Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/exec/elf/elf.c
+++ new/usr/src/uts/common/exec/elf/elf.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright (c) 1989, 2010, Oracle and/or its affiliates. All rights reserved.
24 24 */
25 25
26 26 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
27 27 /* All Rights Reserved */
28 28 /*
29 29 * Copyright (c) 2013, Joyent, Inc. All rights reserved.
30 30 */
31 31
32 32 #include <sys/types.h>
33 33 #include <sys/param.h>
34 34 #include <sys/thread.h>
|
↓ open down ↓ |
34 lines elided |
↑ open up ↑ |
35 35 #include <sys/sysmacros.h>
36 36 #include <sys/signal.h>
37 37 #include <sys/cred.h>
38 38 #include <sys/user.h>
39 39 #include <sys/errno.h>
40 40 #include <sys/vnode.h>
41 41 #include <sys/mman.h>
42 42 #include <sys/kmem.h>
43 43 #include <sys/proc.h>
44 44 #include <sys/pathname.h>
45 +#include <sys/policy.h>
45 46 #include <sys/cmn_err.h>
46 47 #include <sys/systm.h>
47 48 #include <sys/elf.h>
48 49 #include <sys/vmsystm.h>
49 50 #include <sys/debug.h>
50 51 #include <sys/auxv.h>
51 52 #include <sys/exec.h>
52 53 #include <sys/prsystm.h>
53 54 #include <vm/as.h>
54 55 #include <vm/rm.h>
55 56 #include <vm/seg.h>
56 57 #include <vm/seg_vn.h>
57 58 #include <sys/modctl.h>
|
↓ open down ↓ |
3 lines elided |
↑ open up ↑ |
58 59 #include <sys/systeminfo.h>
59 60 #include <sys/vmparam.h>
60 61 #include <sys/machelf.h>
61 62 #include <sys/shm_impl.h>
62 63 #include <sys/archsystm.h>
63 64 #include <sys/fasttrap.h>
64 65 #include <sys/brand.h>
65 66 #include "elf_impl.h"
66 67 #include <sys/sdt.h>
67 68 #include <sys/siginfo.h>
69 +#include <sys/random.h>
68 70
69 71 extern int at_flags;
72 +extern volatile size_t aslr_max_brk_skew;
70 73
71 74 #define ORIGIN_STR "ORIGIN"
72 75 #define ORIGIN_STR_SIZE 6
73 76
74 77 static int getelfhead(vnode_t *, cred_t *, Ehdr *, int *, int *, int *);
75 78 static int getelfphdr(vnode_t *, cred_t *, const Ehdr *, int, caddr_t *,
76 79 ssize_t *);
77 80 static int getelfshdr(vnode_t *, cred_t *, const Ehdr *, int, int, caddr_t *,
78 81 ssize_t *, caddr_t *, ssize_t *);
79 82 static size_t elfsize(Ehdr *, int, caddr_t, uintptr_t *);
80 83 static int mapelfexec(vnode_t *, Ehdr *, int, caddr_t,
81 84 Phdr **, Phdr **, Phdr **, Phdr **, Phdr *,
82 85 caddr_t *, caddr_t *, intptr_t *, intptr_t *, size_t, long *, size_t *);
83 86
84 87 typedef enum {
85 88 STR_CTF,
86 89 STR_SYMTAB,
87 90 STR_DYNSYM,
88 91 STR_STRTAB,
89 92 STR_DYNSTR,
90 93 STR_SHSTRTAB,
91 94 STR_NUM
92 95 } shstrtype_t;
93 96
94 97 static const char *shstrtab_data[] = {
95 98 ".SUNW_ctf",
96 99 ".symtab",
97 100 ".dynsym",
98 101 ".strtab",
99 102 ".dynstr",
100 103 ".shstrtab"
101 104 };
102 105
103 106 typedef struct shstrtab {
104 107 int sst_ndx[STR_NUM];
105 108 int sst_cur;
106 109 } shstrtab_t;
107 110
108 111 static void
109 112 shstrtab_init(shstrtab_t *s)
110 113 {
111 114 bzero(&s->sst_ndx, sizeof (s->sst_ndx));
112 115 s->sst_cur = 1;
113 116 }
114 117
115 118 static int
116 119 shstrtab_ndx(shstrtab_t *s, shstrtype_t type)
117 120 {
118 121 int ret;
119 122
120 123 if ((ret = s->sst_ndx[type]) != 0)
121 124 return (ret);
122 125
123 126 ret = s->sst_ndx[type] = s->sst_cur;
124 127 s->sst_cur += strlen(shstrtab_data[type]) + 1;
125 128
126 129 return (ret);
127 130 }
128 131
129 132 static size_t
130 133 shstrtab_size(const shstrtab_t *s)
131 134 {
132 135 return (s->sst_cur);
133 136 }
134 137
135 138 static void
136 139 shstrtab_dump(const shstrtab_t *s, char *buf)
137 140 {
138 141 int i, ndx;
139 142
140 143 *buf = '\0';
141 144 for (i = 0; i < STR_NUM; i++) {
142 145 if ((ndx = s->sst_ndx[i]) != 0)
143 146 (void) strcpy(buf + ndx, shstrtab_data[i]);
144 147 }
145 148 }
146 149
147 150 static int
148 151 dtrace_safe_phdr(Phdr *phdrp, struct uarg *args, uintptr_t base)
149 152 {
150 153 ASSERT(phdrp->p_type == PT_SUNWDTRACE);
151 154
152 155 /*
153 156 * See the comment in fasttrap.h for information on how to safely
154 157 * update this program header.
|
↓ open down ↓ |
75 lines elided |
↑ open up ↑ |
155 158 */
156 159 if (phdrp->p_memsz < PT_SUNWDTRACE_SIZE ||
157 160 (phdrp->p_flags & (PF_R | PF_W | PF_X)) != (PF_R | PF_W | PF_X))
158 161 return (-1);
159 162
160 163 args->thrptr = phdrp->p_vaddr + base;
161 164
162 165 return (0);
163 166 }
164 167
168 +static int
169 +handle_secflag_dt(proc_t *p, uint_t dt, uint_t val)
170 +{
171 + uint_t flag;
172 +
173 + switch (dt) {
174 + case DT_SUNW_ASLR:
175 + flag = PROC_SEC_ASLR;
176 + break;
177 + default:
178 + return (EINVAL);
179 + }
180 +
181 + if (val == 0) {
182 + if (secflag_isset(p->p_secflags.psf_lower, flag))
183 + return (EPERM);
184 + if ((secpolicy_psecflags(CRED(), p, p) != 0) &&
185 + secflag_isset(p->p_secflags.psf_inherit, flag))
186 + return (EPERM);
187 +
188 + secflag_clear(&p->p_secflags.psf_inherit, flag);
189 + secflag_clear(&p->p_secflags.psf_effective, flag);
190 + } else {
191 + if (!secflag_isset(p->p_secflags.psf_upper, flag))
192 + return (EPERM);
193 +
194 + if ((secpolicy_psecflags(CRED(), p, p) != 0) &&
195 + !secflag_isset(p->p_secflags.psf_inherit, flag))
196 + return (EPERM);
197 +
198 + secflag_set(&p->p_secflags.psf_inherit, flag);
199 + secflag_set(&p->p_secflags.psf_effective, flag);
200 + }
201 +
202 + return (0);
203 +}
204 +
165 205 /*
166 206 * Map in the executable pointed to by vp. Returns 0 on success.
167 207 */
168 208 int
169 209 mapexec_brand(vnode_t *vp, uarg_t *args, Ehdr *ehdr, Addr *uphdr_vaddr,
170 210 intptr_t *voffset, caddr_t exec_file, int *interp, caddr_t *bssbase,
171 211 caddr_t *brkbase, size_t *brksize, uintptr_t *lddatap)
172 212 {
173 213 size_t len;
174 214 struct vattr vat;
175 215 caddr_t phdrbase = NULL;
176 216 ssize_t phdrsize;
177 217 int nshdrs, shstrndx, nphdrs;
178 218 int error = 0;
179 219 Phdr *uphdr = NULL;
180 220 Phdr *junk = NULL;
181 221 Phdr *dynphdr = NULL;
182 222 Phdr *dtrphdr = NULL;
183 223 uintptr_t lddata;
184 224 long execsz;
185 225 intptr_t minaddr;
186 226
187 227 if (lddatap != NULL)
188 228 *lddatap = NULL;
189 229
190 230 if (error = execpermissions(vp, &vat, args)) {
191 231 uprintf("%s: Cannot execute %s\n", exec_file, args->pathname);
192 232 return (error);
193 233 }
194 234
195 235 if ((error = getelfhead(vp, CRED(), ehdr, &nshdrs, &shstrndx,
196 236 &nphdrs)) != 0 ||
197 237 (error = getelfphdr(vp, CRED(), ehdr, nphdrs, &phdrbase,
198 238 &phdrsize)) != 0) {
199 239 uprintf("%s: Cannot read %s\n", exec_file, args->pathname);
200 240 return (error);
201 241 }
202 242
203 243 if ((len = elfsize(ehdr, nphdrs, phdrbase, &lddata)) == 0) {
204 244 uprintf("%s: Nothing to load in %s", exec_file, args->pathname);
205 245 kmem_free(phdrbase, phdrsize);
206 246 return (ENOEXEC);
207 247 }
208 248 if (lddatap != NULL)
209 249 *lddatap = lddata;
210 250
211 251 if (error = mapelfexec(vp, ehdr, nphdrs, phdrbase, &uphdr, &dynphdr,
212 252 &junk, &dtrphdr, NULL, bssbase, brkbase, voffset, &minaddr,
213 253 len, &execsz, brksize)) {
214 254 uprintf("%s: Cannot map %s\n", exec_file, args->pathname);
215 255 kmem_free(phdrbase, phdrsize);
216 256 return (error);
217 257 }
218 258
219 259 /*
220 260 * Inform our caller if the executable needs an interpreter.
221 261 */
222 262 *interp = (dynphdr == NULL) ? 0 : 1;
223 263
224 264 /*
225 265 * If this is a statically linked executable, voffset should indicate
226 266 * the address of the executable itself (it normally holds the address
227 267 * of the interpreter).
228 268 */
229 269 if (ehdr->e_type == ET_EXEC && *interp == 0)
230 270 *voffset = minaddr;
231 271
232 272 if (uphdr != NULL) {
233 273 *uphdr_vaddr = uphdr->p_vaddr;
234 274 } else {
235 275 *uphdr_vaddr = (Addr)-1;
236 276 }
237 277
238 278 kmem_free(phdrbase, phdrsize);
239 279 return (error);
240 280 }
241 281
242 282 /*ARGSUSED*/
243 283 int
244 284 elfexec(vnode_t *vp, execa_t *uap, uarg_t *args, intpdata_t *idatap,
245 285 int level, long *execsz, int setid, caddr_t exec_file, cred_t *cred,
246 286 int brand_action)
247 287 {
|
↓ open down ↓ |
73 lines elided |
↑ open up ↑ |
248 288 caddr_t phdrbase = NULL;
249 289 caddr_t bssbase = 0;
250 290 caddr_t brkbase = 0;
251 291 size_t brksize = 0;
252 292 ssize_t dlnsize;
253 293 aux_entry_t *aux;
254 294 int error;
255 295 ssize_t resid;
256 296 int fd = -1;
257 297 intptr_t voffset;
258 - Phdr *dyphdr = NULL;
298 + Phdr *intphdr = NULL;
299 + Phdr *dynamicphdr = NULL;
259 300 Phdr *stphdr = NULL;
260 301 Phdr *uphdr = NULL;
261 302 Phdr *junk = NULL;
262 303 size_t len;
263 304 ssize_t phdrsize;
264 305 int postfixsize = 0;
265 306 int i, hsize;
266 307 Phdr *phdrp;
267 308 Phdr *dataphdrp = NULL;
268 309 Phdr *dtrphdr;
269 310 Phdr *capphdr = NULL;
270 311 Cap *cap = NULL;
271 312 ssize_t capsize;
313 + Dyn *dyn = NULL;
272 314 int hasu = 0;
273 315 int hasauxv = 0;
274 - int hasdy = 0;
316 + int hasintp = 0;
275 317 int branded = 0;
276 318
277 319 struct proc *p = ttoproc(curthread);
278 320 struct user *up = PTOU(p);
279 321 struct bigwad {
280 322 Ehdr ehdr;
281 323 aux_entry_t elfargs[__KERN_NAUXV_IMPL];
282 324 char dl_name[MAXPATHLEN];
283 325 char pathbuf[MAXPATHLEN];
284 326 struct vattr vattr;
285 327 struct execenv exenv;
286 328 } *bigwad; /* kmem_alloc this behemoth so we don't blow stack */
287 329 Ehdr *ehdrp;
288 330 int nshdrs, shstrndx, nphdrs;
289 331 char *dlnp;
290 332 char *pathbufp;
291 333 rlim64_t limit;
292 334 rlim64_t roundlimit;
293 335
294 336 ASSERT(p->p_model == DATAMODEL_ILP32 || p->p_model == DATAMODEL_LP64);
295 337
296 338 bigwad = kmem_alloc(sizeof (struct bigwad), KM_SLEEP);
297 339 ehdrp = &bigwad->ehdr;
298 340 dlnp = bigwad->dl_name;
299 341 pathbufp = bigwad->pathbuf;
300 342
301 343 /*
302 344 * Obtain ELF and program header information.
303 345 */
304 346 if ((error = getelfhead(vp, CRED(), ehdrp, &nshdrs, &shstrndx,
305 347 &nphdrs)) != 0 ||
306 348 (error = getelfphdr(vp, CRED(), ehdrp, nphdrs, &phdrbase,
307 349 &phdrsize)) != 0)
308 350 goto out;
309 351
310 352 /*
311 353 * Prevent executing an ELF file that has no entry point.
312 354 */
313 355 if (ehdrp->e_entry == 0) {
314 356 uprintf("%s: Bad entry point\n", exec_file);
315 357 goto bad;
316 358 }
317 359
318 360 /*
319 361 * Put data model that we're exec-ing to into the args passed to
320 362 * exec_args(), so it will know what it is copying to on new stack.
321 363 * Now that we know whether we are exec-ing a 32-bit or 64-bit
322 364 * executable, we can set execsz with the appropriate NCARGS.
323 365 */
324 366 #ifdef _LP64
325 367 if (ehdrp->e_ident[EI_CLASS] == ELFCLASS32) {
326 368 args->to_model = DATAMODEL_ILP32;
327 369 *execsz = btopr(SINCR) + btopr(SSIZE) + btopr(NCARGS32-1);
328 370 } else {
329 371 args->to_model = DATAMODEL_LP64;
330 372 args->stk_prot &= ~PROT_EXEC;
331 373 #if defined(__i386) || defined(__amd64)
332 374 args->dat_prot &= ~PROT_EXEC;
333 375 #endif
334 376 *execsz = btopr(SINCR) + btopr(SSIZE) + btopr(NCARGS64-1);
335 377 }
336 378 #else /* _LP64 */
337 379 args->to_model = DATAMODEL_ILP32;
338 380 *execsz = btopr(SINCR) + btopr(SSIZE) + btopr(NCARGS-1);
339 381 #endif /* _LP64 */
340 382
341 383 /*
342 384 * We delay invoking the brand callback until we've figured out
343 385 * what kind of elf binary we're trying to run, 32-bit or 64-bit.
344 386 * We do this because now the brand library can just check
345 387 * args->to_model to see if the target is 32-bit or 64-bit without
346 388 * having do duplicate all the code above.
347 389 *
348 390 * The level checks associated with brand handling below are used to
349 391 * prevent a loop since the brand elfexec function typically comes back
350 392 * through this function. We must check <= here since the nested
351 393 * handling in the #! interpreter code will increment the level before
352 394 * calling gexec to run the final elfexec interpreter.
353 395 */
354 396 if ((level <= INTP_MAXDEPTH) &&
355 397 (brand_action != EBA_NATIVE) && (PROC_IS_BRANDED(p))) {
356 398 error = BROP(p)->b_elfexec(vp, uap, args,
357 399 idatap, level + 1, execsz, setid, exec_file, cred,
358 400 brand_action);
359 401 goto out;
360 402 }
361 403
362 404 /*
|
↓ open down ↓ |
78 lines elided |
↑ open up ↑ |
363 405 * Determine aux size now so that stack can be built
364 406 * in one shot (except actual copyout of aux image),
365 407 * determine any non-default stack protections,
366 408 * and still have this code be machine independent.
367 409 */
368 410 hsize = ehdrp->e_phentsize;
369 411 phdrp = (Phdr *)phdrbase;
370 412 for (i = nphdrs; i > 0; i--) {
371 413 switch (phdrp->p_type) {
372 414 case PT_INTERP:
373 - hasauxv = hasdy = 1;
415 + hasauxv = hasintp = 1;
374 416 break;
375 417 case PT_PHDR:
376 418 hasu = 1;
377 419 break;
378 420 case PT_SUNWSTACK:
379 421 args->stk_prot = PROT_USER;
380 422 if (phdrp->p_flags & PF_R)
381 423 args->stk_prot |= PROT_READ;
382 424 if (phdrp->p_flags & PF_W)
383 425 args->stk_prot |= PROT_WRITE;
384 426 if (phdrp->p_flags & PF_X)
385 427 args->stk_prot |= PROT_EXEC;
386 428 break;
387 429 case PT_LOAD:
388 430 dataphdrp = phdrp;
389 431 break;
390 432 case PT_SUNWCAP:
391 433 capphdr = phdrp;
392 434 break;
435 + case PT_DYNAMIC:
436 + dynamicphdr = phdrp;
437 + break;
393 438 }
394 439 phdrp = (Phdr *)((caddr_t)phdrp + hsize);
395 440 }
396 441
397 442 if (ehdrp->e_type != ET_EXEC) {
398 443 dataphdrp = NULL;
399 444 hasauxv = 1;
400 445 }
401 446
402 447 /* Copy BSS permissions to args->dat_prot */
403 448 if (dataphdrp != NULL) {
404 449 args->dat_prot = PROT_USER;
405 450 if (dataphdrp->p_flags & PF_R)
406 451 args->dat_prot |= PROT_READ;
407 452 if (dataphdrp->p_flags & PF_W)
408 453 args->dat_prot |= PROT_WRITE;
409 454 if (dataphdrp->p_flags & PF_X)
410 455 args->dat_prot |= PROT_EXEC;
411 456 }
412 457
413 458 /*
414 459 * If a auxvector will be required - reserve the space for
415 460 * it now. This may be increased by exec_args if there are
416 461 * ISA-specific types (included in __KERN_NAUXV_IMPL).
417 462 */
418 463 if (hasauxv) {
419 464 /*
420 465 * If a AUX vector is being built - the base AUX
421 466 * entries are:
422 467 *
423 468 * AT_BASE
424 469 * AT_FLAGS
|
↓ open down ↓ |
22 lines elided |
↑ open up ↑ |
425 470 * AT_PAGESZ
426 471 * AT_SUN_AUXFLAGS
427 472 * AT_SUN_HWCAP
428 473 * AT_SUN_HWCAP2
429 474 * AT_SUN_PLATFORM (added in stk_copyout)
430 475 * AT_SUN_EXECNAME (added in stk_copyout)
431 476 * AT_NULL
432 477 *
433 478 * total == 9
434 479 */
435 - if (hasdy && hasu) {
480 + if (hasintp && hasu) {
436 481 /*
437 482 * Has PT_INTERP & PT_PHDR - the auxvectors that
438 483 * will be built are:
439 484 *
440 485 * AT_PHDR
441 486 * AT_PHENT
442 487 * AT_PHNUM
443 488 * AT_ENTRY
444 489 * AT_LDDATA
445 490 *
446 491 * total = 5
447 492 */
448 493 args->auxsize = (9 + 5) * sizeof (aux_entry_t);
449 - } else if (hasdy) {
494 + } else if (hasintp) {
450 495 /*
451 496 * Has PT_INTERP but no PT_PHDR
452 497 *
453 498 * AT_EXECFD
454 499 * AT_LDDATA
455 500 *
456 501 * total = 2
457 502 */
458 503 args->auxsize = (9 + 2) * sizeof (aux_entry_t);
459 504 } else {
460 505 args->auxsize = 9 * sizeof (aux_entry_t);
461 506 }
462 507 } else {
463 508 args->auxsize = 0;
464 509 }
465 510
466 511 /*
467 512 * If this binary is using an emulator, we need to add an
468 513 * AT_SUN_EMULATOR aux entry.
469 514 */
470 515 if (args->emulator != NULL)
471 516 args->auxsize += sizeof (aux_entry_t);
|
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
472 517
473 518 if ((brand_action != EBA_NATIVE) && (PROC_IS_BRANDED(p))) {
474 519 branded = 1;
475 520 /*
476 521 * We will be adding 4 entries to the aux vectors. One for
477 522 * the the brandname and 3 for the brand specific aux vectors.
478 523 */
479 524 args->auxsize += 4 * sizeof (aux_entry_t);
480 525 }
481 526
527 + /* If the binary has an explicit ASLR flag, it must be honoured */
528 + if ((dynamicphdr != NULL) &&
529 + (dynamicphdr->p_filesz > 0)) {
530 + Dyn *dp;
531 + off_t i = 0;
532 +
533 +#define DYN_STRIDE 100
534 + for (i = 0; i < dynamicphdr->p_filesz;
535 + i += sizeof (*dyn) * DYN_STRIDE) {
536 + int ndyns = (dynamicphdr->p_filesz - i) / sizeof (*dyn);
537 + size_t dynsize;
538 +
539 + ndyns = MIN(DYN_STRIDE, ndyns);
540 + dynsize = ndyns * sizeof (*dyn);
541 +
542 + dyn = kmem_alloc(dynsize, KM_SLEEP);
543 +
544 + if ((error = vn_rdwr(UIO_READ, vp, (caddr_t)dyn,
545 + dynsize, (offset_t)(dynamicphdr->p_offset + i),
546 + UIO_SYSSPACE, 0, (rlim64_t)0,
547 + CRED(), &resid)) != 0) {
548 + uprintf("%s: cannot read .dynamic section\n",
549 + exec_file);
550 + goto out;
551 + }
552 +
553 + for (dp = dyn; dp < (dyn + ndyns); dp++) {
554 + if (dp->d_tag == DT_SUNW_ASLR) {
555 + if ((error = handle_secflag_dt(p,
556 + DT_SUNW_ASLR,
557 + dp->d_un.d_val)) != 0) {
558 + uprintf("%s: error setting "
559 + "security-flag from "
560 + "DT_SUNW_ASLR: %d\n",
561 + exec_file, error);
562 + goto out;
563 + }
564 + }
565 + }
566 +
567 + kmem_free(dyn, dynsize);
568 + }
569 + }
570 +
482 571 /* Hardware/Software capabilities */
483 572 if (capphdr != NULL &&
484 573 (capsize = capphdr->p_filesz) > 0 &&
485 574 capsize <= 16 * sizeof (*cap)) {
486 575 int ncaps = capsize / sizeof (*cap);
487 576 Cap *cp;
488 577
489 578 cap = kmem_alloc(capsize, KM_SLEEP);
490 579 if ((error = vn_rdwr(UIO_READ, vp, (caddr_t)cap,
491 580 capsize, (offset_t)capphdr->p_offset,
492 581 UIO_SYSSPACE, 0, (rlim64_t)0, CRED(), &resid)) != 0) {
493 582 uprintf("%s: Cannot read capabilities section\n",
494 583 exec_file);
495 584 goto out;
496 585 }
497 586 for (cp = cap; cp < cap + ncaps; cp++) {
498 587 if (cp->c_tag == CA_SUNW_SF_1 &&
499 588 (cp->c_un.c_val & SF1_SUNW_ADDR32)) {
500 589 if (args->to_model == DATAMODEL_LP64)
501 590 args->addr32 = 1;
502 591 break;
503 592 }
504 593 }
505 594 }
506 595
507 596 aux = bigwad->elfargs;
508 597 /*
509 598 * Move args to the user's stack.
510 599 * This can fill in the AT_SUN_PLATFORM and AT_SUN_EXECNAME aux entries.
511 600 */
512 601 if ((error = exec_args(uap, args, idatap, (void **)&aux)) != 0) {
513 602 if (error == -1) {
514 603 error = ENOEXEC;
515 604 goto bad;
516 605 }
517 606 goto out;
518 607 }
519 608 /* we're single threaded after this point */
520 609
521 610 /*
|
↓ open down ↓ |
30 lines elided |
↑ open up ↑ |
522 611 * If this is an ET_DYN executable (shared object),
523 612 * determine its memory size so that mapelfexec() can load it.
524 613 */
525 614 if (ehdrp->e_type == ET_DYN)
526 615 len = elfsize(ehdrp, nphdrs, phdrbase, NULL);
527 616 else
528 617 len = 0;
529 618
530 619 dtrphdr = NULL;
531 620
532 - if ((error = mapelfexec(vp, ehdrp, nphdrs, phdrbase, &uphdr, &dyphdr,
621 + if ((error = mapelfexec(vp, ehdrp, nphdrs, phdrbase, &uphdr, &intphdr,
533 622 &stphdr, &dtrphdr, dataphdrp, &bssbase, &brkbase, &voffset, NULL,
534 623 len, execsz, &brksize)) != 0)
535 624 goto bad;
536 625
537 - if (uphdr != NULL && dyphdr == NULL)
626 + if (uphdr != NULL && intphdr == NULL)
538 627 goto bad;
539 628
540 629 if (dtrphdr != NULL && dtrace_safe_phdr(dtrphdr, args, voffset) != 0) {
541 630 uprintf("%s: Bad DTrace phdr in %s\n", exec_file, exec_file);
542 631 goto bad;
543 632 }
544 633
545 - if (dyphdr != NULL) {
634 + if (intphdr != NULL) {
546 635 size_t len;
547 636 uintptr_t lddata;
548 637 char *p;
549 638 struct vnode *nvp;
550 639
551 - dlnsize = dyphdr->p_filesz;
640 + dlnsize = intphdr->p_filesz;
552 641
553 642 if (dlnsize > MAXPATHLEN || dlnsize <= 0)
554 643 goto bad;
555 644
556 645 /*
557 646 * Read in "interpreter" pathname.
558 647 */
559 - if ((error = vn_rdwr(UIO_READ, vp, dlnp, dyphdr->p_filesz,
560 - (offset_t)dyphdr->p_offset, UIO_SYSSPACE, 0, (rlim64_t)0,
648 + if ((error = vn_rdwr(UIO_READ, vp, dlnp, intphdr->p_filesz,
649 + (offset_t)intphdr->p_offset, UIO_SYSSPACE, 0, (rlim64_t)0,
561 650 CRED(), &resid)) != 0) {
562 651 uprintf("%s: Cannot obtain interpreter pathname\n",
563 652 exec_file);
564 653 goto bad;
565 654 }
566 655
567 656 if (resid != 0 || dlnp[dlnsize - 1] != '\0')
568 657 goto bad;
569 658
570 659 /*
571 660 * Search for '$ORIGIN' token in interpreter path.
572 661 * If found, expand it.
573 662 */
574 663 for (p = dlnp; p = strchr(p, '$'); ) {
575 664 uint_t len, curlen;
576 665 char *_ptr;
577 666
578 667 if (strncmp(++p, ORIGIN_STR, ORIGIN_STR_SIZE))
579 668 continue;
580 669
581 670 /*
582 671 * We don't support $ORIGIN on setid programs to close
583 672 * a potential attack vector.
584 673 */
585 674 if ((setid & EXECSETID_SETID) != 0) {
586 675 error = ENOEXEC;
587 676 goto bad;
588 677 }
589 678
590 679 curlen = 0;
591 680 len = p - dlnp - 1;
592 681 if (len) {
593 682 bcopy(dlnp, pathbufp, len);
594 683 curlen += len;
595 684 }
596 685 if (_ptr = strrchr(args->pathname, '/')) {
597 686 len = _ptr - args->pathname;
598 687 if ((curlen + len) > MAXPATHLEN)
599 688 break;
600 689
601 690 bcopy(args->pathname, &pathbufp[curlen], len);
602 691 curlen += len;
603 692 } else {
604 693 /*
605 694 * executable is a basename found in the
606 695 * current directory. So - just substitue
607 696 * '.' for ORIGIN.
608 697 */
609 698 pathbufp[curlen] = '.';
610 699 curlen++;
611 700 }
612 701 p += ORIGIN_STR_SIZE;
613 702 len = strlen(p);
614 703
615 704 if ((curlen + len) > MAXPATHLEN)
616 705 break;
617 706 bcopy(p, &pathbufp[curlen], len);
618 707 curlen += len;
619 708 pathbufp[curlen++] = '\0';
620 709 bcopy(pathbufp, dlnp, curlen);
621 710 }
622 711
623 712 /*
624 713 * /usr/lib/ld.so.1 is known to be a symlink to /lib/ld.so.1
625 714 * (and /usr/lib/64/ld.so.1 is a symlink to /lib/64/ld.so.1).
626 715 * Just in case /usr is not mounted, change it now.
627 716 */
628 717 if (strcmp(dlnp, USR_LIB_RTLD) == 0)
629 718 dlnp += 4;
630 719 error = lookupname(dlnp, UIO_SYSSPACE, FOLLOW, NULLVPP, &nvp);
631 720 if (error && dlnp != bigwad->dl_name) {
632 721 /* new kernel, old user-level */
633 722 error = lookupname(dlnp -= 4, UIO_SYSSPACE, FOLLOW,
634 723 NULLVPP, &nvp);
635 724 }
636 725 if (error) {
637 726 uprintf("%s: Cannot find %s\n", exec_file, dlnp);
638 727 goto bad;
639 728 }
640 729
641 730 /*
642 731 * Setup the "aux" vector.
643 732 */
644 733 if (uphdr) {
645 734 if (ehdrp->e_type == ET_DYN) {
646 735 /* don't use the first page */
647 736 bigwad->exenv.ex_brkbase = (caddr_t)PAGESIZE;
648 737 bigwad->exenv.ex_bssbase = (caddr_t)PAGESIZE;
649 738 } else {
650 739 bigwad->exenv.ex_bssbase = bssbase;
651 740 bigwad->exenv.ex_brkbase = brkbase;
652 741 }
653 742 bigwad->exenv.ex_brksize = brksize;
654 743 bigwad->exenv.ex_magic = elfmagic;
655 744 bigwad->exenv.ex_vp = vp;
656 745 setexecenv(&bigwad->exenv);
657 746
658 747 ADDAUX(aux, AT_PHDR, uphdr->p_vaddr + voffset)
659 748 ADDAUX(aux, AT_PHENT, ehdrp->e_phentsize)
660 749 ADDAUX(aux, AT_PHNUM, nphdrs)
661 750 ADDAUX(aux, AT_ENTRY, ehdrp->e_entry + voffset)
662 751 } else {
663 752 if ((error = execopen(&vp, &fd)) != 0) {
664 753 VN_RELE(nvp);
665 754 goto bad;
666 755 }
667 756
668 757 ADDAUX(aux, AT_EXECFD, fd)
669 758 }
670 759
671 760 if ((error = execpermissions(nvp, &bigwad->vattr, args)) != 0) {
672 761 VN_RELE(nvp);
673 762 uprintf("%s: Cannot execute %s\n", exec_file, dlnp);
674 763 goto bad;
675 764 }
676 765
677 766 /*
678 767 * Now obtain the ELF header along with the entire program
679 768 * header contained in "nvp".
680 769 */
681 770 kmem_free(phdrbase, phdrsize);
682 771 phdrbase = NULL;
683 772 if ((error = getelfhead(nvp, CRED(), ehdrp, &nshdrs,
684 773 &shstrndx, &nphdrs)) != 0 ||
685 774 (error = getelfphdr(nvp, CRED(), ehdrp, nphdrs, &phdrbase,
686 775 &phdrsize)) != 0) {
687 776 VN_RELE(nvp);
688 777 uprintf("%s: Cannot read %s\n", exec_file, dlnp);
689 778 goto bad;
690 779 }
691 780
692 781 /*
693 782 * Determine memory size of the "interpreter's" loadable
694 783 * sections. This size is then used to obtain the virtual
695 784 * address of a hole, in the user's address space, large
696 785 * enough to map the "interpreter".
697 786 */
698 787 if ((len = elfsize(ehdrp, nphdrs, phdrbase, &lddata)) == 0) {
699 788 VN_RELE(nvp);
700 789 uprintf("%s: Nothing to load in %s\n", exec_file, dlnp);
701 790 goto bad;
702 791 }
703 792
704 793 dtrphdr = NULL;
705 794
706 795 error = mapelfexec(nvp, ehdrp, nphdrs, phdrbase, &junk, &junk,
707 796 &junk, &dtrphdr, NULL, NULL, NULL, &voffset, NULL, len,
708 797 execsz, NULL);
709 798 if (error || junk != NULL) {
710 799 VN_RELE(nvp);
711 800 uprintf("%s: Cannot map %s\n", exec_file, dlnp);
712 801 goto bad;
713 802 }
714 803
715 804 /*
716 805 * We use the DTrace program header to initialize the
717 806 * architecture-specific user per-LWP location. The dtrace
718 807 * fasttrap provider requires ready access to per-LWP scratch
719 808 * space. We assume that there is only one such program header
720 809 * in the interpreter.
721 810 */
722 811 if (dtrphdr != NULL &&
723 812 dtrace_safe_phdr(dtrphdr, args, voffset) != 0) {
724 813 VN_RELE(nvp);
725 814 uprintf("%s: Bad DTrace phdr in %s\n", exec_file, dlnp);
726 815 goto bad;
727 816 }
728 817
729 818 VN_RELE(nvp);
730 819 ADDAUX(aux, AT_SUN_LDDATA, voffset + lddata)
731 820 }
732 821
733 822 if (hasauxv) {
734 823 int auxf = AF_SUN_HWCAPVERIFY;
735 824 /*
736 825 * Note: AT_SUN_PLATFORM and AT_SUN_EXECNAME were filled in via
737 826 * exec_args()
738 827 */
739 828 ADDAUX(aux, AT_BASE, voffset)
740 829 ADDAUX(aux, AT_FLAGS, at_flags)
741 830 ADDAUX(aux, AT_PAGESZ, PAGESIZE)
742 831 /*
743 832 * Linker flags. (security)
744 833 * p_flag not yet set at this time.
745 834 * We rely on gexec() to provide us with the information.
746 835 * If the application is set-uid but this is not reflected
747 836 * in a mismatch between real/effective uids/gids, then
748 837 * don't treat this as a set-uid exec. So we care about
749 838 * the EXECSETID_UGIDS flag but not the ...SETID flag.
750 839 */
751 840 if ((setid &= ~EXECSETID_SETID) != 0)
752 841 auxf |= AF_SUN_SETUGID;
753 842
754 843 /*
755 844 * If we're running a native process from within a branded
756 845 * zone under pfexec then we clear the AF_SUN_SETUGID flag so
757 846 * that the native ld.so.1 is able to link with the native
758 847 * libraries instead of using the brand libraries that are
759 848 * installed in the zone. We only do this for processes
760 849 * which we trust because we see they are already running
761 850 * under pfexec (where uid != euid). This prevents a
762 851 * malicious user within the zone from crafting a wrapper to
763 852 * run native suid commands with unsecure libraries interposed.
764 853 */
765 854 if ((brand_action == EBA_NATIVE) && (PROC_IS_BRANDED(p) &&
766 855 (setid &= ~EXECSETID_SETID) != 0))
767 856 auxf &= ~AF_SUN_SETUGID;
|
↓ open down ↓ |
197 lines elided |
↑ open up ↑ |
768 857
769 858 /*
770 859 * Record the user addr of the auxflags aux vector entry
771 860 * since brands may optionally want to manipulate this field.
772 861 */
773 862 args->auxp_auxflags =
774 863 (char *)((char *)args->stackend +
775 864 ((char *)&aux->a_type -
776 865 (char *)bigwad->elfargs));
777 866 ADDAUX(aux, AT_SUN_AUXFLAGS, auxf);
867 +
778 868 /*
779 869 * Hardware capability flag word (performance hints)
780 870 * Used for choosing faster library routines.
781 871 * (Potentially different between 32-bit and 64-bit ABIs)
782 872 */
783 873 #if defined(_LP64)
784 874 if (args->to_model == DATAMODEL_NATIVE) {
785 875 ADDAUX(aux, AT_SUN_HWCAP, auxv_hwcap)
786 876 ADDAUX(aux, AT_SUN_HWCAP2, auxv_hwcap_2)
787 877 } else {
788 878 ADDAUX(aux, AT_SUN_HWCAP, auxv_hwcap32)
789 879 ADDAUX(aux, AT_SUN_HWCAP2, auxv_hwcap32_2)
790 880 }
791 881 #else
792 882 ADDAUX(aux, AT_SUN_HWCAP, auxv_hwcap)
793 883 ADDAUX(aux, AT_SUN_HWCAP2, auxv_hwcap_2)
794 884 #endif
795 885 if (branded) {
796 886 /*
797 887 * Reserve space for the brand-private aux vectors,
798 888 * and record the user addr of that space.
799 889 */
800 890 args->auxp_brand =
801 891 (char *)((char *)args->stackend +
802 892 ((char *)&aux->a_type -
803 893 (char *)bigwad->elfargs));
804 894 ADDAUX(aux, AT_SUN_BRAND_AUX1, 0)
805 895 ADDAUX(aux, AT_SUN_BRAND_AUX2, 0)
806 896 ADDAUX(aux, AT_SUN_BRAND_AUX3, 0)
807 897 }
808 898
809 899 ADDAUX(aux, AT_NULL, 0)
810 900 postfixsize = (char *)aux - (char *)bigwad->elfargs;
811 901
812 902 /*
813 903 * We make assumptions above when we determine how many aux
814 904 * vector entries we will be adding. However, if we have an
815 905 * invalid elf file, it is possible that mapelfexec might
816 906 * behave differently (but not return an error), in which case
817 907 * the number of aux entries we actually add will be different.
818 908 * We detect that now and error out.
819 909 */
820 910 if (postfixsize != args->auxsize) {
821 911 DTRACE_PROBE2(elfexec_badaux, int, postfixsize,
822 912 int, args->auxsize);
823 913 goto bad;
824 914 }
825 915 ASSERT(postfixsize <= __KERN_NAUXV_IMPL * sizeof (aux_entry_t));
826 916 }
827 917
828 918 /*
829 919 * For the 64-bit kernel, the limit is big enough that rounding it up
830 920 * to a page can overflow the 64-bit limit, so we check for btopr()
831 921 * overflowing here by comparing it with the unrounded limit in pages.
832 922 * If it hasn't overflowed, compare the exec size with the rounded up
833 923 * limit in pages. Otherwise, just compare with the unrounded limit.
834 924 */
835 925 limit = btop(p->p_vmem_ctl);
836 926 roundlimit = btopr(p->p_vmem_ctl);
837 927 if ((roundlimit > limit && *execsz > roundlimit) ||
838 928 (roundlimit < limit && *execsz > limit)) {
839 929 mutex_enter(&p->p_lock);
840 930 (void) rctl_action(rctlproc_legacy[RLIMIT_VMEM], p->p_rctls, p,
841 931 RCA_SAFE);
842 932 mutex_exit(&p->p_lock);
843 933 error = ENOMEM;
844 934 goto bad;
845 935 }
846 936
847 937 bzero(up->u_auxv, sizeof (up->u_auxv));
848 938 if (postfixsize) {
849 939 int num_auxv;
850 940
851 941 /*
852 942 * Copy the aux vector to the user stack.
853 943 */
854 944 error = execpoststack(args, bigwad->elfargs, postfixsize);
855 945 if (error)
856 946 goto bad;
857 947
858 948 /*
859 949 * Copy auxv to the process's user structure for use by /proc.
860 950 * If this is a branded process, the brand's exec routine will
861 951 * copy it's private entries to the user structure later. It
862 952 * relies on the fact that the blank entries are at the end.
863 953 */
864 954 num_auxv = postfixsize / sizeof (aux_entry_t);
865 955 ASSERT(num_auxv <= sizeof (up->u_auxv) / sizeof (auxv_t));
866 956 aux = bigwad->elfargs;
867 957 for (i = 0; i < num_auxv; i++) {
868 958 up->u_auxv[i].a_type = aux[i].a_type;
869 959 up->u_auxv[i].a_un.a_val = (aux_val_t)aux[i].a_un.a_val;
870 960 }
871 961 }
872 962
873 963 /*
874 964 * Pass back the starting address so we can set the program counter.
875 965 */
876 966 args->entry = (uintptr_t)(ehdrp->e_entry + voffset);
877 967
878 968 if (!uphdr) {
879 969 if (ehdrp->e_type == ET_DYN) {
880 970 /*
881 971 * If we are executing a shared library which doesn't
882 972 * have a interpreter (probably ld.so.1) then
883 973 * we don't set the brkbase now. Instead we
884 974 * delay it's setting until the first call
885 975 * via grow.c::brk(). This permits ld.so.1 to
886 976 * initialize brkbase to the tail of the executable it
887 977 * loads (which is where it needs to be).
888 978 */
889 979 bigwad->exenv.ex_brkbase = (caddr_t)0;
890 980 bigwad->exenv.ex_bssbase = (caddr_t)0;
891 981 bigwad->exenv.ex_brksize = 0;
892 982 } else {
893 983 bigwad->exenv.ex_brkbase = brkbase;
894 984 bigwad->exenv.ex_bssbase = bssbase;
895 985 bigwad->exenv.ex_brksize = brksize;
896 986 }
897 987 bigwad->exenv.ex_magic = elfmagic;
898 988 bigwad->exenv.ex_vp = vp;
899 989 setexecenv(&bigwad->exenv);
900 990 }
901 991
902 992 ASSERT(error == 0);
903 993 goto out;
904 994
905 995 bad:
906 996 if (fd != -1) /* did we open the a.out yet */
907 997 (void) execclose(fd);
908 998
909 999 psignal(p, SIGKILL);
910 1000
911 1001 if (error == 0)
912 1002 error = ENOEXEC;
913 1003 out:
914 1004 if (phdrbase != NULL)
915 1005 kmem_free(phdrbase, phdrsize);
916 1006 if (cap != NULL)
917 1007 kmem_free(cap, capsize);
918 1008 kmem_free(bigwad, sizeof (struct bigwad));
919 1009 return (error);
920 1010 }
921 1011
922 1012 /*
923 1013 * Compute the memory size requirement for the ELF file.
924 1014 */
925 1015 static size_t
926 1016 elfsize(Ehdr *ehdrp, int nphdrs, caddr_t phdrbase, uintptr_t *lddata)
927 1017 {
928 1018 size_t len;
929 1019 Phdr *phdrp = (Phdr *)phdrbase;
930 1020 int hsize = ehdrp->e_phentsize;
931 1021 int first = 1;
932 1022 int dfirst = 1; /* first data segment */
933 1023 uintptr_t loaddr = 0;
934 1024 uintptr_t hiaddr = 0;
935 1025 uintptr_t lo, hi;
936 1026 int i;
937 1027
938 1028 for (i = nphdrs; i > 0; i--) {
939 1029 if (phdrp->p_type == PT_LOAD) {
940 1030 lo = phdrp->p_vaddr;
941 1031 hi = lo + phdrp->p_memsz;
942 1032 if (first) {
943 1033 loaddr = lo;
944 1034 hiaddr = hi;
945 1035 first = 0;
946 1036 } else {
947 1037 if (loaddr > lo)
948 1038 loaddr = lo;
949 1039 if (hiaddr < hi)
950 1040 hiaddr = hi;
951 1041 }
952 1042
953 1043 /*
954 1044 * save the address of the first data segment
955 1045 * of a object - used for the AT_SUNW_LDDATA
956 1046 * aux entry.
957 1047 */
958 1048 if ((lddata != NULL) && dfirst &&
959 1049 (phdrp->p_flags & PF_W)) {
960 1050 *lddata = lo;
961 1051 dfirst = 0;
962 1052 }
963 1053 }
964 1054 phdrp = (Phdr *)((caddr_t)phdrp + hsize);
965 1055 }
966 1056
967 1057 len = hiaddr - (loaddr & PAGEMASK);
968 1058 len = roundup(len, PAGESIZE);
969 1059
970 1060 return (len);
971 1061 }
972 1062
973 1063 /*
974 1064 * Read in the ELF header and program header table.
975 1065 * SUSV3 requires:
976 1066 * ENOEXEC File format is not recognized
977 1067 * EINVAL Format recognized but execution not supported
978 1068 */
979 1069 static int
980 1070 getelfhead(vnode_t *vp, cred_t *credp, Ehdr *ehdr, int *nshdrs, int *shstrndx,
981 1071 int *nphdrs)
982 1072 {
983 1073 int error;
984 1074 ssize_t resid;
985 1075
986 1076 /*
987 1077 * We got here by the first two bytes in ident,
988 1078 * now read the entire ELF header.
989 1079 */
990 1080 if ((error = vn_rdwr(UIO_READ, vp, (caddr_t)ehdr,
991 1081 sizeof (Ehdr), (offset_t)0, UIO_SYSSPACE, 0,
992 1082 (rlim64_t)0, credp, &resid)) != 0)
993 1083 return (error);
994 1084
995 1085 /*
996 1086 * Since a separate version is compiled for handling 32-bit and
997 1087 * 64-bit ELF executables on a 64-bit kernel, the 64-bit version
998 1088 * doesn't need to be able to deal with 32-bit ELF files.
999 1089 */
1000 1090 if (resid != 0 ||
1001 1091 ehdr->e_ident[EI_MAG2] != ELFMAG2 ||
1002 1092 ehdr->e_ident[EI_MAG3] != ELFMAG3)
1003 1093 return (ENOEXEC);
1004 1094
1005 1095 if ((ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) ||
1006 1096 #if defined(_ILP32) || defined(_ELF32_COMPAT)
1007 1097 ehdr->e_ident[EI_CLASS] != ELFCLASS32 ||
1008 1098 #else
1009 1099 ehdr->e_ident[EI_CLASS] != ELFCLASS64 ||
1010 1100 #endif
1011 1101 !elfheadcheck(ehdr->e_ident[EI_DATA], ehdr->e_machine,
1012 1102 ehdr->e_flags))
1013 1103 return (EINVAL);
1014 1104
1015 1105 *nshdrs = ehdr->e_shnum;
1016 1106 *shstrndx = ehdr->e_shstrndx;
1017 1107 *nphdrs = ehdr->e_phnum;
1018 1108
1019 1109 /*
1020 1110 * If e_shnum, e_shstrndx, or e_phnum is its sentinel value, we need
1021 1111 * to read in the section header at index zero to acces the true
1022 1112 * values for those fields.
1023 1113 */
1024 1114 if ((*nshdrs == 0 && ehdr->e_shoff != 0) ||
1025 1115 *shstrndx == SHN_XINDEX || *nphdrs == PN_XNUM) {
1026 1116 Shdr shdr;
1027 1117
1028 1118 if (ehdr->e_shoff == 0)
1029 1119 return (EINVAL);
1030 1120
1031 1121 if ((error = vn_rdwr(UIO_READ, vp, (caddr_t)&shdr,
1032 1122 sizeof (shdr), (offset_t)ehdr->e_shoff, UIO_SYSSPACE, 0,
1033 1123 (rlim64_t)0, credp, &resid)) != 0)
1034 1124 return (error);
1035 1125
1036 1126 if (*nshdrs == 0)
1037 1127 *nshdrs = shdr.sh_size;
1038 1128 if (*shstrndx == SHN_XINDEX)
1039 1129 *shstrndx = shdr.sh_link;
1040 1130 if (*nphdrs == PN_XNUM && shdr.sh_info != 0)
1041 1131 *nphdrs = shdr.sh_info;
1042 1132 }
1043 1133
1044 1134 return (0);
1045 1135 }
1046 1136
1047 1137 #ifdef _ELF32_COMPAT
1048 1138 extern size_t elf_nphdr_max;
1049 1139 #else
1050 1140 size_t elf_nphdr_max = 1000;
1051 1141 #endif
1052 1142
1053 1143 static int
1054 1144 getelfphdr(vnode_t *vp, cred_t *credp, const Ehdr *ehdr, int nphdrs,
1055 1145 caddr_t *phbasep, ssize_t *phsizep)
1056 1146 {
1057 1147 ssize_t resid, minsize;
1058 1148 int err;
1059 1149
1060 1150 /*
1061 1151 * Since we're going to be using e_phentsize to iterate down the
1062 1152 * array of program headers, it must be 8-byte aligned or else
1063 1153 * a we might cause a misaligned access. We use all members through
1064 1154 * p_flags on 32-bit ELF files and p_memsz on 64-bit ELF files so
1065 1155 * e_phentsize must be at least large enough to include those
1066 1156 * members.
1067 1157 */
1068 1158 #if !defined(_LP64) || defined(_ELF32_COMPAT)
1069 1159 minsize = offsetof(Phdr, p_flags) + sizeof (((Phdr *)NULL)->p_flags);
1070 1160 #else
1071 1161 minsize = offsetof(Phdr, p_memsz) + sizeof (((Phdr *)NULL)->p_memsz);
1072 1162 #endif
1073 1163 if (ehdr->e_phentsize < minsize || (ehdr->e_phentsize & 3))
1074 1164 return (EINVAL);
1075 1165
1076 1166 *phsizep = nphdrs * ehdr->e_phentsize;
1077 1167
1078 1168 if (*phsizep > sizeof (Phdr) * elf_nphdr_max) {
1079 1169 if ((*phbasep = kmem_alloc(*phsizep, KM_NOSLEEP)) == NULL)
1080 1170 return (ENOMEM);
1081 1171 } else {
1082 1172 *phbasep = kmem_alloc(*phsizep, KM_SLEEP);
1083 1173 }
1084 1174
1085 1175 if ((err = vn_rdwr(UIO_READ, vp, *phbasep, *phsizep,
1086 1176 (offset_t)ehdr->e_phoff, UIO_SYSSPACE, 0, (rlim64_t)0,
1087 1177 credp, &resid)) != 0) {
1088 1178 kmem_free(*phbasep, *phsizep);
1089 1179 *phbasep = NULL;
1090 1180 return (err);
1091 1181 }
1092 1182
1093 1183 return (0);
1094 1184 }
1095 1185
1096 1186 #ifdef _ELF32_COMPAT
1097 1187 extern size_t elf_nshdr_max;
1098 1188 extern size_t elf_shstrtab_max;
1099 1189 #else
1100 1190 size_t elf_nshdr_max = 10000;
1101 1191 size_t elf_shstrtab_max = 100 * 1024;
1102 1192 #endif
1103 1193
1104 1194
1105 1195 static int
1106 1196 getelfshdr(vnode_t *vp, cred_t *credp, const Ehdr *ehdr,
1107 1197 int nshdrs, int shstrndx, caddr_t *shbasep, ssize_t *shsizep,
1108 1198 char **shstrbasep, ssize_t *shstrsizep)
1109 1199 {
1110 1200 ssize_t resid, minsize;
1111 1201 int err;
1112 1202 Shdr *shdr;
1113 1203
1114 1204 /*
1115 1205 * Since we're going to be using e_shentsize to iterate down the
1116 1206 * array of section headers, it must be 8-byte aligned or else
1117 1207 * a we might cause a misaligned access. We use all members through
1118 1208 * sh_entsize (on both 32- and 64-bit ELF files) so e_shentsize
1119 1209 * must be at least large enough to include that member. The index
1120 1210 * of the string table section must also be valid.
1121 1211 */
1122 1212 minsize = offsetof(Shdr, sh_entsize) + sizeof (shdr->sh_entsize);
1123 1213 if (ehdr->e_shentsize < minsize || (ehdr->e_shentsize & 3) ||
1124 1214 shstrndx >= nshdrs)
1125 1215 return (EINVAL);
1126 1216
1127 1217 *shsizep = nshdrs * ehdr->e_shentsize;
1128 1218
1129 1219 if (*shsizep > sizeof (Shdr) * elf_nshdr_max) {
1130 1220 if ((*shbasep = kmem_alloc(*shsizep, KM_NOSLEEP)) == NULL)
1131 1221 return (ENOMEM);
1132 1222 } else {
1133 1223 *shbasep = kmem_alloc(*shsizep, KM_SLEEP);
1134 1224 }
1135 1225
1136 1226 if ((err = vn_rdwr(UIO_READ, vp, *shbasep, *shsizep,
1137 1227 (offset_t)ehdr->e_shoff, UIO_SYSSPACE, 0, (rlim64_t)0,
1138 1228 credp, &resid)) != 0) {
1139 1229 kmem_free(*shbasep, *shsizep);
1140 1230 return (err);
1141 1231 }
1142 1232
1143 1233 /*
1144 1234 * Pull the section string table out of the vnode; fail if the size
1145 1235 * is zero.
1146 1236 */
1147 1237 shdr = (Shdr *)(*shbasep + shstrndx * ehdr->e_shentsize);
1148 1238 if ((*shstrsizep = shdr->sh_size) == 0) {
1149 1239 kmem_free(*shbasep, *shsizep);
1150 1240 return (EINVAL);
1151 1241 }
1152 1242
1153 1243 if (*shstrsizep > elf_shstrtab_max) {
1154 1244 if ((*shstrbasep = kmem_alloc(*shstrsizep,
1155 1245 KM_NOSLEEP)) == NULL) {
1156 1246 kmem_free(*shbasep, *shsizep);
1157 1247 return (ENOMEM);
1158 1248 }
1159 1249 } else {
1160 1250 *shstrbasep = kmem_alloc(*shstrsizep, KM_SLEEP);
1161 1251 }
1162 1252
1163 1253 if ((err = vn_rdwr(UIO_READ, vp, *shstrbasep, *shstrsizep,
1164 1254 (offset_t)shdr->sh_offset, UIO_SYSSPACE, 0, (rlim64_t)0,
1165 1255 credp, &resid)) != 0) {
1166 1256 kmem_free(*shbasep, *shsizep);
1167 1257 kmem_free(*shstrbasep, *shstrsizep);
1168 1258 return (err);
1169 1259 }
1170 1260
1171 1261 /*
1172 1262 * Make sure the strtab is null-terminated to make sure we
1173 1263 * don't run off the end of the table.
1174 1264 */
1175 1265 (*shstrbasep)[*shstrsizep - 1] = '\0';
1176 1266
|
↓ open down ↓ |
389 lines elided |
↑ open up ↑ |
1177 1267 return (0);
1178 1268 }
1179 1269
1180 1270 static int
1181 1271 mapelfexec(
1182 1272 vnode_t *vp,
1183 1273 Ehdr *ehdr,
1184 1274 int nphdrs,
1185 1275 caddr_t phdrbase,
1186 1276 Phdr **uphdr,
1187 - Phdr **dyphdr,
1277 + Phdr **intphdr,
1188 1278 Phdr **stphdr,
1189 1279 Phdr **dtphdr,
1190 1280 Phdr *dataphdrp,
1191 1281 caddr_t *bssbase,
1192 1282 caddr_t *brkbase,
1193 1283 intptr_t *voffset,
1194 1284 intptr_t *minaddr,
1195 1285 size_t len,
1196 1286 long *execsz,
1197 1287 size_t *brksize)
1198 1288 {
1199 1289 Phdr *phdr;
1200 1290 int i, prot, error;
|
↓ open down ↓ |
3 lines elided |
↑ open up ↑ |
1201 1291 caddr_t addr = NULL;
1202 1292 size_t zfodsz;
1203 1293 int ptload = 0;
1204 1294 int page;
1205 1295 off_t offset;
1206 1296 int hsize = ehdr->e_phentsize;
1207 1297 caddr_t mintmp = (caddr_t)-1;
1208 1298 extern int use_brk_lpg;
1209 1299
1210 1300 if (ehdr->e_type == ET_DYN) {
1301 + secflagset_t flags = 0;
1211 1302 /*
1212 1303 * Obtain the virtual address of a hole in the
1213 1304 * address space to map the "interpreter".
1214 1305 */
1215 - map_addr(&addr, len, (offset_t)0, 1, 0);
1306 + if (secflag_enabled(curproc, PROC_SEC_ASLR))
1307 + flags |= _MAP_RANDOMIZE;
1308 +
1309 + map_addr(&addr, len, (offset_t)0, 1, flags);
1216 1310 if (addr == NULL)
1217 1311 return (ENOMEM);
1218 1312 *voffset = (intptr_t)addr;
1219 1313
1220 1314 /*
1221 1315 * Calculate the minimum vaddr so it can be subtracted out.
1222 1316 * According to the ELF specification, since PT_LOAD sections
1223 1317 * must be sorted by increasing p_vaddr values, this is
1224 1318 * guaranteed to be the first PT_LOAD section.
1225 1319 */
1226 1320 phdr = (Phdr *)phdrbase;
1227 1321 for (i = nphdrs; i > 0; i--) {
1228 1322 if (phdr->p_type == PT_LOAD) {
1229 1323 *voffset -= (uintptr_t)phdr->p_vaddr;
1230 1324 break;
1231 1325 }
|
↓ open down ↓ |
6 lines elided |
↑ open up ↑ |
1232 1326 phdr = (Phdr *)((caddr_t)phdr + hsize);
1233 1327 }
1234 1328
1235 1329 } else {
1236 1330 *voffset = 0;
1237 1331 }
1238 1332 phdr = (Phdr *)phdrbase;
1239 1333 for (i = nphdrs; i > 0; i--) {
1240 1334 switch (phdr->p_type) {
1241 1335 case PT_LOAD:
1242 - if ((*dyphdr != NULL) && (*uphdr == NULL))
1336 + if ((*intphdr != NULL) && (*uphdr == NULL))
1243 1337 return (0);
1244 1338
1245 1339 ptload = 1;
1246 1340 prot = PROT_USER;
1247 1341 if (phdr->p_flags & PF_R)
1248 1342 prot |= PROT_READ;
1249 1343 if (phdr->p_flags & PF_W)
1250 1344 prot |= PROT_WRITE;
1251 1345 if (phdr->p_flags & PF_X)
1252 1346 prot |= PROT_EXEC;
1253 1347
1254 1348 addr = (caddr_t)((uintptr_t)phdr->p_vaddr + *voffset);
1255 1349
1256 1350 /*
1257 1351 * Keep track of the segment with the lowest starting
1258 1352 * address.
1259 1353 */
1260 1354 if (addr < mintmp)
1261 1355 mintmp = addr;
1262 1356
1263 1357 zfodsz = (size_t)phdr->p_memsz - phdr->p_filesz;
1264 1358
1265 1359 offset = phdr->p_offset;
1266 1360 if (((uintptr_t)offset & PAGEOFFSET) ==
1267 1361 ((uintptr_t)addr & PAGEOFFSET) &&
1268 1362 (!(vp->v_flag & VNOMAP))) {
1269 1363 page = 1;
1270 1364 } else {
1271 1365 page = 0;
1272 1366 }
1273 1367
1274 1368 /*
1275 1369 * Set the heap pagesize for OOB when the bss size
1276 1370 * is known and use_brk_lpg is not 0.
1277 1371 */
1278 1372 if (brksize != NULL && use_brk_lpg &&
1279 1373 zfodsz != 0 && phdr == dataphdrp &&
1280 1374 (prot & PROT_WRITE)) {
1281 1375 size_t tlen = P2NPHASE((uintptr_t)addr +
1282 1376 phdr->p_filesz, PAGESIZE);
1283 1377
1284 1378 if (zfodsz > tlen) {
1285 1379 curproc->p_brkpageszc =
1286 1380 page_szc(map_pgsz(MAPPGSZ_HEAP,
|
↓ open down ↓ |
34 lines elided |
↑ open up ↑ |
1287 1381 curproc, addr + phdr->p_filesz +
1288 1382 tlen, zfodsz - tlen, 0));
1289 1383 }
1290 1384 }
1291 1385
1292 1386 if (curproc->p_brkpageszc != 0 && phdr == dataphdrp &&
1293 1387 (prot & PROT_WRITE)) {
1294 1388 uint_t szc = curproc->p_brkpageszc;
1295 1389 size_t pgsz = page_get_pagesize(szc);
1296 1390 caddr_t ebss = addr + phdr->p_memsz;
1391 + /*
1392 + * If we need extra space to keep the BSS an
1393 + * integral number of pages in size, some of
1394 + * that space may fall beyond p_brkbase, so we
1395 + * need to set p_brksize to account for it
1396 + * being (logically) part of the brk.
1397 + */
1297 1398 size_t extra_zfodsz;
1298 1399
1299 1400 ASSERT(pgsz > PAGESIZE);
1300 1401
1301 1402 extra_zfodsz = P2NPHASE((uintptr_t)ebss, pgsz);
1302 1403
1303 1404 if (error = execmap(vp, addr, phdr->p_filesz,
1304 1405 zfodsz + extra_zfodsz, phdr->p_offset,
1305 1406 prot, page, szc))
1306 1407 goto bad;
1307 1408 if (brksize != NULL)
1308 1409 *brksize = extra_zfodsz;
1309 1410 } else {
1310 1411 if (error = execmap(vp, addr, phdr->p_filesz,
1311 1412 zfodsz, phdr->p_offset, prot, page, 0))
1312 1413 goto bad;
1313 1414 }
1314 1415
1315 1416 if (bssbase != NULL && addr >= *bssbase &&
1316 1417 phdr == dataphdrp) {
1317 1418 *bssbase = addr + phdr->p_filesz;
1318 1419 }
|
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
1319 1420 if (brkbase != NULL && addr >= *brkbase) {
1320 1421 *brkbase = addr + phdr->p_memsz;
1321 1422 }
1322 1423
1323 1424 *execsz += btopr(phdr->p_memsz);
1324 1425 break;
1325 1426
1326 1427 case PT_INTERP:
1327 1428 if (ptload)
1328 1429 goto bad;
1329 - *dyphdr = phdr;
1430 + *intphdr = phdr;
1330 1431 break;
1331 1432
1332 1433 case PT_SHLIB:
1333 1434 *stphdr = phdr;
1334 1435 break;
1335 1436
1336 1437 case PT_PHDR:
1337 1438 if (ptload)
1338 1439 goto bad;
1339 1440 *uphdr = phdr;
1340 1441 break;
1341 1442
1342 1443 case PT_NULL:
1343 1444 case PT_DYNAMIC:
1344 1445 case PT_NOTE:
1345 1446 break;
1346 1447
1347 1448 case PT_SUNWDTRACE:
1348 1449 if (dtphdr != NULL)
1349 1450 *dtphdr = phdr;
1350 1451 break;
1351 1452
1352 1453 default:
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
1353 1454 break;
1354 1455 }
1355 1456 phdr = (Phdr *)((caddr_t)phdr + hsize);
1356 1457 }
1357 1458
1358 1459 if (minaddr != NULL) {
1359 1460 ASSERT(mintmp != (caddr_t)-1);
1360 1461 *minaddr = (intptr_t)mintmp;
1361 1462 }
1362 1463
1464 + if (brkbase != NULL && secflag_enabled(curproc, PROC_SEC_ASLR)) {
1465 + size_t off;
1466 + uintptr_t base = (uintptr_t)*brkbase;
1467 + uintptr_t oend = base + *brksize;
1468 +
1469 + ASSERT(ISP2(aslr_max_brk_skew));
1470 +
1471 + (void) random_get_pseudo_bytes((uint8_t *)&off, sizeof (off));
1472 + base += P2PHASE(off, aslr_max_brk_skew);
1473 + base = P2ROUNDUP(base, PAGESIZE);
1474 + *brkbase = (caddr_t)base;
1475 + /*
1476 + * Above, we set *brksize to account for the possibility we
1477 + * had to grow the 'brk' in padding out the BSS to a page
1478 + * boundary.
1479 + *
1480 + * We now need to adjust that based on where we now are
1481 + * actually putting the brk.
1482 + */
1483 + if (oend > base)
1484 + *brksize = oend - base;
1485 + else
1486 + *brksize = 0;
1487 + }
1488 +
1363 1489 return (0);
1364 1490 bad:
1365 1491 if (error == 0)
1366 1492 error = EINVAL;
1367 1493 return (error);
1368 1494 }
1369 1495
1370 1496 int
1371 1497 elfnote(vnode_t *vp, offset_t *offsetp, int type, int descsz, void *desc,
1372 1498 rlim64_t rlimit, cred_t *credp)
1373 1499 {
1374 1500 Note note;
1375 1501 int error;
1376 1502
1377 1503 bzero(¬e, sizeof (note));
1378 1504 bcopy("CORE", note.name, 4);
1379 1505 note.nhdr.n_type = type;
1380 1506 /*
1381 1507 * The System V ABI states that n_namesz must be the length of the
1382 1508 * string that follows the Nhdr structure including the terminating
1383 1509 * null. The ABI also specifies that sufficient padding should be
1384 1510 * included so that the description that follows the name string
1385 1511 * begins on a 4- or 8-byte boundary for 32- and 64-bit binaries
1386 1512 * respectively. However, since this change was not made correctly
1387 1513 * at the time of the 64-bit port, both 32- and 64-bit binaries
1388 1514 * descriptions are only guaranteed to begin on a 4-byte boundary.
1389 1515 */
1390 1516 note.nhdr.n_namesz = 5;
1391 1517 note.nhdr.n_descsz = roundup(descsz, sizeof (Word));
1392 1518
1393 1519 if (error = core_write(vp, UIO_SYSSPACE, *offsetp, ¬e,
1394 1520 sizeof (note), rlimit, credp))
1395 1521 return (error);
1396 1522
1397 1523 *offsetp += sizeof (note);
1398 1524
1399 1525 if (error = core_write(vp, UIO_SYSSPACE, *offsetp, desc,
1400 1526 note.nhdr.n_descsz, rlimit, credp))
1401 1527 return (error);
1402 1528
1403 1529 *offsetp += note.nhdr.n_descsz;
1404 1530 return (0);
1405 1531 }
1406 1532
1407 1533 /*
1408 1534 * Copy the section data from one vnode to the section of another vnode.
1409 1535 */
1410 1536 static void
1411 1537 copy_scn(Shdr *src, vnode_t *src_vp, Shdr *dst, vnode_t *dst_vp, Off *doffset,
1412 1538 void *buf, size_t size, cred_t *credp, rlim64_t rlimit)
1413 1539 {
1414 1540 ssize_t resid;
1415 1541 size_t len, n = src->sh_size;
1416 1542 offset_t off = 0;
1417 1543
1418 1544 while (n != 0) {
1419 1545 len = MIN(size, n);
1420 1546 if (vn_rdwr(UIO_READ, src_vp, buf, len, src->sh_offset + off,
1421 1547 UIO_SYSSPACE, 0, (rlim64_t)0, credp, &resid) != 0 ||
1422 1548 resid >= len ||
1423 1549 core_write(dst_vp, UIO_SYSSPACE, *doffset + off,
1424 1550 buf, len - resid, rlimit, credp) != 0) {
1425 1551 dst->sh_size = 0;
1426 1552 dst->sh_offset = 0;
1427 1553 return;
1428 1554 }
1429 1555
1430 1556 ASSERT(n >= len - resid);
1431 1557
1432 1558 n -= len - resid;
1433 1559 off += len - resid;
1434 1560 }
1435 1561
1436 1562 *doffset += src->sh_size;
1437 1563 }
1438 1564
1439 1565 #ifdef _ELF32_COMPAT
1440 1566 extern size_t elf_datasz_max;
1441 1567 #else
1442 1568 size_t elf_datasz_max = 1 * 1024 * 1024;
1443 1569 #endif
1444 1570
1445 1571 /*
1446 1572 * This function processes mappings that correspond to load objects to
1447 1573 * examine their respective sections for elfcore(). It's called once with
1448 1574 * v set to NULL to count the number of sections that we're going to need
1449 1575 * and then again with v set to some allocated buffer that we fill in with
1450 1576 * all the section data.
1451 1577 */
1452 1578 static int
1453 1579 process_scns(core_content_t content, proc_t *p, cred_t *credp, vnode_t *vp,
1454 1580 Shdr *v, int nv, rlim64_t rlimit, Off *doffsetp, int *nshdrsp)
1455 1581 {
1456 1582 vnode_t *lastvp = NULL;
1457 1583 struct seg *seg;
1458 1584 int i, j;
1459 1585 void *data = NULL;
1460 1586 size_t datasz = 0;
1461 1587 shstrtab_t shstrtab;
1462 1588 struct as *as = p->p_as;
1463 1589 int error = 0;
1464 1590
1465 1591 if (v != NULL)
1466 1592 shstrtab_init(&shstrtab);
1467 1593
1468 1594 i = 1;
1469 1595 for (seg = AS_SEGFIRST(as); seg != NULL; seg = AS_SEGNEXT(as, seg)) {
1470 1596 uint_t prot;
1471 1597 vnode_t *mvp;
1472 1598 void *tmp = NULL;
1473 1599 caddr_t saddr = seg->s_base;
1474 1600 caddr_t naddr;
1475 1601 caddr_t eaddr;
1476 1602 size_t segsize;
1477 1603
1478 1604 Ehdr ehdr;
1479 1605 int nshdrs, shstrndx, nphdrs;
1480 1606 caddr_t shbase;
1481 1607 ssize_t shsize;
1482 1608 char *shstrbase;
1483 1609 ssize_t shstrsize;
1484 1610
1485 1611 Shdr *shdr;
1486 1612 const char *name;
1487 1613 size_t sz;
1488 1614 uintptr_t off;
1489 1615
1490 1616 int ctf_ndx = 0;
1491 1617 int symtab_ndx = 0;
1492 1618
1493 1619 /*
1494 1620 * Since we're just looking for text segments of load
1495 1621 * objects, we only care about the protection bits; we don't
1496 1622 * care about the actual size of the segment so we use the
1497 1623 * reserved size. If the segment's size is zero, there's
1498 1624 * something fishy going on so we ignore this segment.
1499 1625 */
1500 1626 if (seg->s_ops != &segvn_ops ||
1501 1627 SEGOP_GETVP(seg, seg->s_base, &mvp) != 0 ||
1502 1628 mvp == lastvp || mvp == NULL || mvp->v_type != VREG ||
1503 1629 (segsize = pr_getsegsize(seg, 1)) == 0)
1504 1630 continue;
1505 1631
1506 1632 eaddr = saddr + segsize;
1507 1633 prot = pr_getprot(seg, 1, &tmp, &saddr, &naddr, eaddr);
1508 1634 pr_getprot_done(&tmp);
1509 1635
1510 1636 /*
1511 1637 * Skip this segment unless the protection bits look like
1512 1638 * what we'd expect for a text segment.
1513 1639 */
1514 1640 if ((prot & (PROT_WRITE | PROT_EXEC)) != PROT_EXEC)
1515 1641 continue;
1516 1642
1517 1643 if (getelfhead(mvp, credp, &ehdr, &nshdrs, &shstrndx,
1518 1644 &nphdrs) != 0 ||
1519 1645 getelfshdr(mvp, credp, &ehdr, nshdrs, shstrndx,
1520 1646 &shbase, &shsize, &shstrbase, &shstrsize) != 0)
1521 1647 continue;
1522 1648
1523 1649 off = ehdr.e_shentsize;
1524 1650 for (j = 1; j < nshdrs; j++, off += ehdr.e_shentsize) {
1525 1651 Shdr *symtab = NULL, *strtab;
1526 1652
1527 1653 shdr = (Shdr *)(shbase + off);
1528 1654
1529 1655 if (shdr->sh_name >= shstrsize)
1530 1656 continue;
1531 1657
1532 1658 name = shstrbase + shdr->sh_name;
1533 1659
1534 1660 if (strcmp(name, shstrtab_data[STR_CTF]) == 0) {
1535 1661 if ((content & CC_CONTENT_CTF) == 0 ||
1536 1662 ctf_ndx != 0)
1537 1663 continue;
1538 1664
1539 1665 if (shdr->sh_link > 0 &&
1540 1666 shdr->sh_link < nshdrs) {
1541 1667 symtab = (Shdr *)(shbase +
1542 1668 shdr->sh_link * ehdr.e_shentsize);
1543 1669 }
1544 1670
1545 1671 if (v != NULL && i < nv - 1) {
1546 1672 if (shdr->sh_size > datasz &&
1547 1673 shdr->sh_size <= elf_datasz_max) {
1548 1674 if (data != NULL)
1549 1675 kmem_free(data, datasz);
1550 1676
1551 1677 datasz = shdr->sh_size;
1552 1678 data = kmem_alloc(datasz,
1553 1679 KM_SLEEP);
1554 1680 }
1555 1681
1556 1682 v[i].sh_name = shstrtab_ndx(&shstrtab,
1557 1683 STR_CTF);
1558 1684 v[i].sh_addr = (Addr)(uintptr_t)saddr;
1559 1685 v[i].sh_type = SHT_PROGBITS;
1560 1686 v[i].sh_addralign = 4;
1561 1687 *doffsetp = roundup(*doffsetp,
1562 1688 v[i].sh_addralign);
1563 1689 v[i].sh_offset = *doffsetp;
1564 1690 v[i].sh_size = shdr->sh_size;
1565 1691 if (symtab == NULL) {
1566 1692 v[i].sh_link = 0;
1567 1693 } else if (symtab->sh_type ==
1568 1694 SHT_SYMTAB &&
1569 1695 symtab_ndx != 0) {
1570 1696 v[i].sh_link =
1571 1697 symtab_ndx;
1572 1698 } else {
1573 1699 v[i].sh_link = i + 1;
1574 1700 }
1575 1701
1576 1702 copy_scn(shdr, mvp, &v[i], vp,
1577 1703 doffsetp, data, datasz, credp,
1578 1704 rlimit);
1579 1705 }
1580 1706
1581 1707 ctf_ndx = i++;
1582 1708
1583 1709 /*
1584 1710 * We've already dumped the symtab.
1585 1711 */
1586 1712 if (symtab != NULL &&
1587 1713 symtab->sh_type == SHT_SYMTAB &&
1588 1714 symtab_ndx != 0)
1589 1715 continue;
1590 1716
1591 1717 } else if (strcmp(name,
1592 1718 shstrtab_data[STR_SYMTAB]) == 0) {
1593 1719 if ((content & CC_CONTENT_SYMTAB) == 0 ||
1594 1720 symtab != 0)
1595 1721 continue;
1596 1722
1597 1723 symtab = shdr;
1598 1724 }
1599 1725
1600 1726 if (symtab != NULL) {
1601 1727 if ((symtab->sh_type != SHT_DYNSYM &&
1602 1728 symtab->sh_type != SHT_SYMTAB) ||
1603 1729 symtab->sh_link == 0 ||
1604 1730 symtab->sh_link >= nshdrs)
1605 1731 continue;
1606 1732
1607 1733 strtab = (Shdr *)(shbase +
1608 1734 symtab->sh_link * ehdr.e_shentsize);
1609 1735
1610 1736 if (strtab->sh_type != SHT_STRTAB)
1611 1737 continue;
1612 1738
1613 1739 if (v != NULL && i < nv - 2) {
1614 1740 sz = MAX(symtab->sh_size,
1615 1741 strtab->sh_size);
1616 1742 if (sz > datasz &&
1617 1743 sz <= elf_datasz_max) {
1618 1744 if (data != NULL)
1619 1745 kmem_free(data, datasz);
1620 1746
1621 1747 datasz = sz;
1622 1748 data = kmem_alloc(datasz,
1623 1749 KM_SLEEP);
1624 1750 }
1625 1751
1626 1752 if (symtab->sh_type == SHT_DYNSYM) {
1627 1753 v[i].sh_name = shstrtab_ndx(
1628 1754 &shstrtab, STR_DYNSYM);
1629 1755 v[i + 1].sh_name = shstrtab_ndx(
1630 1756 &shstrtab, STR_DYNSTR);
1631 1757 } else {
1632 1758 v[i].sh_name = shstrtab_ndx(
1633 1759 &shstrtab, STR_SYMTAB);
1634 1760 v[i + 1].sh_name = shstrtab_ndx(
1635 1761 &shstrtab, STR_STRTAB);
1636 1762 }
1637 1763
1638 1764 v[i].sh_type = symtab->sh_type;
1639 1765 v[i].sh_addr = symtab->sh_addr;
1640 1766 if (ehdr.e_type == ET_DYN ||
1641 1767 v[i].sh_addr == 0)
1642 1768 v[i].sh_addr +=
1643 1769 (Addr)(uintptr_t)saddr;
1644 1770 v[i].sh_addralign =
1645 1771 symtab->sh_addralign;
1646 1772 *doffsetp = roundup(*doffsetp,
1647 1773 v[i].sh_addralign);
1648 1774 v[i].sh_offset = *doffsetp;
1649 1775 v[i].sh_size = symtab->sh_size;
1650 1776 v[i].sh_link = i + 1;
1651 1777 v[i].sh_entsize = symtab->sh_entsize;
1652 1778 v[i].sh_info = symtab->sh_info;
1653 1779
1654 1780 copy_scn(symtab, mvp, &v[i], vp,
1655 1781 doffsetp, data, datasz, credp,
1656 1782 rlimit);
1657 1783
1658 1784 v[i + 1].sh_type = SHT_STRTAB;
1659 1785 v[i + 1].sh_flags = SHF_STRINGS;
1660 1786 v[i + 1].sh_addr = symtab->sh_addr;
1661 1787 if (ehdr.e_type == ET_DYN ||
1662 1788 v[i + 1].sh_addr == 0)
1663 1789 v[i + 1].sh_addr +=
1664 1790 (Addr)(uintptr_t)saddr;
1665 1791 v[i + 1].sh_addralign =
1666 1792 strtab->sh_addralign;
1667 1793 *doffsetp = roundup(*doffsetp,
1668 1794 v[i + 1].sh_addralign);
1669 1795 v[i + 1].sh_offset = *doffsetp;
1670 1796 v[i + 1].sh_size = strtab->sh_size;
1671 1797
1672 1798 copy_scn(strtab, mvp, &v[i + 1], vp,
1673 1799 doffsetp, data, datasz, credp,
1674 1800 rlimit);
1675 1801 }
1676 1802
1677 1803 if (symtab->sh_type == SHT_SYMTAB)
1678 1804 symtab_ndx = i;
1679 1805 i += 2;
1680 1806 }
1681 1807 }
1682 1808
1683 1809 kmem_free(shstrbase, shstrsize);
1684 1810 kmem_free(shbase, shsize);
1685 1811
1686 1812 lastvp = mvp;
1687 1813 }
1688 1814
1689 1815 if (v == NULL) {
1690 1816 if (i == 1)
1691 1817 *nshdrsp = 0;
1692 1818 else
1693 1819 *nshdrsp = i + 1;
1694 1820 goto done;
1695 1821 }
1696 1822
1697 1823 if (i != nv - 1) {
1698 1824 cmn_err(CE_WARN, "elfcore: core dump failed for "
1699 1825 "process %d; address space is changing", p->p_pid);
1700 1826 error = EIO;
1701 1827 goto done;
1702 1828 }
1703 1829
1704 1830 v[i].sh_name = shstrtab_ndx(&shstrtab, STR_SHSTRTAB);
1705 1831 v[i].sh_size = shstrtab_size(&shstrtab);
1706 1832 v[i].sh_addralign = 1;
1707 1833 *doffsetp = roundup(*doffsetp, v[i].sh_addralign);
1708 1834 v[i].sh_offset = *doffsetp;
1709 1835 v[i].sh_flags = SHF_STRINGS;
1710 1836 v[i].sh_type = SHT_STRTAB;
1711 1837
1712 1838 if (v[i].sh_size > datasz) {
1713 1839 if (data != NULL)
1714 1840 kmem_free(data, datasz);
1715 1841
1716 1842 datasz = v[i].sh_size;
1717 1843 data = kmem_alloc(datasz,
1718 1844 KM_SLEEP);
1719 1845 }
1720 1846
1721 1847 shstrtab_dump(&shstrtab, data);
1722 1848
1723 1849 if ((error = core_write(vp, UIO_SYSSPACE, *doffsetp,
1724 1850 data, v[i].sh_size, rlimit, credp)) != 0)
1725 1851 goto done;
1726 1852
1727 1853 *doffsetp += v[i].sh_size;
1728 1854
1729 1855 done:
1730 1856 if (data != NULL)
1731 1857 kmem_free(data, datasz);
1732 1858
1733 1859 return (error);
1734 1860 }
1735 1861
1736 1862 int
1737 1863 elfcore(vnode_t *vp, proc_t *p, cred_t *credp, rlim64_t rlimit, int sig,
1738 1864 core_content_t content)
1739 1865 {
1740 1866 offset_t poffset, soffset;
1741 1867 Off doffset;
1742 1868 int error, i, nphdrs, nshdrs;
1743 1869 int overflow = 0;
1744 1870 struct seg *seg;
1745 1871 struct as *as = p->p_as;
1746 1872 union {
1747 1873 Ehdr ehdr;
1748 1874 Phdr phdr[1];
1749 1875 Shdr shdr[1];
1750 1876 } *bigwad;
1751 1877 size_t bigsize;
1752 1878 size_t phdrsz, shdrsz;
1753 1879 Ehdr *ehdr;
1754 1880 Phdr *v;
1755 1881 caddr_t brkbase;
1756 1882 size_t brksize;
1757 1883 caddr_t stkbase;
1758 1884 size_t stksize;
1759 1885 int ntries = 0;
1760 1886 klwp_t *lwp = ttolwp(curthread);
1761 1887
1762 1888 top:
1763 1889 /*
1764 1890 * Make sure we have everything we need (registers, etc.).
1765 1891 * All other lwps have already stopped and are in an orderly state.
1766 1892 */
1767 1893 ASSERT(p == ttoproc(curthread));
1768 1894 prstop(0, 0);
1769 1895
1770 1896 AS_LOCK_ENTER(as, RW_WRITER);
1771 1897 nphdrs = prnsegs(as, 0) + 2; /* two CORE note sections */
1772 1898
1773 1899 /*
1774 1900 * Count the number of section headers we're going to need.
1775 1901 */
1776 1902 nshdrs = 0;
1777 1903 if (content & (CC_CONTENT_CTF | CC_CONTENT_SYMTAB)) {
1778 1904 (void) process_scns(content, p, credp, NULL, NULL, NULL, 0,
1779 1905 NULL, &nshdrs);
1780 1906 }
1781 1907 AS_LOCK_EXIT(as);
1782 1908
1783 1909 ASSERT(nshdrs == 0 || nshdrs > 1);
1784 1910
1785 1911 /*
1786 1912 * The core file contents may required zero section headers, but if
1787 1913 * we overflow the 16 bits allotted to the program header count in
1788 1914 * the ELF header, we'll need that program header at index zero.
1789 1915 */
1790 1916 if (nshdrs == 0 && nphdrs >= PN_XNUM)
1791 1917 nshdrs = 1;
1792 1918
1793 1919 phdrsz = nphdrs * sizeof (Phdr);
1794 1920 shdrsz = nshdrs * sizeof (Shdr);
1795 1921
1796 1922 bigsize = MAX(sizeof (*bigwad), MAX(phdrsz, shdrsz));
1797 1923 bigwad = kmem_alloc(bigsize, KM_SLEEP);
1798 1924
1799 1925 ehdr = &bigwad->ehdr;
1800 1926 bzero(ehdr, sizeof (*ehdr));
1801 1927
1802 1928 ehdr->e_ident[EI_MAG0] = ELFMAG0;
1803 1929 ehdr->e_ident[EI_MAG1] = ELFMAG1;
1804 1930 ehdr->e_ident[EI_MAG2] = ELFMAG2;
1805 1931 ehdr->e_ident[EI_MAG3] = ELFMAG3;
1806 1932 ehdr->e_ident[EI_CLASS] = ELFCLASS;
1807 1933 ehdr->e_type = ET_CORE;
1808 1934
1809 1935 #if !defined(_LP64) || defined(_ELF32_COMPAT)
1810 1936
1811 1937 #if defined(__sparc)
1812 1938 ehdr->e_ident[EI_DATA] = ELFDATA2MSB;
1813 1939 ehdr->e_machine = EM_SPARC;
1814 1940 #elif defined(__i386) || defined(__i386_COMPAT)
1815 1941 ehdr->e_ident[EI_DATA] = ELFDATA2LSB;
1816 1942 ehdr->e_machine = EM_386;
1817 1943 #else
1818 1944 #error "no recognized machine type is defined"
1819 1945 #endif
1820 1946
1821 1947 #else /* !defined(_LP64) || defined(_ELF32_COMPAT) */
1822 1948
1823 1949 #if defined(__sparc)
1824 1950 ehdr->e_ident[EI_DATA] = ELFDATA2MSB;
1825 1951 ehdr->e_machine = EM_SPARCV9;
1826 1952 #elif defined(__amd64)
1827 1953 ehdr->e_ident[EI_DATA] = ELFDATA2LSB;
1828 1954 ehdr->e_machine = EM_AMD64;
1829 1955 #else
1830 1956 #error "no recognized 64-bit machine type is defined"
1831 1957 #endif
1832 1958
1833 1959 #endif /* !defined(_LP64) || defined(_ELF32_COMPAT) */
1834 1960
1835 1961 /*
1836 1962 * If the count of program headers or section headers or the index
1837 1963 * of the section string table can't fit in the mere 16 bits
1838 1964 * shortsightedly allotted to them in the ELF header, we use the
1839 1965 * extended formats and put the real values in the section header
1840 1966 * as index 0.
1841 1967 */
1842 1968 ehdr->e_version = EV_CURRENT;
1843 1969 ehdr->e_ehsize = sizeof (Ehdr);
1844 1970
1845 1971 if (nphdrs >= PN_XNUM)
1846 1972 ehdr->e_phnum = PN_XNUM;
1847 1973 else
1848 1974 ehdr->e_phnum = (unsigned short)nphdrs;
1849 1975
1850 1976 ehdr->e_phoff = sizeof (Ehdr);
1851 1977 ehdr->e_phentsize = sizeof (Phdr);
1852 1978
1853 1979 if (nshdrs > 0) {
1854 1980 if (nshdrs >= SHN_LORESERVE)
1855 1981 ehdr->e_shnum = 0;
1856 1982 else
1857 1983 ehdr->e_shnum = (unsigned short)nshdrs;
1858 1984
1859 1985 if (nshdrs - 1 >= SHN_LORESERVE)
1860 1986 ehdr->e_shstrndx = SHN_XINDEX;
1861 1987 else
1862 1988 ehdr->e_shstrndx = (unsigned short)(nshdrs - 1);
1863 1989
1864 1990 ehdr->e_shoff = ehdr->e_phoff + ehdr->e_phentsize * nphdrs;
1865 1991 ehdr->e_shentsize = sizeof (Shdr);
1866 1992 }
1867 1993
1868 1994 if (error = core_write(vp, UIO_SYSSPACE, (offset_t)0, ehdr,
1869 1995 sizeof (Ehdr), rlimit, credp))
1870 1996 goto done;
1871 1997
1872 1998 poffset = sizeof (Ehdr);
1873 1999 soffset = sizeof (Ehdr) + phdrsz;
1874 2000 doffset = sizeof (Ehdr) + phdrsz + shdrsz;
1875 2001
1876 2002 v = &bigwad->phdr[0];
1877 2003 bzero(v, phdrsz);
1878 2004
1879 2005 setup_old_note_header(&v[0], p);
1880 2006 v[0].p_offset = doffset = roundup(doffset, sizeof (Word));
1881 2007 doffset += v[0].p_filesz;
1882 2008
1883 2009 setup_note_header(&v[1], p);
1884 2010 v[1].p_offset = doffset = roundup(doffset, sizeof (Word));
1885 2011 doffset += v[1].p_filesz;
1886 2012
1887 2013 mutex_enter(&p->p_lock);
1888 2014
1889 2015 brkbase = p->p_brkbase;
1890 2016 brksize = p->p_brksize;
1891 2017
1892 2018 stkbase = p->p_usrstack - p->p_stksize;
1893 2019 stksize = p->p_stksize;
1894 2020
1895 2021 mutex_exit(&p->p_lock);
1896 2022
1897 2023 AS_LOCK_ENTER(as, RW_WRITER);
1898 2024 i = 2;
1899 2025 for (seg = AS_SEGFIRST(as); seg != NULL; seg = AS_SEGNEXT(as, seg)) {
1900 2026 caddr_t eaddr = seg->s_base + pr_getsegsize(seg, 0);
1901 2027 caddr_t saddr, naddr;
1902 2028 void *tmp = NULL;
1903 2029 extern struct seg_ops segspt_shmops;
1904 2030
1905 2031 for (saddr = seg->s_base; saddr < eaddr; saddr = naddr) {
1906 2032 uint_t prot;
1907 2033 size_t size;
1908 2034 int type;
1909 2035 vnode_t *mvp;
1910 2036
1911 2037 prot = pr_getprot(seg, 0, &tmp, &saddr, &naddr, eaddr);
1912 2038 prot &= PROT_READ | PROT_WRITE | PROT_EXEC;
1913 2039 if ((size = (size_t)(naddr - saddr)) == 0)
1914 2040 continue;
1915 2041 if (i == nphdrs) {
1916 2042 overflow++;
1917 2043 continue;
1918 2044 }
1919 2045 v[i].p_type = PT_LOAD;
1920 2046 v[i].p_vaddr = (Addr)(uintptr_t)saddr;
1921 2047 v[i].p_memsz = size;
1922 2048 if (prot & PROT_READ)
1923 2049 v[i].p_flags |= PF_R;
1924 2050 if (prot & PROT_WRITE)
1925 2051 v[i].p_flags |= PF_W;
1926 2052 if (prot & PROT_EXEC)
1927 2053 v[i].p_flags |= PF_X;
1928 2054
1929 2055 /*
1930 2056 * Figure out which mappings to include in the core.
1931 2057 */
1932 2058 type = SEGOP_GETTYPE(seg, saddr);
1933 2059
1934 2060 if (saddr == stkbase && size == stksize) {
1935 2061 if (!(content & CC_CONTENT_STACK))
1936 2062 goto exclude;
1937 2063
1938 2064 } else if (saddr == brkbase && size == brksize) {
1939 2065 if (!(content & CC_CONTENT_HEAP))
1940 2066 goto exclude;
1941 2067
1942 2068 } else if (seg->s_ops == &segspt_shmops) {
1943 2069 if (type & MAP_NORESERVE) {
1944 2070 if (!(content & CC_CONTENT_DISM))
1945 2071 goto exclude;
1946 2072 } else {
1947 2073 if (!(content & CC_CONTENT_ISM))
1948 2074 goto exclude;
1949 2075 }
1950 2076
1951 2077 } else if (seg->s_ops != &segvn_ops) {
1952 2078 goto exclude;
1953 2079
1954 2080 } else if (type & MAP_SHARED) {
1955 2081 if (shmgetid(p, saddr) != SHMID_NONE) {
1956 2082 if (!(content & CC_CONTENT_SHM))
1957 2083 goto exclude;
1958 2084
1959 2085 } else if (SEGOP_GETVP(seg, seg->s_base,
1960 2086 &mvp) != 0 || mvp == NULL ||
1961 2087 mvp->v_type != VREG) {
1962 2088 if (!(content & CC_CONTENT_SHANON))
1963 2089 goto exclude;
1964 2090
1965 2091 } else {
1966 2092 if (!(content & CC_CONTENT_SHFILE))
1967 2093 goto exclude;
1968 2094 }
1969 2095
1970 2096 } else if (SEGOP_GETVP(seg, seg->s_base, &mvp) != 0 ||
1971 2097 mvp == NULL || mvp->v_type != VREG) {
1972 2098 if (!(content & CC_CONTENT_ANON))
1973 2099 goto exclude;
1974 2100
1975 2101 } else if (prot == (PROT_READ | PROT_EXEC)) {
1976 2102 if (!(content & CC_CONTENT_TEXT))
1977 2103 goto exclude;
1978 2104
1979 2105 } else if (prot == PROT_READ) {
1980 2106 if (!(content & CC_CONTENT_RODATA))
1981 2107 goto exclude;
1982 2108
1983 2109 } else {
1984 2110 if (!(content & CC_CONTENT_DATA))
1985 2111 goto exclude;
1986 2112 }
1987 2113
1988 2114 doffset = roundup(doffset, sizeof (Word));
1989 2115 v[i].p_offset = doffset;
1990 2116 v[i].p_filesz = size;
1991 2117 doffset += size;
1992 2118 exclude:
1993 2119 i++;
1994 2120 }
1995 2121 ASSERT(tmp == NULL);
1996 2122 }
1997 2123 AS_LOCK_EXIT(as);
1998 2124
1999 2125 if (overflow || i != nphdrs) {
2000 2126 if (ntries++ == 0) {
2001 2127 kmem_free(bigwad, bigsize);
2002 2128 overflow = 0;
2003 2129 goto top;
2004 2130 }
2005 2131 cmn_err(CE_WARN, "elfcore: core dump failed for "
2006 2132 "process %d; address space is changing", p->p_pid);
2007 2133 error = EIO;
2008 2134 goto done;
2009 2135 }
2010 2136
2011 2137 if ((error = core_write(vp, UIO_SYSSPACE, poffset,
2012 2138 v, phdrsz, rlimit, credp)) != 0)
2013 2139 goto done;
2014 2140
2015 2141 if ((error = write_old_elfnotes(p, sig, vp, v[0].p_offset, rlimit,
2016 2142 credp)) != 0)
2017 2143 goto done;
2018 2144
2019 2145 if ((error = write_elfnotes(p, sig, vp, v[1].p_offset, rlimit,
2020 2146 credp, content)) != 0)
2021 2147 goto done;
2022 2148
2023 2149 for (i = 2; i < nphdrs; i++) {
2024 2150 prkillinfo_t killinfo;
2025 2151 sigqueue_t *sq;
2026 2152 int sig, j;
2027 2153
2028 2154 if (v[i].p_filesz == 0)
2029 2155 continue;
2030 2156
2031 2157 /*
2032 2158 * If dumping out this segment fails, rather than failing
2033 2159 * the core dump entirely, we reset the size of the mapping
2034 2160 * to zero to indicate that the data is absent from the core
2035 2161 * file and or in the PF_SUNW_FAILURE flag to differentiate
2036 2162 * this from mappings that were excluded due to the core file
2037 2163 * content settings.
2038 2164 */
2039 2165 if ((error = core_seg(p, vp, v[i].p_offset,
2040 2166 (caddr_t)(uintptr_t)v[i].p_vaddr, v[i].p_filesz,
2041 2167 rlimit, credp)) == 0) {
2042 2168 continue;
2043 2169 }
2044 2170
2045 2171 if ((sig = lwp->lwp_cursig) == 0) {
2046 2172 /*
2047 2173 * We failed due to something other than a signal.
2048 2174 * Since the space reserved for the segment is now
2049 2175 * unused, we stash the errno in the first four
2050 2176 * bytes. This undocumented interface will let us
2051 2177 * understand the nature of the failure.
2052 2178 */
2053 2179 (void) core_write(vp, UIO_SYSSPACE, v[i].p_offset,
2054 2180 &error, sizeof (error), rlimit, credp);
2055 2181
2056 2182 v[i].p_filesz = 0;
2057 2183 v[i].p_flags |= PF_SUNW_FAILURE;
2058 2184 if ((error = core_write(vp, UIO_SYSSPACE,
2059 2185 poffset + sizeof (v[i]) * i, &v[i], sizeof (v[i]),
2060 2186 rlimit, credp)) != 0)
2061 2187 goto done;
2062 2188
2063 2189 continue;
2064 2190 }
2065 2191
2066 2192 /*
2067 2193 * We took a signal. We want to abort the dump entirely, but
2068 2194 * we also want to indicate what failed and why. We therefore
2069 2195 * use the space reserved for the first failing segment to
2070 2196 * write our error (which, for purposes of compatability with
2071 2197 * older core dump readers, we set to EINTR) followed by any
2072 2198 * siginfo associated with the signal.
2073 2199 */
2074 2200 bzero(&killinfo, sizeof (killinfo));
2075 2201 killinfo.prk_error = EINTR;
2076 2202
2077 2203 sq = sig == SIGKILL ? curproc->p_killsqp : lwp->lwp_curinfo;
2078 2204
2079 2205 if (sq != NULL) {
2080 2206 bcopy(&sq->sq_info, &killinfo.prk_info,
2081 2207 sizeof (sq->sq_info));
2082 2208 } else {
2083 2209 killinfo.prk_info.si_signo = lwp->lwp_cursig;
2084 2210 killinfo.prk_info.si_code = SI_NOINFO;
2085 2211 }
2086 2212
2087 2213 #if (defined(_SYSCALL32_IMPL) || defined(_LP64))
2088 2214 /*
2089 2215 * If this is a 32-bit process, we need to translate from the
2090 2216 * native siginfo to the 32-bit variant. (Core readers must
2091 2217 * always have the same data model as their target or must
2092 2218 * be aware of -- and compensate for -- data model differences.)
2093 2219 */
2094 2220 if (curproc->p_model == DATAMODEL_ILP32) {
2095 2221 siginfo32_t si32;
2096 2222
2097 2223 siginfo_kto32((k_siginfo_t *)&killinfo.prk_info, &si32);
2098 2224 bcopy(&si32, &killinfo.prk_info, sizeof (si32));
2099 2225 }
2100 2226 #endif
2101 2227
2102 2228 (void) core_write(vp, UIO_SYSSPACE, v[i].p_offset,
2103 2229 &killinfo, sizeof (killinfo), rlimit, credp);
2104 2230
2105 2231 /*
2106 2232 * For the segment on which we took the signal, indicate that
2107 2233 * its data now refers to a siginfo.
2108 2234 */
2109 2235 v[i].p_filesz = 0;
2110 2236 v[i].p_flags |= PF_SUNW_FAILURE | PF_SUNW_KILLED |
2111 2237 PF_SUNW_SIGINFO;
2112 2238
2113 2239 /*
2114 2240 * And for every other segment, indicate that its absence
2115 2241 * is due to a signal.
2116 2242 */
2117 2243 for (j = i + 1; j < nphdrs; j++) {
2118 2244 v[j].p_filesz = 0;
2119 2245 v[j].p_flags |= PF_SUNW_FAILURE | PF_SUNW_KILLED;
2120 2246 }
2121 2247
2122 2248 /*
2123 2249 * Finally, write out our modified program headers.
2124 2250 */
2125 2251 if ((error = core_write(vp, UIO_SYSSPACE,
2126 2252 poffset + sizeof (v[i]) * i, &v[i],
2127 2253 sizeof (v[i]) * (nphdrs - i), rlimit, credp)) != 0)
2128 2254 goto done;
2129 2255
2130 2256 break;
2131 2257 }
2132 2258
2133 2259 if (nshdrs > 0) {
2134 2260 bzero(&bigwad->shdr[0], shdrsz);
2135 2261
2136 2262 if (nshdrs >= SHN_LORESERVE)
2137 2263 bigwad->shdr[0].sh_size = nshdrs;
2138 2264
2139 2265 if (nshdrs - 1 >= SHN_LORESERVE)
2140 2266 bigwad->shdr[0].sh_link = nshdrs - 1;
2141 2267
2142 2268 if (nphdrs >= PN_XNUM)
2143 2269 bigwad->shdr[0].sh_info = nphdrs;
2144 2270
2145 2271 if (nshdrs > 1) {
2146 2272 AS_LOCK_ENTER(as, RW_WRITER);
2147 2273 if ((error = process_scns(content, p, credp, vp,
2148 2274 &bigwad->shdr[0], nshdrs, rlimit, &doffset,
2149 2275 NULL)) != 0) {
2150 2276 AS_LOCK_EXIT(as);
2151 2277 goto done;
2152 2278 }
2153 2279 AS_LOCK_EXIT(as);
2154 2280 }
2155 2281
2156 2282 if ((error = core_write(vp, UIO_SYSSPACE, soffset,
2157 2283 &bigwad->shdr[0], shdrsz, rlimit, credp)) != 0)
2158 2284 goto done;
2159 2285 }
2160 2286
2161 2287 done:
2162 2288 kmem_free(bigwad, bigsize);
2163 2289 return (error);
2164 2290 }
2165 2291
2166 2292 #ifndef _ELF32_COMPAT
2167 2293
2168 2294 static struct execsw esw = {
2169 2295 #ifdef _LP64
2170 2296 elf64magicstr,
2171 2297 #else /* _LP64 */
2172 2298 elf32magicstr,
2173 2299 #endif /* _LP64 */
2174 2300 0,
2175 2301 5,
2176 2302 elfexec,
2177 2303 elfcore
2178 2304 };
2179 2305
2180 2306 static struct modlexec modlexec = {
2181 2307 &mod_execops, "exec module for elf", &esw
2182 2308 };
2183 2309
2184 2310 #ifdef _LP64
2185 2311 extern int elf32exec(vnode_t *vp, execa_t *uap, uarg_t *args,
2186 2312 intpdata_t *idatap, int level, long *execsz,
2187 2313 int setid, caddr_t exec_file, cred_t *cred,
2188 2314 int brand_action);
2189 2315 extern int elf32core(vnode_t *vp, proc_t *p, cred_t *credp,
2190 2316 rlim64_t rlimit, int sig, core_content_t content);
2191 2317
2192 2318 static struct execsw esw32 = {
2193 2319 elf32magicstr,
2194 2320 0,
2195 2321 5,
2196 2322 elf32exec,
2197 2323 elf32core
2198 2324 };
2199 2325
2200 2326 static struct modlexec modlexec32 = {
2201 2327 &mod_execops, "32-bit exec module for elf", &esw32
2202 2328 };
2203 2329 #endif /* _LP64 */
2204 2330
2205 2331 static struct modlinkage modlinkage = {
2206 2332 MODREV_1,
2207 2333 (void *)&modlexec,
2208 2334 #ifdef _LP64
2209 2335 (void *)&modlexec32,
2210 2336 #endif /* _LP64 */
2211 2337 NULL
2212 2338 };
2213 2339
2214 2340 int
2215 2341 _init(void)
2216 2342 {
2217 2343 return (mod_install(&modlinkage));
2218 2344 }
2219 2345
2220 2346 int
2221 2347 _fini(void)
2222 2348 {
2223 2349 return (mod_remove(&modlinkage));
2224 2350 }
2225 2351
2226 2352 int
2227 2353 _info(struct modinfo *modinfop)
2228 2354 {
2229 2355 return (mod_info(&modlinkage, modinfop));
2230 2356 }
2231 2357
2232 2358 #endif /* !_ELF32_COMPAT */
|
↓ open down ↓ |
860 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX