1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25 #include <sys/kmem.h> 26 #include <sys/errno.h> 27 #include <sys/systm.h> 28 #include <sys/cmn_err.h> 29 #include <sys/brand.h> 30 #include <sys/machbrand.h> 31 #include <sys/modctl.h> 32 #include <sys/rwlock.h> 33 #include <sys/zone.h> 34 #include <sys/pathname.h> 35 36 #define SUPPORTED_BRAND_VERSION BRAND_VER_1 37 38 #if defined(__sparcv9) 39 /* sparcv9 uses system wide brand interposition hooks */ 40 static void brand_plat_interposition_enable(void); 41 static void brand_plat_interposition_disable(void); 42 43 struct brand_mach_ops native_mach_ops = { 44 NULL, NULL 45 }; 46 #else /* !__sparcv9 */ 47 struct brand_mach_ops native_mach_ops = { 48 NULL, NULL, NULL, NULL 49 }; 50 #endif /* !__sparcv9 */ 51 52 brand_t native_brand = { 53 BRAND_VER_1, 54 "native", 55 NULL, 56 &native_mach_ops 57 }; 58 59 /* 60 * Used to maintain a list of all the brands currently loaded into the 61 * kernel. 62 */ 63 struct brand_list { 64 int bl_refcnt; 65 struct brand_list *bl_next; 66 brand_t *bl_brand; 67 }; 68 69 static struct brand_list *brand_list = NULL; 70 71 /* 72 * This lock protects the integrity of the brand list. 73 */ 74 static kmutex_t brand_list_lock; 75 76 void 77 brand_init() 78 { 79 mutex_init(&brand_list_lock, NULL, MUTEX_DEFAULT, NULL); 80 p0.p_brand = &native_brand; 81 } 82 83 int 84 brand_register(brand_t *brand) 85 { 86 struct brand_list *list, *scan; 87 88 if (brand == NULL) 89 return (EINVAL); 90 91 if (brand->b_version != SUPPORTED_BRAND_VERSION) { 92 if (brand->b_version < SUPPORTED_BRAND_VERSION) { 93 cmn_err(CE_WARN, 94 "brand '%s' was built to run on older versions " 95 "of Solaris.", 96 brand->b_name); 97 } else { 98 cmn_err(CE_WARN, 99 "brand '%s' was built to run on a newer version " 100 "of Solaris.", 101 brand->b_name); 102 } 103 return (EINVAL); 104 } 105 106 /* Sanity checks */ 107 if (brand->b_name == NULL || brand->b_ops == NULL || 108 brand->b_ops->b_brandsys == NULL) { 109 cmn_err(CE_WARN, "Malformed brand"); 110 return (EINVAL); 111 } 112 113 list = kmem_alloc(sizeof (struct brand_list), KM_SLEEP); 114 115 /* Add the brand to the list of loaded brands. */ 116 mutex_enter(&brand_list_lock); 117 118 /* 119 * Check to be sure we haven't already registered this brand. 120 */ 121 for (scan = brand_list; scan != NULL; scan = scan->bl_next) { 122 if (strcmp(brand->b_name, scan->bl_brand->b_name) == 0) { 123 cmn_err(CE_WARN, 124 "Invalid attempt to load a second instance of " 125 "brand %s", brand->b_name); 126 mutex_exit(&brand_list_lock); 127 kmem_free(list, sizeof (struct brand_list)); 128 return (EINVAL); 129 } 130 } 131 132 #if defined(__sparcv9) 133 /* sparcv9 uses system wide brand interposition hooks */ 134 if (brand_list == NULL) 135 brand_plat_interposition_enable(); 136 #endif /* __sparcv9 */ 137 138 list->bl_brand = brand; 139 list->bl_refcnt = 0; 140 list->bl_next = brand_list; 141 brand_list = list; 142 143 mutex_exit(&brand_list_lock); 144 145 return (0); 146 } 147 148 /* 149 * The kernel module implementing this brand is being unloaded, so remove 150 * it from the list of active brands. 151 */ 152 int 153 brand_unregister(brand_t *brand) 154 { 155 struct brand_list *list, *prev; 156 157 /* Sanity checks */ 158 if (brand == NULL || brand->b_name == NULL) { 159 cmn_err(CE_WARN, "Malformed brand"); 160 return (EINVAL); 161 } 162 163 prev = NULL; 164 mutex_enter(&brand_list_lock); 165 166 for (list = brand_list; list != NULL; list = list->bl_next) { 167 if (list->bl_brand == brand) 168 break; 169 prev = list; 170 } 171 172 if (list == NULL) { 173 cmn_err(CE_WARN, "Brand %s wasn't registered", brand->b_name); 174 mutex_exit(&brand_list_lock); 175 return (EINVAL); 176 } 177 178 if (list->bl_refcnt > 0) { 179 cmn_err(CE_WARN, "Unregistering brand %s which is still in use", 180 brand->b_name); 181 mutex_exit(&brand_list_lock); 182 return (EBUSY); 183 } 184 185 /* Remove brand from the list */ 186 if (prev != NULL) 187 prev->bl_next = list->bl_next; 188 else 189 brand_list = list->bl_next; 190 191 #if defined(__sparcv9) 192 /* sparcv9 uses system wide brand interposition hooks */ 193 if (brand_list == NULL) 194 brand_plat_interposition_disable(); 195 #endif /* __sparcv9 */ 196 197 mutex_exit(&brand_list_lock); 198 199 kmem_free(list, sizeof (struct brand_list)); 200 201 return (0); 202 } 203 204 /* 205 * Record that a zone of this brand has been instantiated. If the kernel 206 * module implementing this brand's functionality is not present, this 207 * routine attempts to load the module as a side effect. 