1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 /* Copyright (c) 1988 AT&T */ 29 /* All Rights Reserved */ 30 31 32 #include <sys/types.h> 33 #include <sys/param.h> 34 #include <sys/sysmacros.h> 35 #include <sys/systm.h> 36 #include <sys/signal.h> 37 #include <sys/cred_impl.h> 38 #include <sys/policy.h> 39 #include <sys/user.h> 40 #include <sys/errno.h> 41 #include <sys/file.h> 42 #include <sys/vfs.h> 43 #include <sys/vnode.h> 44 #include <sys/mman.h> 45 #include <sys/acct.h> 46 #include <sys/cpuvar.h> 47 #include <sys/proc.h> 48 #include <sys/cmn_err.h> 49 #include <sys/debug.h> 50 #include <sys/pathname.h> 51 #include <sys/vm.h> 52 #include <sys/vtrace.h> 53 #include <sys/exec.h> 54 #include <sys/exechdr.h> 55 #include <sys/kmem.h> 56 #include <sys/prsystm.h> 57 #include <sys/modctl.h> 58 #include <sys/vmparam.h> 59 #include <sys/schedctl.h> 60 #include <sys/utrap.h> 61 #include <sys/systeminfo.h> 62 #include <sys/stack.h> 63 #include <sys/rctl.h> 64 #include <sys/dtrace.h> 65 #include <sys/lwpchan_impl.h> 66 #include <sys/pool.h> 67 #include <sys/sdt.h> 68 69 #include <c2/audit.h> 70 71 #include <vm/hat.h> 72 #include <vm/anon.h> 73 #include <vm/as.h> 74 #include <vm/seg.h> 75 #include <vm/seg_vn.h> 76 77 #define PRIV_RESET 0x01 /* needs to reset privs */ 78 #define PRIV_SETID 0x02 /* needs to change uids */ 79 #define PRIV_SETUGID 0x04 /* is setuid/setgid/forced privs */ 80 #define PRIV_INCREASE 0x08 /* child runs with more privs */ 81 82 static int execsetid(struct vnode *, struct vattr *, uid_t *, uid_t *); 83 static int hold_execsw(struct execsw *); 84 85 uint_t auxv_hwcap = 0; /* auxv AT_SUN_HWCAP value; determined on the fly */ 86 #if defined(_SYSCALL32_IMPL) 87 uint_t auxv_hwcap32 = 0; /* 32-bit version of auxv_hwcap */ 88 #endif 89 90 int exec_lpg_disable = 0; 91 92 #define PSUIDFLAGS (SNOCD|SUGID) 93 94 /* 95 * exec() - wrapper around exece providing NULL environment pointer 96 */ 97 int 98 exec(const char *fname, const char **argp) 99 { 100 return (exece(fname, argp, NULL)); 101 } 102 103 /* 104 * exece() - system call wrapper around exec_common() 105 */ 106 int 107 exece(const char *fname, const char **argp, const char **envp) 108 { 109 int error; 110 111 error = exec_common(fname, argp, envp); 112 return (error ? (set_errno(error)) : 0); 113 } 114 115 int 116 exec_common(const char *fname, const char **argp, const char **envp) 117 { 118 vnode_t *vp = NULL, *dir = NULL, *tmpvp = NULL; 119 proc_t *p = ttoproc(curthread); 120 klwp_t *lwp = ttolwp(curthread); 121 struct user *up = PTOU(p); 122 long execsz; /* temporary count of exec size */ 123 int i; 124 int error; 125 char exec_file[MAXCOMLEN+1]; 126 struct pathname pn; 127 struct pathname resolvepn; 128 struct uarg args; 129 struct execa ua; 130 k_sigset_t savedmask; 131 lwpdir_t *lwpdir = NULL; 132 lwpdir_t **tidhash; 133 lwpdir_t *old_lwpdir = NULL; 134 uint_t old_lwpdir_sz; 135 lwpdir_t **old_tidhash; 136 uint_t old_tidhash_sz; 137 lwpent_t *lep; 138 139 /* 140 * exec() is not supported for the /proc agent lwp. 141 */ 142 if (curthread == p->p_agenttp) 143 return (ENOTSUP); 144 145 if ((error = secpolicy_basic_exec(CRED())) != 0) 146 return (error); 147 148 /* 149 * Inform /proc that an exec() has started. 150 * Hold signals that are ignored by default so that we will 151 * not be interrupted by a signal that will be ignored after 152 * successful completion of gexec(). 153 */ 154 mutex_enter(&p->p_lock); 155 prexecstart(); 156 schedctl_finish_sigblock(curthread); 157 savedmask = curthread->t_hold; 158 sigorset(&curthread->t_hold, &ignoredefault); 159 mutex_exit(&p->p_lock); 160 161 /* 162 * Look up path name and remember last component for later. 163 * To help coreadm expand its %d token, we attempt to save 164 * the directory containing the executable in p_execdir. The 165 * first call to lookuppn() may fail and return EINVAL because 166 * dirvpp is non-NULL. In that case, we make a second call to 167 * lookuppn() with dirvpp set to NULL; p_execdir will be NULL, 168 * but coreadm is allowed to expand %d to the empty string and 169 * there are other cases in which that failure may occur. 170 */ 171 if ((error = pn_get((char *)fname, UIO_USERSPACE, &pn)) != 0) 172 goto out; 173 pn_alloc(&resolvepn); 174 if ((error = lookuppn(&pn, &resolvepn, FOLLOW, &dir, &vp)) != 0) { 175 pn_free(&resolvepn); 176 pn_free(&pn); 177 if (error != EINVAL) 178 goto out; 179 180 dir = NULL; 181 if ((error = pn_get((char *)fname, UIO_USERSPACE, &pn)) != 0) 182 goto out; 183 pn_alloc(&resolvepn); 184 if ((error = lookuppn(&pn, &resolvepn, FOLLOW, NULLVPP, 185 &vp)) != 0) { 186 pn_free(&resolvepn); 187 pn_free(&pn); 188 goto out; 189 } 190 } 191 if (vp == NULL) { 192 if (dir != NULL) 193 VN_RELE(dir); 194 error = ENOENT; 195 pn_free(&resolvepn); 196 pn_free(&pn); 197 goto out; 198 } 199 200 /* 201 * We do not allow executing files in attribute directories. 202 * We test this by determining whether the resolved path 203 * contains a "/" when we're in an attribute directory; 204 * only if the pathname does not contain a "/" the resolved path 205 * points to a file in the current working (attribute) directory. 206 */ 207 if ((p->p_user.u_cdir->v_flag & V_XATTRDIR) != 0 && 208 strchr(resolvepn.pn_path, '/') == NULL) { 209 if (dir != NULL) 210 VN_RELE(dir); 211 error = EACCES; 212 pn_free(&resolvepn); 213 pn_free(&pn); 214 VN_RELE(vp); 215 goto out; 216 } 217 218 bzero(exec_file, MAXCOMLEN+1); 219 (void) strncpy(exec_file, pn.pn_path, MAXCOMLEN); 220 bzero(&args, sizeof (args)); 221 args.pathname = resolvepn.pn_path; 222 /* don't free resolvepn until we are done with args */ 223 pn_free(&pn); 224 225 /* 226 * Specific exec handlers, or policies determined via 227 * /etc/system may override the historical default. 