 583 goto bad;
537 584 }
538 585
539 - if (dyphdr != NULL) {
586 + if (intphdr != NULL) {
540 587 size_t len;
541 588 uintptr_t lddata;
542 589 char *p;
543 590 struct vnode *nvp;
544 591
545 - dlnsize = dyphdr->p_filesz;
592 + dlnsize = intphdr->p_filesz;
546 593
547 594 if (dlnsize > MAXPATHLEN || dlnsize <= 0)
548 595 goto bad;
549 596
550 597 /*
551 598 * Read in "interpreter" pathname.
552 599 */
553 - if ((error = vn_rdwr(UIO_READ, vp, dlnp, dyphdr->p_filesz,
554 - (offset_t)dyphdr->p_offset, UIO_SYSSPACE, 0, (rlim64_t)0,
600 + if ((error = vn_rdwr(UIO_READ, vp, dlnp, intphdr->p_filesz,
601 + (offset_t)intphdr->p_offset, UIO_SYSSPACE, 0, (rlim64_t)0,
555 602 CRED(), &resid)) != 0) {
556 603 uprintf("%s: Cannot obtain interpreter pathname\n",
557 604 exec_file);
558 605 goto bad;
559 606 }
560 607
561 608 if (resid != 0 || dlnp[dlnsize - 1] != '\0')
562 609 goto bad;
563 610
564 611 /*
565 612 * Search for '$ORIGIN' token in interpreter path.
566 613 * If found, expand it.
567 614 */
568 615 for (p = dlnp; p = strchr(p, '$'); ) {
569 616 uint_t len, curlen;
570 617 char *_ptr;
571 618
572 619 if (strncmp(++p, ORIGIN_STR, ORIGIN_STR_SIZE))
573 620 continue;
574 621
575 622 curlen = 0;
576 623 len = p - dlnp - 1;
577 624 if (len) {
578 625 bcopy(dlnp, pathbufp, len);
579 626 curlen += len;
580 627 }
581 628 if (_ptr = strrchr(args->pathname, '/')) {
582 629 len = _ptr - args->pathname;
583 630 if ((curlen + len) > MAXPATHLEN)
584 631 break;
585 632
586 633 bcopy(args->pathname, &pathbufp[curlen], len);
587 634 curlen += len;
588 635 } else {
589 636 /*
590 637 * executable is a basename found in the
591 638 * current directory. So - just substitue
592 639 * '.' for ORIGIN.
593 640 */
594 641 pathbufp[curlen] = '.';
595 642 curlen++;
596 643 }
597 644 p += ORIGIN_STR_SIZE;
598 645 len = strlen(p);
599 646
600 647 if ((curlen + len) > MAXPATHLEN)
601 648 break;
602 649 bcopy(p, &pathbufp[curlen], len);
603 650 curlen += len;
604 651 pathbufp[curlen++] = '\0';
605 652 bcopy(pathbufp, dlnp, curlen);
606 653 }
607 654
608 655 /*
609 656 * /usr/lib/ld.so.1 is known to be a symlink to /lib/ld.so.1
610 657 * (and /usr/lib/64/ld.so.1 is a symlink to /lib/64/ld.so.1).
611 658 * Just in case /usr is not mounted, change it now.
612 659 */
613 660 if (strcmp(dlnp, USR_LIB_RTLD) == 0)
614 661 dlnp += 4;
615 662 error = lookupname(dlnp, UIO_SYSSPACE, FOLLOW, NULLVPP, &nvp);
616 663 if (error && dlnp != bigwad->dl_name) {
617 664 /* new kernel, old user-level */
618 665 error = lookupname(dlnp -= 4, UIO_SYSSPACE, FOLLOW,
619 666 NULLVPP, &nvp);
620 667 }
621 668 if (error) {
622 669 uprintf("%s: Cannot find %s\n", exec_file, dlnp);
623 670 goto bad;
624 671 }
625 672
626 673 /*
627 674 * Setup the "aux" vector.
628 675 */
629 676 if (uphdr) {
630 677 if (ehdrp->e_type == ET_DYN) {
631 678 /* don't use the first page */
632 679 bigwad->exenv.ex_brkbase = (caddr_t)PAGESIZE;
633 680 bigwad->exenv.ex_bssbase = (caddr_t)PAGESIZE;
634 681 } else {
635 682 bigwad->exenv.ex_bssbase = bssbase;
636 683 bigwad->exenv.ex_brkbase = brkbase;
637 684 }
638 685 bigwad->exenv.ex_brksize = brksize;
639 686 bigwad->exenv.ex_magic = elfmagic;
640 687 bigwad->exenv.ex_vp = vp;
641 688 setexecenv(&bigwad->exenv);
642 689
643 690 ADDAUX(aux, AT_PHDR, uphdr->p_vaddr + voffset)
644 691 ADDAUX(aux, AT_PHENT, ehdrp->e_phentsize)
645 692 ADDAUX(aux, AT_PHNUM, nphdrs)
646 693 ADDAUX(aux, AT_ENTRY, ehdrp->e_entry + voffset)
647 694 } else {
648 695 if ((error = execopen(&vp, &fd)) != 0) {
649 696 VN_RELE(nvp);
650 697 goto bad;
651 698 }
652 699
653 700 ADDAUX(aux, AT_EXECFD, fd)
654 701 }
655 702
656 703 if ((error = execpermissions(nvp, &bigwad->vattr, args)) != 0) {
657 704 VN_RELE(nvp);
658 705 uprintf("%s: Cannot execute %s\n", exec_file, dlnp);
659 706 goto bad;
660 707 }
661 708
662 709 /*
663 710 * Now obtain the ELF header along with the entire program
664 711 * header contained in "nvp".
665 712 */
666 713 kmem_free(phdrbase, phdrsize);
667 714 phdrbase = NULL;
668 715 if ((error = getelfhead(nvp, CRED(), ehdrp, &nshdrs,
669 716 &shstrndx, &nphdrs)) != 0 ||
670 717 (error = getelfphdr(nvp, CRED(), ehdrp, nphdrs, &phdrbase,
671 718 &phdrsize)) != 0) {
672 719 VN_RELE(nvp);
673 720 uprintf("%s: Cannot read %s\n", exec_file, dlnp);
674 721 goto bad;
675 722 }
676 723
677 724 /*
678 725 * Determine memory size of the "interpreter's" loadable
679 726 * sections. This size is then used to obtain the virtual
680 727 * address of a hole, in the user's address space, large
681 728 * enough to map the "interpreter".
682 729 */
683 730 if ((len = elfsize(ehdrp, nphdrs, phdrbase, &lddata)) == 0) {
684 731 VN_RELE(nvp);
685 732 uprintf("%s: Nothing to load in %s\n", exec_file, dlnp);
686 733 goto bad;
687 734 }
688 735
689 736 dtrphdr = NULL;
690 737
691 738 error = mapelfexec(nvp, ehdrp, nphdrs, phdrbase, &junk, &junk,
692 739 &junk, &dtrphdr, NULL, NULL, NULL, &voffset, NULL, len,
693 740 execsz, NULL);
694 741 if (error || junk != NULL) {
695 742 VN_RELE(nvp);
696 743 uprintf("%s: Cannot map %s\n", exec_file, dlnp);
697 744 goto bad;
698 745 }
699 746
700 747 /*
701 748 * We use the DTrace program header to initialize the
702 749 * architecture-specific user per-LWP location. The dtrace
703 750 * fasttrap provider requires ready access to per-LWP scratch
704 751 * space. We assume that there is only one such program header
705 752 * in the interpreter.
706 753 */
707 754 if (dtrphdr != NULL &&
708 755 dtrace_safe_phdr(dtrphdr, args, voffset) != 0) {
709 756 VN_RELE(nvp);
710 757 uprintf("%s: Bad DTrace phdr in %s\n", exec_file, dlnp);
711 758 goto bad;
712 759 }
713 760
714 761 VN_RELE(nvp);
715 762 ADDAUX(aux, AT_SUN_LDDATA, voffset + lddata)
716 763 }
717 764
718 765 if (hasauxv) {
719 766 int auxf = AF_SUN_HWCAPVERIFY;
720 767 /*
721 768 * Note: AT_SUN_PLATFORM and AT_SUN_EXECNAME were filled in via
722 769 * exec_args()
723 770 */
724 771 ADDAUX(aux, AT_BASE, voffset)
725 772 ADDAUX(aux, AT_FLAGS, at_flags)
726 773 ADDAUX(aux, AT_PAGESZ, PAGESIZE)
727 774 /*
728 775 * Linker flags. (security)
729 776 * p_flag not yet set at this time.
730 777 * We rely on gexec() to provide us with the information.
731 778 * If the application is set-uid but this is not reflected
732 779 * in a mismatch between real/effective uids/gids, then
733 780 * don't treat this as a set-uid exec. So we care about
734 781 * the EXECSETID_UGIDS flag but not the ...SETID flag.
735 782 */
736 783 if ((setid &= ~EXECSETID_SETID) != 0)
737 784 auxf |= AF_SUN_SETUGID;
738 785
739 786 /*
740 787 * If we're running a native process from within a branded
741 788 * zone under pfexec then we clear the AF_SUN_SETUGID flag so
742 789 * that the native ld.so.1 is able to link with the native
743 790 * libraries instead of using the brand libraries that are
744 791 * installed in the zone. We only do this for processes
745 792 * which we trust because we see they are already running
746 793 * under pfexec (where uid != euid). This prevents a
747 794 * malicious user within the zone from crafting a wrapper to
748 795 * run native suid commands with unsecure libraries interposed.
749 796 */
750 797 if ((brand_action == EBA_NATIVE) && (PROC_IS_BRANDED(p) &&
751 798 (setid &= ~EXECSETID_SETID) != 0))
752 799 auxf &= ~AF_SUN_SETUGID;
|
↓ open down ↓ |
188 lines elided |
↑ open up ↑ |
753 800
754 801 /*
755 802 * Record the user addr of the auxflags aux vector entry
756 803 * since brands may optionally want to manipulate this field.
757 804 */
758 805 args->auxp_auxflags =
759 806 (char *)((char *)args->stackend +
760 807 ((char *)&aux->a_type -
761 808 (char *)bigwad->elfargs));
762 809 ADDAUX(aux, AT_SUN_AUXFLAGS, auxf);
810 +
811 + /*
812 + * Put the effective security-flags into the aux vector, for
813 + * the sake of flags that need partial (or complete)
814 + * implementation in userland.
815 + */
816 + ADDAUX(aux, AT_SUN_SECFLAGS, p->p_secflags.psf_effective);
763 817 /*
764 818 * Hardware capability flag word (performance hints)
765 819 * Used for choosing faster library routines.
766 820 * (Potentially different between 32-bit and 64-bit ABIs)
767 821 */
768 822 #if defined(_LP64)
769 823 if (args->to_model == DATAMODEL_NATIVE) {
770 824 ADDAUX(aux, AT_SUN_HWCAP, auxv_hwcap)
771 825 ADDAUX(aux, AT_SUN_HWCAP2, auxv_hwcap_2)
772 826 } else {
773 827 ADDAUX(aux, AT_SUN_HWCAP, auxv_hwcap32)
774 828 ADDAUX(aux, AT_SUN_HWCAP2, auxv_hwcap32_2)
775 829 }
776 830 #else
777 831 ADDAUX(aux, AT_SUN_HWCAP, auxv_hwcap)
778 832 ADDAUX(aux, AT_SUN_HWCAP2, auxv_hwcap_2)
779 833 #endif
780 834 if (branded) {
781 835 /*
782 836 * Reserve space for the brand-private aux vectors,
783 837 * and record the user addr of that space.
784 838 */
785 839 args->auxp_brand =
786 840 (char *)((char *)args->stackend +
787 841 ((char *)&aux->a_type -
788 842 (char *)bigwad->elfargs));
789 843 ADDAUX(aux, AT_SUN_BRAND_AUX1, 0)
790 844 ADDAUX(aux, AT_SUN_BRAND_AUX2, 0)
791 845 ADDAUX(aux, AT_SUN_BRAND_AUX3, 0)
792 846 }
793 847
794 848 ADDAUX(aux, AT_NULL, 0)
795 849 postfixsize = (char *)aux - (char *)bigwad->elfargs;
796 850
797 851 /*
798 852 * We make assumptions above when we determine how many aux
799 853 * vector entries we will be adding. However, if we have an
800 854 * invalid elf file, it is possible that mapelfexec might
801 855 * behave differently (but not return an error), in which case
802 856 * the number of aux entries we actually add will be different.
803 857 * We detect that now and error out.
804 858 */
805 859 if (postfixsize != args->auxsize) {
806 860 DTRACE_PROBE2(elfexec_badaux, int, postfixsize,
807 861 int, args->auxsize);
808 862 goto bad;
809 863 }
810 864 ASSERT(postfixsize <= __KERN_NAUXV_IMPL * sizeof (aux_entry_t));
811 865 }
812 866
813 867 /*
814 868 * For the 64-bit kernel, the limit is big enough that rounding it up
815 869 * to a page can overflow the 64-bit limit, so we check for btopr()
816 870 * overflowing here by comparing it with the unrounded limit in pages.
817 871 * If it hasn't overflowed, compare the exec size with the rounded up
818 872 * limit in pages. Otherwise, just compare with the unrounded limit.
819 873 */
820 874 limit = btop(p->p_vmem_ctl);
821 875 roundlimit = btopr(p->p_vmem_ctl);
822 876 if ((roundlimit > limit && *execsz > roundlimit) ||
823 877 (roundlimit < limit && *execsz > limit)) {
824 878 mutex_enter(&p->p_lock);
825 879 (void) rctl_action(rctlproc_legacy[RLIMIT_VMEM], p->p_rctls, p,
826 880 RCA_SAFE);
827 881 mutex_exit(&p->p_lock);
828 882 error = ENOMEM;
829 883 goto bad;
830 884 }
831 885
832 886 bzero(up->u_auxv, sizeof (up->u_auxv));
833 887 if (postfixsize) {
834 888 int num_auxv;
835 889
836 890 /*
837 891 * Copy the aux vector to the user stack.
838 892 */
839 893 error = execpoststack(args, bigwad->elfargs, postfixsize);
840 894 if (error)
841 895 goto bad;
842 896
843 897 /*
844 898 * Copy auxv to the process's user structure for use by /proc.
845 899 * If this is a branded process, the brand's exec routine will
846 900 * copy it's private entries to the user structure later. It
847 901 * relies on the fact that the blank entries are at the end.
848 902 */
849 903 num_auxv = postfixsize / sizeof (aux_entry_t);
850 904 ASSERT(num_auxv <= sizeof (up->u_auxv) / sizeof (auxv_t));
851 905 aux = bigwad->elfargs;
852 906 for (i = 0; i < num_auxv; i++) {
853 907 up->u_auxv[i].a_type = aux[i].a_type;
854 908 up->u_auxv[i].a_un.a_val = (aux_val_t)aux[i].a_un.a_val;
855 909 }
856 910 }
857 911
858 912 /*
859 913 * Pass back the starting address so we can set the program counter.
860 914 */
861 915 args->entry = (uintptr_t)(ehdrp->e_entry + voffset);
862 916
863 917 if (!uphdr) {
864 918 if (ehdrp->e_type == ET_DYN) {
865 919 /*
866 920 * If we are executing a shared library which doesn't
867 921 * have a interpreter (probably ld.so.1) then
868 922 * we don't set the brkbase now. Instead we
869 923 * delay it's setting until the first call
870 924 * via grow.c::brk(). This permits ld.so.1 to
871 925 * initialize brkbase to the tail of the executable it
872 926 * loads (which is where it needs to be).
873 927 */
874 928 bigwad->exenv.ex_brkbase = (caddr_t)0;
875 929 bigwad->exenv.ex_bssbase = (caddr_t)0;
876 930 bigwad->exenv.ex_brksize = 0;
877 931 } else {
878 932 bigwad->exenv.ex_brkbase = brkbase;
879 933 bigwad->exenv.ex_bssbase = bssbase;
880 934 bigwad->exenv.ex_brksize = brksize;
881 935 }
882 936 bigwad->exenv.ex_magic = elfmagic;
883 937 bigwad->exenv.ex_vp = vp;
884 938 setexecenv(&bigwad->exenv);
885 939 }
886 940
887 941 ASSERT(error == 0);
888 942 goto out;
889 943
890 944 bad:
891 945 if (fd != -1) /* did we open the a.out yet */
892 946 (void) execclose(fd);
|
↓ open down ↓ |
120 lines elided |
↑ open up ↑ |
893 947
894 948 psignal(p, SIGKILL);
895 949
896 950 if (error == 0)
897 951 error = ENOEXEC;
898 952 out:
899 953 if (phdrbase != NULL)
900 954 kmem_free(phdrbase, phdrsize);
901 955 if (cap != NULL)
902 956 kmem_free(cap, capsize);
957 + if (dyn != NULL)
958 + kmem_free(dyn, dynsize);
903 959 kmem_free(bigwad, sizeof (struct bigwad));
904 960 return (error);
905 961 }
906 962
907 963 /*
908 964 * Compute the memory size requirement for the ELF file.
909 965 */
910 966 static size_t
911 967 elfsize(Ehdr *ehdrp, int nphdrs, caddr_t phdrbase, uintptr_t *lddata)
912 968 {
913 969 size_t len;
914 970 Phdr *phdrp = (Phdr *)phdrbase;
915 971 int hsize = ehdrp->e_phentsize;
916 972 int first = 1;
917 973 int dfirst = 1; /* first data segment */
918 974 uintptr_t loaddr = 0;
919 975 uintptr_t hiaddr = 0;
920 976 uintptr_t lo, hi;
921 977 int i;
922 978
923 979 for (i = nphdrs; i > 0; i--) {
924 980 if (phdrp->p_type == PT_LOAD) {
925 981 lo = phdrp->p_vaddr;
926 982 hi = lo + phdrp->p_memsz;
927 983 if (first) {
928 984 loaddr = lo;
929 985 hiaddr = hi;
930 986 first = 0;
931 987 } else {
932 988 if (loaddr > lo)
933 989 loaddr = lo;
934 990 if (hiaddr < hi)
935 991 hiaddr = hi;
936 992 }
937 993
938 994 /*
939 995 * save the address of the first data segment
940 996 * of a object - used for the AT_SUNW_LDDATA
941 997 * aux entry.
942 998 */
943 999 if ((lddata != NULL) && dfirst &&
944 1000 (phdrp->p_flags & PF_W)) {
945 1001 *lddata = lo;
946 1002 dfirst = 0;
947 1003 }
948 1004 }
949 1005 phdrp = (Phdr *)((caddr_t)phdrp + hsize);
950 1006 }
951 1007
952 1008 len = hiaddr - (loaddr & PAGEMASK);
953 1009 len = roundup(len, PAGESIZE);
954 1010
955 1011 return (len);
956 1012 }
957 1013
958 1014 /*
959 1015 * Read in the ELF header and program header table.
960 1016 * SUSV3 requires:
961 1017 * ENOEXEC File format is not recognized
962 1018 * EINVAL Format recognized but execution not supported
963 1019 */
964 1020 static int
965 1021 getelfhead(vnode_t *vp, cred_t *credp, Ehdr *ehdr, int *nshdrs, int *shstrndx,
966 1022 int *nphdrs)
967 1023 {
968 1024 int error;
969 1025 ssize_t resid;
970 1026
971 1027 /*
972 1028 * We got here by the first two bytes in ident,
973 1029 * now read the entire ELF header.