208 */ 209 brand_t * 210 brand_register_zone(struct brand_attr *attr) 211 { 212 struct brand_list *l = NULL; 213 ddi_modhandle_t hdl = NULL; 214 char *modname; 215 int err = 0; 216 217 if (is_system_labeled()) { 218 cmn_err(CE_WARN, 219 "Branded zones are not allowed on labeled systems."); 220 return (NULL); 221 } 222 223 /* 224 * We make at most two passes through this loop. The first time 225 * through, we're looking to see if this is a new user of an 226 * already loaded brand. If the brand hasn't been loaded, we 227 * call ddi_modopen() to force it to be loaded and then make a 228 * second pass through the list of brands. If we don't find the 229 * brand the second time through it means that the modname 230 * specified in the brand_attr structure doesn't provide the brand 231 * specified in the brandname field. This would suggest a bug in 232 * the brand's config.xml file. We close the module and return 233 * 'NULL' to the caller. 234 */ 235 for (;;) { 236 /* 237 * Search list of loaded brands 238 */ 239 mutex_enter(&brand_list_lock); 240 for (l = brand_list; l != NULL; l = l->bl_next) 241 if (strcmp(attr->ba_brandname, 242 l->bl_brand->b_name) == 0) 243 break; 244 if ((l != NULL) || (hdl != NULL)) 245 break; 246 mutex_exit(&brand_list_lock); 247 248 /* 249 * We didn't find that the requested brand has been loaded 250 * yet, so we trigger the load of the appropriate kernel 251 * module and search the list again. 252 */ 253 modname = kmem_alloc(MAXPATHLEN, KM_SLEEP); 254 (void) strcpy(modname, "brand/"); 255 (void) strcat(modname, attr->ba_modname); 256 hdl = ddi_modopen(modname, KRTLD_MODE_FIRST, &err); 257 kmem_free(modname, MAXPATHLEN); 258 259 if (err != 0) 260 return (NULL); 261 } 262 263 /* 264 * If we found the matching brand, bump its reference count. 265 */ 266 if (l != NULL) 267 l->bl_refcnt++; 268 269 mutex_exit(&brand_list_lock); 270 271 if (hdl != NULL) 272 (void) ddi_modclose(hdl); 273 274 return ((l != NULL) ? l->bl_brand : NULL); 275 } 276 277 /* 278 * Return the number of zones currently using this brand. 279 */ 280 int 281 brand_zone_count(struct brand *bp) 282 { 283 struct brand_list *l; 284 int cnt = 0; 285 286 mutex_enter(&brand_list_lock); 287 for (l = brand_list; l != NULL; l = l->bl_next) 288 if (l->bl_brand == bp) { 289 cnt = l->bl_refcnt; 290 break; 291 } 292 mutex_exit(&brand_list_lock); 293 294 return (cnt); 295 } 296 297 void 298 brand_unregister_zone(struct brand *bp) 299 { 300 struct brand_list *list; 301 302 mutex_enter(&brand_list_lock); 303 for (list = brand_list; list != NULL; list = list->bl_next) { 304 if (list->bl_brand == bp) { 305 ASSERT(list->bl_refcnt > 0); 306 list->bl_refcnt--; 307 break; 308 } 309 } 310 mutex_exit(&brand_list_lock); 311 } 312 313 void 314 brand_setbrand(proc_t *p) 315 { 316 brand_t *bp = p->p_zone->zone_brand; 317 318 ASSERT(bp != NULL); 319 ASSERT(p->p_brand == &native_brand); 320 321 /* 322 * We should only be called from exec(), when we know the process 323 * is single-threaded. 324 */ 325 ASSERT(p->p_tlist == p->p_tlist->t_forw); 326 327 p->p_brand = bp; 328 ASSERT(PROC_IS_BRANDED(p)); 329 BROP(p)->b_setbrand(p); 330 } 331 332 void 333 brand_clearbrand(proc_t *p) 334 { 335 brand_t *bp = p->p_zone->zone_brand; 336 ASSERT(bp != NULL); 337 338 /* 339 * We should only be called from exec_common() or proc_exit(), 340 * when we know the process is single-threaded. 