228 */ 229 args.stk_prot = PROT_ZFOD; 230 args.dat_prot = PROT_ZFOD; 231 232 CPU_STATS_ADD_K(sys, sysexec, 1); 233 DTRACE_PROC1(exec, char *, args.pathname); 234 235 ua.fname = fname; 236 ua.argp = argp; 237 ua.envp = envp; 238 239 if ((error = gexec(&vp, &ua, &args, NULL, 0, &execsz, 240 exec_file, p->p_cred)) != 0) { 241 VN_RELE(vp); 242 if (dir != NULL) 243 VN_RELE(dir); 244 pn_free(&resolvepn); 245 goto fail; 246 } 247 248 /* 249 * Free floating point registers (sun4u only) 250 */ 251 ASSERT(lwp != NULL); 252 lwp_freeregs(lwp, 1); 253 254 /* 255 * Free thread and process context ops. 256 */ 257 if (curthread->t_ctx) 258 freectx(curthread, 1); 259 if (p->p_pctx) 260 freepctx(p, 1); 261 262 /* 263 * Remember file name for accounting; clear any cached DTrace predicate. 264 */ 265 up->u_acflag &= ~AFORK; 266 bcopy(exec_file, up->u_comm, MAXCOMLEN+1); 267 curthread->t_predcache = NULL; 268 269 /* 270 * Clear contract template state 271 */ 272 lwp_ctmpl_clear(lwp); 273 274 /* 275 * Save the directory in which we found the executable for expanding 276 * the %d token used in core file patterns. 277 */ 278 mutex_enter(&p->p_lock); 279 tmpvp = p->p_execdir; 280 p->p_execdir = dir; 281 if (p->p_execdir != NULL) 282 VN_HOLD(p->p_execdir); 283 mutex_exit(&p->p_lock); 284 285 if (tmpvp != NULL) 286 VN_RELE(tmpvp); 287 288 /* 289 * Reset stack state to the user stack, clear set of signals 290 * caught on the signal stack, and reset list of signals that 291 * restart system calls; the new program's environment should 292 * not be affected by detritus from the old program. Any 293 * pending held signals remain held, so don't clear t_hold. 294 */ 295 mutex_enter(&p->p_lock); 296 lwp->lwp_oldcontext = 0; 297 lwp->lwp_ustack = 0; 298 lwp->lwp_old_stk_ctl = 0; 299 sigemptyset(&up->u_signodefer); 300 sigemptyset(&up->u_sigonstack); 301 sigemptyset(&up->u_sigresethand); 302 lwp->lwp_sigaltstack.ss_sp = 0; 303 lwp->lwp_sigaltstack.ss_size = 0; 304 lwp->lwp_sigaltstack.ss_flags = SS_DISABLE; 305 306 /* 307 * Make saved resource limit == current resource limit. 308 */ 309 for (i = 0; i < RLIM_NLIMITS; i++) { 310 /*CONSTCOND*/ 311 if (RLIM_SAVED(i)) { 312 (void) rctl_rlimit_get(rctlproc_legacy[i], p, 313 &up->u_saved_rlimit[i]); 314 } 315 } 316 317 /* 318 * If the action was to catch the signal, then the action 319 * must be reset to SIG_DFL. 320 */ 321 sigdefault(p); 322 p->p_flag &= ~(SNOWAIT|SJCTL); 323 p->p_flag |= (SEXECED|SMSACCT|SMSFORK); 324 up->u_signal[SIGCLD - 1] = SIG_DFL; 325 326 /* 327 * Delete the dot4 sigqueues/signotifies. 328 */ 329 sigqfree(p); 330 331 mutex_exit(&p->p_lock); 332 333 mutex_enter(&p->p_pflock); 334 p->p_prof.pr_base = NULL; 335 p->p_prof.pr_size = 0; 336 p->p_prof.pr_off = 0; 337 p->p_prof.pr_scale = 0; 338 p->p_prof.pr_samples = 0; 339 mutex_exit(&p->p_pflock); 340 341 ASSERT(curthread->t_schedctl == NULL); 342 343 #if defined(__sparc) 344 if (p->p_utraps != NULL) 345 utrap_free(p); 346 #endif /* __sparc */ 347 348 /* 349 * Close all close-on-exec files. 350 */ 351 close_exec(P_FINFO(p)); 352 TRACE_2(TR_FAC_PROC, TR_PROC_EXEC, "proc_exec:p %p up %p", p, up); 353 setregs(&args); 354 355 /* Mark this as an executable vnode */ 356 mutex_enter(&vp->v_lock); 357 vp->v_flag |= VVMEXEC; 358 mutex_exit(&vp->v_lock); 359 360 VN_RELE(vp); 361 if (dir != NULL) 362 VN_RELE(dir); 363 pn_free(&resolvepn); 364 365 /* 366 * Allocate a new lwp directory and lwpid hash table if necessary. 367 */ 368 if (curthread->t_tid != 1 || p->p_lwpdir_sz != 2) { 369 lwpdir = kmem_zalloc(2 * sizeof (lwpdir_t), KM_SLEEP); 370 lwpdir->ld_next = lwpdir + 1; 371 tidhash = kmem_zalloc(2 * sizeof (lwpdir_t *), KM_SLEEP); 372 if (p->p_lwpdir != NULL) 373 lep = p->p_lwpdir[curthread->t_dslot].ld_entry; 374 else 375 lep = kmem_zalloc(sizeof (*lep), KM_SLEEP); 376 } 377 378 mutex_enter(&p->p_lock); 379 prbarrier(p); 380 381 /* 382 * Reset lwp id to the default value of 1. 383 * This is a single-threaded process now 384 * and lwp #1 is lwp_wait()able by default. 385 * The t_unpark flag should not be inherited. 386 */ 387 ASSERT(p->p_lwpcnt == 1 && p->p_zombcnt == 0); 388 curthread->t_tid = 1; 389 curthread->t_unpark = 0; 390 curthread->t_proc_flag |= TP_TWAIT; 391 curthread->t_proc_flag &= ~TP_DAEMON; /* daemons shouldn't exec */ 392 p->p_lwpdaemon = 0; /* but oh well ... */ 393 p->p_lwpid = 1; 394 395 /* 396 * Install the newly-allocated lwp directory and lwpid hash table 397 * and insert the current thread into the new hash table. 398 */ 399 if (lwpdir != NULL) { 400 old_lwpdir = p->p_lwpdir; 401 old_lwpdir_sz = p->p_lwpdir_sz; 402 old_tidhash = p->p_tidhash; 403 old_tidhash_sz = p->p_tidhash_sz; 404 p->p_lwpdir = p->p_lwpfree = lwpdir; 405 p->p_lwpdir_sz = 2; 406 p->p_tidhash = tidhash; 407 p->p_tidhash_sz = 2; 408 lep->le_thread = curthread; 409 lep->le_lwpid = curthread->t_tid; 410 lep->le_start = curthread->t_start; 411 lwp_hash_in(p, lep); 412 } 413 /* 414 * Restore the saved signal mask and 415 * inform /proc that the exec() has finished. 416 */ 417 curthread->t_hold = savedmask; 418 prexecend(); 419 mutex_exit(&p->p_lock); 420 if (old_lwpdir) { 421 kmem_free(old_lwpdir, old_lwpdir_sz * sizeof (lwpdir_t)); 422 kmem_free(old_tidhash, old_tidhash_sz * sizeof (lwpdir_t *)); 423 } 424 ASSERT(error == 0); 425 DTRACE_PROC(exec__success); 426 return (0); 427 428 fail: 429 DTRACE_PROC1(exec__failure, int, error); 430 out: /* error return */ 431 mutex_enter(&p->p_lock); 432 curthread->t_hold = savedmask; 433 prexecend(); 434 mutex_exit(&p->p_lock); 435 ASSERT(error != 0); 436 return (error); 437 } 438 439 440 /* 441 * Perform generic exec duties and switchout to object-file specific 442 * handler. 443 */ 444 int 445 gexec( 446 struct vnode **vpp, 447 struct execa *uap, 448 struct uarg *args, 449 struct intpdata *idatap, 450 int level, 451 long *execsz, 452 caddr_t exec_file, 453 struct cred *cred) 454 { 455 struct vnode *vp; 456 proc_t *pp = ttoproc(curthread); 457 struct execsw *eswp; 458 int error = 0; 459 int suidflags = 0; 460 ssize_t resid; 461 uid_t uid, gid; 462 struct vattr vattr; 463 char magbuf[MAGIC_BYTES]; 464 int setid; 465 cred_t *oldcred, *newcred = NULL; 466 int privflags = 0; 467 int setidfl; 468 469 /* 470 * If the SNOCD or SUGID flag is set, turn it off and remember the 471 * previous setting so we can restore it if we encounter an error. 472 */ 473 if (level == 0 && (pp->p_flag & PSUIDFLAGS)) { 474 mutex_enter(&pp->p_lock); 475 suidflags = pp->p_flag & PSUIDFLAGS; 476 pp->p_flag &= ~PSUIDFLAGS; 477 mutex_exit(&pp->p_lock); 478 } 479 480 if ((error = execpermissions(*vpp, &vattr, args)) != 0) 481 goto bad; 482 483 /* need to open vnode for stateful file systems like rfs */ 484 if ((error = VOP_OPEN(vpp, FREAD, CRED())) != 0) 485 goto bad; 486 vp = *vpp; 487 488 /* 489 * Note: to support binary compatibility with SunOS a.out 490 * executables, we read in the first four bytes, as the 491 * magic number is in bytes 2-3. 492 */ 493 if (error = vn_rdwr(UIO_READ, vp, magbuf, sizeof (magbuf), 494 (offset_t)0, UIO_SYSSPACE, 0, (rlim64_t)0, CRED(), &resid)) 495 goto bad; 496 if (resid != 0) 497 goto bad; 498 499 if ((eswp = findexec_by_hdr(magbuf)) == NULL) 500 goto bad; 501 502 if (level == 0 && 503 (privflags = execsetid(vp, &vattr, &uid, &gid)) != 0) { 504 505 newcred = cred = crdup(cred); 506 507 /* If we can, drop the PA bit */ 508 if ((privflags & PRIV_RESET) != 0) 509 priv_adjust_PA(cred); 510 511 if (privflags & PRIV_SETID) { 512 cred->cr_uid = uid; 513 cred->cr_gid = gid; 514 cred->cr_suid = uid; 515 cred->cr_sgid = gid; 516 } 517 518 /* 519 * Implement the privilege updates: 520 * 521 * Restrict with L: 522 * 523 * I' = I & L 524 * 525 * E' = P' = (I' + F) & A 526 * 527 * But if running under ptrace, we cap I with P. 528 */ 529 if ((privflags & PRIV_RESET) != 0) { 530 if ((privflags & PRIV_INCREASE) != 0 && 531 (pp->p_proc_flag & P_PR_PTRACE) != 0) 532 priv_intersect(&CR_OPPRIV(cred), 533 &CR_IPRIV(cred)); 534 priv_intersect(&CR_LPRIV(cred), &CR_IPRIV(cred)); 535 CR_EPRIV(cred) = CR_PPRIV(cred) = CR_IPRIV(cred); 536 priv_adjust_PA(cred); 537 } 538 } 539 540 /* SunOS 4.x buy-back */ 541 if ((vp->v_vfsp->vfs_flag & VFS_NOSETUID) && 542 (vattr.va_mode & (VSUID|VSGID))) { 543 cmn_err(CE_NOTE, 544 "!%s, uid %d: setuid execution not allowed, dev=%lx", 545 exec_file, cred->cr_uid, vp->v_vfsp->vfs_dev); 546 } 547 548 /* 549 * execsetid() told us whether or not we had to change the 550 * credentials of the process. In privflags, it told us 551 * whether we gained any privileges or executed a set-uid executable. 552 */ 553 setid = (privflags & (PRIV_SETUGID|PRIV_INCREASE)); 554 555 /* 556 * Use /etc/system variable to determine if the stack 557 * should be marked as executable by default. 558 */ 559 if (noexec_user_stack) 560 args->stk_prot &= ~PROT_EXEC; 561 562 args->execswp = eswp; /* Save execsw pointer in uarg for exec_func */ 563 564 /* 565 * Traditionally, the setid flags told the sub processes whether 566 * the file just executed was set-uid or set-gid; this caused 567 * some confusion as the 'setid' flag did not match the SUGID 568 * process flag which is only set when the uids/gids do not match. 569 * A script set-gid/set-uid to the real uid/gid would start with 570 * /dev/fd/X but an executable would happily trust LD_LIBRARY_PATH. 571 * Now we flag those cases where the calling process cannot 572 * be trusted to influence the newly exec'ed process, either 573 * because it runs with more privileges or when the uids/gids 574 * do in fact not match. 575 * This also makes the runtime linker agree with the on exec 576 * values of SNOCD and SUGID. 577 */ 578 setidfl = 0; 579 if (cred->cr_uid != cred->cr_ruid || (cred->cr_rgid != cred->cr_gid && 580 !supgroupmember(cred->cr_gid, cred))) { 581 setidfl |= EXECSETID_UGIDS; 582 } 583 if (setid & PRIV_SETUGID) 584 setidfl |= EXECSETID_SETID; 585 if (setid & PRIV_INCREASE) 586 setidfl |= EXECSETID_PRIVS; 587 588 error = (*eswp->exec_func)(vp, uap, args, idatap, level, execsz, 589 setidfl, exec_file, cred); 590 rw_exit(eswp->exec_lock); 591 if (error != 0) { 592 if (newcred != NULL) 593 crfree(newcred); 594 goto bad; 595 } 596 597 if (level == 0) { 598 mutex_enter(&pp->p_crlock); 599 if (newcred != NULL) { 600 /* 601 * Free the old credentials, and set the new ones. 602 * Do this for both the process and the (single) thread. 603 */ 604 crfree(pp->p_cred); 605 pp->p_cred = cred; /* cred already held for proc */ 606 crhold(cred); /* hold new cred for thread */ 607 /* 608 * DTrace accesses t_cred in probe context. t_cred 609 * must always be either NULL, or point to a valid, 610 * allocated cred structure. 611 */ 612 oldcred = curthread->t_cred; 613 curthread->t_cred = cred; 614 crfree(oldcred); 615 } 616 /* 617 * On emerging from a successful exec(), the saved 618 * uid and gid equal the effective uid and gid. 619 */ 620 cred->cr_suid = cred->cr_uid; 621 cred->cr_sgid = cred->cr_gid; 622 623 /* 624 * If the real and effective ids do not match, this 625 * is a setuid process that should not dump core. 626 * The group comparison is tricky; we prevent the code 627 * from flagging SNOCD when executing with an effective gid 628 * which is a supplementary group. 629 */ 630 if (cred->cr_ruid != cred->cr_uid || 631 (cred->cr_rgid != cred->cr_gid && 632 !supgroupmember(cred->cr_gid, cred)) || 633 (privflags & PRIV_INCREASE) != 0) 634 suidflags = PSUIDFLAGS; 635 else 636 suidflags = 0; 637 638 mutex_exit(&pp->p_crlock); 639 if (suidflags) { 640 mutex_enter(&pp->p_lock); 641 pp->p_flag |= suidflags; 642 mutex_exit(&pp->p_lock); 643 } 644 if (setid && (pp->p_proc_flag & P_PR_PTRACE) == 0) { 645 /* 646 * If process is traced via /proc, arrange to 647 * invalidate the associated /proc vnode. 648 */ 649 if (pp->p_plist || (pp->p_proc_flag & P_PR_TRACE)) 650 args->traceinval = 1; 651 } 652 if (pp->p_proc_flag & P_PR_PTRACE) 653 psignal(pp, SIGTRAP); 654 if (args->traceinval) 655 prinvalidate(&pp->p_user); 656 } 657 658 return (0); 659 bad: 660 if (error == 0) 661 error = ENOEXEC; 662 663 if (suidflags) { 664 mutex_enter(&pp->p_lock); 665 pp->p_flag |= suidflags; 666 mutex_exit(&pp->p_lock); 667 } 668 return (error); 669 } 670 671 extern char *execswnames[]; 672 673 struct execsw * 674 allocate_execsw(char *name, char *magic, size_t magic_size) 675 { 676 int i, j; 677 char *ename; 678 char *magicp; 679 680 mutex_enter(&execsw_lock); 681 for (i = 0; i < nexectype; i++) { 682 if (execswnames[i] == NULL) { 683 ename = kmem_alloc(strlen(name) + 1, KM_SLEEP); 684 (void) strcpy(ename, name); 685 execswnames[i] = ename; 686 /* 687 * Set the magic number last so that we 688 * don't need to hold the execsw_lock in 689 * findexectype(). 690 */ 691 magicp = kmem_alloc(magic_size, KM_SLEEP); 692 for (j = 0; j < magic_size; j++) 693 magicp[j] = magic[j]; 694 execsw[i].exec_magic = magicp; 695 mutex_exit(&execsw_lock); 696 return (&execsw[i]); 697 } 698 } 699 mutex_exit(&execsw_lock); 700 return (NULL); 701 } 702 703 /* 704 * Find the exec switch table entry with the corresponding magic string. 705 */ 706 struct execsw * 707 findexecsw(char *magic) 708 { 709 struct execsw *eswp; 710 711 for (eswp = execsw; eswp < &execsw[nexectype]; eswp++) { 712 ASSERT(eswp->exec_maglen <= MAGIC_BYTES); 713 if (magic && eswp->exec_maglen != 0 && 714 bcmp(magic, eswp->exec_magic, eswp->exec_maglen) == 0) 715 return (eswp); 716 } 717 return (NULL); 718 } 719 720 /* 721 * Find the execsw[] index for the given exec header string by looking for the 722 * magic string at a specified offset and length for each kind of executable 723 * file format until one matches. If no execsw[] entry is found, try to 724 * autoload a module for this magic string. 725 */ 726 struct execsw * 727 findexec_by_hdr(char *header) 728 { 729 struct execsw *eswp; 730 731 for (eswp = execsw; eswp < &execsw[nexectype]; eswp++) { 732 ASSERT(eswp->exec_maglen <= MAGIC_BYTES); 733 if (header && eswp->exec_maglen != 0 && 734 bcmp(&header[eswp->exec_magoff], eswp->exec_magic, 735 eswp->exec_maglen) == 0) { 736 if (hold_execsw(eswp) != 0) 737 return (NULL); 738 return (eswp); 739 } 740 } 741 return (NULL); /* couldn't find the type */ 742 } 743 744 /* 745 * Find the execsw[] index for the given magic string. If no execsw[] entry 746 * is found, try to autoload a module for this magic string. 747 */ 748 struct execsw * 749 findexec_by_magic(char *magic) 750 { 751 struct execsw *eswp; 752 753 for (eswp = execsw; eswp < &execsw[nexectype]; eswp++) { 754 ASSERT(eswp->exec_maglen <= MAGIC_BYTES); 755 if (magic && eswp->exec_maglen != 0 && 756 bcmp(magic, eswp->exec_magic, eswp->exec_maglen) == 0) { 757 if (hold_execsw(eswp) != 0) 758 return (NULL); 759 return (eswp); 760 } 761 } 762 return (NULL); /* couldn't find the type */ 763 } 764 765 static int 766 hold_execsw(struct execsw *eswp) 767 { 768 char *name; 769 770 rw_enter(eswp->exec_lock, RW_READER); 771 while (!LOADED_EXEC(eswp)) { 772 rw_exit(eswp->exec_lock); 773 name = execswnames[eswp-execsw]; 774 ASSERT(name); 775 if (modload("exec", name) == -1) 776 return (-1); 777 rw_enter(eswp->exec_lock, RW_READER); 778 } 779 return (0); 780 } 781 782 static int 783 execsetid(struct vnode *vp, struct vattr *vattrp, uid_t *uidp, uid_t *gidp) 784 { 785 proc_t *pp = ttoproc(curthread); 786 uid_t uid, gid; 787 cred_t *cr = pp->p_cred; 788 int privflags = 0; 789 790 /* 791 * Remember credentials. 792 */ 793 uid = cr->cr_uid; 794 gid = cr->cr_gid; 795 796 /* Will try to reset the PRIV_AWARE bit later. */ 797 if ((CR_FLAGS(cr) & (PRIV_AWARE|PRIV_AWARE_INHERIT)) == PRIV_AWARE) 798 privflags |= PRIV_RESET; 799 800 if ((vp->v_vfsp->vfs_flag & VFS_NOSETUID) == 0) { 801 /* 802 * Set-uid root execution only allowed if the limit set 803 * holds all unsafe privileges. 804 */ 805 if ((vattrp->va_mode & VSUID) && (vattrp->va_uid != 0 || 806 priv_issubset(&priv_unsafe, &CR_LPRIV(cr)))) { 807 uid = vattrp->va_uid; 808 privflags |= PRIV_SETUGID; 809 } 810 if (vattrp->va_mode & VSGID) { 811 gid = vattrp->va_gid; 812 privflags |= PRIV_SETUGID; 813 } 814 } 815 816 /* 817 * Do we need to change our credential anyway? 818 * This is the case when E != I or P != I, as 819 * we need to do the assignments (with F empty and A full) 820 * Or when I is not a subset of L; in that case we need to 821 * enforce L. 822 * 823 * I' = L & I 824 * 825 * E' = P' = (I' + F) & A 826 * or 827 * E' = P' = I' 828 */ 829 if (!priv_isequalset(&CR_EPRIV(cr), &CR_IPRIV(cr)) || 830 !priv_issubset(&CR_IPRIV(cr), &CR_LPRIV(cr)) || 831 !priv_isequalset(&CR_PPRIV(cr), &CR_IPRIV(cr))) 832 privflags |= PRIV_RESET; 833 834 /* 835 * When we introduce the "forced" set then we will need 836 * to set PRIV_INCREASE here if I not a subset of P. 837 * If the "allowed" set is introduced we will need to do 838 * a similar thing; however, it seems more reasonable to 839 * have the allowed set reduce "L": script language interpreters 840 * would typically have an allowed set of "all". 841 */ 842 843 /* 844 * Set setuid/setgid protections if no ptrace() compatibility. 845 * For privileged processes, honor setuid/setgid even in 846 * the presence of ptrace() compatibility. 847 */ 848 if (((pp->p_proc_flag & P_PR_PTRACE) == 0 || 849 PRIV_POLICY_ONLY(cr, PRIV_PROC_OWNER, (uid == 0))) && 850 (cr->cr_uid != uid || 851 cr->cr_gid != gid || 852 cr->cr_suid != uid || 853 cr->cr_sgid != gid)) { 854 *uidp = uid; 855 *gidp = gid; 856 privflags |= PRIV_SETID; 857 } 858 return (privflags); 859 } 860 861 int 862 execpermissions(struct vnode *vp, struct vattr *vattrp, struct uarg *args) 863 { 864 int error; 865 proc_t *p = ttoproc(curthread); 866 867 vattrp->va_mask = AT_MODE | AT_UID | AT_GID | AT_SIZE; 868 if (error = VOP_GETATTR(vp, vattrp, ATTR_EXEC, p->p_cred)) 869 return (error); 870 /* 871 * Check the access mode. 872 * If VPROC, ask /proc if the file is an object file. 873 */ 874 if ((error = VOP_ACCESS(vp, VEXEC, 0, p->p_cred)) != 0 || 875 !(vp->v_type == VREG || (vp->v_type == VPROC && pr_isobject(vp))) || 876 (vp->v_vfsp->vfs_flag & VFS_NOEXEC) != 0 || 877 (vattrp->va_mode & (VEXEC|(VEXEC>>3)|(VEXEC>>6))) == 0) { 878 if (error == 0) 879 error = EACCES; 880 return (error); 881 } 882 883 if ((p->p_plist || (p->p_proc_flag & (P_PR_PTRACE|P_PR_TRACE))) && 884 (error = VOP_ACCESS(vp, VREAD, 0, p->p_cred))) { 885 /* 886 * If process is under ptrace(2) compatibility, 887 * fail the exec(2). 888 */ 889 if (p->p_proc_flag & P_PR_PTRACE) 890 goto bad; 891 /* 892 * Process is traced via /proc. 893 * Arrange to invalidate the /proc vnode. 894 */ 895 args->traceinval = 1; 896 } 897 return (0); 898 bad: 899 if (error == 0) 900 error = ENOEXEC; 901 return (error); 902 } 903 904 /* 905 * Map a section of an executable file into the user's 906 * address space. 907 */ 908 int 909 execmap(struct vnode *vp, caddr_t addr, size_t len, size_t zfodlen, 910 off_t offset, int prot, int page, uint_t szc) 911 { 912 int error = 0; 913 off_t oldoffset; 914 caddr_t zfodbase, oldaddr; 915 size_t end, oldlen; 916 size_t zfoddiff; 917 label_t ljb; 918 proc_t *p = ttoproc(curthread); 919 920 oldaddr = addr; 921 addr = (caddr_t)((uintptr_t)addr & (uintptr_t)PAGEMASK); 922 if (len) { 923 oldlen = len; 924 len += ((size_t)oldaddr - (size_t)addr); 925 oldoffset = offset; 926 offset = (off_t)((uintptr_t)offset & PAGEMASK); 927 if (page) { 928 spgcnt_t prefltmem, availm, npages; 929 int preread; 930 uint_t mflag = MAP_PRIVATE | MAP_FIXED; 931 932 if ((prot & (PROT_WRITE | PROT_EXEC)) == PROT_EXEC) { 933 mflag |= MAP_TEXT; 934 } else { 935 mflag |= MAP_INITDATA; 936 } 937 938 if (valid_usr_range(addr, len, prot, p->p_as, 939 p->p_as->a_userlimit) != RANGE_OKAY) { 940 error = ENOMEM; 941 goto bad; 942 } 943 if (error = VOP_MAP(vp, (offset_t)offset, 944 p->p_as, &addr, len, prot, PROT_ALL, 945 mflag, CRED())) 946 goto bad; 947 948 /* 949 * If the segment can fit, then we prefault 950 * the entire segment in. This is based on the 951 * model that says the best working set of a 952 * small program is all of its pages. 953 */ 954 npages = (spgcnt_t)btopr(len); 955 prefltmem = freemem - desfree; 956 preread = 957 (npages < prefltmem && len < PGTHRESH) ? 1 : 0; 958 959 /* 960 * If we aren't prefaulting the segment, 961 * increment "deficit", if necessary to ensure 962 * that pages will become available when this 963 * process starts executing. 964 */ 965 availm = freemem - lotsfree; 966 if (preread == 0 && npages > availm && 967 deficit < lotsfree) { 968 deficit += MIN((pgcnt_t)(npages - availm), 969 lotsfree - deficit); 970 } 971 972 if (preread) { 973 TRACE_2(TR_FAC_PROC, TR_EXECMAP_PREREAD, 974 "execmap preread:freemem %d size %lu", 975 freemem, len); 976 (void) as_fault(p->p_as->a_hat, p->p_as, 977 (caddr_t)addr, len, F_INVAL, S_READ); 978 } 979 } else { 980 if (valid_usr_range(addr, len, prot, p->p_as, 981 p->p_as->a_userlimit) != RANGE_OKAY) { 982 error = ENOMEM; 983 goto bad; 984 } 985 986 if (error = as_map(p->p_as, addr, len, 987 segvn_create, zfod_argsp)) 988 goto bad; 989 /* 990 * Read in the segment in one big chunk. 991 */ 992 if (error = vn_rdwr(UIO_READ, vp, (caddr_t)oldaddr, 993 oldlen, (offset_t)oldoffset, UIO_USERSPACE, 0, 994 (rlim64_t)0, CRED(), (ssize_t *)0)) 995 goto bad; 996 /* 997 * Now set protections. 998 */ 999 if (prot != PROT_ZFOD) { 1000 (void) as_setprot(p->p_as, (caddr_t)addr, 1001 len, prot); 1002 } 1003 } 1004 } 1005 1006 if (zfodlen) { 1007 end = (size_t)addr + len; 1008 zfodbase = (caddr_t)roundup(end, PAGESIZE); 1009 zfoddiff = (uintptr_t)zfodbase - end; 1010 if (zfoddiff) { 1011 if (on_fault(&ljb)) { 1012 no_fault(); 1013 error = EFAULT; 1014 goto bad; 1015 } 1016 uzero((void *)end, zfoddiff); 1017 no_fault(); 1018 } 1019 if (zfodlen > zfoddiff) { 1020 struct segvn_crargs crargs = 1021 SEGVN_ZFOD_ARGS(PROT_ZFOD, PROT_ALL); 1022 1023 zfodlen -= zfoddiff; 1024 if (valid_usr_range(zfodbase, zfodlen, prot, p->p_as, 1025 p->p_as->a_userlimit) != RANGE_OKAY) { 1026 error = ENOMEM; 1027 goto bad; 1028 } 1029 crargs.szc = szc; 1030 if (error = as_map(p->p_as, (caddr_t)zfodbase, 1031 zfodlen, segvn_create, &crargs)) 1032 goto bad; 1033 if (prot != PROT_ZFOD) { 1034 (void) as_setprot(p->p_as, (caddr_t)zfodbase, 1035 zfodlen, prot); 1036 } 1037 } 1038 } 1039 return (0); 1040 bad: 1041 return (error); 1042 } 1043 1044 void 1045 setexecenv(struct execenv *ep) 1046 { 1047 proc_t *p = ttoproc(curthread); 1048 klwp_t *lwp = ttolwp(curthread); 1049 struct vnode *vp; 1050 1051 p->p_bssbase = ep->ex_bssbase; 1052 p->p_brkbase = ep->ex_brkbase; 1053 p->p_brksize = ep->ex_brksize; 1054 if (p->p_exec) 1055 VN_RELE(p->p_exec); /* out with the old */ 1056 vp = p->p_exec = ep->ex_vp; 1057 if (vp != NULL) 1058 VN_HOLD(vp); /* in with the new */ 1059 1060 lwp->lwp_sigaltstack.ss_sp = 0; 1061 lwp->lwp_sigaltstack.ss_size = 0; 1062 lwp->lwp_sigaltstack.ss_flags = SS_DISABLE; 1063 } 1064 1065 int 1066 execopen(struct vnode **vpp, int *fdp) 1067 { 1068 struct vnode *vp = *vpp; 1069 file_t *fp; 1070 int error = 0; 1071 int filemode = FREAD; 1072 1073 VN_HOLD(vp); /* open reference */ 1074 if (error = falloc(NULL, filemode, &fp, fdp)) { 1075 VN_RELE(vp); 1076 *fdp = -1; /* just in case falloc changed value */ 1077 return (error); 1078 } 1079 if (error = VOP_OPEN(&vp, filemode, CRED())) { 1080 VN_RELE(vp); 1081 setf(*fdp, NULL); 1082 unfalloc(fp); 1083 *fdp = -1; 1084 return (error); 1085 } 1086 *vpp = vp; /* vnode should not have changed */ 1087 fp->f_vnode = vp; 1088 mutex_exit(&fp->f_tlock); 1089 setf(*fdp, fp); 1090 return (0); 1091 } 1092 1093 int 1094 execclose(int fd) 1095 { 1096 return (closeandsetf(fd, NULL)); 1097 } 1098 1099 1100 /* 1101 * noexec stub function. 1102 */ 1103 /*ARGSUSED*/ 1104 int 1105 noexec( 1106 struct vnode *vp, 1107 struct execa *uap, 1108 struct uarg *args, 1109 struct intpdata *idatap, 1110 int level, 1111 long *execsz, 1112 int setid, 1113 caddr_t exec_file, 1114 struct cred *cred) 1115 { 1116 cmn_err(CE_WARN, "missing exec capability for %s", uap->fname); 1117 return (ENOEXEC); 1118 } 1119 1120 /* 1121 * Support routines for building a user stack. 1122 * 1123 * execve(path, argv, envp) must construct a new stack with the specified 1124 * arguments and environment variables (see exec_args() for a description 1125 * of the user stack layout). To do this, we copy the arguments and 1126 * environment variables from the old user address space into the kernel, 1127 * free the old as, create the new as, and copy our buffered information 1128 * to the new stack. Our kernel buffer has the following structure: 1129 * 1130 * +-----------------------+ <--- stk_base + stk_size 1131 * | string offsets | 1132 * +-----------------------+ <--- stk_offp 1133 * | | 1134 * | STK_AVAIL() space | 1135 * | | 1136 * +-----------------------+ <--- stk_strp 1137 * | strings | 1138 * +-----------------------+ <--- stk_base 1139 * 1140 * When we add a string, we store the string's contents (including the null 1141 * terminator) at stk_strp, and we store the offset of the string relative to 1142 * stk_base at --stk_offp. At strings are added, stk_strp increases and 1143 * stk_offp decreases. The amount of space remaining, STK_AVAIL(), is just 1144 * the difference between these pointers. If we run out of space, we return 1145 * an error and exec_args() starts all over again with a buffer twice as large. 1146 * When we're all done, the kernel buffer looks like this: 1147 * 1148 * +-----------------------+ <--- stk_base + stk_size 1149 * | argv[0] offset | 1150 * +-----------------------+ 1151 * | ... | 1152 * +-----------------------+ 1153 * | argv[argc-1] offset | 1154 * +-----------------------+ 1155 * | envp[0] offset | 1156 * +-----------------------+ 1157 * | ... | 1158 * +-----------------------+ 1159 * | envp[envc-1] offset | 1160 * +-----------------------+ 1161 * | AT_SUN_PLATFORM offset| 1162 * +-----------------------+ 1163 * | AT_SUN_EXECNAME offset| 1164 * +-----------------------+ <--- stk_offp 1165 * | | 1166 * | STK_AVAIL() space | 1167 * | | 1168 * +-----------------------+ <--- stk_strp 1169 * | AT_SUN_EXECNAME offset| 1170 * +-----------------------+ 1171 * | AT_SUN_PLATFORM offset| 1172 * +-----------------------+ 1173 * | envp[envc-1] string | 1174 * +-----------------------+ 1175 * | ... | 1176 * +-----------------------+ 1177 * | envp[0] string | 1178 * +-----------------------+ 1179 * | argv[argc-1] string | 1180 * +-----------------------+ 1181 * | ... | 1182 * +-----------------------+ 1183 * | argv[0] string | 1184 * +-----------------------+ <--- stk_base 1185 */ 1186 1187 #define STK_AVAIL(args) ((char *)(args)->stk_offp - (args)->stk_strp) 1188 1189 /* 1190 * Add a string to the stack. 1191 */ 1192 static int 1193 stk_add(uarg_t *args, const char *sp, enum uio_seg segflg) 1194 { 1195 int error; 1196 size_t len; 1197 1198 if (STK_AVAIL(args) < sizeof (int)) 1199 return (E2BIG); 1200 *--args->stk_offp = args->stk_strp - args->stk_base; 1201 1202 if (segflg == UIO_USERSPACE) { 1203 error = copyinstr(sp, args->stk_strp, STK_AVAIL(args), &len); 1204 if (error != 0) 1205 return (error); 1206 } else { 1207 len = strlen(sp) + 1; 1208 if (len > STK_AVAIL(args)) 1209 return (E2BIG); 1210 bcopy(sp, args->stk_strp, len); 1211 } 1212 1213 args->stk_strp += len; 1214 1215 return (0); 1216 } 1217 1218 static int 1219 stk_getptr(uarg_t *args, char *src, char **dst) 1220 { 1221 int error; 1222 1223 if (args->from_model == DATAMODEL_NATIVE) { 1224 ulong_t ptr; 1225 error = fulword(src, &ptr); 1226 *dst = (caddr_t)ptr; 1227 } else { 1228 uint32_t ptr; 1229 error = fuword32(src, &ptr); 1230 *dst = (caddr_t)(uintptr_t)ptr; 1231 } 1232 return (error); 1233 } 1234 1235 static int 1236 stk_putptr(uarg_t *args, char *addr, char *value) 1237 { 1238 if (args->to_model == DATAMODEL_NATIVE) 1239 return (sulword(addr, (ulong_t)value)); 1240 else 1241 return (suword32(addr, (uint32_t)(uintptr_t)value)); 1242 } 1243 1244 static int 1245 stk_copyin(execa_t *uap, uarg_t *args, intpdata_t *intp, void **auxvpp) 1246 { 1247 char *sp; 1248 int argc, error; 1249 int argv_empty = 0; 1250 size_t ptrsize = args->from_ptrsize; 1251 size_t size, pad; 1252 char *argv = (char *)uap->argp; 1253 char *envp = (char *)uap->envp; 1254 1255 /* 1256 * Copy interpreter's name and argument to argv[0] and argv[1]. 1257 */ 1258 if (intp != NULL && intp->intp_name != NULL) { 1259 if ((error = stk_add(args, intp->intp_name, UIO_SYSSPACE)) != 0) 1260 return (error); 1261 if (intp->intp_arg != NULL && 1262 (error = stk_add(args, intp->intp_arg, UIO_SYSSPACE)) != 0) 1263 return (error); 1264 if (args->fname != NULL) 1265 error = stk_add(args, args->fname, UIO_SYSSPACE); 1266 else 1267 error = stk_add(args, uap->fname, UIO_USERSPACE); 1268 if (error) 1269 return (error); 1270 1271 /* 1272 * Check for an empty argv[]. 1273 */ 1274 if (stk_getptr(args, argv, &sp)) 1275 return (EFAULT); 1276 if (sp == NULL) 1277 argv_empty = 1; 1278 1279 argv += ptrsize; /* ignore original argv[0] */ 1280 } 1281 1282 if (argv_empty == 0) { 1283 /* 1284 * Add argv[] strings to the stack. 1285 */ 1286 for (;;) { 1287 if (stk_getptr(args, argv, &sp)) 1288 return (EFAULT); 1289 if (sp == NULL) 1290 break; 1291 if ((error = stk_add(args, sp, UIO_USERSPACE)) != 0) 1292 return (error); 1293 argv += ptrsize; 1294 } 1295 } 1296 argc = (int *)(args->stk_base + args->stk_size) - args->stk_offp; 1297 args->arglen = args->stk_strp - args->stk_base; 1298 1299 /* 1300 * Add environ[] strings to the stack. 1301 */ 1302 if (envp != NULL) { 1303 for (;;) { 1304 if (stk_getptr(args, envp, &sp)) 1305 return (EFAULT); 1306 if (sp == NULL) 1307 break; 1308 if ((error = stk_add(args, sp, UIO_USERSPACE)) != 0) 1309 return (error); 1310 envp += ptrsize; 1311 } 1312 } 1313 args->na = (int *)(args->stk_base + args->stk_size) - args->stk_offp; 1314 args->ne = args->na - argc; 1315 1316 /* 1317 * Add AT_SUN_PLATFORM and AT_SUN_EXECNAME strings to the stack. 1318 */ 1319 if (auxvpp != NULL && *auxvpp != NULL) { 1320 if ((error = stk_add(args, platform, UIO_SYSSPACE)) != 0) 1321 return (error); 1322 if ((error = stk_add(args, args->pathname, UIO_SYSSPACE)) != 0) 1323 return (error); 1324 } 1325 1326 /* 1327 * Compute the size of the stack. This includes all the pointers, 1328 * the space reserved for the aux vector, and all the strings. 1329 * The total number of pointers is args->na (which is argc + envc) 1330 * plus 4 more: (1) a pointer's worth of space for argc; (2) the NULL 1331 * after the last argument (i.e. argv[argc]); (3) the NULL after the 1332 * last environment variable (i.e. envp[envc]); and (4) the NULL after 1333 * all the strings, at the very top of the stack. 1334 */ 1335 size = (args->na + 4) * args->to_ptrsize + args->auxsize + 1336 (args->stk_strp - args->stk_base); 1337 1338 /* 1339 * Pad the string section with zeroes to align the stack size. 1340 */ 1341 pad = P2NPHASE(size, args->stk_align); 1342 1343 if (STK_AVAIL(args) < pad) 1344 return (E2BIG); 1345 1346 args->usrstack_size = size + pad; 1347 1348 while (pad-- != 0) 1349 *args->stk_strp++ = 0; 1350 1351 args->nc = args->stk_strp - args->stk_base; 1352 1353 return (0); 1354 } 1355 1356 static int 1357 stk_copyout(uarg_t *args, char *usrstack, void **auxvpp, user_t *up) 1358 { 1359 size_t ptrsize = args->to_ptrsize; 1360 ssize_t pslen; 1361 char *kstrp = args->stk_base; 1362 char *ustrp = usrstack - args->nc - ptrsize; 1363 char *usp = usrstack - args->usrstack_size; 1364 int *offp = (int *)(args->stk_base + args->stk_size); 1365 int envc = args->ne; 1366 int argc = args->na - envc; 1367 int i; 1368 1369 /* 1370 * Record argc for /proc. 1371 */ 1372 up->u_argc = argc; 1373 1374 /* 1375 * Put argc on the stack. Note that even though it's an int, 1376 * it always consumes ptrsize bytes (for alignment). 1377 */ 1378 if (stk_putptr(args, usp, (char *)(uintptr_t)argc)) 1379 return (-1); 1380 1381 /* 1382 * Add argc space (ptrsize) to usp and record argv for /proc. 1383 */ 1384 up->u_argv = (uintptr_t)(usp += ptrsize); 1385 1386 /* 1387 * Put the argv[] pointers on the stack. 1388 */ 1389 for (i = 0; i < argc; i++, usp += ptrsize) 1390 if (stk_putptr(args, usp, &ustrp[*--offp])) 1391 return (-1); 1392 1393 /* 1394 * Copy arguments to u_psargs. 1395 */ 1396 pslen = MIN(args->arglen, PSARGSZ) - 1; 1397 for (i = 0; i < pslen; i++) 1398 up->u_psargs[i] = (kstrp[i] == '\0' ? ' ' : kstrp[i]); 1399 while (i < PSARGSZ) 1400 up->u_psargs[i++] = '\0'; 1401 1402 /* 1403 * Add space for argv[]'s NULL terminator (ptrsize) to usp and 1404 * record envp for /proc. 1405 */ 1406 up->u_envp = (uintptr_t)(usp += ptrsize); 1407 1408 /* 1409 * Put the envp[] pointers on the stack. 1410 */ 1411 for (i = 0; i < envc; i++, usp += ptrsize) 1412 if (stk_putptr(args, usp, &ustrp[*--offp])) 1413 return (-1); 1414 1415 /* 1416 * Add space for envp[]'s NULL terminator (ptrsize) to usp and 1417 * remember where the stack ends, which is also where auxv begins. 1418 */ 1419 args->stackend = usp += ptrsize; 1420 1421 /* 1422 * Put all the argv[], envp[], and auxv strings on the stack. 1423 */ 1424 if (copyout(args->stk_base, ustrp, args->nc)) 1425 return (-1); 1426 1427 /* 1428 * Fill in the aux vector now that we know the user stack addresses 1429 * for the AT_SUN_PLATFORM and AT_SUN_EXECNAME strings. 1430 */ 1431 if (auxvpp != NULL && *auxvpp != NULL) { 1432 if (args->to_model == DATAMODEL_NATIVE) { 1433 auxv_t **a = (auxv_t **)auxvpp; 1434 ADDAUX(*a, AT_SUN_PLATFORM, (long)&ustrp[*--offp]) 1435 ADDAUX(*a, AT_SUN_EXECNAME, (long)&ustrp[*--offp]) 1436 } else { 1437 auxv32_t **a = (auxv32_t **)auxvpp; 1438 ADDAUX(*a, 1439 AT_SUN_PLATFORM, (int)(uintptr_t)&ustrp[*--offp]) 1440 ADDAUX(*a, 1441 AT_SUN_EXECNAME, (int)(uintptr_t)&ustrp[*--offp]); 1442 } 1443 } 1444 1445 return (0); 1446 } 1447 1448 #ifdef DEBUG 1449 int mpss_brkpgszsel = 0; 1450 int mpss_stkpgszsel = 0; 1451 #endif 1452 1453 /* 1454 * Initialize a new user stack with the specified arguments and environment. 1455 * The initial user stack layout is as follows: 1456 * 1457 * User Stack 1458 * +---------------+ <--- curproc->p_usrstack 1459 * | NULL | 1460 * +---------------+ 1461 * | | 1462 * | auxv strings | 1463 * | | 1464 * +---------------+ 1465 * | | 1466 * | envp strings | 1467 * | | 1468 * +---------------+ 1469 * | | 1470 * | argv strings | 1471 * | | 1472 * +---------------+ <--- ustrp 1473 * | | 1474 * | aux vector | 1475 * | | 1476 * +---------------+ <--- auxv 1477 * | NULL | 1478 * +---------------+ 1479 * | envp[envc-1] | 1480 * +---------------+ 1481 * | ... | 1482 * +---------------+ 1483 * | envp[0] | 1484 * +---------------+ <--- envp[] 1485 * | NULL | 1486 * +---------------+ 1487 * | argv[argc-1] | 1488 * +---------------+ 1489 * | ... | 1490 * +---------------+ 1491 * | argv[0] | 1492 * +---------------+ <--- argv[] 1493 * | argc | 1494 * +---------------+ <--- stack base 1495 */ 1496 int 1497 exec_args(execa_t *uap, uarg_t *args, intpdata_t *intp, void **auxvpp) 1498 { 1499 size_t size; 1500 int error; 1501 proc_t *p = ttoproc(curthread); 1502 user_t *up = PTOU(p); 1503 char *usrstack; 1504 rctl_entity_p_t e; 1505 1506 struct as *as; 1507 1508 args->from_model = p->p_model; 1509 if (p->p_model == DATAMODEL_NATIVE) { 1510 args->from_ptrsize = sizeof (long); 1511 } else { 1512 args->from_ptrsize = sizeof (int32_t); 1513 } 1514 1515 if (args->to_model == DATAMODEL_NATIVE) { 1516 args->to_ptrsize = sizeof (long); 1517 args->ncargs = NCARGS; 1518 args->stk_align = STACK_ALIGN; 1519 usrstack = (char *)USRSTACK; 1520 } else { 1521 args->to_ptrsize = sizeof (int32_t); 1522 args->ncargs = NCARGS32; 1523 args->stk_align = STACK_ALIGN32; 1524 usrstack = (char *)USRSTACK32; 1525 } 1526 1527 ASSERT(P2PHASE((uintptr_t)usrstack, args->stk_align) == 0); 1528 1529 #if defined(__sparc) 1530 /* 1531 * Make sure user register windows are empty before 1532 * attempting to make a new stack. 1533 */ 1534 (void) flush_user_windows_to_stack(NULL); 1535 #endif 1536 1537 for (size = PAGESIZE; ; size *= 2) { 1538 args->stk_size = size; 1539 args->stk_base = kmem_alloc(size, KM_SLEEP); 1540 args->stk_strp = args->stk_base; 1541 args->stk_offp = (int *)(args->stk_base + size); 1542 error = stk_copyin(uap, args, intp, auxvpp); 1543 if (error == 0) 1544 break; 1545 kmem_free(args->stk_base, size); 1546 if (error != E2BIG && error != ENAMETOOLONG) 1547 return (error); 1548 if (size >= args->ncargs) 1549 return (E2BIG); 1550 } 1551 1552 size = args->usrstack_size; 1553 1554 ASSERT(error == 0); 1555 ASSERT(P2PHASE(size, args->stk_align) == 0); 1556 ASSERT((ssize_t)STK_AVAIL(args) >= 0); 1557 1558 if (size > args->ncargs) { 1559 kmem_free(args->stk_base, args->stk_size); 1560 return (E2BIG); 1561 } 1562 1563 /* 1564 * Leave only the current lwp and force the other lwps to exit. 1565 * If another lwp beat us to the punch by calling exit(), bail out. 1566 */ 1567 if ((error = exitlwps(0)) != 0) { 1568 kmem_free(args->stk_base, args->stk_size); 1569 return (error); 1570 } 1571 1572 /* 1573 * Revoke any doors created by the process. 1574 */ 1575 if (p->p_door_list) 1576 door_exit(); 1577 1578 /* 1579 * Release schedctl data structures. 1580 */ 1581 if (p->p_pagep) 1582 schedctl_proc_cleanup(); 1583 1584 /* 1585 * Clean up any DTrace helpers for the process. 1586 */ 1587 if (p->p_dtrace_helpers != NULL) { 1588 ASSERT(dtrace_helpers_cleanup != NULL); 1589 (*dtrace_helpers_cleanup)(); 1590 } 1591 1592 mutex_enter(&p->p_lock); 1593 /* 1594 * Cleanup the DTrace provider associated with this process. 1595 */ 1596 if (p->p_dtrace_probes) { 1597 ASSERT(dtrace_fasttrap_exec_ptr != NULL); 1598 dtrace_fasttrap_exec_ptr(p); 1599 } 1600 mutex_exit(&p->p_lock); 1601 1602 /* 1603 * discard the lwpchan cache. 1604 */ 1605 if (p->p_lcp != NULL) 1606 lwpchan_destroy_cache(1); 1607 1608 /* 1609 * Delete the POSIX timers. 1610 */ 1611 if (p->p_itimer != NULL) 1612 timer_exit(); 1613 1614 #ifdef C2_AUDIT 1615 if (audit_active) 1616 audit_exec(args->stk_base, args->stk_base + args->arglen, 1617 args->na - args->ne, args->ne); 1618 #endif 1619 1620 /* 1621 * Ensure that we don't change resource associations while we 1622 * change address spaces. 1623 */ 1624 mutex_enter(&p->p_lock); 1625 pool_barrier_enter(); 1626 mutex_exit(&p->p_lock); 1627 1628 /* 1629 * Destroy the old address space and create a new one. 1630 * From here on, any errors are fatal to the exec()ing process. 1631 * On error we return -1, which means the caller must SIGKILL 1632 * the process. 1633 */ 1634 relvm(); 1635 1636 mutex_enter(&p->p_lock); 1637 pool_barrier_exit(); 1638 mutex_exit(&p->p_lock); 1639 1640 up->u_execsw = args->execswp; 1641 1642 p->p_brkbase = NULL; 1643 p->p_brksize = 0; 1644 p->p_stksize = 0; 1645 p->p_model = args->to_model; 1646 p->p_usrstack = usrstack; 1647 p->p_stkprot = args->stk_prot; 1648 p->p_datprot = args->dat_prot; 1649 1650 /* 1651 * Reset resource controls such that all controls are again active as 1652 * well as appropriate to the potentially new address model for the 1653 * process. 1654 */ 1655 e.rcep_p.proc = p; 1656 e.rcep_t = RCENTITY_PROCESS; 1657 rctl_set_reset(p->p_rctls, p, &e); 1658 1659 if (exec_lpg_disable == 0) { 1660 #ifdef DEBUG 1661 uint_t pgsizes = page_num_pagesizes(); 1662 uint_t szc; 1663 #endif 1664 p->p_brkpageszc = args->brkpageszc; 1665 p->p_stkpageszc = args->stkpageszc; 1666 1667 if (p->p_brkpageszc == 0) { 1668 p->p_brkpageszc = page_szc(map_pgsz(MAPPGSZ_HEAP, 1669 p, 0, 0, NULL)); 1670 } 1671 if (p->p_stkpageszc == 0) { 1672 p->p_stkpageszc = page_szc(map_pgsz(MAPPGSZ_STK, 1673 p, 0, 0, NULL)); 1674 } 1675 1676 #ifdef DEBUG 1677 if (mpss_brkpgszsel != 0) { 1678 if (mpss_brkpgszsel == -1) { 1679 szc = ((uint_t)gethrtime() >> 8) % pgsizes; 1680 } else { 1681 szc = mpss_brkpgszsel % pgsizes; 1682 } 1683 p->p_brkpageszc = szc; 1684 } 1685 1686 if (mpss_stkpgszsel != 0) { 1687 if (mpss_stkpgszsel == -1) { 1688 szc = ((uint_t)gethrtime() >> 7) % pgsizes; 1689 } else { 1690 szc = mpss_stkpgszsel % pgsizes; 1691 } 1692 p->p_stkpageszc = szc; 1693 } 1694 1695 #endif 1696 mutex_enter(&p->p_lock); 1697 p->p_flag |= SAUTOLPG; /* kernel controls page sizes */ 1698 mutex_exit(&p->p_lock); 1699 1700 } else { 1701 p->p_brkpageszc = 0; 1702 p->p_stkpageszc = 0; 1703 } 1704 1705 exec_set_sp(size); 1706 1707 as = as_alloc(); 1708 p->p_as = as; 1709 if (p->p_model == DATAMODEL_ILP32) 1710 as->a_userlimit = (caddr_t)USERLIMIT32; 1711 (void) hat_setup(as->a_hat, HAT_ALLOC); 1712 1713 /* 1714 * Finally, write out the contents of the new stack. 1715 */ 1716 error = stk_copyout(args, usrstack, auxvpp, up); 1717 kmem_free(args->stk_base, args->stk_size); 1718 return (error); 1719 } 1720