1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 /* Copyright (c) 1988 AT&T */ 29 /* All Rights Reserved */ 30 31 32 #include <sys/types.h> 33 #include <sys/param.h> 34 #include <sys/sysmacros.h> 35 #include <sys/systm.h> 36 #include <sys/signal.h> 37 #include <sys/cred_impl.h> 38 #include <sys/policy.h> 39 #include <sys/user.h> 40 #include <sys/errno.h> 41 #include <sys/file.h> 42 #include <sys/vfs.h> 43 #include <sys/vnode.h> 44 #include <sys/mman.h> 45 #include <sys/acct.h> 46 #include <sys/cpuvar.h> 47 #include <sys/proc.h> 48 #include <sys/cmn_err.h> 49 #include <sys/debug.h> 50 #include <sys/pathname.h> 51 #include <sys/vm.h> 52 #include <sys/vtrace.h> 53 #include <sys/exec.h> 54 #include <sys/exechdr.h> 55 #include <sys/kmem.h> 56 #include <sys/prsystm.h> 57 #include <sys/modctl.h> 58 #include <sys/vmparam.h> 59 #include <sys/schedctl.h> 60 #include <sys/utrap.h> 61 #include <sys/systeminfo.h> 62 #include <sys/stack.h> 63 #include <sys/rctl.h> 64 #include <sys/dtrace.h> 65 #include <sys/lwpchan_impl.h> 66 #include <sys/pool.h> 67 #include <sys/sdt.h> 68 69 #include <c2/audit.h> 70 71 #include <vm/hat.h> 72 #include <vm/anon.h> 73 #include <vm/as.h> 74 #include <vm/seg.h> 75 #include <vm/seg_vn.h> 76 77 #define PRIV_RESET 0x01 /* needs to reset privs */ 78 #define PRIV_SETID 0x02 /* needs to change uids */ 79 #define PRIV_SETUGID 0x04 /* is setuid/setgid/forced privs */ 80 #define PRIV_INCREASE 0x08 /* child runs with more privs */ 81 #define MAC_FLAGS 0x10 /* need to adjust MAC flags */ 82 83 static int execsetid(struct vnode *, struct vattr *, uid_t *, uid_t *); 84 static int hold_execsw(struct execsw *); 85 86 uint_t auxv_hwcap = 0; /* auxv AT_SUN_HWCAP value; determined on the fly */ 87 #if defined(_SYSCALL32_IMPL) 88 uint_t auxv_hwcap32 = 0; /* 32-bit version of auxv_hwcap */ 89 #endif 90 91 int exec_lpg_disable = 0; 92 93 #define PSUIDFLAGS (SNOCD|SUGID) 94 95 /* 96 * exec() - wrapper around exece providing NULL environment pointer 97 */ 98 int 99 exec(const char *fname, const char **argp) 100 { 101 return (exece(fname, argp, NULL)); 102 } 103 104 /* 105 * exece() - system call wrapper around exec_common() 106 */ 107 int 108 exece(const char *fname, const char **argp, const char **envp) 109 { 110 int error; 111 112 error = exec_common(fname, argp, envp); 113 return (error ? (set_errno(error)) : 0); 114 } 115 116 int 117 exec_common(const char *fname, const char **argp, const char **envp) 118 { 119 vnode_t *vp = NULL, *dir = NULL, *tmpvp = NULL; 120 proc_t *p = ttoproc(curthread); 121 klwp_t *lwp = ttolwp(curthread); 122 struct user *up = PTOU(p); 123 long execsz; /* temporary count of exec size */ 124 int i; 125 int error; 126 char exec_file[MAXCOMLEN+1]; 127 struct pathname pn; 128 struct pathname resolvepn; 129 struct uarg args; 130 struct execa ua; 131 k_sigset_t savedmask; 132 lwpdir_t *lwpdir = NULL; 133 lwpdir_t **tidhash; 134 lwpdir_t *old_lwpdir = NULL; 135 uint_t old_lwpdir_sz; 136 lwpdir_t **old_tidhash; 137 uint_t old_tidhash_sz; 138 lwpent_t *lep; 139 140 /* 141 * exec() is not supported for the /proc agent lwp. 142 */ 143 if (curthread == p->p_agenttp) 144 return (ENOTSUP); 145 146 if ((error = secpolicy_basic_exec(CRED())) != 0) 147 return (error); 148 149 /* 150 * Inform /proc that an exec() has started. 151 * Hold signals that are ignored by default so that we will 152 * not be interrupted by a signal that will be ignored after 153 * successful completion of gexec(). 154 */ 155 mutex_enter(&p->p_lock); 156 prexecstart(); 157 schedctl_finish_sigblock(curthread); 158 savedmask = curthread->t_hold; 159 sigorset(&curthread->t_hold, &ignoredefault); 160 mutex_exit(&p->p_lock); 161 162 /* 163 * Look up path name and remember last component for later. 164 * To help coreadm expand its %d token, we attempt to save 165 * the directory containing the executable in p_execdir. The 166 * first call to lookuppn() may fail and return EINVAL because 167 * dirvpp is non-NULL. In that case, we make a second call to 168 * lookuppn() with dirvpp set to NULL; p_execdir will be NULL, 169 * but coreadm is allowed to expand %d to the empty string and 170 * there are other cases in which that failure may occur. 171 */ 172 if ((error = pn_get((char *)fname, UIO_USERSPACE, &pn)) != 0) 173 goto out; 174 pn_alloc(&resolvepn); 175 if ((error = lookuppn(&pn, &resolvepn, FOLLOW, &dir, &vp)) != 0) { 176 pn_free(&resolvepn); 177 pn_free(&pn); 178 if (error != EINVAL) 179 goto out; 180 181 dir = NULL; 182 if ((error = pn_get((char *)fname, UIO_USERSPACE, &pn)) != 0) 183 goto out; 184 pn_alloc(&resolvepn); 185 if ((error = lookuppn(&pn, &resolvepn, FOLLOW, NULLVPP, 186 &vp)) != 0) { 187 pn_free(&resolvepn); 188 pn_free(&pn); 189 goto out; 190 } 191 } 192 if (vp == NULL) { 193 if (dir != NULL) 194 VN_RELE(dir); 195 error = ENOENT; 196 pn_free(&resolvepn); 197 pn_free(&pn); 198 goto out; 199 } 200 201 /* 202 * We do not allow executing files in attribute directories. 203 * We test this by determining whether the resolved path 204 * contains a "/" when we're in an attribute directory; 205 * only if the pathname does not contain a "/" the resolved path 206 * points to a file in the current working (attribute) directory. 207 */ 208 if ((p->p_user.u_cdir->v_flag & V_XATTRDIR) != 0 && 209 strchr(resolvepn.pn_path, '/') == NULL) { 210 if (dir != NULL) 211 VN_RELE(dir); 212 error = EACCES; 213 pn_free(&resolvepn); 214 pn_free(&pn); 215 VN_RELE(vp); 216 goto out; 217 } 218 219 bzero(exec_file, MAXCOMLEN+1); 220 (void) strncpy(exec_file, pn.pn_path, MAXCOMLEN); 221 bzero(&args, sizeof (args)); 222 args.pathname = resolvepn.pn_path; 223 /* don't free resolvepn until we are done with args */ 224 pn_free(&pn); 225 226 /* 227 * Specific exec handlers, or policies determined via 228 * /etc/system may override the historical default. 229 */ 230 args.stk_prot = PROT_ZFOD; 231 args.dat_prot = PROT_ZFOD; 232 233 CPU_STATS_ADD_K(sys, sysexec, 1); 234 DTRACE_PROC1(exec, char *, args.pathname); 235 236 ua.fname = fname; 237 ua.argp = argp; 238 ua.envp = envp; 239 240 if ((error = gexec(&vp, &ua, &args, NULL, 0, &execsz, 241 exec_file, p->p_cred)) != 0) { 242 VN_RELE(vp); 243 if (dir != NULL) 244 VN_RELE(dir); 245 pn_free(&resolvepn); 246 goto fail; 247 } 248 249 /* 250 * Free floating point registers (sun4u only) 251 */ 252 ASSERT(lwp != NULL); 253 lwp_freeregs(lwp, 1); 254 255 /* 256 * Free thread and process context ops. 257 */ 258 if (curthread->t_ctx) 259 freectx(curthread, 1); 260 if (p->p_pctx) 261 freepctx(p, 1); 262 263 /* 264 * Remember file name for accounting; clear any cached DTrace predicate. 265 */ 266 up->u_acflag &= ~AFORK; 267 bcopy(exec_file, up->u_comm, MAXCOMLEN+1); 268 curthread->t_predcache = NULL; 269 270 /* 271 * Clear contract template state 272 */ 273 lwp_ctmpl_clear(lwp); 274 275 /* 276 * Save the directory in which we found the executable for expanding 277 * the %d token used in core file patterns. 278 */ 279 mutex_enter(&p->p_lock); 280 tmpvp = p->p_execdir; 281 p->p_execdir = dir; 282 if (p->p_execdir != NULL) 283 VN_HOLD(p->p_execdir); 284 mutex_exit(&p->p_lock); 285 286 if (tmpvp != NULL) 287 VN_RELE(tmpvp); 288 289 /* 290 * Reset stack state to the user stack, clear set of signals 291 * caught on the signal stack, and reset list of signals that 292 * restart system calls; the new program's environment should 293 * not be affected by detritus from the old program. Any 294 * pending held signals remain held, so don't clear t_hold. 295 */ 296 mutex_enter(&p->p_lock); 297 lwp->lwp_oldcontext = 0; 298 lwp->lwp_ustack = 0; 299 lwp->lwp_old_stk_ctl = 0; 300 sigemptyset(&up->u_signodefer); 301 sigemptyset(&up->u_sigonstack); 302 sigemptyset(&up->u_sigresethand); 303 lwp->lwp_sigaltstack.ss_sp = 0; 304 lwp->lwp_sigaltstack.ss_size = 0; 305 lwp->lwp_sigaltstack.ss_flags = SS_DISABLE; 306 307 /* 308 * Make saved resource limit == current resource limit. 309 */ 310 for (i = 0; i < RLIM_NLIMITS; i++) { 311 /*CONSTCOND*/ 312 if (RLIM_SAVED(i)) { 313 (void) rctl_rlimit_get(rctlproc_legacy[i], p, 314 &up->u_saved_rlimit[i]); 315 } 316 } 317 318 /* 319 * If the action was to catch the signal, then the action 320 * must be reset to SIG_DFL. 321 */ 322 sigdefault(p); 323 p->p_flag &= ~(SNOWAIT|SJCTL); 324 p->p_flag |= (SEXECED|SMSACCT|SMSFORK); 325 up->u_signal[SIGCLD - 1] = SIG_DFL; 326 327 /* 328 * Delete the dot4 sigqueues/signotifies. 329 */ 330 sigqfree(p); 331 332 mutex_exit(&p->p_lock); 333 334 mutex_enter(&p->p_pflock); 335 p->p_prof.pr_base = NULL; 336 p->p_prof.pr_size = 0; 337 p->p_prof.pr_off = 0; 338 p->p_prof.pr_scale = 0; 339 p->p_prof.pr_samples = 0; 340 mutex_exit(&p->p_pflock); 341 342 ASSERT(curthread->t_schedctl == NULL); 343 344 #if defined(__sparc) 345 if (p->p_utraps != NULL) 346 utrap_free(p); 347 #endif /* __sparc */ 348 349 /* 350 * Close all close-on-exec files. 351 */ 352 close_exec(P_FINFO(p)); 353 TRACE_2(TR_FAC_PROC, TR_PROC_EXEC, "proc_exec:p %p up %p", p, up); 354 setregs(&args); 355 356 /* Mark this as an executable vnode */ 357 mutex_enter(&vp->v_lock); 358 vp->v_flag |= VVMEXEC; 359 mutex_exit(&vp->v_lock); 360 361 VN_RELE(vp); 362 if (dir != NULL) 363 VN_RELE(dir); 364 pn_free(&resolvepn); 365 366 /* 367 * Allocate a new lwp directory and lwpid hash table if necessary. 368 */ 369 if (curthread->t_tid != 1 || p->p_lwpdir_sz != 2) { 370 lwpdir = kmem_zalloc(2 * sizeof (lwpdir_t), KM_SLEEP); 371 lwpdir->ld_next = lwpdir + 1; 372 tidhash = kmem_zalloc(2 * sizeof (lwpdir_t *), KM_SLEEP); 373 if (p->p_lwpdir != NULL) 374 lep = p->p_lwpdir[curthread->t_dslot].ld_entry; 375 else 376 lep = kmem_zalloc(sizeof (*lep), KM_SLEEP); 377 } 378 379 mutex_enter(&p->p_lock); 380 prbarrier(p); 381 382 /* 383 * Reset lwp id to the default value of 1. 384 * This is a single-threaded process now 385 * and lwp #1 is lwp_wait()able by default. 386 * The t_unpark flag should not be inherited. 387 */ 388 ASSERT(p->p_lwpcnt == 1 && p->p_zombcnt == 0); 389 curthread->t_tid = 1; 390 curthread->t_unpark = 0; 391 curthread->t_proc_flag |= TP_TWAIT; 392 curthread->t_proc_flag &= ~TP_DAEMON; /* daemons shouldn't exec */ 393 p->p_lwpdaemon = 0; /* but oh well ... */ 394 p->p_lwpid = 1; 395 396 /* 397 * Install the newly-allocated lwp directory and lwpid hash table 398 * and insert the current thread into the new hash table. 399 */ 400 if (lwpdir != NULL) { 401 old_lwpdir = p->p_lwpdir; 402 old_lwpdir_sz = p->p_lwpdir_sz; 403 old_tidhash = p->p_tidhash; 404 old_tidhash_sz = p->p_tidhash_sz; 405 p->p_lwpdir = p->p_lwpfree = lwpdir; 406 p->p_lwpdir_sz = 2; 407 p->p_tidhash = tidhash; 408 p->p_tidhash_sz = 2; 409 lep->le_thread = curthread; 410 lep->le_lwpid = curthread->t_tid; 411 lep->le_start = curthread->t_start; 412 lwp_hash_in(p, lep); 413 } 414 /* 415 * Restore the saved signal mask and 416 * inform /proc that the exec() has finished. 417 */ 418 curthread->t_hold = savedmask; 419 prexecend(); 420 mutex_exit(&p->p_lock); 421 if (old_lwpdir) { 422 kmem_free(old_lwpdir, old_lwpdir_sz * sizeof (lwpdir_t)); 423 kmem_free(old_tidhash, old_tidhash_sz * sizeof (lwpdir_t *)); 424 } 425 ASSERT(error == 0); 426 DTRACE_PROC(exec__success); 427 return (0); 428 429 fail: 430 DTRACE_PROC1(exec__failure, int, error); 431 out: /* error return */ 432 mutex_enter(&p->p_lock); 433 curthread->t_hold = savedmask; 434 prexecend(); 435 mutex_exit(&p->p_lock); 436 ASSERT(error != 0); 437 return (error); 438 } 439 440 441 /* 442 * Perform generic exec duties and switchout to object-file specific 443 * handler. 444 */ 445 int 446 gexec( 447 struct vnode **vpp, 448 struct execa *uap, 449 struct uarg *args, 450 struct intpdata *idatap, 451 int level, 452 long *execsz, 453 caddr_t exec_file, 454 struct cred *cred) 455 { 456 struct vnode *vp; 457 proc_t *pp = ttoproc(curthread); 458 struct execsw *eswp; 459 int error = 0; 460 int suidflags = 0; 461 ssize_t resid; 462 uid_t uid, gid; 463 struct vattr vattr; 464 char magbuf[MAGIC_BYTES]; 465 int setid; 466 cred_t *oldcred, *newcred = NULL; 467 int privflags = 0; 468 int setidfl; 469 470 /* 471 * If the SNOCD or SUGID flag is set, turn it off and remember the 472 * previous setting so we can restore it if we encounter an error. 473 */ 474 if (level == 0 && (pp->p_flag & PSUIDFLAGS)) { 475 mutex_enter(&pp->p_lock); 476 suidflags = pp->p_flag & PSUIDFLAGS; 477 pp->p_flag &= ~PSUIDFLAGS; 478 mutex_exit(&pp->p_lock); 479 } 480 481 if ((error = execpermissions(*vpp, &vattr, args)) != 0) 482 goto bad; 483 484 /* need to open vnode for stateful file systems like rfs */ 485 if ((error = VOP_OPEN(vpp, FREAD, CRED())) != 0) 486 goto bad; 487 vp = *vpp; 488 489 /* 490 * Note: to support binary compatibility with SunOS a.out 491 * executables, we read in the first four bytes, as the 492 * magic number is in bytes 2-3. 493 */ 494 if (error = vn_rdwr(UIO_READ, vp, magbuf, sizeof (magbuf), 495 (offset_t)0, UIO_SYSSPACE, 0, (rlim64_t)0, CRED(), &resid)) 496 goto bad; 497 if (resid != 0) 498 goto bad; 499 500 if ((eswp = findexec_by_hdr(magbuf)) == NULL) 501 goto bad; 502 503 if (level == 0 && 504 (privflags = execsetid(vp, &vattr, &uid, &gid)) != 0) { 505 506 newcred = cred = crdup(cred); 507 508 /* If we can, drop the PA bit */ 509 if ((privflags & PRIV_RESET) != 0) 510 priv_adjust_PA(cred); 511 512 if (privflags & PRIV_SETID) { 513 cred->cr_uid = uid; 514 cred->cr_gid = gid; 515 cred->cr_suid = uid; 516 cred->cr_sgid = gid; 517 } 518 519 if (privflags & MAC_FLAGS) { 520 if (!(CR_FLAGS(cred) & NET_MAC_AWARE_INHERIT)) 521 CR_FLAGS(cred) &= ~NET_MAC_AWARE; 522 CR_FLAGS(cred) &= ~NET_MAC_AWARE_INHERIT; 523 } 524 525 /* 526 * Implement the privilege updates: 527 * 528 * Restrict with L: 529 * 530 * I' = I & L 531 * 532 * E' = P' = (I' + F) & A 533 * 534 * But if running under ptrace, we cap I with P. 535 */ 536 if ((privflags & PRIV_RESET) != 0) { 537 if ((privflags & PRIV_INCREASE) != 0 && 538 (pp->p_proc_flag & P_PR_PTRACE) != 0) 539 priv_intersect(&CR_OPPRIV(cred), 540 &CR_IPRIV(cred)); 541 priv_intersect(&CR_LPRIV(cred), &CR_IPRIV(cred)); 542 CR_EPRIV(cred) = CR_PPRIV(cred) = CR_IPRIV(cred); 543 priv_adjust_PA(cred); 544 } 545 } 546 547 /* SunOS 4.x buy-back */ 548 if ((vp->v_vfsp->vfs_flag & VFS_NOSETUID) && 549 (vattr.va_mode & (VSUID|VSGID))) { 550 cmn_err(CE_NOTE, 551 "!%s, uid %d: setuid execution not allowed, dev=%lx", 552 exec_file, cred->cr_uid, vp->v_vfsp->vfs_dev); 553 } 554 555 /* 556 * execsetid() told us whether or not we had to change the 557 * credentials of the process. In privflags, it told us 558 * whether we gained any privileges or executed a set-uid executable. 559 */ 560 setid = (privflags & (PRIV_SETUGID|PRIV_INCREASE)); 561 562 /* 563 * Use /etc/system variable to determine if the stack 564 * should be marked as executable by default. 565 */ 566 if (noexec_user_stack) 567 args->stk_prot &= ~PROT_EXEC; 568 569 args->execswp = eswp; /* Save execsw pointer in uarg for exec_func */ 570 571 /* 572 * Traditionally, the setid flags told the sub processes whether 573 * the file just executed was set-uid or set-gid; this caused 574 * some confusion as the 'setid' flag did not match the SUGID 575 * process flag which is only set when the uids/gids do not match. 576 * A script set-gid/set-uid to the real uid/gid would start with 577 * /dev/fd/X but an executable would happily trust LD_LIBRARY_PATH. 578 * Now we flag those cases where the calling process cannot 579 * be trusted to influence the newly exec'ed process, either 580 * because it runs with more privileges or when the uids/gids 581 * do in fact not match. 582 * This also makes the runtime linker agree with the on exec 583 * values of SNOCD and SUGID. 584 */ 585 setidfl = 0; 586 if (cred->cr_uid != cred->cr_ruid || (cred->cr_rgid != cred->cr_gid && 587 !supgroupmember(cred->cr_gid, cred))) { 588 setidfl |= EXECSETID_UGIDS; 589 } 590 if (setid & PRIV_SETUGID) 591 setidfl |= EXECSETID_SETID; 592 if (setid & PRIV_INCREASE) 593 setidfl |= EXECSETID_PRIVS; 594 595 error = (*eswp->exec_func)(vp, uap, args, idatap, level, execsz, 596 setidfl, exec_file, cred); 597 rw_exit(eswp->exec_lock); 598 if (error != 0) { 599 if (newcred != NULL) 600 crfree(newcred); 601 goto bad; 602 } 603 604 if (level == 0) { 605 mutex_enter(&pp->p_crlock); 606 if (newcred != NULL) { 607 /* 608 * Free the old credentials, and set the new ones. 609 * Do this for both the process and the (single) thread. 610 */ 611 crfree(pp->p_cred); 612 pp->p_cred = cred; /* cred already held for proc */ 613 crhold(cred); /* hold new cred for thread */ 614 /* 615 * DTrace accesses t_cred in probe context. t_cred 616 * must always be either NULL, or point to a valid, 617 * allocated cred structure. 618 */ 619 oldcred = curthread->t_cred; 620 curthread->t_cred = cred; 621 crfree(oldcred); 622 } 623 /* 624 * On emerging from a successful exec(), the saved 625 * uid and gid equal the effective uid and gid. 626 */ 627 cred->cr_suid = cred->cr_uid; 628 cred->cr_sgid = cred->cr_gid; 629 630 /* 631 * If the real and effective ids do not match, this 632 * is a setuid process that should not dump core. 633 * The group comparison is tricky; we prevent the code 634 * from flagging SNOCD when executing with an effective gid 635 * which is a supplementary group. 636 */ 637 if (cred->cr_ruid != cred->cr_uid || 638 (cred->cr_rgid != cred->cr_gid && 639 !supgroupmember(cred->cr_gid, cred)) || 640 (privflags & PRIV_INCREASE) != 0) 641 suidflags = PSUIDFLAGS; 642 else 643 suidflags = 0; 644 645 mutex_exit(&pp->p_crlock); 646 if (suidflags) { 647 mutex_enter(&pp->p_lock); 648 pp->p_flag |= suidflags; 649 mutex_exit(&pp->p_lock); 650 } 651 if (setid && (pp->p_proc_flag & P_PR_PTRACE) == 0) { 652 /* 653 * If process is traced via /proc, arrange to 654 * invalidate the associated /proc vnode. 655 */ 656 if (pp->p_plist || (pp->p_proc_flag & P_PR_TRACE)) 657 args->traceinval = 1; 658 } 659 if (pp->p_proc_flag & P_PR_PTRACE) 660 psignal(pp, SIGTRAP); 661 if (args->traceinval) 662 prinvalidate(&pp->p_user); 663 } 664 665 return (0); 666 bad: 667 if (error == 0) 668 error = ENOEXEC; 669 670 if (suidflags) { 671 mutex_enter(&pp->p_lock); 672 pp->p_flag |= suidflags; 673 mutex_exit(&pp->p_lock); 674 } 675 return (error); 676 } 677 678 extern char *execswnames[]; 679 680 struct execsw * 681 allocate_execsw(char *name, char *magic, size_t magic_size) 682 { 683 int i, j; 684 char *ename; 685 char *magicp; 686 687 mutex_enter(&execsw_lock); 688 for (i = 0; i < nexectype; i++) { 689 if (execswnames[i] == NULL) { 690 ename = kmem_alloc(strlen(name) + 1, KM_SLEEP); 691 (void) strcpy(ename, name); 692 execswnames[i] = ename; 693 /* 694 * Set the magic number last so that we 695 * don't need to hold the execsw_lock in 696 * findexectype(). 697 */ 698 magicp = kmem_alloc(magic_size, KM_SLEEP); 699 for (j = 0; j < magic_size; j++) 700 magicp[j] = magic[j]; 701 execsw[i].exec_magic = magicp; 702 mutex_exit(&execsw_lock); 703 return (&execsw[i]); 704 } 705 } 706 mutex_exit(&execsw_lock); 707 return (NULL); 708 } 709 710 /* 711 * Find the exec switch table entry with the corresponding magic string. 712 */ 713 struct execsw * 714 findexecsw(char *magic) 715 { 716 struct execsw *eswp; 717 718 for (eswp = execsw; eswp < &execsw[nexectype]; eswp++) { 719 ASSERT(eswp->exec_maglen <= MAGIC_BYTES); 720 if (magic && eswp->exec_maglen != 0 && 721 bcmp(magic, eswp->exec_magic, eswp->exec_maglen) == 0) 722 return (eswp); 723 } 724 return (NULL); 725 } 726 727 /* 728 * Find the execsw[] index for the given exec header string by looking for the 729 * magic string at a specified offset and length for each kind of executable 730 * file format until one matches. If no execsw[] entry is found, try to 731 * autoload a module for this magic string. 732 */ 733 struct execsw * 734 findexec_by_hdr(char *header) 735 { 736 struct execsw *eswp; 737 738 for (eswp = execsw; eswp < &execsw[nexectype]; eswp++) { 739 ASSERT(eswp->exec_maglen <= MAGIC_BYTES); 740 if (header && eswp->exec_maglen != 0 && 741 bcmp(&header[eswp->exec_magoff], eswp->exec_magic, 742 eswp->exec_maglen) == 0) { 743 if (hold_execsw(eswp) != 0) 744 return (NULL); 745 return (eswp); 746 } 747 } 748 return (NULL); /* couldn't find the type */ 749 } 750 751 /* 752 * Find the execsw[] index for the given magic string. If no execsw[] entry 753 * is found, try to autoload a module for this magic string. 754 */ 755 struct execsw * 756 findexec_by_magic(char *magic) 757 { 758 struct execsw *eswp; 759 760 for (eswp = execsw; eswp < &execsw[nexectype]; eswp++) { 761 ASSERT(eswp->exec_maglen <= MAGIC_BYTES); 762 if (magic && eswp->exec_maglen != 0 && 763 bcmp(magic, eswp->exec_magic, eswp->exec_maglen) == 0) { 764 if (hold_execsw(eswp) != 0) 765 return (NULL); 766 return (eswp); 767 } 768 } 769 return (NULL); /* couldn't find the type */ 770 } 771 772 static int 773 hold_execsw(struct execsw *eswp) 774 { 775 char *name; 776 777 rw_enter(eswp->exec_lock, RW_READER); 778 while (!LOADED_EXEC(eswp)) { 779 rw_exit(eswp->exec_lock); 780 name = execswnames[eswp-execsw]; 781 ASSERT(name); 782 if (modload("exec", name) == -1) 783 return (-1); 784 rw_enter(eswp->exec_lock, RW_READER); 785 } 786 return (0); 787 } 788 789 static int 790 execsetid(struct vnode *vp, struct vattr *vattrp, uid_t *uidp, uid_t *gidp) 791 { 792 proc_t *pp = ttoproc(curthread); 793 uid_t uid, gid; 794 cred_t *cr = pp->p_cred; 795 int privflags = 0; 796 797 /* 798 * Remember credentials. 799 */ 800 uid = cr->cr_uid; 801 gid = cr->cr_gid; 802 803 /* Will try to reset the PRIV_AWARE bit later. */ 804 if ((CR_FLAGS(cr) & (PRIV_AWARE|PRIV_AWARE_INHERIT)) == PRIV_AWARE) 805 privflags |= PRIV_RESET; 806 807 if ((vp->v_vfsp->vfs_flag & VFS_NOSETUID) == 0) { 808 /* 809 * Set-uid root execution only allowed if the limit set 810 * holds all unsafe privileges. 811 */ 812 if ((vattrp->va_mode & VSUID) && (vattrp->va_uid != 0 || 813 priv_issubset(&priv_unsafe, &CR_LPRIV(cr)))) { 814 uid = vattrp->va_uid; 815 privflags |= PRIV_SETUGID; 816 } 817 if (vattrp->va_mode & VSGID) { 818 gid = vattrp->va_gid; 819 privflags |= PRIV_SETUGID; 820 } 821 } 822 823 /* 824 * Do we need to change our credential anyway? 825 * This is the case when E != I or P != I, as 826 * we need to do the assignments (with F empty and A full) 827 * Or when I is not a subset of L; in that case we need to 828 * enforce L. 829 * 830 * I' = L & I 831 * 832 * E' = P' = (I' + F) & A 833 * or 834 * E' = P' = I' 835 */ 836 if (!priv_isequalset(&CR_EPRIV(cr), &CR_IPRIV(cr)) || 837 !priv_issubset(&CR_IPRIV(cr), &CR_LPRIV(cr)) || 838 !priv_isequalset(&CR_PPRIV(cr), &CR_IPRIV(cr))) 839 privflags |= PRIV_RESET; 840 841 /* If MAC-aware flag(s) are on, need to update cred to remove. */ 842 if ((CR_FLAGS(cr) & NET_MAC_AWARE) || 843 (CR_FLAGS(cr) & NET_MAC_AWARE_INHERIT)) 844 privflags |= MAC_FLAGS; 845 846 /* 847 * When we introduce the "forced" set then we will need 848 * to set PRIV_INCREASE here if I not a subset of P. 849 * If the "allowed" set is introduced we will need to do 850 * a similar thing; however, it seems more reasonable to 851 * have the allowed set reduce "L": script language interpreters 852 * would typically have an allowed set of "all". 853 */ 854 855 /* 856 * Set setuid/setgid protections if no ptrace() compatibility. 857 * For privileged processes, honor setuid/setgid even in 858 * the presence of ptrace() compatibility. 859 */ 860 if (((pp->p_proc_flag & P_PR_PTRACE) == 0 || 861 PRIV_POLICY_ONLY(cr, PRIV_PROC_OWNER, (uid == 0))) && 862 (cr->cr_uid != uid || 863 cr->cr_gid != gid || 864 cr->cr_suid != uid || 865 cr->cr_sgid != gid)) { 866 *uidp = uid; 867 *gidp = gid; 868 privflags |= PRIV_SETID; 869 } 870 return (privflags); 871 } 872 873 int 874 execpermissions(struct vnode *vp, struct vattr *vattrp, struct uarg *args) 875 { 876 int error; 877 proc_t *p = ttoproc(curthread); 878 879 vattrp->va_mask = AT_MODE | AT_UID | AT_GID | AT_SIZE; 880 if (error = VOP_GETATTR(vp, vattrp, ATTR_EXEC, p->p_cred)) 881 return (error); 882 /* 883 * Check the access mode. 884 * If VPROC, ask /proc if the file is an object file. 885 */ 886 if ((error = VOP_ACCESS(vp, VEXEC, 0, p->p_cred)) != 0 || 887 !(vp->v_type == VREG || (vp->v_type == VPROC && pr_isobject(vp))) || 888 (vp->v_vfsp->vfs_flag & VFS_NOEXEC) != 0 || 889 (vattrp->va_mode & (VEXEC|(VEXEC>>3)|(VEXEC>>6))) == 0) { 890 if (error == 0) 891 error = EACCES; 892 return (error); 893 } 894 895 if ((p->p_plist || (p->p_proc_flag & (P_PR_PTRACE|P_PR_TRACE))) && 896 (error = VOP_ACCESS(vp, VREAD, 0, p->p_cred))) { 897 /* 898 * If process is under ptrace(2) compatibility, 899 * fail the exec(2). 900 */ 901 if (p->p_proc_flag & P_PR_PTRACE) 902 goto bad; 903 /* 904 * Process is traced via /proc. 905 * Arrange to invalidate the /proc vnode. 906 */ 907 args->traceinval = 1; 908 } 909 return (0); 910 bad: 911 if (error == 0) 912 error = ENOEXEC; 913 return (error); 914 } 915 916 /* 917 * Map a section of an executable file into the user's 918 * address space. 919 */ 920 int 921 execmap(struct vnode *vp, caddr_t addr, size_t len, size_t zfodlen, 922 off_t offset, int prot, int page, uint_t szc) 923 { 924 int error = 0; 925 off_t oldoffset; 926 caddr_t zfodbase, oldaddr; 927 size_t end, oldlen; 928 size_t zfoddiff; 929 label_t ljb; 930 proc_t *p = ttoproc(curthread); 931 932 oldaddr = addr; 933 addr = (caddr_t)((uintptr_t)addr & (uintptr_t)PAGEMASK); 934 if (len) { 935 oldlen = len; 936 len += ((size_t)oldaddr - (size_t)addr); 937 oldoffset = offset; 938 offset = (off_t)((uintptr_t)offset & PAGEMASK); 939 if (page) { 940 spgcnt_t prefltmem, availm, npages; 941 int preread; 942 uint_t mflag = MAP_PRIVATE | MAP_FIXED; 943 944 if ((prot & (PROT_WRITE | PROT_EXEC)) == PROT_EXEC) { 945 mflag |= MAP_TEXT; 946 } else { 947 mflag |= MAP_INITDATA; 948 } 949 950 if (valid_usr_range(addr, len, prot, p->p_as, 951 p->p_as->a_userlimit) != RANGE_OKAY) { 952 error = ENOMEM; 953 goto bad; 954 } 955 if (error = VOP_MAP(vp, (offset_t)offset, 956 p->p_as, &addr, len, prot, PROT_ALL, 957 mflag, CRED())) 958 goto bad; 959 960 /* 961 * If the segment can fit, then we prefault 962 * the entire segment in. This is based on the 963 * model that says the best working set of a 964 * small program is all of its pages. 965 */ 966 npages = (spgcnt_t)btopr(len); 967 prefltmem = freemem - desfree; 968 preread = 969 (npages < prefltmem && len < PGTHRESH) ? 1 : 0; 970 971 /* 972 * If we aren't prefaulting the segment, 973 * increment "deficit", if necessary to ensure 974 * that pages will become available when this 975 * process starts executing. 976 */ 977 availm = freemem - lotsfree; 978 if (preread == 0 && npages > availm && 979 deficit < lotsfree) { 980 deficit += MIN((pgcnt_t)(npages - availm), 981 lotsfree - deficit); 982 } 983 984 if (preread) { 985 TRACE_2(TR_FAC_PROC, TR_EXECMAP_PREREAD, 986 "execmap preread:freemem %d size %lu", 987 freemem, len); 988 (void) as_fault(p->p_as->a_hat, p->p_as, 989 (caddr_t)addr, len, F_INVAL, S_READ); 990 } 991 } else { 992 if (valid_usr_range(addr, len, prot, p->p_as, 993 p->p_as->a_userlimit) != RANGE_OKAY) { 994 error = ENOMEM; 995 goto bad; 996 } 997 998 if (error = as_map(p->p_as, addr, len, 999 segvn_create, zfod_argsp)) 1000 goto bad; 1001 /* 1002 * Read in the segment in one big chunk. 1003 */ 1004 if (error = vn_rdwr(UIO_READ, vp, (caddr_t)oldaddr, 1005 oldlen, (offset_t)oldoffset, UIO_USERSPACE, 0, 1006 (rlim64_t)0, CRED(), (ssize_t *)0)) 1007 goto bad; 1008 /* 1009 * Now set protections. 1010 */ 1011 if (prot != PROT_ZFOD) { 1012 (void) as_setprot(p->p_as, (caddr_t)addr, 1013 len, prot); 1014 } 1015 } 1016 } 1017 1018 if (zfodlen) { 1019 end = (size_t)addr + len; 1020 zfodbase = (caddr_t)roundup(end, PAGESIZE); 1021 zfoddiff = (uintptr_t)zfodbase - end; 1022 if (zfoddiff) { 1023 if (on_fault(&ljb)) { 1024 no_fault(); 1025 error = EFAULT; 1026 goto bad; 1027 } 1028 uzero((void *)end, zfoddiff); 1029 no_fault(); 1030 } 1031 if (zfodlen > zfoddiff) { 1032 struct segvn_crargs crargs = 1033 SEGVN_ZFOD_ARGS(PROT_ZFOD, PROT_ALL); 1034 1035 zfodlen -= zfoddiff; 1036 if (valid_usr_range(zfodbase, zfodlen, prot, p->p_as, 1037 p->p_as->a_userlimit) != RANGE_OKAY) { 1038 error = ENOMEM; 1039 goto bad; 1040 } 1041 crargs.szc = szc; 1042 if (error = as_map(p->p_as, (caddr_t)zfodbase, 1043 zfodlen, segvn_create, &crargs)) 1044 goto bad; 1045 if (prot != PROT_ZFOD) { 1046 (void) as_setprot(p->p_as, (caddr_t)zfodbase, 1047 zfodlen, prot); 1048 } 1049 } 1050 } 1051 return (0); 1052 bad: 1053 return (error); 1054 } 1055 1056 void 1057 setexecenv(struct execenv *ep) 1058 { 1059 proc_t *p = ttoproc(curthread); 1060 klwp_t *lwp = ttolwp(curthread); 1061 struct vnode *vp; 1062 1063 p->p_bssbase = ep->ex_bssbase; 1064 p->p_brkbase = ep->ex_brkbase; 1065 p->p_brksize = ep->ex_brksize; 1066 if (p->p_exec) 1067 VN_RELE(p->p_exec); /* out with the old */ 1068 vp = p->p_exec = ep->ex_vp; 1069 if (vp != NULL) 1070 VN_HOLD(vp); /* in with the new */ 1071 1072 lwp->lwp_sigaltstack.ss_sp = 0; 1073 lwp->lwp_sigaltstack.ss_size = 0; 1074 lwp->lwp_sigaltstack.ss_flags = SS_DISABLE; 1075 } 1076 1077 int 1078 execopen(struct vnode **vpp, int *fdp) 1079 { 1080 struct vnode *vp = *vpp; 1081 file_t *fp; 1082 int error = 0; 1083 int filemode = FREAD; 1084 1085 VN_HOLD(vp); /* open reference */ 1086 if (error = falloc(NULL, filemode, &fp, fdp)) { 1087 VN_RELE(vp); 1088 *fdp = -1; /* just in case falloc changed value */ 1089 return (error); 1090 } 1091 if (error = VOP_OPEN(&vp, filemode, CRED())) { 1092 VN_RELE(vp); 1093 setf(*fdp, NULL); 1094 unfalloc(fp); 1095 *fdp = -1; 1096 return (error); 1097 } 1098 *vpp = vp; /* vnode should not have changed */ 1099 fp->f_vnode = vp; 1100 mutex_exit(&fp->f_tlock); 1101 setf(*fdp, fp); 1102 return (0); 1103 } 1104 1105 int 1106 execclose(int fd) 1107 { 1108 return (closeandsetf(fd, NULL)); 1109 } 1110 1111 1112 /* 1113 * noexec stub function. 1114 */ 1115 /*ARGSUSED*/ 1116 int 1117 noexec( 1118 struct vnode *vp, 1119 struct execa *uap, 1120 struct uarg *args, 1121 struct intpdata *idatap, 1122 int level, 1123 long *execsz, 1124 int setid, 1125 caddr_t exec_file, 1126 struct cred *cred) 1127 { 1128 cmn_err(CE_WARN, "missing exec capability for %s", uap->fname); 1129 return (ENOEXEC); 1130 } 1131 1132 /* 1133 * Support routines for building a user stack. 1134 * 1135 * execve(path, argv, envp) must construct a new stack with the specified 1136 * arguments and environment variables (see exec_args() for a description 1137 * of the user stack layout). To do this, we copy the arguments and 1138 * environment variables from the old user address space into the kernel, 1139 * free the old as, create the new as, and copy our buffered information 1140 * to the new stack. Our kernel buffer has the following structure: 1141 * 1142 * +-----------------------+ <--- stk_base + stk_size 1143 * | string offsets | 1144 * +-----------------------+ <--- stk_offp 1145 * | | 1146 * | STK_AVAIL() space | 1147 * | | 1148 * +-----------------------+ <--- stk_strp 1149 * | strings | 1150 * +-----------------------+ <--- stk_base 1151 * 1152 * When we add a string, we store the string's contents (including the null 1153 * terminator) at stk_strp, and we store the offset of the string relative to 1154 * stk_base at --stk_offp. At strings are added, stk_strp increases and 1155 * stk_offp decreases. The amount of space remaining, STK_AVAIL(), is just 1156 * the difference between these pointers. If we run out of space, we return 1157 * an error and exec_args() starts all over again with a buffer twice as large. 1158 * When we're all done, the kernel buffer looks like this: 1159 * 1160 * +-----------------------+ <--- stk_base + stk_size 1161 * | argv[0] offset | 1162 * +-----------------------+ 1163 * | ... | 1164 * +-----------------------+ 1165 * | argv[argc-1] offset | 1166 * +-----------------------+ 1167 * | envp[0] offset | 1168 * +-----------------------+ 1169 * | ... | 1170 * +-----------------------+ 1171 * | envp[envc-1] offset | 1172 * +-----------------------+ 1173 * | AT_SUN_PLATFORM offset| 1174 * +-----------------------+ 1175 * | AT_SUN_EXECNAME offset| 1176 * +-----------------------+ <--- stk_offp 1177 * | | 1178 * | STK_AVAIL() space | 1179 * | | 1180 * +-----------------------+ <--- stk_strp 1181 * | AT_SUN_EXECNAME offset| 1182 * +-----------------------+ 1183 * | AT_SUN_PLATFORM offset| 1184 * +-----------------------+ 1185 * | envp[envc-1] string | 1186 * +-----------------------+ 1187 * | ... | 1188 * +-----------------------+ 1189 * | envp[0] string | 1190 * +-----------------------+ 1191 * | argv[argc-1] string | 1192 * +-----------------------+ 1193 * | ... | 1194 * +-----------------------+ 1195 * | argv[0] string | 1196 * +-----------------------+ <--- stk_base 1197 */ 1198 1199 #define STK_AVAIL(args) ((char *)(args)->stk_offp - (args)->stk_strp) 1200 1201 /* 1202 * Add a string to the stack. 1203 */ 1204 static int 1205 stk_add(uarg_t *args, const char *sp, enum uio_seg segflg) 1206 { 1207 int error; 1208 size_t len; 1209 1210 if (STK_AVAIL(args) < sizeof (int)) 1211 return (E2BIG); 1212 *--args->stk_offp = args->stk_strp - args->stk_base; 1213 1214 if (segflg == UIO_USERSPACE) { 1215 error = copyinstr(sp, args->stk_strp, STK_AVAIL(args), &len); 1216 if (error != 0) 1217 return (error); 1218 } else { 1219 len = strlen(sp) + 1; 1220 if (len > STK_AVAIL(args)) 1221 return (E2BIG); 1222 bcopy(sp, args->stk_strp, len); 1223 } 1224 1225 args->stk_strp += len; 1226 1227 return (0); 1228 } 1229 1230 static int 1231 stk_getptr(uarg_t *args, char *src, char **dst) 1232 { 1233 int error; 1234 1235 if (args->from_model == DATAMODEL_NATIVE) { 1236 ulong_t ptr; 1237 error = fulword(src, &ptr); 1238 *dst = (caddr_t)ptr; 1239 } else { 1240 uint32_t ptr; 1241 error = fuword32(src, &ptr); 1242 *dst = (caddr_t)(uintptr_t)ptr; 1243 } 1244 return (error); 1245 } 1246 1247 static int 1248 stk_putptr(uarg_t *args, char *addr, char *value) 1249 { 1250 if (args->to_model == DATAMODEL_NATIVE) 1251 return (sulword(addr, (ulong_t)value)); 1252 else 1253 return (suword32(addr, (uint32_t)(uintptr_t)value)); 1254 } 1255 1256 static int 1257 stk_copyin(execa_t *uap, uarg_t *args, intpdata_t *intp, void **auxvpp) 1258 { 1259 char *sp; 1260 int argc, error; 1261 int argv_empty = 0; 1262 size_t ptrsize = args->from_ptrsize; 1263 size_t size, pad; 1264 char *argv = (char *)uap->argp; 1265 char *envp = (char *)uap->envp; 1266 1267 /* 1268 * Copy interpreter's name and argument to argv[0] and argv[1]. 1269 */ 1270 if (intp != NULL && intp->intp_name != NULL) { 1271 if ((error = stk_add(args, intp->intp_name, UIO_SYSSPACE)) != 0) 1272 return (error); 1273 if (intp->intp_arg != NULL && 1274 (error = stk_add(args, intp->intp_arg, UIO_SYSSPACE)) != 0) 1275 return (error); 1276 if (args->fname != NULL) 1277 error = stk_add(args, args->fname, UIO_SYSSPACE); 1278 else 1279 error = stk_add(args, uap->fname, UIO_USERSPACE); 1280 if (error) 1281 return (error); 1282 1283 /* 1284 * Check for an empty argv[]. 1285 */ 1286 if (stk_getptr(args, argv, &sp)) 1287 return (EFAULT); 1288 if (sp == NULL) 1289 argv_empty = 1; 1290 1291 argv += ptrsize; /* ignore original argv[0] */ 1292 } 1293 1294 if (argv_empty == 0) { 1295 /* 1296 * Add argv[] strings to the stack. 1297 */ 1298 for (;;) { 1299 if (stk_getptr(args, argv, &sp)) 1300 return (EFAULT); 1301 if (sp == NULL) 1302 break; 1303 if ((error = stk_add(args, sp, UIO_USERSPACE)) != 0) 1304 return (error); 1305 argv += ptrsize; 1306 } 1307 } 1308 argc = (int *)(args->stk_base + args->stk_size) - args->stk_offp; 1309 args->arglen = args->stk_strp - args->stk_base; 1310 1311 /* 1312 * Add environ[] strings to the stack. 1313 */ 1314 if (envp != NULL) { 1315 for (;;) { 1316 if (stk_getptr(args, envp, &sp)) 1317 return (EFAULT); 1318 if (sp == NULL) 1319 break; 1320 if ((error = stk_add(args, sp, UIO_USERSPACE)) != 0) 1321 return (error); 1322 envp += ptrsize; 1323 } 1324 } 1325 args->na = (int *)(args->stk_base + args->stk_size) - args->stk_offp; 1326 args->ne = args->na - argc; 1327 1328 /* 1329 * Add AT_SUN_PLATFORM and AT_SUN_EXECNAME strings to the stack. 1330 */ 1331 if (auxvpp != NULL && *auxvpp != NULL) { 1332 if ((error = stk_add(args, platform, UIO_SYSSPACE)) != 0) 1333 return (error); 1334 if ((error = stk_add(args, args->pathname, UIO_SYSSPACE)) != 0) 1335 return (error); 1336 } 1337 1338 /* 1339 * Compute the size of the stack. This includes all the pointers, 1340 * the space reserved for the aux vector, and all the strings. 1341 * The total number of pointers is args->na (which is argc + envc) 1342 * plus 4 more: (1) a pointer's worth of space for argc; (2) the NULL 1343 * after the last argument (i.e. argv[argc]); (3) the NULL after the 1344 * last environment variable (i.e. envp[envc]); and (4) the NULL after 1345 * all the strings, at the very top of the stack. 1346 */ 1347 size = (args->na + 4) * args->to_ptrsize + args->auxsize + 1348 (args->stk_strp - args->stk_base); 1349 1350 /* 1351 * Pad the string section with zeroes to align the stack size. 1352 */ 1353 pad = P2NPHASE(size, args->stk_align); 1354 1355 if (STK_AVAIL(args) < pad) 1356 return (E2BIG); 1357 1358 args->usrstack_size = size + pad; 1359 1360 while (pad-- != 0) 1361 *args->stk_strp++ = 0; 1362 1363 args->nc = args->stk_strp - args->stk_base; 1364 1365 return (0); 1366 } 1367 1368 static int 1369 stk_copyout(uarg_t *args, char *usrstack, void **auxvpp, user_t *up) 1370 { 1371 size_t ptrsize = args->to_ptrsize; 1372 ssize_t pslen; 1373 char *kstrp = args->stk_base; 1374 char *ustrp = usrstack - args->nc - ptrsize; 1375 char *usp = usrstack - args->usrstack_size; 1376 int *offp = (int *)(args->stk_base + args->stk_size); 1377 int envc = args->ne; 1378 int argc = args->na - envc; 1379 int i; 1380 1381 /* 1382 * Record argc for /proc. 1383 */ 1384 up->u_argc = argc; 1385 1386 /* 1387 * Put argc on the stack. Note that even though it's an int, 1388 * it always consumes ptrsize bytes (for alignment). 1389 */ 1390 if (stk_putptr(args, usp, (char *)(uintptr_t)argc)) 1391 return (-1); 1392 1393 /* 1394 * Add argc space (ptrsize) to usp and record argv for /proc. 1395 */ 1396 up->u_argv = (uintptr_t)(usp += ptrsize); 1397 1398 /* 1399 * Put the argv[] pointers on the stack. 1400 */ 1401 for (i = 0; i < argc; i++, usp += ptrsize) 1402 if (stk_putptr(args, usp, &ustrp[*--offp])) 1403 return (-1); 1404 1405 /* 1406 * Copy arguments to u_psargs. 1407 */ 1408 pslen = MIN(args->arglen, PSARGSZ) - 1; 1409 for (i = 0; i < pslen; i++) 1410 up->u_psargs[i] = (kstrp[i] == '\0' ? ' ' : kstrp[i]); 1411 while (i < PSARGSZ) 1412 up->u_psargs[i++] = '\0'; 1413 1414 /* 1415 * Add space for argv[]'s NULL terminator (ptrsize) to usp and 1416 * record envp for /proc. 1417 */ 1418 up->u_envp = (uintptr_t)(usp += ptrsize); 1419 1420 /* 1421 * Put the envp[] pointers on the stack. 1422 */ 1423 for (i = 0; i < envc; i++, usp += ptrsize) 1424 if (stk_putptr(args, usp, &ustrp[*--offp])) 1425 return (-1); 1426 1427 /* 1428 * Add space for envp[]'s NULL terminator (ptrsize) to usp and 1429 * remember where the stack ends, which is also where auxv begins. 1430 */ 1431 args->stackend = usp += ptrsize; 1432 1433 /* 1434 * Put all the argv[], envp[], and auxv strings on the stack. 1435 */ 1436 if (copyout(args->stk_base, ustrp, args->nc)) 1437 return (-1); 1438 1439 /* 1440 * Fill in the aux vector now that we know the user stack addresses 1441 * for the AT_SUN_PLATFORM and AT_SUN_EXECNAME strings. 1442 */ 1443 if (auxvpp != NULL && *auxvpp != NULL) { 1444 if (args->to_model == DATAMODEL_NATIVE) { 1445 auxv_t **a = (auxv_t **)auxvpp; 1446 ADDAUX(*a, AT_SUN_PLATFORM, (long)&ustrp[*--offp]) 1447 ADDAUX(*a, AT_SUN_EXECNAME, (long)&ustrp[*--offp]) 1448 } else { 1449 auxv32_t **a = (auxv32_t **)auxvpp; 1450 ADDAUX(*a, 1451 AT_SUN_PLATFORM, (int)(uintptr_t)&ustrp[*--offp]) 1452 ADDAUX(*a, 1453 AT_SUN_EXECNAME, (int)(uintptr_t)&ustrp[*--offp]); 1454 } 1455 } 1456 1457 return (0); 1458 } 1459 1460 #ifdef DEBUG 1461 int mpss_brkpgszsel = 0; 1462 int mpss_stkpgszsel = 0; 1463 #endif 1464 1465 /* 1466 * Initialize a new user stack with the specified arguments and environment. 1467 * The initial user stack layout is as follows: 1468 * 1469 * User Stack 1470 * +---------------+ <--- curproc->p_usrstack 1471 * | NULL | 1472 * +---------------+ 1473 * | | 1474 * | auxv strings | 1475 * | | 1476 * +---------------+ 1477 * | | 1478 * | envp strings | 1479 * | | 1480 * +---------------+ 1481 * | | 1482 * | argv strings | 1483 * | | 1484 * +---------------+ <--- ustrp 1485 * | | 1486 * | aux vector | 1487 * | | 1488 * +---------------+ <--- auxv 1489 * | NULL | 1490 * +---------------+ 1491 * | envp[envc-1] | 1492 * +---------------+ 1493 * | ... | 1494 * +---------------+ 1495 * | envp[0] | 1496 * +---------------+ <--- envp[] 1497 * | NULL | 1498 * +---------------+ 1499 * | argv[argc-1] | 1500 * +---------------+ 1501 * | ... | 1502 * +---------------+ 1503 * | argv[0] | 1504 * +---------------+ <--- argv[] 1505 * | argc | 1506 * +---------------+ <--- stack base 1507 */ 1508 int 1509 exec_args(execa_t *uap, uarg_t *args, intpdata_t *intp, void **auxvpp) 1510 { 1511 size_t size; 1512 int error; 1513 proc_t *p = ttoproc(curthread); 1514 user_t *up = PTOU(p); 1515 char *usrstack; 1516 rctl_entity_p_t e; 1517 1518 struct as *as; 1519 1520 args->from_model = p->p_model; 1521 if (p->p_model == DATAMODEL_NATIVE) { 1522 args->from_ptrsize = sizeof (long); 1523 } else { 1524 args->from_ptrsize = sizeof (int32_t); 1525 } 1526 1527 if (args->to_model == DATAMODEL_NATIVE) { 1528 args->to_ptrsize = sizeof (long); 1529 args->ncargs = NCARGS; 1530 args->stk_align = STACK_ALIGN; 1531 usrstack = (char *)USRSTACK; 1532 } else { 1533 args->to_ptrsize = sizeof (int32_t); 1534 args->ncargs = NCARGS32; 1535 args->stk_align = STACK_ALIGN32; 1536 usrstack = (char *)USRSTACK32; 1537 } 1538 1539 ASSERT(P2PHASE((uintptr_t)usrstack, args->stk_align) == 0); 1540 1541 #if defined(__sparc) 1542 /* 1543 * Make sure user register windows are empty before 1544 * attempting to make a new stack. 1545 */ 1546 (void) flush_user_windows_to_stack(NULL); 1547 #endif 1548 1549 for (size = PAGESIZE; ; size *= 2) { 1550 args->stk_size = size; 1551 args->stk_base = kmem_alloc(size, KM_SLEEP); 1552 args->stk_strp = args->stk_base; 1553 args->stk_offp = (int *)(args->stk_base + size); 1554 error = stk_copyin(uap, args, intp, auxvpp); 1555 if (error == 0) 1556 break; 1557 kmem_free(args->stk_base, size); 1558 if (error != E2BIG && error != ENAMETOOLONG) 1559 return (error); 1560 if (size >= args->ncargs) 1561 return (E2BIG); 1562 } 1563 1564 size = args->usrstack_size; 1565 1566 ASSERT(error == 0); 1567 ASSERT(P2PHASE(size, args->stk_align) == 0); 1568 ASSERT((ssize_t)STK_AVAIL(args) >= 0); 1569 1570 if (size > args->ncargs) { 1571 kmem_free(args->stk_base, args->stk_size); 1572 return (E2BIG); 1573 } 1574 1575 /* 1576 * Leave only the current lwp and force the other lwps to exit. 1577 * If another lwp beat us to the punch by calling exit(), bail out. 1578 */ 1579 if ((error = exitlwps(0)) != 0) { 1580 kmem_free(args->stk_base, args->stk_size); 1581 return (error); 1582 } 1583 1584 /* 1585 * Revoke any doors created by the process. 1586 */ 1587 if (p->p_door_list) 1588 door_exit(); 1589 1590 /* 1591 * Release schedctl data structures. 1592 */ 1593 if (p->p_pagep) 1594 schedctl_proc_cleanup(); 1595 1596 /* 1597 * Clean up any DTrace helpers for the process. 1598 */ 1599 if (p->p_dtrace_helpers != NULL) { 1600 ASSERT(dtrace_helpers_cleanup != NULL); 1601 (*dtrace_helpers_cleanup)(); 1602 } 1603 1604 mutex_enter(&p->p_lock); 1605 /* 1606 * Cleanup the DTrace provider associated with this process. 1607 */ 1608 if (p->p_dtrace_probes) { 1609 ASSERT(dtrace_fasttrap_exec_ptr != NULL); 1610 dtrace_fasttrap_exec_ptr(p); 1611 } 1612 mutex_exit(&p->p_lock); 1613 1614 /* 1615 * discard the lwpchan cache. 1616 */ 1617 if (p->p_lcp != NULL) 1618 lwpchan_destroy_cache(1); 1619 1620 /* 1621 * Delete the POSIX timers. 1622 */ 1623 if (p->p_itimer != NULL) 1624 timer_exit(); 1625 1626 #ifdef C2_AUDIT 1627 if (audit_active) 1628 audit_exec(args->stk_base, args->stk_base + args->arglen, 1629 args->na - args->ne, args->ne); 1630 #endif 1631 1632 /* 1633 * Ensure that we don't change resource associations while we 1634 * change address spaces. 1635 */ 1636 mutex_enter(&p->p_lock); 1637 pool_barrier_enter(); 1638 mutex_exit(&p->p_lock); 1639 1640 /* 1641 * Destroy the old address space and create a new one. 1642 * From here on, any errors are fatal to the exec()ing process. 1643 * On error we return -1, which means the caller must SIGKILL 1644 * the process. 1645 */ 1646 relvm(); 1647 1648 mutex_enter(&p->p_lock); 1649 pool_barrier_exit(); 1650 mutex_exit(&p->p_lock); 1651 1652 up->u_execsw = args->execswp; 1653 1654 p->p_brkbase = NULL; 1655 p->p_brksize = 0; 1656 p->p_stksize = 0; 1657 p->p_model = args->to_model; 1658 p->p_usrstack = usrstack; 1659 p->p_stkprot = args->stk_prot; 1660 p->p_datprot = args->dat_prot; 1661 1662 /* 1663 * Reset resource controls such that all controls are again active as 1664 * well as appropriate to the potentially new address model for the 1665 * process. 1666 */ 1667 e.rcep_p.proc = p; 1668 e.rcep_t = RCENTITY_PROCESS; 1669 rctl_set_reset(p->p_rctls, p, &e); 1670 1671 if (exec_lpg_disable == 0) { 1672 #ifdef DEBUG 1673 uint_t pgsizes = page_num_pagesizes(); 1674 uint_t szc; 1675 #endif 1676 p->p_brkpageszc = args->brkpageszc; 1677 p->p_stkpageszc = args->stkpageszc; 1678 1679 if (p->p_brkpageszc == 0) { 1680 p->p_brkpageszc = page_szc(map_pgsz(MAPPGSZ_HEAP, 1681 p, 0, 0, NULL)); 1682 } 1683 if (p->p_stkpageszc == 0) { 1684 p->p_stkpageszc = page_szc(map_pgsz(MAPPGSZ_STK, 1685 p, 0, 0, NULL)); 1686 } 1687 1688 #ifdef DEBUG 1689 if (mpss_brkpgszsel != 0) { 1690 if (mpss_brkpgszsel == -1) { 1691 szc = ((uint_t)gethrtime() >> 8) % pgsizes; 1692 } else { 1693 szc = mpss_brkpgszsel % pgsizes; 1694 } 1695 p->p_brkpageszc = szc; 1696 } 1697 1698 if (mpss_stkpgszsel != 0) { 1699 if (mpss_stkpgszsel == -1) { 1700 szc = ((uint_t)gethrtime() >> 7) % pgsizes; 1701 } else { 1702 szc = mpss_stkpgszsel % pgsizes; 1703 } 1704 p->p_stkpageszc = szc; 1705 } 1706 1707 #endif 1708 mutex_enter(&p->p_lock); 1709 p->p_flag |= SAUTOLPG; /* kernel controls page sizes */ 1710 mutex_exit(&p->p_lock); 1711 1712 } else { 1713 p->p_brkpageszc = 0; 1714 p->p_stkpageszc = 0; 1715 } 1716 1717 exec_set_sp(size); 1718 1719 as = as_alloc(); 1720 p->p_as = as; 1721 if (p->p_model == DATAMODEL_ILP32) 1722 as->a_userlimit = (caddr_t)USERLIMIT32; 1723 (void) hat_setup(as->a_hat, HAT_ALLOC); 1724 1725 /* 1726 * Finally, write out the contents of the new stack. 1727 */ 1728 error = stk_copyout(args, usrstack, auxvpp, up); 1729 kmem_free(args->stk_base, args->stk_size); 1730 return (error); 1731 } 1732