341 */ 342 ASSERT(p->p_tlist == p->p_tlist->t_forw); 343 344 ASSERT(PROC_IS_BRANDED(p)); 345 BROP(p)->b_proc_exit(p, p->p_tlist->t_lwp); 346 p->p_brand = &native_brand; 347 } 348 349 #if defined(__sparcv9) 350 /* 351 * Currently, only sparc has system level brand syscall interposition. 352 * On x86 we're able to enable syscall interposition on a per-cpu basis 353 * when a branded thread is scheduled to run on a cpu. 354 */ 355 356 /* Local variables needed for dynamic syscall interposition support */ 357 static uint32_t syscall_trap_patch_instr_orig; 358 static uint32_t syscall_trap32_patch_instr_orig; 359 360 /* Trap Table syscall entry hot patch points */ 361 extern void syscall_trap_patch_point(void); 362 extern void syscall_trap32_patch_point(void); 363 364 /* Alternate syscall entry handlers used when branded zones are running */ 365 extern void syscall_wrapper(void); 366 extern void syscall_wrapper32(void); 367 368 /* Macros used to facilitate sparcv9 instruction generation */ 369 #define BA_A_INSTR 0x30800000 /* ba,a addr */ 370 #define DISP22(from, to) \ 371 ((((uintptr_t)(to) - (uintptr_t)(from)) >> 2) & 0x3fffff) 372 373 /*ARGSUSED*/ 374 static void 375 brand_plat_interposition_enable(void) 376 { 377 ASSERT(MUTEX_HELD(&brand_list_lock)); 378 379 /* 380 * Before we hot patch the kernel save the current instructions 381 * so that we can restore them later. 382 */ 383 syscall_trap_patch_instr_orig = 384 *(uint32_t *)syscall_trap_patch_point; 385 syscall_trap32_patch_instr_orig = 386 *(uint32_t *)syscall_trap32_patch_point; 387 388 /* 389 * Modify the trap table at the patch points. 390 * 391 * We basically replace the first instruction at the patch 392 * point with a ba,a instruction that will transfer control 393 * to syscall_wrapper or syscall_wrapper32 for 64-bit and 394 * 32-bit syscalls respectively. It's important to note that 395 * the annul bit is set in the branch so we don't execute 396 * the instruction directly following the one we're patching 397 * during the branch's delay slot. 398 * 399 * It also doesn't matter that we're not atomically updating both 400 * the 64 and 32 bit syscall paths at the same time since there's 401 * no actual branded processes running on the system yet. 402 */ 403 hot_patch_kernel_text((caddr_t)syscall_trap_patch_point, 404 BA_A_INSTR | DISP22(syscall_trap_patch_point, syscall_wrapper), 405 4); 406 hot_patch_kernel_text((caddr_t)syscall_trap32_patch_point, 407 BA_A_INSTR | DISP22(syscall_trap32_patch_point, syscall_wrapper32), 408 4); 409 } 410 411 /*ARGSUSED*/ 412 static void 413 brand_plat_interposition_disable(void) 414 { 415 ASSERT(MUTEX_HELD(&brand_list_lock)); 416 417 /* 418 * Restore the original instructions at the trap table syscall 419 * patch points to disable the brand syscall interposition 420 * mechanism. 421 */ 422 hot_patch_kernel_text((caddr_t)syscall_trap_patch_point, 423 syscall_trap_patch_instr_orig, 4); 424 hot_patch_kernel_text((caddr_t)syscall_trap32_patch_point, 425 syscall_trap32_patch_instr_orig, 4); 426 } 427 #endif /* __sparcv9 */ 428 429 /* 430 * The following functions can be shared among kernel brand modules which 431 * implement Solaris-derived brands, all of which need to do similar tasks 432 * to manage the brand. 433 */ 434 435 #if defined(_LP64) 436 static void 437 Ehdr32to64(Elf32_Ehdr *src, Ehdr *dst) 438 { 439 bcopy(src->e_ident, dst->e_ident, sizeof (src->e_ident)); 440 dst->e_type = src->e_type; 441 dst->e_machine = src->e_machine; 442 dst->e_version = src->e_version; 443 dst->e_entry = src->e_entry; 444 dst->e_phoff = src->e_phoff; 445 dst->e_shoff = src->e_shoff; 446 dst->e_flags = src->e_flags; 447 dst->e_ehsize = src->e_ehsize; 448 dst->e_phentsize = src->e_phentsize; 449 dst->e_phnum = src->e_phnum; 450 dst->e_shentsize = src->e_shentsize; 451 dst->e_shnum = src->e_shnum; 452 dst->e_shstrndx = src->e_shstrndx; 453 } 454 #endif /* _LP64 */ 455 456 /* 457 * Return -1 if the cmd was not handled by this function. 