974 1030 */
975 1031 if ((error = vn_rdwr(UIO_READ, vp, (caddr_t)ehdr,
976 1032 sizeof (Ehdr), (offset_t)0, UIO_SYSSPACE, 0,
977 1033 (rlim64_t)0, credp, &resid)) != 0)
978 1034 return (error);
979 1035
980 1036 /*
981 1037 * Since a separate version is compiled for handling 32-bit and
982 1038 * 64-bit ELF executables on a 64-bit kernel, the 64-bit version
983 1039 * doesn't need to be able to deal with 32-bit ELF files.
984 1040 */
985 1041 if (resid != 0 ||
986 1042 ehdr->e_ident[EI_MAG2] != ELFMAG2 ||
987 1043 ehdr->e_ident[EI_MAG3] != ELFMAG3)
988 1044 return (ENOEXEC);
989 1045
990 1046 if ((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) ||
991 1047 #if defined(_ILP32) || defined(_ELF32_COMPAT)
992 1048 ehdr->e_ident[EI_CLASS] != ELFCLASS32 ||
993 1049 #else
994 1050 ehdr->e_ident[EI_CLASS] != ELFCLASS64 ||
995 1051 #endif
996 1052 !elfheadcheck(ehdr->e_ident[EI_DATA], ehdr->e_machine,
997 1053 ehdr->e_flags))
998 1054 return (EINVAL);
999 1055
1000 1056 *nshdrs = ehdr->e_shnum;
1001 1057 *shstrndx = ehdr->e_shstrndx;
1002 1058 *nphdrs = ehdr->e_phnum;
1003 1059
1004 1060 /*
1005 1061 * If e_shnum, e_shstrndx, or e_phnum is its sentinel value, we need
1006 1062 * to read in the section header at index zero to acces the true
1007 1063 * values for those fields.
1008 1064 */
1009 1065 if ((*nshdrs == 0 && ehdr->e_shoff != 0) ||
1010 1066 *shstrndx == SHN_XINDEX || *nphdrs == PN_XNUM) {
1011 1067 Shdr shdr;
1012 1068
1013 1069 if (ehdr->e_shoff == 0)
1014 1070 return (EINVAL);
1015 1071
1016 1072 if ((error = vn_rdwr(UIO_READ, vp, (caddr_t)&shdr,
1017 1073 sizeof (shdr), (offset_t)ehdr->e_shoff, UIO_SYSSPACE, 0,
1018 1074 (rlim64_t)0, credp, &resid)) != 0)
1019 1075 return (error);
1020 1076
1021 1077 if (*nshdrs == 0)
1022 1078 *nshdrs = shdr.sh_size;
1023 1079 if (*shstrndx == SHN_XINDEX)
1024 1080 *shstrndx = shdr.sh_link;
1025 1081 if (*nphdrs == PN_XNUM && shdr.sh_info != 0)
1026 1082 *nphdrs = shdr.sh_info;
1027 1083 }
1028 1084
1029 1085 return (0);
1030 1086 }
1031 1087
1032 1088 #ifdef _ELF32_COMPAT
1033 1089 extern size_t elf_nphdr_max;
1034 1090 #else
1035 1091 size_t elf_nphdr_max = 1000;
1036 1092 #endif
1037 1093
1038 1094 static int
1039 1095 getelfphdr(vnode_t *vp, cred_t *credp, const Ehdr *ehdr, int nphdrs,
1040 1096 caddr_t *phbasep, ssize_t *phsizep)
1041 1097 {
1042 1098 ssize_t resid, minsize;
1043 1099 int err;
1044 1100
1045 1101 /*
1046 1102 * Since we're going to be using e_phentsize to iterate down the
1047 1103 * array of program headers, it must be 8-byte aligned or else
1048 1104 * a we might cause a misaligned access. We use all members through
1049 1105 * p_flags on 32-bit ELF files and p_memsz on 64-bit ELF files so
1050 1106 * e_phentsize must be at least large enough to include those
1051 1107 * members.
1052 1108 */
1053 1109 #if !defined(_LP64) || defined(_ELF32_COMPAT)
1054 1110 minsize = offsetof(Phdr, p_flags) + sizeof (((Phdr *)NULL)->p_flags);
1055 1111 #else
1056 1112 minsize = offsetof(Phdr, p_memsz) + sizeof (((Phdr *)NULL)->p_memsz);
1057 1113 #endif
1058 1114 if (ehdr->e_phentsize < minsize || (ehdr->e_phentsize & 3))
1059 1115 return (EINVAL);
1060 1116
1061 1117 *phsizep = nphdrs * ehdr->e_phentsize;
1062 1118
1063 1119 if (*phsizep > sizeof (Phdr) * elf_nphdr_max) {
1064 1120 if ((*phbasep = kmem_alloc(*phsizep, KM_NOSLEEP)) == NULL)
1065 1121 return (ENOMEM);
1066 1122 } else {
1067 1123 *phbasep = kmem_alloc(*phsizep, KM_SLEEP);
1068 1124 }
1069 1125
1070 1126 if ((err = vn_rdwr(UIO_READ, vp, *phbasep, *phsizep,
1071 1127 (offset_t)ehdr->e_phoff, UIO_SYSSPACE, 0, (rlim64_t)0,
1072 1128 credp, &resid)) != 0) {
1073 1129 kmem_free(*phbasep, *phsizep);
1074 1130 *phbasep = NULL;
1075 1131 return (err);
1076 1132 }
1077 1133
1078 1134 return (0);
1079 1135 }
1080 1136
1081 1137 #ifdef _ELF32_COMPAT
1082 1138 extern size_t elf_nshdr_max;
1083 1139 extern size_t elf_shstrtab_max;
1084 1140 #else
1085 1141 size_t elf_nshdr_max = 10000;
1086 1142 size_t elf_shstrtab_max = 100 * 1024;
1087 1143 #endif
1088 1144
1089 1145
1090 1146 static int
1091 1147 getelfshdr(vnode_t *vp, cred_t *credp, const Ehdr *ehdr,
1092 1148 int nshdrs, int shstrndx, caddr_t *shbasep, ssize_t *shsizep,
1093 1149 char **shstrbasep, ssize_t *shstrsizep)
1094 1150 {
1095 1151 ssize_t resid, minsize;
1096 1152 int err;
1097 1153 Shdr *shdr;
1098 1154
1099 1155 /*
1100 1156 * Since we're going to be using e_shentsize to iterate down the
1101 1157 * array of section headers, it must be 8-byte aligned or else
1102 1158 * a we might cause a misaligned access. We use all members through
1103 1159 * sh_entsize (on both 32- and 64-bit ELF files) so e_shentsize
1104 1160 * must be at least large enough to include that member. The index
1105 1161 * of the string table section must also be valid.
1106 1162 */
1107 1163 minsize = offsetof(Shdr, sh_entsize) + sizeof (shdr->sh_entsize);
1108 1164 if (ehdr->e_shentsize < minsize || (ehdr->e_shentsize & 3) ||
1109 1165 shstrndx >= nshdrs)
1110 1166 return (EINVAL);
1111 1167
1112 1168 *shsizep = nshdrs * ehdr->e_shentsize;
1113 1169
1114 1170 if (*shsizep > sizeof (Shdr) * elf_nshdr_max) {
1115 1171 if ((*shbasep = kmem_alloc(*shsizep, KM_NOSLEEP)) == NULL)
1116 1172 return (ENOMEM);
1117 1173 } else {
1118 1174 *shbasep = kmem_alloc(*shsizep, KM_SLEEP);
1119 1175 }
1120 1176
1121 1177 if ((err = vn_rdwr(UIO_READ, vp, *shbasep, *shsizep,
1122 1178 (offset_t)ehdr->e_shoff, UIO_SYSSPACE, 0, (rlim64_t)0,
1123 1179 credp, &resid)) != 0) {
1124 1180 kmem_free(*shbasep, *shsizep);
1125 1181 return (err);
1126 1182 }
1127 1183
1128 1184 /*
1129 1185 * Pull the section string table out of the vnode; fail if the size
1130 1186 * is zero.
1131 1187 */
1132 1188 shdr = (Shdr *)(*shbasep + shstrndx * ehdr->e_shentsize);
1133 1189 if ((*shstrsizep = shdr->sh_size) == 0) {
1134 1190 kmem_free(*shbasep, *shsizep);
1135 1191 return (EINVAL);
1136 1192 }
1137 1193
1138 1194 if (*shstrsizep > elf_shstrtab_max) {
1139 1195 if ((*shstrbasep = kmem_alloc(*shstrsizep,
1140 1196 KM_NOSLEEP)) == NULL) {
1141 1197 kmem_free(*shbasep, *shsizep);
1142 1198 return (ENOMEM);
1143 1199 }
1144 1200 } else {
1145 1201 *shstrbasep = kmem_alloc(*shstrsizep, KM_SLEEP);
1146 1202 }
1147 1203
1148 1204 if ((err = vn_rdwr(UIO_READ, vp, *shstrbasep, *shstrsizep,
1149 1205 (offset_t)shdr->sh_offset, UIO_SYSSPACE, 0, (rlim64_t)0,
1150 1206 credp, &resid)) != 0) {
1151 1207 kmem_free(*shbasep, *shsizep);
1152 1208 kmem_free(*shstrbasep, *shstrsizep);
1153 1209 return (err);
1154 1210 }
1155 1211
1156 1212 /*
1157 1213 * Make sure the strtab is null-terminated to make sure we
1158 1214 * don't run off the end of the table.
