7029 want per-process exploit mitigation features (secflags) 7030 want basic address space layout randomization (aslr) 7031 noexec_user_stack should be a secflag 7032 want a means to forbid mappings around NULL.
1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 /* 26 * Copyright (c) 2013 by Delphix. All rights reserved. 27 */ 28 29 #include <stdlib.h> 30 #include <libelf.h> 31 #include <libgen.h> 32 #include <string.h> 33 #include <strings.h> 34 #include <errno.h> 35 #include <sys/sysmacros.h> 36 37 #include "libproc.h" 38 #include "Pcontrol.h" 39 40 /*ARGSUSED*/ 41 static ssize_t 42 Pread_idle(struct ps_prochandle *P, void *buf, size_t n, uintptr_t addr, 43 void *data) 44 { 45 size_t resid = n; 46 47 while (resid > 0) { 48 map_info_t *mp; 49 uintptr_t mapoff; 50 ssize_t len; 51 off64_t off; 52 53 if ((mp = Paddr2mptr(P, addr)) == NULL) 54 break; 55 56 mapoff = addr - mp->map_pmap.pr_vaddr; 57 len = MIN(resid, mp->map_pmap.pr_size - mapoff); 58 off = mp->map_offset + mapoff; 59 60 if ((len = pread64(P->asfd, buf, len, off)) <= 0) 61 break; 62 63 resid -= len; 64 addr += len; 65 buf = (char *)buf + len; 66 } 67 68 return (n - resid); 69 } 70 71 /*ARGSUSED*/ 72 static ssize_t 73 Pwrite_idle(struct ps_prochandle *P, const void *buf, size_t n, uintptr_t addr, 74 void *data) 75 { 76 errno = EIO; 77 return (-1); 78 } 79 80 /*ARGSUSED*/ 81 static int 82 Ppriv_idle(struct ps_prochandle *P, prpriv_t **pprv, void *data) 83 { 84 prpriv_t *pp; 85 86 pp = proc_get_priv(P->pid); 87 if (pp == NULL) { 88 return (-1); 89 } 90 91 *pprv = pp; 92 return (0); 93 } 94 95 /* Default operations for the idl ops vector. */ 96 static void * 97 Pidle_voidp() 98 { 99 errno = ENODATA; 100 return (NULL); 101 } 102 103 static int 104 Pidle_int() 105 { 106 errno = ENODATA; 107 return (-1); 108 } 109 110 static const ps_ops_t P_idle_ops = { 111 .pop_pread = Pread_idle, 112 .pop_pwrite = Pwrite_idle, 113 .pop_cred = (pop_cred_t)Pidle_int, 114 .pop_priv = Ppriv_idle, 115 .pop_psinfo = (pop_psinfo_t)Pidle_voidp, 116 .pop_platform = (pop_platform_t)Pidle_voidp, 117 .pop_uname = (pop_uname_t)Pidle_int, 118 .pop_zonename = (pop_zonename_t)Pidle_voidp, 119 #if defined(__i386) || defined(__amd64) 120 .pop_ldt = (pop_ldt_t)Pidle_int 121 #endif 122 }; 123 124 static int 125 idle_add_mapping(struct ps_prochandle *P, GElf_Phdr *php, file_info_t *fp) 126 { 127 prmap_t pmap; 128 129 dprintf("mapping base %llx filesz %llu memsz %llu offset %llu\n", 130 (u_longlong_t)php->p_vaddr, (u_longlong_t)php->p_filesz, 131 (u_longlong_t)php->p_memsz, (u_longlong_t)php->p_offset); 132 133 pmap.pr_vaddr = (uintptr_t)php->p_vaddr; 134 pmap.pr_size = php->p_filesz; 135 (void) strncpy(pmap.pr_mapname, fp->file_pname, 136 sizeof (pmap.pr_mapname)); 137 pmap.pr_offset = php->p_offset; 138 139 pmap.pr_mflags = 0; 140 if (php->p_flags & PF_R) 141 pmap.pr_mflags |= MA_READ; 142 if (php->p_flags & PF_W) 143 pmap.pr_mflags |= MA_WRITE; 144 if (php->p_flags & PF_X) 145 pmap.pr_mflags |= MA_EXEC; 146 147 pmap.pr_pagesize = 0; 148 pmap.pr_shmid = -1; 149 150 return (Padd_mapping(P, php->p_offset, fp, &pmap)); 151 } 152 153 struct ps_prochandle * 154 Pgrab_file(const char *fname, int *perr) 155 { 156 struct ps_prochandle *P = NULL; 157 char buf[PATH_MAX]; 158 GElf_Ehdr ehdr; 159 Elf *elf = NULL; 160 size_t phnum; 161 file_info_t *fp = NULL; 162 int fd; 163 int i; 164 165 if ((fd = open64(fname, O_RDONLY)) < 0) { 166 dprintf("couldn't open file"); 167 *perr = (errno == ENOENT) ? G_NOEXEC : G_STRANGE; 168 return (NULL); 169 } 170 171 if (elf_version(EV_CURRENT) == EV_NONE) { 172 dprintf("libproc ELF version is more recent than libelf"); 173 *perr = G_ELF; 174 goto err; 175 } 176 177 if ((P = calloc(1, sizeof (struct ps_prochandle))) == NULL) { 178 *perr = G_STRANGE; 179 goto err; 180 } 181 182 (void) mutex_init(&P->proc_lock, USYNC_THREAD, NULL); 183 P->state = PS_IDLE; 184 P->pid = (pid_t)-1; 185 P->asfd = fd; 186 P->ctlfd = -1; 187 P->statfd = -1; 188 P->agentctlfd = -1; 189 P->agentstatfd = -1; 190 P->info_valid = -1; 191 Pinit_ops(&P->ops, &P_idle_ops); 192 Pinitsym(P); 193 194 if ((elf = elf_begin(fd, ELF_C_READ, NULL)) == NULL) { 195 *perr = G_ELF; 196 return (NULL); 197 } 198 199 /* 200 * Construct a file_info_t that corresponds to this file. 201 */ 202 if ((fp = calloc(1, sizeof (file_info_t))) == NULL) { 203 *perr = G_STRANGE; 204 goto err; 205 } 206 207 if ((fp->file_lo = calloc(1, sizeof (rd_loadobj_t))) == NULL) { 208 *perr = G_STRANGE; 209 goto err; 210 } 211 212 if (*fname == '/') { 213 (void) strncpy(fp->file_pname, fname, sizeof (fp->file_pname)); 214 } else { 215 size_t sz; 216 217 if (getcwd(fp->file_pname, sizeof (fp->file_pname) - 1) == 218 NULL) { 219 *perr = G_STRANGE; 220 goto err; 221 } 222 223 sz = strlen(fp->file_pname); 224 (void) snprintf(&fp->file_pname[sz], 225 sizeof (fp->file_pname) - sz, "/%s", fname); 226 } 227 228 fp->file_fd = fd; 229 fp->file_lo->rl_lmident = LM_ID_BASE; 230 if ((fp->file_lname = strdup(fp->file_pname)) == NULL) { 231 *perr = G_STRANGE; 232 goto err; 233 } 234 fp->file_lbase = basename(fp->file_lname); 235 236 if ((P->execname = strdup(fp->file_pname)) == NULL) { 237 *perr = G_STRANGE; 238 goto err; 239 } 240 241 P->num_files++; 242 list_link(fp, &P->file_head); 243 244 if (gelf_getehdr(elf, &ehdr) == NULL) { 245 *perr = G_STRANGE; 246 goto err; 247 } 248 249 if (elf_getphdrnum(elf, &phnum) == -1) { 250 *perr = G_STRANGE; 251 goto err; 252 } 253 254 dprintf("Pgrab_file: program header count = %lu\n", (ulong_t)phnum); 255 256 /* 257 * Sift through the program headers making the relevant maps. 258 */ 259 for (i = 0; i < phnum; i++) { 260 GElf_Phdr phdr, *php; 261 262 if ((php = gelf_getphdr(elf, i, &phdr)) == NULL) { 263 *perr = G_STRANGE; 264 goto err; 265 } 266 267 if (php->p_type != PT_LOAD) 268 continue; 269 270 if (idle_add_mapping(P, php, fp) != 0) { 271 *perr = G_STRANGE; 272 goto err; 273 } 274 } 275 Psort_mappings(P); 276 277 (void) elf_end(elf); 278 279 P->map_exec = fp->file_map; 280 281 P->status.pr_flags = PR_STOPPED; 282 P->status.pr_nlwp = 0; 283 P->status.pr_pid = (pid_t)-1; 284 P->status.pr_ppid = (pid_t)-1; 285 P->status.pr_pgid = (pid_t)-1; 286 P->status.pr_sid = (pid_t)-1; 287 P->status.pr_taskid = (taskid_t)-1; 288 P->status.pr_projid = (projid_t)-1; 289 P->status.pr_zoneid = (zoneid_t)-1; 290 switch (ehdr.e_ident[EI_CLASS]) { 291 case ELFCLASS32: 292 P->status.pr_dmodel = PR_MODEL_ILP32; 293 break; 294 case ELFCLASS64: 295 P->status.pr_dmodel = PR_MODEL_LP64; 296 break; 297 default: 298 *perr = G_FORMAT; 299 goto err; 300 } 301 302 /* 303 * Pfindobj() checks what zone a process is associated with, so 304 * we call it after initializing pr_zoneid to -1. This ensures 305 * we don't get associated with any zone on the system. 306 */ 307 if (Pfindobj(P, fp->file_lname, buf, sizeof (buf)) != NULL) { 308 free(P->execname); 309 P->execname = strdup(buf); 310 if ((fp->file_rname = strdup(buf)) != NULL) 311 fp->file_rbase = basename(fp->file_rname); 312 } 313 314 /* 315 * The file and map lists are complete, and will never need to be 316 * adjusted. 317 */ 318 P->info_valid = 1; 319 320 return (P); 321 err: 322 (void) close(fd); 323 if (P != NULL) 324 Pfree(P); 325 if (elf != NULL) 326 (void) elf_end(elf); 327 return (NULL); 328 } --- EOF ---