458 */ 459 /*ARGSUSED*/ 460 int 461 brand_solaris_cmd(int cmd, uintptr_t arg1, uintptr_t arg2, uintptr_t arg3, 462 struct brand *pbrand, int brandvers) 463 { 464 brand_proc_data_t *spd; 465 brand_proc_reg_t reg; 466 proc_t *p = curproc; 467 int err; 468 469 /* 470 * There is one operation that is supported for a native 471 * process; B_EXEC_BRAND. This brand operaion is redundant 472 * since the kernel assumes a native process doing an exec 473 * in a branded zone is going to run a branded processes. 474 * hence we don't support this operation. 475 */ 476 if (cmd == B_EXEC_BRAND) 477 return (ENOSYS); 478 479 /* For all other operations this must be a branded process. */ 480 if (p->p_brand == &native_brand) 481 return (ENOSYS); 482 483 ASSERT(p->p_brand == pbrand); 484 ASSERT(p->p_brand_data != NULL); 485 486 spd = (brand_proc_data_t *)p->p_brand_data; 487 488 switch ((cmd)) { 489 case B_EXEC_NATIVE: 490 err = exec_common((char *)arg1, (const char **)arg2, 491 (const char **)arg3, EBA_NATIVE); 492 return (err); 493 494 /* 495 * Get the address of the user-space system call handler from 496 * the user process and attach it to the proc structure. 497 */ 498 case B_REGISTER: 499 if (p->p_model == DATAMODEL_NATIVE) { 500 if (copyin((void *)arg1, ®, sizeof (reg)) != 0) 501 return (EFAULT); 502 } 503 #if defined(_LP64) 504 else { 505 brand_common_reg32_t reg32; 506 507 if (copyin((void *)arg1, ®32, sizeof (reg32)) != 0) 508 return (EFAULT); 509 reg.sbr_version = reg32.sbr_version; 510 reg.sbr_handler = (caddr_t)(uintptr_t)reg32.sbr_handler; 511 } 512 #endif /* _LP64 */ 513 514 if (reg.sbr_version != brandvers) 515 return (ENOTSUP); 516 spd->spd_handler = reg.sbr_handler; 517 return (0); 518 519 case B_ELFDATA: 520 if (p->p_model == DATAMODEL_NATIVE) { 521 if (copyout(&spd->spd_elf_data, (void *)arg1, 522 sizeof (brand_elf_data_t)) != 0) 523 return (EFAULT); 524 } 525 #if defined(_LP64) 526 else { 527 brand_elf_data32_t sed32; 528 529 sed32.sed_phdr = spd->spd_elf_data.sed_phdr; 530 sed32.sed_phent = spd->spd_elf_data.sed_phent; 531 sed32.sed_phnum = spd->spd_elf_data.sed_phnum; 532 sed32.sed_entry = spd->spd_elf_data.sed_entry; 533 sed32.sed_base = spd->spd_elf_data.sed_base; 534 sed32.sed_ldentry = spd->spd_elf_data.sed_ldentry; 535 sed32.sed_lddata = spd->spd_elf_data.sed_lddata; 536 if (copyout(&sed32, (void *)arg1, sizeof (sed32)) 537 != 0) 538 return (EFAULT); 539 } 540 #endif /* _LP64 */ 541 return (0); 542 543 /* 544 * The B_TRUSS_POINT subcommand exists so that we can see 545 * truss output from interposed system calls that return 546 * without first calling any other system call, meaning they 547 * would be invisible to truss(1). 548 * If the second argument is set non-zero, set errno to that 549 * value as well. 550 * 551 * Common arguments seen with truss are: 552 * 553 * arg1: syscall number 554 * arg2: errno 555 */ 556 case B_TRUSS_POINT: 557 return ((arg2 == 0) ? 0 : set_errno((uint_t)arg2)); 558 } 559 560 return (-1); 561 } 562 563 /*ARGSUSED*/ 564 void 565 brand_solaris_copy_procdata(proc_t *child, proc_t *parent, struct brand *pbrand) 566 { 567 brand_proc_data_t *spd; 568 569 ASSERT(parent->p_brand == pbrand); 570 ASSERT(child->p_brand == pbrand); 571 ASSERT(parent->p_brand_data != NULL); 572 ASSERT(child->p_brand_data == NULL); 573 574 /* 575 * Just duplicate all the proc data of the parent for the 576 * child 577 */ 578 spd = kmem_alloc(sizeof (brand_proc_data_t), KM_SLEEP); 579 bcopy(parent->p_brand_data, spd, sizeof (brand_proc_data_t)); 580 child->p_brand_data = spd; 581 } 582 583 static void 584 restoreexecenv(struct execenv *ep, stack_t *sp) 585 { 586 klwp_t *lwp = ttolwp(curthread); 587 588 setexecenv(ep); 589 lwp->lwp_sigaltstack.ss_sp = sp->ss_sp; 590 lwp->lwp_sigaltstack.ss_size = sp->ss_size; 591 lwp->lwp_sigaltstack.ss_flags = sp->ss_flags; 592 } 593 594 /*ARGSUSED*/ 595 int 596 brand_solaris_elfexec(vnode_t *vp, execa_t *uap, uarg_t *args, 597 intpdata_t *idatap, int level, long *execsz, int setid, caddr_t exec_file, 598 cred_t *cred, int brand_action, struct brand *pbrand, char *bname, 599 char *brandlib, char *brandlib32, char *brandlinker, char *brandlinker32) 600 { 601 602 vnode_t *nvp; 603 Ehdr ehdr; 604 Addr uphdr_vaddr; 605 intptr_t voffset; 606 int interp; 607 int i, err; 608 struct execenv env; 609 struct execenv origenv; 610 stack_t orig_sigaltstack; 611 struct user *up = PTOU(curproc); 612 proc_t *p = ttoproc(curthread); 613 klwp_t *lwp = ttolwp(curthread); 614 brand_proc_data_t *spd; 615 brand_elf_data_t sed, *sedp; 616 char *linker; 617 uintptr_t lddata; /* lddata of executable's linker */ 618 619 ASSERT(curproc->p_brand == pbrand); 620 ASSERT(curproc->p_brand_data != NULL); 621 622 spd = (brand_proc_data_t *)curproc->p_brand_data; 623 sedp = &spd->spd_elf_data; 624 625 args->brandname = bname; 626 627 /* 628 * We will exec the brand library and then map in the target 629 * application and (optionally) the brand's default linker. 630 */ 631 if (args->to_model == DATAMODEL_NATIVE) { 632 args->emulator = brandlib; 633 linker = brandlinker; 634 } 635 #if defined(_LP64) 636 else { 637 args->emulator = brandlib32; 638 linker = brandlinker32; 639 } 640 #endif /* _LP64 */ 641 642 if ((err = lookupname(args->emulator, UIO_SYSSPACE, FOLLOW, 643 NULLVPP, &nvp)) != 0) { 644 uprintf("%s: not found.", args->emulator); 645 return (err); 646 } 647 648 /* 649 * The following elf{32}exec call changes the execenv in the proc 650 * struct which includes changing the p_exec member to be the vnode 651 * for the brand library (e.g. /.SUNWnative/usr/lib/s10_brand.so.1). 652 * We will eventually set the p_exec member to be the vnode for the new 653 * executable when we call setexecenv(). However, if we get an error 654 * before that call we need to restore the execenv to its original 655 * values so that when we return to the caller fop_close() works 656 * properly while cleaning up from the failed exec(). Restoring the 657 * original value will also properly decrement the 2nd VN_RELE that we 658 * took on the brand library. 659 */ 660 origenv.ex_bssbase = p->p_bssbase; 661 origenv.ex_brkbase = p->p_brkbase; 662 origenv.ex_brksize = p->p_brksize; 663 origenv.ex_vp = p->p_exec; 664 orig_sigaltstack.ss_sp = lwp->lwp_sigaltstack.ss_sp; 665 orig_sigaltstack.ss_size = lwp->lwp_sigaltstack.ss_size; 666 orig_sigaltstack.ss_flags = lwp->lwp_sigaltstack.ss_flags; 667 668 if (args->to_model == DATAMODEL_NATIVE) { 669 err = elfexec(nvp, uap, args, idatap, level + 1, execsz, 670 setid, exec_file, cred, brand_action); 671 } 672 #if defined(_LP64) 673 else { 674 err = elf32exec(nvp, uap, args, idatap, level + 1, execsz, 675 setid, exec_file, cred, brand_action); 676 } 677 #endif /* _LP64 */ 678 VN_RELE(nvp); 679 if (err != 0) { 680 restoreexecenv(&origenv, &orig_sigaltstack); 681 return (err); 682 } 683 684 /* 685 * The u_auxv veCTors are set up by elfexec to point to the 686 * brand emulation library and linker. Save these so they can 687 * be copied to the specific brand aux vectors. 688 */ 689 bzero(&sed, sizeof (sed)); 690 for (i = 0; i < __KERN_NAUXV_IMPL; i++) { 691 switch (up->u_auxv[i].a_type) { 692 case AT_SUN_LDDATA: 693 sed.sed_lddata = up->u_auxv[i].a_un.a_val; 694 break; 695 case AT_BASE: 696 sed.sed_base = up->u_auxv[i].a_un.a_val; 697 break; 698 case AT_ENTRY: 699 sed.sed_entry = up->u_auxv[i].a_un.a_val; 700 break; 701 case AT_PHDR: 702 sed.sed_phdr = up->u_auxv[i].a_un.a_val; 703 break; 704 case AT_PHENT: 705 sed.sed_phent = up->u_auxv[i].a_un.a_val; 706 break; 707 case AT_PHNUM: 708 sed.sed_phnum = up->u_auxv[i].a_un.a_val; 709 break; 710 default: 711 break; 712 } 713 } 714 /* Make sure the emulator has an entry point */ 715 ASSERT(sed.sed_entry != NULL); 716 ASSERT(sed.sed_phdr != NULL); 717 718 bzero(&env, sizeof (env)); 719 if (args->to_model == DATAMODEL_NATIVE) { 720 err = mapexec_brand(vp, args, &ehdr, &uphdr_vaddr, 721 &voffset, exec_file, &interp, &env.ex_bssbase, 722 &env.ex_brkbase, &env.ex_brksize, NULL); 723 } 724 #if defined(_LP64) 725 else { 726 Elf32_Ehdr ehdr32; 727 Elf32_Addr uphdr_vaddr32; 728 err = mapexec32_brand(vp, args, &ehdr32, &uphdr_vaddr32, 729 &voffset, exec_file, &interp, &env.ex_bssbase, 730 &env.ex_brkbase, &env.ex_brksize, NULL); 731 Ehdr32to64(&ehdr32, &ehdr); 732 733 if (uphdr_vaddr32 == (Elf32_Addr)-1) 734 uphdr_vaddr = (Addr)-1; 735 else 736 uphdr_vaddr = uphdr_vaddr32; 737 } 738 #endif /* _LP64 */ 739 if (err != 0) { 740 restoreexecenv(&origenv, &orig_sigaltstack); 741 return (err); 742 } 743 744 /* 745 * Save off the important properties of the executable. The 746 * brand library will ask us for this data later, when it is 747 * initializing and getting ready to transfer control to the 748 * brand application. 749 */ 750 if (uphdr_vaddr == (Addr)-1) 751 sedp->sed_phdr = voffset + ehdr.e_phoff; 752 else 753 sedp->sed_phdr = voffset + uphdr_vaddr; 754 sedp->sed_entry = voffset + ehdr.e_entry; 755 sedp->sed_phent = ehdr.e_phentsize; 756 sedp->sed_phnum = ehdr.e_phnum; 757 758 if (interp) { 759 if (ehdr.e_type == ET_DYN) { 760 /* 761 * This is a shared object executable, so we 762 * need to pick a reasonable place to put the 763 * heap. Just don't use the first page. 764 */ 765 env.ex_brkbase = (caddr_t)PAGESIZE; 766 env.ex_bssbase = (caddr_t)PAGESIZE; 767 } 768 769 /* 770 * If the program needs an interpreter (most do), map 771 * it in and store relevant information about it in the 772 * aux vector, where the brand library can find it. 773 */ 774 if ((err = lookupname(linker, UIO_SYSSPACE, 775 FOLLOW, NULLVPP, &nvp)) != 0) { 776 uprintf("%s: not found.", brandlinker); 777 restoreexecenv(&origenv, &orig_sigaltstack); 778 return (err); 779 } 780 if (args->to_model == DATAMODEL_NATIVE) { 781 err = mapexec_brand(nvp, args, &ehdr, 782 &uphdr_vaddr, &voffset, exec_file, &interp, 783 NULL, NULL, NULL, &lddata); 784 } 785 #if defined(_LP64) 786 else { 787 Elf32_Ehdr ehdr32; 788 Elf32_Addr uphdr_vaddr32; 789 err = mapexec32_brand(nvp, args, &ehdr32, 790 &uphdr_vaddr32, &voffset, exec_file, &interp, 791 NULL, NULL, NULL, &lddata); 792 Ehdr32to64(&ehdr32, &ehdr); 793 794 if (uphdr_vaddr32 == (Elf32_Addr)-1) 795 uphdr_vaddr = (Addr)-1; 796 else 797 uphdr_vaddr = uphdr_vaddr32; 798 } 799 #endif /* _LP64 */ 800 VN_RELE(nvp); 801 if (err != 0) { 802 restoreexecenv(&origenv, &orig_sigaltstack); 803 return (err); 804 } 805 806 /* 807 * Now that we know the base address of the brand's 808 * linker, place it in the aux vector. 809 */ 810 sedp->sed_base = voffset; 811 sedp->sed_ldentry = voffset + ehdr.e_entry; 812 sedp->sed_lddata = voffset + lddata; 813 } else { 814 /* 815 * This program has no interpreter. The brand library 816 * will jump to the address in the AT_SUN_BRAND_LDENTRY 817 * aux vector, so in this case, put the entry point of 818 * the main executable there. 819 */ 820 if (ehdr.e_type == ET_EXEC) { 821 /* 822 * An executable with no interpreter, this must 823 * be a statically linked executable, which 824 * means we loaded it at the address specified 825 * in the elf header, in which case the e_entry 826 * field of the elf header is an absolute 827 * address. 828 */ 829 sedp->sed_ldentry = ehdr.e_entry; 830 sedp->sed_entry = ehdr.e_entry; 831 sedp->sed_lddata = NULL; 832 sedp->sed_base = NULL; 833 } else { 834 /* 835 * A shared object with no interpreter, we use 836 * the calculated address from above. 837 */ 838 sedp->sed_ldentry = sedp->sed_entry; 839 sedp->sed_entry = NULL; 840 sedp->sed_phdr = NULL; 841 sedp->sed_phent = NULL; 842 sedp->sed_phnum = NULL; 843 sedp->sed_lddata = NULL; 844 sedp->sed_base = voffset; 845 846 if (ehdr.e_type == ET_DYN) { 847 /* 848 * Delay setting the brkbase until the 849 * first call to brk(); see elfexec() 850 * for details. 851 */ 852 env.ex_bssbase = (caddr_t)0; 853 env.ex_brkbase = (caddr_t)0; 854 env.ex_brksize = 0; 855 } 856 } 857 } 858 859 env.ex_magic = elfmagic; 860 env.ex_vp = vp; 861 setexecenv(&env); 862 863 /* 864 * It's time to manipulate the process aux vectors. First 865 * we need to update the AT_SUN_AUXFLAGS aux vector to set 866 * the AF_SUN_NOPLM flag. 867 */ 868 if (args->to_model == DATAMODEL_NATIVE) { 869 auxv_t auxflags_auxv; 870 871 if (copyin(args->auxp_auxflags, &auxflags_auxv, 872 sizeof (auxflags_auxv)) != 0) 873 return (EFAULT); 874 875 ASSERT(auxflags_auxv.a_type == AT_SUN_AUXFLAGS); 876 auxflags_auxv.a_un.a_val |= AF_SUN_NOPLM; 877 if (copyout(&auxflags_auxv, args->auxp_auxflags, 878 sizeof (auxflags_auxv)) != 0) 879 return (EFAULT); 880 } 881 #if defined(_LP64) 882 else { 883 auxv32_t auxflags_auxv32; 884 885 if (copyin(args->auxp_auxflags, &auxflags_auxv32, 886 sizeof (auxflags_auxv32)) != 0) 887 return (EFAULT); 888 889 ASSERT(auxflags_auxv32.a_type == AT_SUN_AUXFLAGS); 890 auxflags_auxv32.a_un.a_val |= AF_SUN_NOPLM; 891 if (copyout(&auxflags_auxv32, args->auxp_auxflags, 892 sizeof (auxflags_auxv32)) != 0) 893 return (EFAULT); 894 } 895 #endif /* _LP64 */ 896 897 /* Second, copy out the brand specific aux vectors. */ 898 if (args->to_model == DATAMODEL_NATIVE) { 899 auxv_t brand_auxv[] = { 900 { AT_SUN_BRAND_AUX1, 0 }, 901 { AT_SUN_BRAND_AUX2, 0 }, 902 { AT_SUN_BRAND_AUX3, 0 } 903 }; 904 905 ASSERT(brand_auxv[0].a_type == 906 AT_SUN_BRAND_COMMON_LDDATA); 907 brand_auxv[0].a_un.a_val = sed.sed_lddata; 908 909 if (copyout(&brand_auxv, args->auxp_brand, 910 sizeof (brand_auxv)) != 0) 911 return (EFAULT); 912 } 913 #if defined(_LP64) 914 else { 915 auxv32_t brand_auxv32[] = { 916 { AT_SUN_BRAND_AUX1, 0 }, 917 { AT_SUN_BRAND_AUX2, 0 }, 918 { AT_SUN_BRAND_AUX3, 0 } 919 }; 920 921 ASSERT(brand_auxv32[0].a_type == AT_SUN_BRAND_COMMON_LDDATA); 922 brand_auxv32[0].a_un.a_val = (uint32_t)sed.sed_lddata; 923 if (copyout(&brand_auxv32, args->auxp_brand, 924 sizeof (brand_auxv32)) != 0) 925 return (EFAULT); 926 } 927 #endif /* _LP64 */ 928 929 /* 930 * Third, the /proc aux vectors set up by elfexec() point to 931 * brand emulation library and it's linker. Copy these to the 932 * /proc brand specific aux vector, and update the regular 933 * /proc aux vectors to point to the executable (and it's 934 * linker). This will enable debuggers to access the 935 * executable via the usual /proc or elf notes aux vectors. 936 * 937 * The brand emulation library's linker will get it's aux 938 * vectors off the stack, and then update the stack with the 939 * executable's aux vectors before jumping to the executable's 940 * linker. 941 * 942 * Debugging the brand emulation library must be done from 943 * the global zone, where the librtld_db module knows how to 944 * fetch the brand specific aux vectors to access the brand 945 * emulation libraries linker. 946 */ 947 for (i = 0; i < __KERN_NAUXV_IMPL; i++) { 948 ulong_t val; 949 950 switch (up->u_auxv[i].a_type) { 951 case AT_SUN_BRAND_COMMON_LDDATA: 952 up->u_auxv[i].a_un.a_val = sed.sed_lddata; 953 continue; 954 case AT_BASE: 955 val = sedp->sed_base; 956 break; 957 case AT_ENTRY: 958 val = sedp->sed_entry; 959 break; 960 case AT_PHDR: 961 val = sedp->sed_phdr; 962 break; 963 case AT_PHENT: 964 val = sedp->sed_phent; 965 break; 966 case AT_PHNUM: 967 val = sedp->sed_phnum; 968 break; 969 case AT_SUN_LDDATA: 970 val = sedp->sed_lddata; 971 break; 972 default: 973 continue; 974 } 975 976 up->u_auxv[i].a_un.a_val = val; 977 if (val == NULL) { 978 /* Hide the entry for static binaries */ 979 up->u_auxv[i].a_type = AT_IGNORE; 980 } 981 } 982 983 /* 984 * The last thing we do here is clear spd->spd_handler. This 985 * is important because if we're already a branded process and 986 * if this exec succeeds, there is a window between when the 987 * exec() first returns to the userland of the new process and 988 * when our brand library get's initialized, during which we 989 * don't want system calls to be re-directed to our brand 990 * library since it hasn't been initialized yet. 991 */ 992 spd->spd_handler = NULL; 993 994 return (0); 995 } 996 997 void 998 brand_solaris_exec(struct brand *pbrand) 999 { 1000 brand_proc_data_t *spd = curproc->p_brand_data; 1001 1002 ASSERT(curproc->p_brand == pbrand); 1003 ASSERT(curproc->p_brand_data != NULL); 1004 ASSERT(ttolwp(curthread)->lwp_brand != NULL); 1005 1006 /* 1007 * We should only be called from exec(), when we know the process 1008 * is single-threaded. 1009 */ 1010 ASSERT(curproc->p_tlist == curproc->p_tlist->t_forw); 1011 1012 /* Upon exec, reset our lwp brand data. */ 1013 (void) brand_solaris_freelwp(ttolwp(curthread), pbrand); 1014 (void) brand_solaris_initlwp(ttolwp(curthread), pbrand); 1015 1016 /* 1017 * Upon exec, reset all the proc brand data, except for the elf 1018 * data associated with the executable we are exec'ing. 1019 */ 1020 spd->spd_handler = NULL; 1021 } 1022 1023 int 1024 brand_solaris_fini(char **emul_table, struct modlinkage *modlinkage, 1025 struct brand *pbrand) 1026 { 1027 int err; 1028 1029 /* 1030 * If there are any zones using this brand, we can't allow it 1031 * to be unloaded. 1032 */ 1033 if (brand_zone_count(pbrand)) 1034 return (EBUSY); 1035 1036 kmem_free(*emul_table, NSYSCALL); 1037 *emul_table = NULL; 1038 1039 err = mod_remove(modlinkage); 1040 if (err) 1041 cmn_err(CE_WARN, "Couldn't unload brand module"); 1042 1043 return (err); 1044 } 1045 1046 /*ARGSUSED*/ 1047 void 1048 brand_solaris_forklwp(klwp_t *p, klwp_t *c, struct brand *pbrand) 1049 { 1050 ASSERT(p->lwp_procp->p_brand == pbrand); 1051 ASSERT(c->lwp_procp->p_brand == pbrand); 1052 1053 ASSERT(p->lwp_procp->p_brand_data != NULL); 1054 ASSERT(c->lwp_procp->p_brand_data != NULL); 1055 1056 /* 1057 * Both LWPs have already had been initialized via 1058 * brand_solaris_initlwp(). 1059 */ 1060 ASSERT(p->lwp_brand != NULL); 1061 ASSERT(c->lwp_brand != NULL); 1062 } 1063 1064 /*ARGSUSED*/ 1065 void 1066 brand_solaris_freelwp(klwp_t *l, struct brand *pbrand) 1067 { 1068 ASSERT(l->lwp_procp->p_brand == pbrand); 1069 ASSERT(l->lwp_procp->p_brand_data != NULL); 1070 ASSERT(l->lwp_brand != NULL); 1071 l->lwp_brand = NULL; 1072 } 1073 1074 /*ARGSUSED*/ 1075 int 1076 brand_solaris_initlwp(klwp_t *l, struct brand *pbrand) 1077 { 1078 ASSERT(l->lwp_procp->p_brand == pbrand); 1079 ASSERT(l->lwp_procp->p_brand_data != NULL); 1080 ASSERT(l->lwp_brand == NULL); 1081 l->lwp_brand = (void *)-1; 1082 return (0); 1083 } 1084 1085 /*ARGSUSED*/ 1086 void 1087 brand_solaris_lwpexit(klwp_t *l, struct brand *pbrand) 1088 { 1089 proc_t *p = l->lwp_procp; 1090 1091 ASSERT(l->lwp_procp->p_brand == pbrand); 1092 ASSERT(l->lwp_procp->p_brand_data != NULL); 1093 ASSERT(l->lwp_brand != NULL); 1094 1095 /* 1096 * We should never be called for the last thread in a process. 1097 * (That case is handled by brand_solaris_proc_exit().) 1098 * Therefore this lwp must be exiting from a multi-threaded 1099 * process. 1100 */ 1101 ASSERT(p->p_tlist != p->p_tlist->t_forw); 1102 1103 l->lwp_brand = NULL; 1104 } 1105 1106 /*ARGSUSED*/ 1107 void 1108 brand_solaris_proc_exit(struct proc *p, klwp_t *l, struct brand *pbrand) 1109 { 1110 ASSERT(p->p_brand == pbrand); 1111 ASSERT(p->p_brand_data != NULL); 1112 1113 /* 1114 * We should only be called from proc_exit(), when we know that 1115 * process is single-threaded. 1116 */ 1117 ASSERT(p->p_tlist == p->p_tlist->t_forw); 1118 1119 /* upon exit, free our lwp brand data */ 1120 (void) brand_solaris_freelwp(ttolwp(curthread), pbrand); 1121 1122 /* upon exit, free our proc brand data */ 1123 kmem_free(p->p_brand_data, sizeof (brand_proc_data_t)); 1124 p->p_brand_data = NULL; 1125 } 1126 1127 void 1128 brand_solaris_setbrand(proc_t *p, struct brand *pbrand) 1129 { 1130 ASSERT(p->p_brand == pbrand); 1131 ASSERT(p->p_brand_data == NULL); 1132 1133 /* 1134 * We should only be called from exec(), when we know the process 1135 * is single-threaded. 1136 */ 1137 ASSERT(p->p_tlist == p->p_tlist->t_forw); 1138 1139 p->p_brand_data = kmem_zalloc(sizeof (brand_proc_data_t), KM_SLEEP); 1140 (void) brand_solaris_initlwp(p->p_tlist->t_lwp, pbrand); 1141 } 1142