1159 1215 */
1160 1216 (*shstrbasep)[*shstrsizep - 1] = '\0';
1161 1217
|
↓ open down ↓ |
249 lines elided |
↑ open up ↑ |
1162 1218 return (0);
1163 1219 }
1164 1220
1165 1221 static int
1166 1222 mapelfexec(
1167 1223 vnode_t *vp,
1168 1224 Ehdr *ehdr,
1169 1225 int nphdrs,
1170 1226 caddr_t phdrbase,
1171 1227 Phdr **uphdr,
1172 - Phdr **dyphdr,
1228 + Phdr **intphdr,
1173 1229 Phdr **stphdr,
1174 1230 Phdr **dtphdr,
1175 1231 Phdr *dataphdrp,
1176 1232 caddr_t *bssbase,
1177 1233 caddr_t *brkbase,
1178 1234 intptr_t *voffset,
1179 1235 intptr_t *minaddr,
1180 1236 size_t len,
1181 1237 long *execsz,
1182 1238 size_t *brksize)
1183 1239 {
1184 1240 Phdr *phdr;
1185 1241 int i, prot, error;
|
↓ open down ↓ |
3 lines elided |
↑ open up ↑ |
1186 1242 caddr_t addr = NULL;
1187 1243 size_t zfodsz;
1188 1244 int ptload = 0;
1189 1245 int page;
1190 1246 off_t offset;
1191 1247 int hsize = ehdr->e_phentsize;
1192 1248 caddr_t mintmp = (caddr_t)-1;
1193 1249 extern int use_brk_lpg;
1194 1250
1195 1251 if (ehdr->e_type == ET_DYN) {
1252 + uint_t flags = 0;
1196 1253 /*
1197 1254 * Obtain the virtual address of a hole in the
1198 1255 * address space to map the "interpreter".
1199 1256 */
1200 - map_addr(&addr, len, (offset_t)0, 1, 0);
1257 + if (secflag_enabled(curproc, PROC_SEC_ASLR))
1258 + flags |= _MAP_RANDOMIZE;
1259 +
1260 + map_addr(&addr, len, (offset_t)0, 1, flags);
1201 1261 if (addr == NULL)
1202 1262 return (ENOMEM);
1203 1263 *voffset = (intptr_t)addr;
1204 1264
1205 1265 /*
1206 1266 * Calculate the minimum vaddr so it can be subtracted out.
1207 1267 * According to the ELF specification, since PT_LOAD sections
1208 1268 * must be sorted by increasing p_vaddr values, this is
1209 1269 * guaranteed to be the first PT_LOAD section.
1210 1270 */
1211 1271 phdr = (Phdr *)phdrbase;
1212 1272 for (i = nphdrs; i > 0; i--) {
1213 1273 if (phdr->p_type == PT_LOAD) {
1214 1274 *voffset -= (uintptr_t)phdr->p_vaddr;
1215 1275 break;
1216 1276 }
|
↓ open down ↓ |
6 lines elided |
↑ open up ↑ |
1217 1277 phdr = (Phdr *)((caddr_t)phdr + hsize);
1218 1278 }
1219 1279
1220 1280 } else {
1221 1281 *voffset = 0;
1222 1282 }
1223 1283 phdr = (Phdr *)phdrbase;
1224 1284 for (i = nphdrs; i > 0; i--) {
1225 1285 switch (phdr->p_type) {
1226 1286 case PT_LOAD:
1227 - if ((*dyphdr != NULL) && (*uphdr == NULL))
1287 + if ((*intphdr != NULL) && (*uphdr == NULL))
1228 1288 return (0);
1229 1289
1230 1290 ptload = 1;
1231 1291 prot = PROT_USER;
1232 1292 if (phdr->p_flags & PF_R)
1233 1293 prot |= PROT_READ;
1234 1294 if (phdr->p_flags & PF_W)
1235 1295 prot |= PROT_WRITE;
1236 1296 if (phdr->p_flags & PF_X)
1237 1297 prot |= PROT_EXEC;
1238 1298
1239 1299 addr = (caddr_t)((uintptr_t)phdr->p_vaddr + *voffset);
1240 1300
1241 1301 /*
1242 1302 * Keep track of the segment with the lowest starting
1243 1303 * address.
1244 1304 */
1245 1305 if (addr < mintmp)
1246 1306 mintmp = addr;
1247 1307
1248 1308 zfodsz = (size_t)phdr->p_memsz - phdr->p_filesz;
1249 1309
1250 1310 offset = phdr->p_offset;
1251 1311 if (((uintptr_t)offset & PAGEOFFSET) ==
1252 1312 ((uintptr_t)addr & PAGEOFFSET) &&
1253 1313 (!(vp->v_flag & VNOMAP))) {
1254 1314 page = 1;
1255 1315 } else {
1256 1316 page = 0;
1257 1317 }
1258 1318
1259 1319 /*
1260 1320 * Set the heap pagesize for OOB when the bss size
1261 1321 * is known and use_brk_lpg is not 0.
1262 1322 */
1263 1323 if (brksize != NULL && use_brk_lpg &&
1264 1324 zfodsz != 0 && phdr == dataphdrp &&
1265 1325 (prot & PROT_WRITE)) {
1266 1326 size_t tlen = P2NPHASE((uintptr_t)addr +
1267 1327 phdr->p_filesz, PAGESIZE);
1268 1328
1269 1329 if (zfodsz > tlen) {
1270 1330 curproc->p_brkpageszc =
1271 1331 page_szc(map_pgsz(MAPPGSZ_HEAP,
|
↓ open down ↓ |
34 lines elided |
↑ open up ↑ |
1272 1332 curproc, addr + phdr->p_filesz +
1273 1333 tlen, zfodsz - tlen, 0));
1274 1334 }
1275 1335 }
1276 1336
1277 1337 if (curproc->p_brkpageszc != 0 && phdr == dataphdrp &&
1278 1338 (prot & PROT_WRITE)) {
1279 1339 uint_t szc = curproc->p_brkpageszc;
1280 1340 size_t pgsz = page_get_pagesize(szc);
1281 1341 caddr_t ebss = addr + phdr->p_memsz;
1342 + /*
1343 + * If we need extra space to keep the BSS an
1344 + * integral number of pages in size, some of
1345 + * that space may fall beyond p_brkbase, so we
1346 + * need to set p_brksize to account for it
1347 + * being (logically) part of the brk.
1348 + */
1282 1349 size_t extra_zfodsz;
1283 1350
1284 1351 ASSERT(pgsz > PAGESIZE);
1285 1352
1286 1353 extra_zfodsz = P2NPHASE((uintptr_t)ebss, pgsz);
1287 1354
1288 1355 if (error = execmap(vp, addr, phdr->p_filesz,
1289 1356 zfodsz + extra_zfodsz, phdr->p_offset,
1290 1357 prot, page, szc))
1291 1358 goto bad;
1292 1359 if (brksize != NULL)
1293 1360 *brksize = extra_zfodsz;
1294 1361 } else {
1295 1362 if (error = execmap(vp, addr, phdr->p_filesz,
1296 1363 zfodsz, phdr->p_offset, prot, page, 0))
1297 1364 goto bad;
1298 1365 }
1299 1366
1300 1367 if (bssbase != NULL && addr >= *bssbase &&
1301 1368 phdr == dataphdrp) {
1302 1369 *bssbase = addr + phdr->p_filesz;
1303 1370 }
|
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
1304 1371 if (brkbase != NULL && addr >= *brkbase) {
1305 1372 *brkbase = addr + phdr->p_memsz;
1306 1373 }
1307 1374
1308 1375 *execsz += btopr(phdr->p_memsz);
1309 1376 break;
1310 1377
1311 1378 case PT_INTERP:
1312 1379 if (ptload)
1313 1380 goto bad;
1314 - *dyphdr = phdr;
1381 + *intphdr = phdr;
1315 1382 break;
1316 1383
1317 1384 case PT_SHLIB:
1318 1385 *stphdr = phdr;
1319 1386 break;
1320 1387
1321 1388 case PT_PHDR:
1322 1389 if (ptload)
1323 1390 goto bad;
1324 1391 *uphdr = phdr;
1325 1392 break;
1326 1393
1327 1394 case PT_NULL:
1328 1395 case PT_DYNAMIC:
1329 1396 case PT_NOTE:
1330 1397 break;
1331 1398
1332 1399 case PT_SUNWDTRACE:
1333 1400 if (dtphdr != NULL)
1334 1401 *dtphdr = phdr;
1335 1402 break;
1336 1403
1337 1404 default:
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
1338 1405 break;
1339 1406 }
1340 1407 phdr = (Phdr *)((caddr_t)phdr + hsize);
1341 1408 }
1342 1409
1343 1410 if (minaddr != NULL) {
1344 1411 ASSERT(mintmp != (caddr_t)-1);
1345 1412 *minaddr = (intptr_t)mintmp;
1346 1413 }
1347 1414
1415 + if (brkbase != NULL && secflag_enabled(curproc, PROC_SEC_ASLR)) {
1416 + size_t off;
1417 + uintptr_t base = (uintptr_t)*brkbase;
1418 + uintptr_t oend = base + *brksize;
1419 +
1420 + ASSERT(ISP2(aslr_max_brk_skew));
1421 +
1422 + (void) random_get_pseudo_bytes((uint8_t *)&off, sizeof (off));
1423 + base += P2PHASE(off, aslr_max_brk_skew);
1424 + base = P2ROUNDUP(base, PAGESIZE);
1425 + *brkbase = (caddr_t)base;
1426 + /*
1427 + * Above, we set *brksize to account for the possibility we
1428 + * had to grow the 'brk' in padding out the BSS to a page
1429 + * boundary.
1430 + *
1431 + * We now need to adjust that based on where we now are
1432 + * actually putting the brk.
1433 + */
1434 + if (oend > base)
1435 + *brksize = oend - base;
1436 + else
1437 + *brksize = 0;
1438 + }
1439 +
1348 1440 return (0);
1349 1441 bad:
1350 1442 if (error == 0)
1351 1443 error = EINVAL;
1352 1444 return (error);
1353 1445 }
1354 1446
1355 1447 int
1356 1448 elfnote(vnode_t *vp, offset_t *offsetp, int type, int descsz, void *desc,
1357 1449 rlim64_t rlimit, cred_t *credp)
1358 1450 {
1359 1451 Note note;
1360 1452 int error;
1361 1453
1362 1454 bzero(¬e, sizeof (note));
1363 1455 bcopy("CORE", note.name, 4);
1364 1456 note.nhdr.n_type = type;
1365 1457 /*
1366 1458 * The System V ABI states that n_namesz must be the length of the
1367 1459 * string that follows the Nhdr structure including the terminating
1368 1460 * null. The ABI also specifies that sufficient padding should be
1369 1461 * included so that the description that follows the name string
1370 1462 * begins on a 4- or 8-byte boundary for 32- and 64-bit binaries
1371 1463 * respectively. However, since this change was not made correctly
1372 1464 * at the time of the 64-bit port, both 32- and 64-bit binaries
1373 1465 * descriptions are only guaranteed to begin on a 4-byte boundary.
1374 1466 */
1375 1467 note.nhdr.n_namesz = 5;
1376 1468 note.nhdr.n_descsz = roundup(descsz, sizeof (Word));
1377 1469
1378 1470 if (error = core_write(vp, UIO_SYSSPACE, *offsetp, ¬e,
1379 1471 sizeof (note), rlimit, credp))
1380 1472 return (error);
1381 1473
1382 1474 *offsetp += sizeof (note);
1383 1475
1384 1476 if (error = core_write(vp, UIO_SYSSPACE, *offsetp, desc,
1385 1477 note.nhdr.n_descsz, rlimit, credp))
1386 1478 return (error);
1387 1479
1388 1480 *offsetp += note.nhdr.n_descsz;
1389 1481 return (0);
1390 1482 }
1391 1483
1392 1484 /*
1393 1485 * Copy the section data from one vnode to the section of another vnode.
1394 1486 */
1395 1487 static void
1396 1488 copy_scn(Shdr *src, vnode_t *src_vp, Shdr *dst, vnode_t *dst_vp, Off *doffset,
1397 1489 void *buf, size_t size, cred_t *credp, rlim64_t rlimit)
1398 1490 {
1399 1491 ssize_t resid;
1400 1492 size_t len, n = src->sh_size;
1401 1493 offset_t off = 0;
1402 1494
1403 1495 while (n != 0) {
1404 1496 len = MIN(size, n);
1405 1497 if (vn_rdwr(UIO_READ, src_vp, buf, len, src->sh_offset + off,
1406 1498 UIO_SYSSPACE, 0, (rlim64_t)0, credp, &resid) != 0 ||
1407 1499 resid >= len ||
1408 1500 core_write(dst_vp, UIO_SYSSPACE, *doffset + off,
1409 1501 buf, len - resid, rlimit, credp) != 0) {
1410 1502 dst->sh_size = 0;
1411 1503 dst->sh_offset = 0;
1412 1504 return;
1413 1505 }
1414 1506
1415 1507 ASSERT(n >= len - resid);
1416 1508
1417 1509 n -= len - resid;
1418 1510 off += len - resid;
1419 1511 }
1420 1512
1421 1513 *doffset += src->sh_size;
1422 1514 }
1423 1515
1424 1516 #ifdef _ELF32_COMPAT
1425 1517 extern size_t elf_datasz_max;
1426 1518 #else
1427 1519 size_t elf_datasz_max = 1 * 1024 * 1024;
1428 1520 #endif
1429 1521
1430 1522 /*
1431 1523 * This function processes mappings that correspond to load objects to
1432 1524 * examine their respective sections for elfcore(). It's called once with
1433 1525 * v set to NULL to count the number of sections that we're going to need
1434 1526 * and then again with v set to some allocated buffer that we fill in with
1435 1527 * all the section data.
1436 1528 */
1437 1529 static int
1438 1530 process_scns(core_content_t content, proc_t *p, cred_t *credp, vnode_t *vp,
1439 1531 Shdr *v, int nv, rlim64_t rlimit, Off *doffsetp, int *nshdrsp)
1440 1532 {
1441 1533 vnode_t *lastvp = NULL;
1442 1534 struct seg *seg;
1443 1535 int i, j;
1444 1536 void *data = NULL;
1445 1537 size_t datasz = 0;
1446 1538 shstrtab_t shstrtab;
1447 1539 struct as *as = p->p_as;
1448 1540 int error = 0;
1449 1541
1450 1542 if (v != NULL)
1451 1543 shstrtab_init(&shstrtab);
1452 1544
1453 1545 i = 1;
1454 1546 for (seg = AS_SEGFIRST(as); seg != NULL; seg = AS_SEGNEXT(as, seg)) {
1455 1547 uint_t prot;
1456 1548 vnode_t *mvp;
1457 1549 void *tmp = NULL;
1458 1550 caddr_t saddr = seg->s_base;
1459 1551 caddr_t naddr;
1460 1552 caddr_t eaddr;
1461 1553 size_t segsize;
1462 1554
1463 1555 Ehdr ehdr;
1464 1556 int nshdrs, shstrndx, nphdrs;
1465 1557 caddr_t shbase;
1466 1558 ssize_t shsize;
1467 1559 char *shstrbase;
1468 1560 ssize_t shstrsize;
1469 1561
1470 1562 Shdr *shdr;
1471 1563 const char *name;
1472 1564 size_t sz;
1473 1565 uintptr_t off;
1474 1566
1475 1567 int ctf_ndx = 0;
1476 1568 int symtab_ndx = 0;
1477 1569
1478 1570 /*
1479 1571 * Since we're just looking for text segments of load
1480 1572 * objects, we only care about the protection bits; we don't
1481 1573 * care about the actual size of the segment so we use the
1482 1574 * reserved size. If the segment's size is zero, there's
1483 1575 * something fishy going on so we ignore this segment.
1484 1576 */
1485 1577 if (seg->s_ops != &segvn_ops ||
1486 1578 SEGOP_GETVP(seg, seg->s_base, &mvp) != 0 ||
1487 1579 mvp == lastvp || mvp == NULL || mvp->v_type != VREG ||
1488 1580 (segsize = pr_getsegsize(seg, 1)) == 0)
1489 1581 continue;
1490 1582
1491 1583 eaddr = saddr + segsize;
1492 1584 prot = pr_getprot(seg, 1, &tmp, &saddr, &naddr, eaddr);
1493 1585 pr_getprot_done(&tmp);
1494 1586
1495 1587 /*
1496 1588 * Skip this segment unless the protection bits look like
1497 1589 * what we'd expect for a text segment.
1498 1590 */
1499 1591 if ((prot & (PROT_WRITE | PROT_EXEC)) != PROT_EXEC)
1500 1592 continue;
1501 1593
1502 1594 if (getelfhead(mvp, credp, &ehdr, &nshdrs, &shstrndx,
1503 1595 &nphdrs) != 0 ||
1504 1596 getelfshdr(mvp, credp, &ehdr, nshdrs, shstrndx,
1505 1597 &shbase, &shsize, &shstrbase, &shstrsize) != 0)
1506 1598 continue;
1507 1599
1508 1600 off = ehdr.e_shentsize;
1509 1601 for (j = 1; j < nshdrs; j++, off += ehdr.e_shentsize) {
1510 1602 Shdr *symtab = NULL, *strtab;
1511 1603
1512 1604 shdr = (Shdr *)(shbase + off);
1513 1605
1514 1606 if (shdr->sh_name >= shstrsize)
1515 1607 continue;
1516 1608
1517 1609 name = shstrbase + shdr->sh_name;
1518 1610
1519 1611 if (strcmp(name, shstrtab_data[STR_CTF]) == 0) {
1520 1612 if ((content & CC_CONTENT_CTF) == 0 ||
1521 1613 ctf_ndx != 0)
1522 1614 continue;
1523 1615
1524 1616 if (shdr->sh_link > 0 &&
1525 1617 shdr->sh_link < nshdrs) {
1526 1618 symtab = (Shdr *)(shbase +
1527 1619 shdr->sh_link * ehdr.e_shentsize);
1528 1620 }
1529 1621
1530 1622 if (v != NULL && i < nv - 1) {
1531 1623 if (shdr->sh_size > datasz &&
1532 1624 shdr->sh_size <= elf_datasz_max) {
1533 1625 if (data != NULL)
1534 1626 kmem_free(data, datasz);
1535 1627
1536 1628 datasz = shdr->sh_size;
1537 1629 data = kmem_alloc(datasz,
1538 1630 KM_SLEEP);
1539 1631 }
1540 1632
1541 1633 v[i].sh_name = shstrtab_ndx(&shstrtab,
1542 1634 STR_CTF);
1543 1635 v[i].sh_addr = (Addr)(uintptr_t)saddr;
1544 1636 v[i].sh_type = SHT_PROGBITS;
1545 1637 v[i].sh_addralign = 4;
1546 1638 *doffsetp = roundup(*doffsetp,
1547 1639 v[i].sh_addralign);
1548 1640 v[i].sh_offset = *doffsetp;
1549 1641 v[i].sh_size = shdr->sh_size;
1550 1642 if (symtab == NULL) {
1551 1643 v[i].sh_link = 0;
1552 1644 } else if (symtab->sh_type ==
1553 1645 SHT_SYMTAB &&
1554 1646 symtab_ndx != 0) {
1555 1647 v[i].sh_link =
1556 1648 symtab_ndx;
1557 1649 } else {
1558 1650 v[i].sh_link = i + 1;
1559 1651 }
1560 1652
1561 1653 copy_scn(shdr, mvp, &v[i], vp,
1562 1654 doffsetp, data, datasz, credp,
1563 1655 rlimit);
1564 1656 }
1565 1657
1566 1658 ctf_ndx = i++;
1567 1659
1568 1660 /*
1569 1661 * We've already dumped the symtab.
1570 1662 */
1571 1663 if (symtab != NULL &&
1572 1664 symtab->sh_type == SHT_SYMTAB &&
1573 1665 symtab_ndx != 0)
1574 1666 continue;
1575 1667
1576 1668 } else if (strcmp(name,
1577 1669 shstrtab_data[STR_SYMTAB]) == 0) {
1578 1670 if ((content & CC_CONTENT_SYMTAB) == 0 ||
1579 1671 symtab != 0)
1580 1672 continue;
1581 1673
1582 1674 symtab = shdr;
1583 1675 }
1584 1676
1585 1677 if (symtab != NULL) {
1586 1678 if ((symtab->sh_type != SHT_DYNSYM &&
1587 1679 symtab->sh_type != SHT_SYMTAB) ||
1588 1680 symtab->sh_link == 0 ||
1589 1681 symtab->sh_link >= nshdrs)
1590 1682 continue;
1591 1683
1592 1684 strtab = (Shdr *)(shbase +
1593 1685 symtab->sh_link * ehdr.e_shentsize);
1594 1686
1595 1687 if (strtab->sh_type != SHT_STRTAB)
1596 1688 continue;
1597 1689
1598 1690 if (v != NULL && i < nv - 2) {
1599 1691 sz = MAX(symtab->sh_size,
1600 1692 strtab->sh_size);
1601 1693 if (sz > datasz &&
1602 1694 sz <= elf_datasz_max) {
1603 1695 if (data != NULL)
1604 1696 kmem_free(data, datasz);
1605 1697
1606 1698 datasz = sz;
1607 1699 data = kmem_alloc(datasz,
1608 1700 KM_SLEEP);
1609 1701 }
1610 1702
1611 1703 if (symtab->sh_type == SHT_DYNSYM) {
1612 1704 v[i].sh_name = shstrtab_ndx(
1613 1705 &shstrtab, STR_DYNSYM);
1614 1706 v[i + 1].sh_name = shstrtab_ndx(
1615 1707 &shstrtab, STR_DYNSTR);
1616 1708 } else {
1617 1709 v[i].sh_name = shstrtab_ndx(
1618 1710 &shstrtab, STR_SYMTAB);
1619 1711 v[i + 1].sh_name = shstrtab_ndx(
1620 1712 &shstrtab, STR_STRTAB);
1621 1713 }
1622 1714
1623 1715 v[i].sh_type = symtab->sh_type;
1624 1716 v[i].sh_addr = symtab->sh_addr;
1625 1717 if (ehdr.e_type == ET_DYN ||
1626 1718 v[i].sh_addr == 0)
1627 1719 v[i].sh_addr +=
1628 1720 (Addr)(uintptr_t)saddr;
1629 1721 v[i].sh_addralign =
1630 1722 symtab->sh_addralign;
1631 1723 *doffsetp = roundup(*doffsetp,
1632 1724 v[i].sh_addralign);
1633 1725 v[i].sh_offset = *doffsetp;
1634 1726 v[i].sh_size = symtab->sh_size;
1635 1727 v[i].sh_link = i + 1;
1636 1728 v[i].sh_entsize = symtab->sh_entsize;
1637 1729 v[i].sh_info = symtab->sh_info;
1638 1730
1639 1731 copy_scn(symtab, mvp, &v[i], vp,
1640 1732 doffsetp, data, datasz, credp,
1641 1733 rlimit);
1642 1734
1643 1735 v[i + 1].sh_type = SHT_STRTAB;
1644 1736 v[i + 1].sh_flags = SHF_STRINGS;
1645 1737 v[i + 1].sh_addr = symtab->sh_addr;
1646 1738 if (ehdr.e_type == ET_DYN ||
1647 1739 v[i + 1].sh_addr == 0)
1648 1740 v[i + 1].sh_addr +=
1649 1741 (Addr)(uintptr_t)saddr;
1650 1742 v[i + 1].sh_addralign =
1651 1743 strtab->sh_addralign;
1652 1744 *doffsetp = roundup(*doffsetp,
1653 1745 v[i + 1].sh_addralign);
1654 1746 v[i + 1].sh_offset = *doffsetp;
1655 1747 v[i + 1].sh_size = strtab->sh_size;
1656 1748
1657 1749 copy_scn(strtab, mvp, &v[i + 1], vp,
1658 1750 doffsetp, data, datasz, credp,
1659 1751 rlimit);
1660 1752 }
1661 1753
1662 1754 if (symtab->sh_type == SHT_SYMTAB)
1663 1755 symtab_ndx = i;
1664 1756 i += 2;
1665 1757 }
1666 1758 }
1667 1759
1668 1760 kmem_free(shstrbase, shstrsize);
1669 1761 kmem_free(shbase, shsize);
1670 1762
1671 1763 lastvp = mvp;
1672 1764 }
1673 1765
1674 1766 if (v == NULL) {
1675 1767 if (i == 1)
1676 1768 *nshdrsp = 0;
1677 1769 else
1678 1770 *nshdrsp = i + 1;
1679 1771 goto done;
1680 1772 }
1681 1773
1682 1774 if (i != nv - 1) {
1683 1775 cmn_err(CE_WARN, "elfcore: core dump failed for "
1684 1776 "process %d; address space is changing", p->p_pid);
1685 1777 error = EIO;
1686 1778 goto done;
1687 1779 }
1688 1780
1689 1781 v[i].sh_name = shstrtab_ndx(&shstrtab, STR_SHSTRTAB);
1690 1782 v[i].sh_size = shstrtab_size(&shstrtab);
1691 1783 v[i].sh_addralign = 1;
1692 1784 *doffsetp = roundup(*doffsetp, v[i].sh_addralign);
1693 1785 v[i].sh_offset = *doffsetp;
1694 1786 v[i].sh_flags = SHF_STRINGS;
1695 1787 v[i].sh_type = SHT_STRTAB;
1696 1788
1697 1789 if (v[i].sh_size > datasz) {
1698 1790 if (data != NULL)
1699 1791 kmem_free(data, datasz);
1700 1792
1701 1793 datasz = v[i].sh_size;
1702 1794 data = kmem_alloc(datasz,
1703 1795 KM_SLEEP);
1704 1796 }
1705 1797
1706 1798 shstrtab_dump(&shstrtab, data);
1707 1799
1708 1800 if ((error = core_write(vp, UIO_SYSSPACE, *doffsetp,
1709 1801 data, v[i].sh_size, rlimit, credp)) != 0)
1710 1802 goto done;
1711 1803
1712 1804 *doffsetp += v[i].sh_size;
1713 1805
1714 1806 done:
1715 1807 if (data != NULL)
1716 1808 kmem_free(data, datasz);
1717 1809
1718 1810 return (error);
1719 1811 }
1720 1812
1721 1813 int
1722 1814 elfcore(vnode_t *vp, proc_t *p, cred_t *credp, rlim64_t rlimit, int sig,
1723 1815 core_content_t content)
1724 1816 {
1725 1817 offset_t poffset, soffset;
1726 1818 Off doffset;
1727 1819 int error, i, nphdrs, nshdrs;
1728 1820 int overflow = 0;
1729 1821 struct seg *seg;
1730 1822 struct as *as = p->p_as;
1731 1823 union {
1732 1824 Ehdr ehdr;
1733 1825 Phdr phdr[1];
1734 1826 Shdr shdr[1];
1735 1827 } *bigwad;
1736 1828 size_t bigsize;
1737 1829 size_t phdrsz, shdrsz;
1738 1830 Ehdr *ehdr;
1739 1831 Phdr *v;
1740 1832 caddr_t brkbase;
1741 1833 size_t brksize;
1742 1834 caddr_t stkbase;
1743 1835 size_t stksize;
1744 1836 int ntries = 0;
1745 1837 klwp_t *lwp = ttolwp(curthread);
1746 1838
1747 1839 top:
1748 1840 /*
1749 1841 * Make sure we have everything we need (registers, etc.).
1750 1842 * All other lwps have already stopped and are in an orderly state.
1751 1843 */
1752 1844 ASSERT(p == ttoproc(curthread));
1753 1845 prstop(0, 0);
1754 1846
1755 1847 AS_LOCK_ENTER(as, &as->a_lock, RW_WRITER);
1756 1848 nphdrs = prnsegs(as, 0) + 2; /* two CORE note sections */
1757 1849
1758 1850 /*
1759 1851 * Count the number of section headers we're going to need.
1760 1852 */
1761 1853 nshdrs = 0;
1762 1854 if (content & (CC_CONTENT_CTF | CC_CONTENT_SYMTAB)) {
1763 1855 (void) process_scns(content, p, credp, NULL, NULL, NULL, 0,
1764 1856 NULL, &nshdrs);
1765 1857 }
1766 1858 AS_LOCK_EXIT(as, &as->a_lock);
1767 1859
1768 1860 ASSERT(nshdrs == 0 || nshdrs > 1);
1769 1861
1770 1862 /*
1771 1863 * The core file contents may required zero section headers, but if
1772 1864 * we overflow the 16 bits allotted to the program header count in
1773 1865 * the ELF header, we'll need that program header at index zero.
1774 1866 */
1775 1867 if (nshdrs == 0 && nphdrs >= PN_XNUM)
1776 1868 nshdrs = 1;
1777 1869
1778 1870 phdrsz = nphdrs * sizeof (Phdr);
1779 1871 shdrsz = nshdrs * sizeof (Shdr);
1780 1872
1781 1873 bigsize = MAX(sizeof (*bigwad), MAX(phdrsz, shdrsz));
1782 1874 bigwad = kmem_alloc(bigsize, KM_SLEEP);
1783 1875
1784 1876 ehdr = &bigwad->ehdr;
1785 1877 bzero(ehdr, sizeof (*ehdr));
1786 1878
1787 1879 ehdr->e_ident[EI_MAG0] = ELFMAG0;
1788 1880 ehdr->e_ident[EI_MAG1] = ELFMAG1;
1789 1881 ehdr->e_ident[EI_MAG2] = ELFMAG2;
1790 1882 ehdr->e_ident[EI_MAG3] = ELFMAG3;
1791 1883 ehdr->e_ident[EI_CLASS] = ELFCLASS;
1792 1884 ehdr->e_type = ET_CORE;
1793 1885
1794 1886 #if !defined(_LP64) || defined(_ELF32_COMPAT)
1795 1887
1796 1888 #if defined(__sparc)
1797 1889 ehdr->e_ident[EI_DATA] = ELFDATA2MSB;
1798 1890 ehdr->e_machine = EM_SPARC;
1799 1891 #elif defined(__i386) || defined(__i386_COMPAT)
1800 1892 ehdr->e_ident[EI_DATA] = ELFDATA2LSB;
1801 1893 ehdr->e_machine = EM_386;
1802 1894 #else
1803 1895 #error "no recognized machine type is defined"
1804 1896 #endif
1805 1897
1806 1898 #else /* !defined(_LP64) || defined(_ELF32_COMPAT) */
1807 1899
1808 1900 #if defined(__sparc)
1809 1901 ehdr->e_ident[EI_DATA] = ELFDATA2MSB;
1810 1902 ehdr->e_machine = EM_SPARCV9;
1811 1903 #elif defined(__amd64)
1812 1904 ehdr->e_ident[EI_DATA] = ELFDATA2LSB;
1813 1905 ehdr->e_machine = EM_AMD64;
1814 1906 #else
1815 1907 #error "no recognized 64-bit machine type is defined"
1816 1908 #endif
1817 1909
1818 1910 #endif /* !defined(_LP64) || defined(_ELF32_COMPAT) */
1819 1911
1820 1912 /*
1821 1913 * If the count of program headers or section headers or the index
1822 1914 * of the section string table can't fit in the mere 16 bits
1823 1915 * shortsightedly allotted to them in the ELF header, we use the
1824 1916 * extended formats and put the real values in the section header
1825 1917 * as index 0.
1826 1918 */
1827 1919 ehdr->e_version = EV_CURRENT;
1828 1920 ehdr->e_ehsize = sizeof (Ehdr);
1829 1921
1830 1922 if (nphdrs >= PN_XNUM)
1831 1923 ehdr->e_phnum = PN_XNUM;
1832 1924 else
1833 1925 ehdr->e_phnum = (unsigned short)nphdrs;
1834 1926
1835 1927 ehdr->e_phoff = sizeof (Ehdr);
1836 1928 ehdr->e_phentsize = sizeof (Phdr);
1837 1929
1838 1930 if (nshdrs > 0) {
1839 1931 if (nshdrs >= SHN_LORESERVE)
1840 1932 ehdr->e_shnum = 0;
1841 1933 else
1842 1934 ehdr->e_shnum = (unsigned short)nshdrs;
1843 1935
1844 1936 if (nshdrs - 1 >= SHN_LORESERVE)
1845 1937 ehdr->e_shstrndx = SHN_XINDEX;
1846 1938 else
1847 1939 ehdr->e_shstrndx = (unsigned short)(nshdrs - 1);
1848 1940
1849 1941 ehdr->e_shoff = ehdr->e_phoff + ehdr->e_phentsize * nphdrs;
1850 1942 ehdr->e_shentsize = sizeof (Shdr);
1851 1943 }
1852 1944
1853 1945 if (error = core_write(vp, UIO_SYSSPACE, (offset_t)0, ehdr,
1854 1946 sizeof (Ehdr), rlimit, credp))
1855 1947 goto done;
1856 1948
1857 1949 poffset = sizeof (Ehdr);
1858 1950 soffset = sizeof (Ehdr) + phdrsz;
1859 1951 doffset = sizeof (Ehdr) + phdrsz + shdrsz;
1860 1952
1861 1953 v = &bigwad->phdr[0];
1862 1954 bzero(v, phdrsz);
1863 1955
1864 1956 setup_old_note_header(&v[0], p);
1865 1957 v[0].p_offset = doffset = roundup(doffset, sizeof (Word));
1866 1958 doffset += v[0].p_filesz;
1867 1959
1868 1960 setup_note_header(&v[1], p);
1869 1961 v[1].p_offset = doffset = roundup(doffset, sizeof (Word));
1870 1962 doffset += v[1].p_filesz;
1871 1963
1872 1964 mutex_enter(&p->p_lock);
1873 1965
1874 1966 brkbase = p->p_brkbase;
1875 1967 brksize = p->p_brksize;
1876 1968
1877 1969 stkbase = p->p_usrstack - p->p_stksize;
1878 1970 stksize = p->p_stksize;
1879 1971
1880 1972 mutex_exit(&p->p_lock);
1881 1973
1882 1974 AS_LOCK_ENTER(as, &as->a_lock, RW_WRITER);
1883 1975 i = 2;
1884 1976 for (seg = AS_SEGFIRST(as); seg != NULL; seg = AS_SEGNEXT(as, seg)) {
1885 1977 caddr_t eaddr = seg->s_base + pr_getsegsize(seg, 0);
1886 1978 caddr_t saddr, naddr;
1887 1979 void *tmp = NULL;
1888 1980 extern struct seg_ops segspt_shmops;
1889 1981
1890 1982 for (saddr = seg->s_base; saddr < eaddr; saddr = naddr) {
1891 1983 uint_t prot;
1892 1984 size_t size;
1893 1985 int type;
1894 1986 vnode_t *mvp;
1895 1987
1896 1988 prot = pr_getprot(seg, 0, &tmp, &saddr, &naddr, eaddr);
1897 1989 prot &= PROT_READ | PROT_WRITE | PROT_EXEC;
1898 1990 if ((size = (size_t)(naddr - saddr)) == 0)
1899 1991 continue;
1900 1992 if (i == nphdrs) {
1901 1993 overflow++;
1902 1994 continue;
1903 1995 }
1904 1996 v[i].p_type = PT_LOAD;
1905 1997 v[i].p_vaddr = (Addr)(uintptr_t)saddr;
1906 1998 v[i].p_memsz = size;
1907 1999 if (prot & PROT_READ)
1908 2000 v[i].p_flags |= PF_R;
1909 2001 if (prot & PROT_WRITE)
1910 2002 v[i].p_flags |= PF_W;
1911 2003 if (prot & PROT_EXEC)
1912 2004 v[i].p_flags |= PF_X;
1913 2005
1914 2006 /*
1915 2007 * Figure out which mappings to include in the core.
1916 2008 */
1917 2009 type = SEGOP_GETTYPE(seg, saddr);
1918 2010
1919 2011 if (saddr == stkbase && size == stksize) {
1920 2012 if (!(content & CC_CONTENT_STACK))
1921 2013 goto exclude;
1922 2014
1923 2015 } else if (saddr == brkbase && size == brksize) {
1924 2016 if (!(content & CC_CONTENT_HEAP))
1925 2017 goto exclude;
1926 2018
1927 2019 } else if (seg->s_ops == &segspt_shmops) {
1928 2020 if (type & MAP_NORESERVE) {
1929 2021 if (!(content & CC_CONTENT_DISM))
1930 2022 goto exclude;
1931 2023 } else {
1932 2024 if (!(content & CC_CONTENT_ISM))
1933 2025 goto exclude;
1934 2026 }
1935 2027
1936 2028 } else if (seg->s_ops != &segvn_ops) {
1937 2029 goto exclude;
1938 2030
1939 2031 } else if (type & MAP_SHARED) {
1940 2032 if (shmgetid(p, saddr) != SHMID_NONE) {
1941 2033 if (!(content & CC_CONTENT_SHM))
1942 2034 goto exclude;
1943 2035
1944 2036 } else if (SEGOP_GETVP(seg, seg->s_base,
1945 2037 &mvp) != 0 || mvp == NULL ||
1946 2038 mvp->v_type != VREG) {
1947 2039 if (!(content & CC_CONTENT_SHANON))
1948 2040 goto exclude;
1949 2041
1950 2042 } else {
1951 2043 if (!(content & CC_CONTENT_SHFILE))
1952 2044 goto exclude;
1953 2045 }
1954 2046
1955 2047 } else if (SEGOP_GETVP(seg, seg->s_base, &mvp) != 0 ||
1956 2048 mvp == NULL || mvp->v_type != VREG) {
1957 2049 if (!(content & CC_CONTENT_ANON))
1958 2050 goto exclude;
1959 2051
1960 2052 } else if (prot == (PROT_READ | PROT_EXEC)) {
1961 2053 if (!(content & CC_CONTENT_TEXT))
1962 2054 goto exclude;
1963 2055
1964 2056 } else if (prot == PROT_READ) {
1965 2057 if (!(content & CC_CONTENT_RODATA))
1966 2058 goto exclude;
1967 2059
1968 2060 } else {
1969 2061 if (!(content & CC_CONTENT_DATA))
1970 2062 goto exclude;
1971 2063 }
1972 2064
1973 2065 doffset = roundup(doffset, sizeof (Word));
1974 2066 v[i].p_offset = doffset;
1975 2067 v[i].p_filesz = size;
1976 2068 doffset += size;
1977 2069 exclude:
1978 2070 i++;
1979 2071 }
1980 2072 ASSERT(tmp == NULL);
1981 2073 }
1982 2074 AS_LOCK_EXIT(as, &as->a_lock);
1983 2075
1984 2076 if (overflow || i != nphdrs) {
1985 2077 if (ntries++ == 0) {
1986 2078 kmem_free(bigwad, bigsize);
1987 2079 overflow = 0;
1988 2080 goto top;
1989 2081 }
1990 2082 cmn_err(CE_WARN, "elfcore: core dump failed for "
1991 2083 "process %d; address space is changing", p->p_pid);
1992 2084 error = EIO;
1993 2085 goto done;
1994 2086 }
1995 2087
1996 2088 if ((error = core_write(vp, UIO_SYSSPACE, poffset,
1997 2089 v, phdrsz, rlimit, credp)) != 0)
1998 2090 goto done;
1999 2091
2000 2092 if ((error = write_old_elfnotes(p, sig, vp, v[0].p_offset, rlimit,
2001 2093 credp)) != 0)
2002 2094 goto done;
2003 2095
2004 2096 if ((error = write_elfnotes(p, sig, vp, v[1].p_offset, rlimit,
2005 2097 credp, content)) != 0)
2006 2098 goto done;
2007 2099
2008 2100 for (i = 2; i < nphdrs; i++) {
2009 2101 prkillinfo_t killinfo;
2010 2102 sigqueue_t *sq;
2011 2103 int sig, j;
2012 2104
2013 2105 if (v[i].p_filesz == 0)
2014 2106 continue;
2015 2107
2016 2108 /*
2017 2109 * If dumping out this segment fails, rather than failing
2018 2110 * the core dump entirely, we reset the size of the mapping
2019 2111 * to zero to indicate that the data is absent from the core
2020 2112 * file and or in the PF_SUNW_FAILURE flag to differentiate
2021 2113 * this from mappings that were excluded due to the core file
2022 2114 * content settings.
2023 2115 */
2024 2116 if ((error = core_seg(p, vp, v[i].p_offset,
2025 2117 (caddr_t)(uintptr_t)v[i].p_vaddr, v[i].p_filesz,
2026 2118 rlimit, credp)) == 0) {
2027 2119 continue;
2028 2120 }
2029 2121
2030 2122 if ((sig = lwp->lwp_cursig) == 0) {
2031 2123 /*
2032 2124 * We failed due to something other than a signal.
2033 2125 * Since the space reserved for the segment is now
2034 2126 * unused, we stash the errno in the first four
2035 2127 * bytes. This undocumented interface will let us
2036 2128 * understand the nature of the failure.
2037 2129 */
2038 2130 (void) core_write(vp, UIO_SYSSPACE, v[i].p_offset,
2039 2131 &error, sizeof (error), rlimit, credp);
2040 2132
2041 2133 v[i].p_filesz = 0;
2042 2134 v[i].p_flags |= PF_SUNW_FAILURE;
2043 2135 if ((error = core_write(vp, UIO_SYSSPACE,
2044 2136 poffset + sizeof (v[i]) * i, &v[i], sizeof (v[i]),
2045 2137 rlimit, credp)) != 0)
2046 2138 goto done;
2047 2139
2048 2140 continue;
2049 2141 }
2050 2142
2051 2143 /*
2052 2144 * We took a signal. We want to abort the dump entirely, but
2053 2145 * we also want to indicate what failed and why. We therefore
2054 2146 * use the space reserved for the first failing segment to
2055 2147 * write our error (which, for purposes of compatability with
2056 2148 * older core dump readers, we set to EINTR) followed by any
2057 2149 * siginfo associated with the signal.
2058 2150 */
2059 2151 bzero(&killinfo, sizeof (killinfo));
2060 2152 killinfo.prk_error = EINTR;
2061 2153
2062 2154 sq = sig == SIGKILL ? curproc->p_killsqp : lwp->lwp_curinfo;
2063 2155
2064 2156 if (sq != NULL) {
2065 2157 bcopy(&sq->sq_info, &killinfo.prk_info,
2066 2158 sizeof (sq->sq_info));
2067 2159 } else {
2068 2160 killinfo.prk_info.si_signo = lwp->lwp_cursig;
2069 2161 killinfo.prk_info.si_code = SI_NOINFO;
2070 2162 }
2071 2163
2072 2164 #if (defined(_SYSCALL32_IMPL) || defined(_LP64))
2073 2165 /*
2074 2166 * If this is a 32-bit process, we need to translate from the
2075 2167 * native siginfo to the 32-bit variant. (Core readers must
2076 2168 * always have the same data model as their target or must
2077 2169 * be aware of -- and compensate for -- data model differences.)
2078 2170 */
2079 2171 if (curproc->p_model == DATAMODEL_ILP32) {
2080 2172 siginfo32_t si32;
2081 2173
2082 2174 siginfo_kto32((k_siginfo_t *)&killinfo.prk_info, &si32);
2083 2175 bcopy(&si32, &killinfo.prk_info, sizeof (si32));
2084 2176 }
2085 2177 #endif
2086 2178
2087 2179 (void) core_write(vp, UIO_SYSSPACE, v[i].p_offset,
2088 2180 &killinfo, sizeof (killinfo), rlimit, credp);
2089 2181
2090 2182 /*
2091 2183 * For the segment on which we took the signal, indicate that
2092 2184 * its data now refers to a siginfo.
2093 2185 */
2094 2186 v[i].p_filesz = 0;
2095 2187 v[i].p_flags |= PF_SUNW_FAILURE | PF_SUNW_KILLED |
2096 2188 PF_SUNW_SIGINFO;
2097 2189
2098 2190 /*
2099 2191 * And for every other segment, indicate that its absence
2100 2192 * is due to a signal.
2101 2193 */
2102 2194 for (j = i + 1; j < nphdrs; j++) {
2103 2195 v[j].p_filesz = 0;
2104 2196 v[j].p_flags |= PF_SUNW_FAILURE | PF_SUNW_KILLED;
2105 2197 }
2106 2198
2107 2199 /*
2108 2200 * Finally, write out our modified program headers.
2109 2201 */
2110 2202 if ((error = core_write(vp, UIO_SYSSPACE,
2111 2203 poffset + sizeof (v[i]) * i, &v[i],
2112 2204 sizeof (v[i]) * (nphdrs - i), rlimit, credp)) != 0)
2113 2205 goto done;
2114 2206
2115 2207 break;
2116 2208 }
2117 2209
2118 2210 if (nshdrs > 0) {
2119 2211 bzero(&bigwad->shdr[0], shdrsz);
2120 2212
2121 2213 if (nshdrs >= SHN_LORESERVE)
2122 2214 bigwad->shdr[0].sh_size = nshdrs;
2123 2215
2124 2216 if (nshdrs - 1 >= SHN_LORESERVE)
2125 2217 bigwad->shdr[0].sh_link = nshdrs - 1;
2126 2218
2127 2219 if (nphdrs >= PN_XNUM)
2128 2220 bigwad->shdr[0].sh_info = nphdrs;
2129 2221
2130 2222 if (nshdrs > 1) {
2131 2223 AS_LOCK_ENTER(as, &as->a_lock, RW_WRITER);
2132 2224 if ((error = process_scns(content, p, credp, vp,
2133 2225 &bigwad->shdr[0], nshdrs, rlimit, &doffset,
2134 2226 NULL)) != 0) {
2135 2227 AS_LOCK_EXIT(as, &as->a_lock);
2136 2228 goto done;
2137 2229 }
2138 2230 AS_LOCK_EXIT(as, &as->a_lock);
2139 2231 }
2140 2232
2141 2233 if ((error = core_write(vp, UIO_SYSSPACE, soffset,
2142 2234 &bigwad->shdr[0], shdrsz, rlimit, credp)) != 0)
2143 2235 goto done;
2144 2236 }
2145 2237
2146 2238 done:
2147 2239 kmem_free(bigwad, bigsize);
2148 2240 return (error);
2149 2241 }
2150 2242
2151 2243 #ifndef _ELF32_COMPAT
2152 2244
2153 2245 static struct execsw esw = {
2154 2246 #ifdef _LP64
2155 2247 elf64magicstr,
2156 2248 #else /* _LP64 */
2157 2249 elf32magicstr,
2158 2250 #endif /* _LP64 */
2159 2251 0,
2160 2252 5,
2161 2253 elfexec,
2162 2254 elfcore
2163 2255 };
2164 2256
2165 2257 static struct modlexec modlexec = {
2166 2258 &mod_execops, "exec module for elf", &esw
2167 2259 };
2168 2260
2169 2261 #ifdef _LP64
2170 2262 extern int elf32exec(vnode_t *vp, execa_t *uap, uarg_t *args,
2171 2263 intpdata_t *idatap, int level, long *execsz,
2172 2264 int setid, caddr_t exec_file, cred_t *cred,
2173 2265 int brand_action);
2174 2266 extern int elf32core(vnode_t *vp, proc_t *p, cred_t *credp,
2175 2267 rlim64_t rlimit, int sig, core_content_t content);
2176 2268
2177 2269 static struct execsw esw32 = {
2178 2270 elf32magicstr,
2179 2271 0,
2180 2272 5,
2181 2273 elf32exec,
2182 2274 elf32core
2183 2275 };
2184 2276
2185 2277 static struct modlexec modlexec32 = {
2186 2278 &mod_execops, "32-bit exec module for elf", &esw32
2187 2279 };
2188 2280 #endif /* _LP64 */
2189 2281
2190 2282 static struct modlinkage modlinkage = {
2191 2283 MODREV_1,
2192 2284 (void *)&modlexec,
2193 2285 #ifdef _LP64
2194 2286 (void *)&modlexec32,
2195 2287 #endif /* _LP64 */
2196 2288 NULL
2197 2289 };
2198 2290
2199 2291 int
2200 2292 _init(void)
2201 2293 {
2202 2294 return (mod_install(&modlinkage));
2203 2295 }
2204 2296
2205 2297 int
2206 2298 _fini(void)
2207 2299 {
2208 2300 return (mod_remove(&modlinkage));
2209 2301 }
2210 2302
2211 2303 int
2212 2304 _info(struct modinfo *modinfop)
2213 2305 {
2214 2306 return (mod_info(&modlinkage, modinfop));
2215 2307 }
2216 2308
2217 2309 #endif /* !_ELF32_COMPAT */
|
↓ open down ↓ |
860 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX