search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
add description for debug.elf{32,64}_legacy_coredump sysctl
[freebsd-src.git] / sys / kern / imgact_elf.c
blobdf223bff1eff2e5e99a148955330d40b419850a4
1 /*-
2 * Copyright (c) 2000 David O'Brien
3 * Copyright (c) 1995-1996 Søren Schmidt
4 * Copyright (c) 1996 Peter Wemm
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer
12 * in this position and unchanged.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31 #include <sys/cdefs.h>
32 __FBSDID("$FreeBSD$");
33
34 #include "opt_capsicum.h"
35 #include "opt_compat.h"
36 #include "opt_gzio.h"
37
38 #include <sys/param.h>
39 #include <sys/capsicum.h>
40 #include <sys/exec.h>
41 #include <sys/fcntl.h>
42 #include <sys/gzio.h>
43 #include <sys/imgact.h>
44 #include <sys/imgact_elf.h>
45 #include <sys/jail.h>
46 #include <sys/kernel.h>
47 #include <sys/lock.h>
48 #include <sys/malloc.h>
49 #include <sys/mount.h>
50 #include <sys/mman.h>
51 #include <sys/namei.h>
52 #include <sys/pioctl.h>
53 #include <sys/proc.h>
54 #include <sys/procfs.h>
55 #include <sys/racct.h>
56 #include <sys/resourcevar.h>
57 #include <sys/rwlock.h>
58 #include <sys/sbuf.h>
59 #include <sys/sf_buf.h>
60 #include <sys/smp.h>
61 #include <sys/systm.h>
62 #include <sys/signalvar.h>
63 #include <sys/stat.h>
64 #include <sys/sx.h>
65 #include <sys/syscall.h>
66 #include <sys/sysctl.h>
67 #include <sys/sysent.h>
68 #include <sys/vnode.h>
69 #include <sys/syslog.h>
70 #include <sys/eventhandler.h>
71 #include <sys/user.h>
72
73 #include <vm/vm.h>
74 #include <vm/vm_kern.h>
75 #include <vm/vm_param.h>
76 #include <vm/pmap.h>
77 #include <vm/vm_map.h>
78 #include <vm/vm_object.h>
79 #include <vm/vm_extern.h>
80
81 #include <machine/elf.h>
82 #include <machine/md_var.h>
83
84 #define ELF_NOTE_ROUNDSIZE 4
85 #define OLD_EI_BRAND 8
86
87 static int __elfN(check_header)(const Elf_Ehdr *hdr);
88 static Elf_Brandinfo *__elfN(get_brandinfo)(struct image_params *imgp,
89 const char *interp, int interp_name_len, int32_t *osrel);
90 static int __elfN(load_file)(struct proc *p, const char *file, u_long *addr,
91 u_long *entry, size_t pagesize);
92 static int __elfN(load_section)(struct image_params *imgp, vm_offset_t offset,
93 caddr_t vmaddr, size_t memsz, size_t filsz, vm_prot_t prot,
94 size_t pagesize);
95 static int __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp);
96 static boolean_t __elfN(freebsd_trans_osrel)(const Elf_Note *note,
97 int32_t *osrel);
98 static boolean_t kfreebsd_trans_osrel(const Elf_Note *note, int32_t *osrel);
99 static boolean_t __elfN(check_note)(struct image_params *imgp,
100 Elf_Brandnote *checknote, int32_t *osrel);
101 static vm_prot_t __elfN(trans_prot)(Elf_Word);
102 static Elf_Word __elfN(untrans_prot)(vm_prot_t);
103
104 SYSCTL_NODE(_kern, OID_AUTO, __CONCAT(elf, __ELF_WORD_SIZE), CTLFLAG_RW, 0,
105 "");
106
107 #define CORE_BUF_SIZE (16 * 1024)
108
109 int __elfN(fallback_brand) = -1;
110 SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO,
111 fallback_brand, CTLFLAG_RWTUN, &__elfN(fallback_brand), 0,
112 __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) " brand of last resort");
113
114 static int elf_legacy_coredump = 0;
115 SYSCTL_INT(_debug, OID_AUTO, __elfN(legacy_coredump), CTLFLAG_RW,
116 &elf_legacy_coredump, 0,
117 "include all and only RW pages in core dumps");
118
119 int __elfN(nxstack) =
120 #if defined(__amd64__) || defined(__powerpc64__) /* both 64 and 32 bit */ || \
121 (defined(__arm__) && __ARM_ARCH >= 7) || defined(__aarch64__)
122 1;
123 #else
124 0;
125 #endif
126 SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO,
127 nxstack, CTLFLAG_RW, &__elfN(nxstack), 0,
128 __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) ": enable non-executable stack");
129
130 #if __ELF_WORD_SIZE == 32
131 #if defined(__amd64__)
132 int i386_read_exec = 0;
133 SYSCTL_INT(_kern_elf32, OID_AUTO, read_exec, CTLFLAG_RW, &i386_read_exec, 0,
134 "enable execution from readable segments");
135 #endif
136 #endif
137
138 static Elf_Brandinfo *elf_brand_list[MAX_BRANDS];
139
140 #define trunc_page_ps(va, ps) rounddown2(va, ps)
141 #define round_page_ps(va, ps) roundup2(va, ps)
142 #define aligned(a, t) (trunc_page_ps((u_long)(a), sizeof(t)) == (u_long)(a))
143
144 static const char FREEBSD_ABI_VENDOR[] = "FreeBSD";
145
146 Elf_Brandnote __elfN(freebsd_brandnote) = {
147 .hdr.n_namesz = sizeof(FREEBSD_ABI_VENDOR),
148 .hdr.n_descsz = sizeof(int32_t),
149 .hdr.n_type = NT_FREEBSD_ABI_TAG,
150 .vendor = FREEBSD_ABI_VENDOR,
151 .flags = BN_TRANSLATE_OSREL,
152 .trans_osrel = __elfN(freebsd_trans_osrel)
153 };
154
155 static boolean_t
156 __elfN(freebsd_trans_osrel)(const Elf_Note *note, int32_t *osrel)
157 {
158 uintptr_t p;
159
160 p = (uintptr_t)(note + 1);
161 p += roundup2(note->n_namesz, ELF_NOTE_ROUNDSIZE);
162 *osrel = *(const int32_t *)(p);
163
164 return (TRUE);
165 }
166
167 static const char GNU_ABI_VENDOR[] = "GNU";
168 static int GNU_KFREEBSD_ABI_DESC = 3;
169
170 Elf_Brandnote __elfN(kfreebsd_brandnote) = {
171 .hdr.n_namesz = sizeof(GNU_ABI_VENDOR),
172 .hdr.n_descsz = 16, /* XXX at least 16 */
173 .hdr.n_type = 1,
174 .vendor = GNU_ABI_VENDOR,
175 .flags = BN_TRANSLATE_OSREL,
176 .trans_osrel = kfreebsd_trans_osrel
177 };
178
179 static boolean_t
180 kfreebsd_trans_osrel(const Elf_Note *note, int32_t *osrel)
181 {
182 const Elf32_Word *desc;
183 uintptr_t p;
184
185 p = (uintptr_t)(note + 1);
186 p += roundup2(note->n_namesz, ELF_NOTE_ROUNDSIZE);
187
188 desc = (const Elf32_Word *)p;
189 if (desc[0] != GNU_KFREEBSD_ABI_DESC)
190 return (FALSE);
191
192 /*
193 * Debian GNU/kFreeBSD embed the earliest compatible kernel version
194 * (__FreeBSD_version: <major><two digit minor>Rxx) in the LSB way.
195 */
196 *osrel = desc[1] * 100000 + desc[2] * 1000 + desc[3];
197
198 return (TRUE);
199 }
200
201 int
202 __elfN(insert_brand_entry)(Elf_Brandinfo *entry)
203 {
204 int i;
205
206 for (i = 0; i < MAX_BRANDS; i++) {
207 if (elf_brand_list[i] == NULL) {
208 elf_brand_list[i] = entry;
209 break;
210 }
211 }
212 if (i == MAX_BRANDS) {
213 printf("WARNING: %s: could not insert brandinfo entry: %p\n",
214 __func__, entry);
215 return (-1);
216 }
217 return (0);
218 }
219
220 int
221 __elfN(remove_brand_entry)(Elf_Brandinfo *entry)
222 {
223 int i;
224
225 for (i = 0; i < MAX_BRANDS; i++) {
226 if (elf_brand_list[i] == entry) {
227 elf_brand_list[i] = NULL;
228 break;
229 }
230 }
231 if (i == MAX_BRANDS)
232 return (-1);
233 return (0);
234 }
235
236 int
237 __elfN(brand_inuse)(Elf_Brandinfo *entry)
238 {
239 struct proc *p;
240 int rval = FALSE;
241
242 sx_slock(&allproc_lock);
243 FOREACH_PROC_IN_SYSTEM(p) {
244 if (p->p_sysent == entry->sysvec) {
245 rval = TRUE;
246 break;
247 }
248 }
249 sx_sunlock(&allproc_lock);
250
251 return (rval);
252 }
253
254 static Elf_Brandinfo *
255 __elfN(get_brandinfo)(struct image_params *imgp, const char *interp,
256 int interp_name_len, int32_t *osrel)
257 {
258 const Elf_Ehdr *hdr = (const Elf_Ehdr *)imgp->image_header;
259 Elf_Brandinfo *bi, *bi_m;
260 boolean_t ret;
261 int i;
262
263 /*
264 * We support four types of branding -- (1) the ELF EI_OSABI field
265 * that SCO added to the ELF spec, (2) FreeBSD 3.x's traditional string
266 * branding w/in the ELF header, (3) path of the `interp_path'
267 * field, and (4) the ".note.ABI-tag" ELF section.
268 */
269
270 /* Look for an ".note.ABI-tag" ELF section */
271 bi_m = NULL;
272 for (i = 0; i < MAX_BRANDS; i++) {
273 bi = elf_brand_list[i];
274 if (bi == NULL)
275 continue;
276 if (hdr->e_machine == bi->machine && (bi->flags &
277 (BI_BRAND_NOTE|BI_BRAND_NOTE_MANDATORY)) != 0) {
278 ret = __elfN(check_note)(imgp, bi->brand_note, osrel);
279 /* Give brand a chance to veto check_note's guess */
280 if (ret && bi->header_supported)
281 ret = bi->header_supported(imgp);
282 /*
283 * If note checker claimed the binary, but the
284 * interpreter path in the image does not
285 * match default one for the brand, try to
286 * search for other brands with the same
287 * interpreter. Either there is better brand
288 * with the right interpreter, or, failing
289 * this, we return first brand which accepted
290 * our note and, optionally, header.
291 */
292 if (ret && bi_m == NULL && (strlen(bi->interp_path) +
293 1 != interp_name_len || strncmp(interp,
294 bi->interp_path, interp_name_len) != 0)) {
295 bi_m = bi;
296 ret = 0;
297 }
298 if (ret)
299 return (bi);
300 }
301 }
302 if (bi_m != NULL)
303 return (bi_m);
304
305 /* If the executable has a brand, search for it in the brand list. */
306 for (i = 0; i < MAX_BRANDS; i++) {
307 bi = elf_brand_list[i];
308 if (bi == NULL || bi->flags & BI_BRAND_NOTE_MANDATORY)
309 continue;
310 if (hdr->e_machine == bi->machine &&
311 (hdr->e_ident[EI_OSABI] == bi->brand ||
312 strncmp((const char *)&hdr->e_ident[OLD_EI_BRAND],
313 bi->compat_3_brand, strlen(bi->compat_3_brand)) == 0)) {
314 /* Looks good, but give brand a chance to veto */
315 if (!bi->header_supported || bi->header_supported(imgp))
316 return (bi);
317 }
318 }
319
320 /* No known brand, see if the header is recognized by any brand */
321 for (i = 0; i < MAX_BRANDS; i++) {
322 bi = elf_brand_list[i];
323 if (bi == NULL || bi->flags & BI_BRAND_NOTE_MANDATORY ||
324 bi->header_supported == NULL)
325 continue;
326 if (hdr->e_machine == bi->machine) {
327 ret = bi->header_supported(imgp);
328 if (ret)
329 return (bi);
330 }
331 }
332
333 /* Lacking a known brand, search for a recognized interpreter. */
334 if (interp != NULL) {
335 for (i = 0; i < MAX_BRANDS; i++) {
336 bi = elf_brand_list[i];
337 if (bi == NULL || bi->flags & BI_BRAND_NOTE_MANDATORY)
338 continue;
339 if (hdr->e_machine == bi->machine &&
340 /* ELF image p_filesz includes terminating zero */
341 strlen(bi->interp_path) + 1 == interp_name_len &&
342 strncmp(interp, bi->interp_path, interp_name_len)
343 == 0)
344 return (bi);
345 }
346 }
347
348 /* Lacking a recognized interpreter, try the default brand */
349 for (i = 0; i < MAX_BRANDS; i++) {
350 bi = elf_brand_list[i];
351 if (bi == NULL || bi->flags & BI_BRAND_NOTE_MANDATORY)
352 continue;
353 if (hdr->e_machine == bi->machine &&
354 __elfN(fallback_brand) == bi->brand)
355 return (bi);
356 }
357 return (NULL);
358 }
359
360 static int
361 __elfN(check_header)(const Elf_Ehdr *hdr)
362 {
363 Elf_Brandinfo *bi;
364 int i;
365
366 if (!IS_ELF(*hdr) ||
367 hdr->e_ident[EI_CLASS] != ELF_TARG_CLASS ||
368 hdr->e_ident[EI_DATA] != ELF_TARG_DATA ||
369 hdr->e_ident[EI_VERSION] != EV_CURRENT ||
370 hdr->e_phentsize != sizeof(Elf_Phdr) ||
371 hdr->e_version != ELF_TARG_VER)
372 return (ENOEXEC);
373
374 /*
375 * Make sure we have at least one brand for this machine.
376 */
377
378 for (i = 0; i < MAX_BRANDS; i++) {
379 bi = elf_brand_list[i];
380 if (bi != NULL && bi->machine == hdr->e_machine)
381 break;
382 }
383 if (i == MAX_BRANDS)
384 return (ENOEXEC);
385
386 return (0);
387 }
388
389 static int
390 __elfN(map_partial)(vm_map_t map, vm_object_t object, vm_ooffset_t offset,
391 vm_offset_t start, vm_offset_t end, vm_prot_t prot)
392 {
393 struct sf_buf *sf;
394 int error;
395 vm_offset_t off;
396
397 /*
398 * Create the page if it doesn't exist yet. Ignore errors.
399 */
400 vm_map_lock(map);
401 vm_map_insert(map, NULL, 0, trunc_page(start), round_page(end),
402 VM_PROT_ALL, VM_PROT_ALL, 0);
403 vm_map_unlock(map);
404
405 /*
406 * Find the page from the underlying object.
407 */
408 if (object) {
409 sf = vm_imgact_map_page(object, offset);
410 if (sf == NULL)
411 return (KERN_FAILURE);
412 off = offset - trunc_page(offset);
413 error = copyout((caddr_t)sf_buf_kva(sf) + off, (caddr_t)start,
414 end - start);
415 vm_imgact_unmap_page(sf);
416 if (error) {
417 return (KERN_FAILURE);
418 }
419 }
420
421 return (KERN_SUCCESS);
422 }
423
424 static int
425 __elfN(map_insert)(vm_map_t map, vm_object_t object, vm_ooffset_t offset,
426 vm_offset_t start, vm_offset_t end, vm_prot_t prot, int cow)
427 {
428 struct sf_buf *sf;
429 vm_offset_t off;
430 vm_size_t sz;
431 int error, rv;
432
433 if (start != trunc_page(start)) {
434 rv = __elfN(map_partial)(map, object, offset, start,
435 round_page(start), prot);
436 if (rv)
437 return (rv);
438 offset += round_page(start) - start;
439 start = round_page(start);
440 }
441 if (end != round_page(end)) {
442 rv = __elfN(map_partial)(map, object, offset +
443 trunc_page(end) - start, trunc_page(end), end, prot);
444 if (rv)
445 return (rv);
446 end = trunc_page(end);
447 }
448 if (end > start) {
449 if (offset & PAGE_MASK) {
450 /*
451 * The mapping is not page aligned. This means we have
452 * to copy the data. Sigh.
453 */
454 rv = vm_map_find(map, NULL, 0, &start, end - start, 0,
455 VMFS_NO_SPACE, prot | VM_PROT_WRITE, VM_PROT_ALL,
456 0);
457 if (rv)
458 return (rv);
459 if (object == NULL)
460 return (KERN_SUCCESS);
461 for (; start < end; start += sz) {
462 sf = vm_imgact_map_page(object, offset);
463 if (sf == NULL)
464 return (KERN_FAILURE);
465 off = offset - trunc_page(offset);
466 sz = end - start;
467 if (sz > PAGE_SIZE - off)
468 sz = PAGE_SIZE - off;
469 error = copyout((caddr_t)sf_buf_kva(sf) + off,
470 (caddr_t)start, sz);
471 vm_imgact_unmap_page(sf);
472 if (error) {
473 return (KERN_FAILURE);
474 }
475 offset += sz;
476 }
477 rv = KERN_SUCCESS;
478 } else {
479 vm_object_reference(object);
480 vm_map_lock(map);
481 rv = vm_map_insert(map, object, offset, start, end,
482 prot, VM_PROT_ALL, cow);
483 vm_map_unlock(map);
484 if (rv != KERN_SUCCESS)
485 vm_object_deallocate(object);
486 }
487 return (rv);
488 } else {
489 return (KERN_SUCCESS);
490 }
491 }
492
493 static int
494 __elfN(load_section)(struct image_params *imgp, vm_offset_t offset,
495 caddr_t vmaddr, size_t memsz, size_t filsz, vm_prot_t prot,
496 size_t pagesize)
497 {
498 struct sf_buf *sf;
499 size_t map_len;
500 vm_map_t map;
501 vm_object_t object;
502 vm_offset_t map_addr;
503 int error, rv, cow;
504 size_t copy_len;
505 vm_offset_t file_addr;
506
507 /*
508 * It's necessary to fail if the filsz + offset taken from the
509 * header is greater than the actual file pager object's size.
510 * If we were to allow this, then the vm_map_find() below would
511 * walk right off the end of the file object and into the ether.
512 *
513 * While I'm here, might as well check for something else that
514 * is invalid: filsz cannot be greater than memsz.
515 */
516 if ((off_t)filsz + offset > imgp->attr->va_size || filsz > memsz) {
517 uprintf("elf_load_section: truncated ELF file\n");
518 return (ENOEXEC);
519 }
520
521 object = imgp->object;
522 map = &imgp->proc->p_vmspace->vm_map;
523 map_addr = trunc_page_ps((vm_offset_t)vmaddr, pagesize);
524 file_addr = trunc_page_ps(offset, pagesize);
525
526 /*
527 * We have two choices. We can either clear the data in the last page
528 * of an oversized mapping, or we can start the anon mapping a page
529 * early and copy the initialized data into that first page. We
530 * choose the second..
531 */
532 if (memsz > filsz)
533 map_len = trunc_page_ps(offset + filsz, pagesize) - file_addr;
534 else
535 map_len = round_page_ps(offset + filsz, pagesize) - file_addr;
536
537 if (map_len != 0) {
538 /* cow flags: don't dump readonly sections in core */
539 cow = MAP_COPY_ON_WRITE | MAP_PREFAULT |
540 (prot & VM_PROT_WRITE ? 0 : MAP_DISABLE_COREDUMP);
541
542 rv = __elfN(map_insert)(map,
543 object,
544 file_addr, /* file offset */
545 map_addr, /* virtual start */
546 map_addr + map_len,/* virtual end */
547 prot,
548 cow);
549 if (rv != KERN_SUCCESS)
550 return (EINVAL);
551
552 /* we can stop now if we've covered it all */
553 if (memsz == filsz) {
554 return (0);
555 }
556 }
557
558
559 /*
560 * We have to get the remaining bit of the file into the first part
561 * of the oversized map segment. This is normally because the .data
562 * segment in the file is extended to provide bss. It's a neat idea
563 * to try and save a page, but it's a pain in the behind to implement.
564 */
565 copy_len = (offset + filsz) - trunc_page_ps(offset + filsz, pagesize);
566 map_addr = trunc_page_ps((vm_offset_t)vmaddr + filsz, pagesize);
567 map_len = round_page_ps((vm_offset_t)vmaddr + memsz, pagesize) -
568 map_addr;
569
570 /* This had damn well better be true! */
571 if (map_len != 0) {
572 rv = __elfN(map_insert)(map, NULL, 0, map_addr, map_addr +
573 map_len, VM_PROT_ALL, 0);
574 if (rv != KERN_SUCCESS) {
575 return (EINVAL);
576 }
577 }
578
579 if (copy_len != 0) {
580 vm_offset_t off;
581
582 sf = vm_imgact_map_page(object, offset + filsz);
583 if (sf == NULL)
584 return (EIO);
585
586 /* send the page fragment to user space */
587 off = trunc_page_ps(offset + filsz, pagesize) -
588 trunc_page(offset + filsz);
589 error = copyout((caddr_t)sf_buf_kva(sf) + off,
590 (caddr_t)map_addr, copy_len);
591 vm_imgact_unmap_page(sf);
592 if (error) {
593 return (error);
594 }
595 }
596
597 /*
598 * set it to the specified protection.
599 * XXX had better undo the damage from pasting over the cracks here!
600 */
601 vm_map_protect(map, trunc_page(map_addr), round_page(map_addr +
602 map_len), prot, FALSE);
603
604 return (0);
605 }
606
607 /*
608 * Load the file "file" into memory. It may be either a shared object
609 * or an executable.
610 *
611 * The "addr" reference parameter is in/out. On entry, it specifies
612 * the address where a shared object should be loaded. If the file is
613 * an executable, this value is ignored. On exit, "addr" specifies
614 * where the file was actually loaded.
615 *
616 * The "entry" reference parameter is out only. On exit, it specifies
617 * the entry point for the loaded file.
618 */
619 static int
620 __elfN(load_file)(struct proc *p, const char *file, u_long *addr,
621 u_long *entry, size_t pagesize)
622 {
623 struct {
624 struct nameidata nd;
625 struct vattr attr;
626 struct image_params image_params;
627 } *tempdata;
628 const Elf_Ehdr *hdr = NULL;
629 const Elf_Phdr *phdr = NULL;
630 struct nameidata *nd;
631 struct vattr *attr;
632 struct image_params *imgp;
633 vm_prot_t prot;
634 u_long rbase;
635 u_long base_addr = 0;
636 int error, i, numsegs;
637
638 #ifdef CAPABILITY_MODE
639 /*
640 * XXXJA: This check can go away once we are sufficiently confident
641 * that the checks in namei() are correct.
642 */
643 if (IN_CAPABILITY_MODE(curthread))
644 return (ECAPMODE);
645 #endif
646
647 tempdata = malloc(sizeof(*tempdata), M_TEMP, M_WAITOK);
648 nd = &tempdata->nd;
649 attr = &tempdata->attr;
650 imgp = &tempdata->image_params;
651
652 /*
653 * Initialize part of the common data
654 */
655 imgp->proc = p;
656 imgp->attr = attr;
657 imgp->firstpage = NULL;
658 imgp->image_header = NULL;
659 imgp->object = NULL;
660 imgp->execlabel = NULL;
661
662 NDINIT(nd, LOOKUP, LOCKLEAF | FOLLOW, UIO_SYSSPACE, file, curthread);
663 if ((error = namei(nd)) != 0) {
664 nd->ni_vp = NULL;
665 goto fail;
666 }
667 NDFREE(nd, NDF_ONLY_PNBUF);
668 imgp->vp = nd->ni_vp;
669
670 /*
671 * Check permissions, modes, uid, etc on the file, and "open" it.
672 */
673 error = exec_check_permissions(imgp);
674 if (error)
675 goto fail;
676
677 error = exec_map_first_page(imgp);
678 if (error)
679 goto fail;
680
681 /*
682 * Also make certain that the interpreter stays the same, so set
683 * its VV_TEXT flag, too.
684 */
685 VOP_SET_TEXT(nd->ni_vp);
686
687 imgp->object = nd->ni_vp->v_object;
688
689 hdr = (const Elf_Ehdr *)imgp->image_header;
690 if ((error = __elfN(check_header)(hdr)) != 0)
691 goto fail;
692 if (hdr->e_type == ET_DYN)
693 rbase = *addr;
694 else if (hdr->e_type == ET_EXEC)
695 rbase = 0;
696 else {
697 error = ENOEXEC;
698 goto fail;
699 }
700
701 /* Only support headers that fit within first page for now */
702 if ((hdr->e_phoff > PAGE_SIZE) ||
703 (u_int)hdr->e_phentsize * hdr->e_phnum > PAGE_SIZE - hdr->e_phoff) {
704 error = ENOEXEC;
705 goto fail;
706 }
707
708 phdr = (const Elf_Phdr *)(imgp->image_header + hdr->e_phoff);
709 if (!aligned(phdr, Elf_Addr)) {
710 error = ENOEXEC;
711 goto fail;
712 }
713
714 for (i = 0, numsegs = 0; i < hdr->e_phnum; i++) {
715 if (phdr[i].p_type == PT_LOAD && phdr[i].p_memsz != 0) {
716 /* Loadable segment */
717 prot = __elfN(trans_prot)(phdr[i].p_flags);
718 error = __elfN(load_section)(imgp, phdr[i].p_offset,
719 (caddr_t)(uintptr_t)phdr[i].p_vaddr + rbase,
720 phdr[i].p_memsz, phdr[i].p_filesz, prot, pagesize);
721 if (error != 0)
722 goto fail;
723 /*
724 * Establish the base address if this is the
725 * first segment.
726 */
727 if (numsegs == 0)
728 base_addr = trunc_page(phdr[i].p_vaddr +
729 rbase);
730 numsegs++;
731 }
732 }
733 *addr = base_addr;
734 *entry = (unsigned long)hdr->e_entry + rbase;
735
736 fail:
737 if (imgp->firstpage)
738 exec_unmap_first_page(imgp);
739
740 if (nd->ni_vp)
741 vput(nd->ni_vp);
742
743 free(tempdata, M_TEMP);
744
745 return (error);
746 }
747
748 static int
749 __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp)
750 {
751 struct thread *td;
752 const Elf_Ehdr *hdr;
753 const Elf_Phdr *phdr;
754 Elf_Auxargs *elf_auxargs;
755 struct vmspace *vmspace;
756 const char *err_str, *newinterp;
757 char *interp, *interp_buf, *path;
758 Elf_Brandinfo *brand_info;
759 struct sysentvec *sv;
760 vm_prot_t prot;
761 u_long text_size, data_size, total_size, text_addr, data_addr;
762 u_long seg_size, seg_addr, addr, baddr, et_dyn_addr, entry, proghdr;
763 int32_t osrel;
764 int error, i, n, interp_name_len, have_interp;
765
766 hdr = (const Elf_Ehdr *)imgp->image_header;
767
768 /*
769 * Do we have a valid ELF header ?
770 *
771 * Only allow ET_EXEC & ET_DYN here, reject ET_DYN later
772 * if particular brand doesn't support it.
773 */
774 if (__elfN(check_header)(hdr) != 0 ||
775 (hdr->e_type != ET_EXEC && hdr->e_type != ET_DYN))
776 return (-1);
777
778 /*
779 * From here on down, we return an errno, not -1, as we've
780 * detected an ELF file.
781 */
782
783 if ((hdr->e_phoff > PAGE_SIZE) ||
784 (u_int)hdr->e_phentsize * hdr->e_phnum > PAGE_SIZE - hdr->e_phoff) {
785 /* Only support headers in first page for now */
786 uprintf("Program headers not in the first page\n");
787 return (ENOEXEC);
788 }
789 phdr = (const Elf_Phdr *)(imgp->image_header + hdr->e_phoff);
790 if (!aligned(phdr, Elf_Addr)) {
791 uprintf("Unaligned program headers\n");
792 return (ENOEXEC);
793 }
794
795 n = error = 0;
796 baddr = 0;
797 osrel = 0;
798 text_size = data_size = total_size = text_addr = data_addr = 0;
799 entry = proghdr = 0;
800 interp_name_len = 0;
801 err_str = newinterp = NULL;
802 interp = interp_buf = NULL;
803 td = curthread;
804
805 for (i = 0; i < hdr->e_phnum; i++) {
806 switch (phdr[i].p_type) {
807 case PT_LOAD:
808 if (n == 0)
809 baddr = phdr[i].p_vaddr;
810 n++;
811 break;
812 case PT_INTERP:
813 /* Path to interpreter */
814 if (phdr[i].p_filesz > MAXPATHLEN) {
815 uprintf("Invalid PT_INTERP\n");
816 error = ENOEXEC;
817 goto ret;
818 }
819 if (interp != NULL) {
820 uprintf("Multiple PT_INTERP headers\n");
821 error = ENOEXEC;
822 goto ret;
823 }
824 interp_name_len = phdr[i].p_filesz;
825 if (phdr[i].p_offset > PAGE_SIZE ||
826 interp_name_len > PAGE_SIZE - phdr[i].p_offset) {
827 VOP_UNLOCK(imgp->vp, 0);
828 interp_buf = malloc(interp_name_len + 1, M_TEMP,
829 M_WAITOK);
830 vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY);
831 error = vn_rdwr(UIO_READ, imgp->vp, interp_buf,
832 interp_name_len, phdr[i].p_offset,
833 UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred,
834 NOCRED, NULL, td);
835 if (error != 0) {
836 uprintf("i/o error PT_INTERP\n");
837 goto ret;
838 }
839 interp_buf[interp_name_len] = '\0';
840 interp = interp_buf;
841 } else {
842 interp = __DECONST(char *, imgp->image_header) +
843 phdr[i].p_offset;
844 }
845 break;
846 case PT_GNU_STACK:
847 if (__elfN(nxstack))
848 imgp->stack_prot =
849 __elfN(trans_prot)(phdr[i].p_flags);
850 imgp->stack_sz = phdr[i].p_memsz;
851 break;
852 }
853 }
854
855 brand_info = __elfN(get_brandinfo)(imgp, interp, interp_name_len,
856 &osrel);
857 if (brand_info == NULL) {
858 uprintf("ELF binary type \"%u\" not known.\n",
859 hdr->e_ident[EI_OSABI]);
860 error = ENOEXEC;
861 goto ret;
862 }
863 if (hdr->e_type == ET_DYN) {
864 if ((brand_info->flags & BI_CAN_EXEC_DYN) == 0) {
865 uprintf("Cannot execute shared object\n");
866 error = ENOEXEC;
867 goto ret;
868 }
869 /*
870 * Honour the base load address from the dso if it is
871 * non-zero for some reason.
872 */
873 if (baddr == 0)
874 et_dyn_addr = ET_DYN_LOAD_ADDR;
875 else
876 et_dyn_addr = 0;
877 } else
878 et_dyn_addr = 0;
879 sv = brand_info->sysvec;
880 if (interp != NULL && brand_info->interp_newpath != NULL)
881 newinterp = brand_info->interp_newpath;
882
883 /*
884 * Avoid a possible deadlock if the current address space is destroyed
885 * and that address space maps the locked vnode. In the common case,
886 * the locked vnode's v_usecount is decremented but remains greater
887 * than zero. Consequently, the vnode lock is not needed by vrele().
888 * However, in cases where the vnode lock is external, such as nullfs,
889 * v_usecount may become zero.
890 *
891 * The VV_TEXT flag prevents modifications to the executable while
892 * the vnode is unlocked.
893 */
894 VOP_UNLOCK(imgp->vp, 0);
895
896 error = exec_new_vmspace(imgp, sv);
897 imgp->proc->p_sysent = sv;
898
899 vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY);
900 if (error != 0)
901 goto ret;
902
903 for (i = 0; i < hdr->e_phnum; i++) {
904 switch (phdr[i].p_type) {
905 case PT_LOAD: /* Loadable segment */
906 if (phdr[i].p_memsz == 0)
907 break;
908 prot = __elfN(trans_prot)(phdr[i].p_flags);
909 error = __elfN(load_section)(imgp, phdr[i].p_offset,
910 (caddr_t)(uintptr_t)phdr[i].p_vaddr + et_dyn_addr,
911 phdr[i].p_memsz, phdr[i].p_filesz, prot,
912 sv->sv_pagesize);
913 if (error != 0)
914 goto ret;
915
916 /*
917 * If this segment contains the program headers,
918 * remember their virtual address for the AT_PHDR
919 * aux entry. Static binaries don't usually include
920 * a PT_PHDR entry.
921 */
922 if (phdr[i].p_offset == 0 &&
923 hdr->e_phoff + hdr->e_phnum * hdr->e_phentsize
924 <= phdr[i].p_filesz)
925 proghdr = phdr[i].p_vaddr + hdr->e_phoff +
926 et_dyn_addr;
927
928 seg_addr = trunc_page(phdr[i].p_vaddr + et_dyn_addr);
929 seg_size = round_page(phdr[i].p_memsz +
930 phdr[i].p_vaddr + et_dyn_addr - seg_addr);
931
932 /*
933 * Make the largest executable segment the official
934 * text segment and all others data.
935 *
936 * Note that obreak() assumes that data_addr +
937 * data_size == end of data load area, and the ELF
938 * file format expects segments to be sorted by
939 * address. If multiple data segments exist, the
940 * last one will be used.
941 */
942
943 if (phdr[i].p_flags & PF_X && text_size < seg_size) {
944 text_size = seg_size;
945 text_addr = seg_addr;
946 } else {
947 data_size = seg_size;
948 data_addr = seg_addr;
949 }
950 total_size += seg_size;
951 break;
952 case PT_PHDR: /* Program header table info */
953 proghdr = phdr[i].p_vaddr + et_dyn_addr;
954 break;
955 default:
956 break;
957 }
958 }
959
960 if (data_addr == 0 && data_size == 0) {
961 data_addr = text_addr;
962 data_size = text_size;
963 }
964
965 entry = (u_long)hdr->e_entry + et_dyn_addr;
966
967 /*
968 * Check limits. It should be safe to check the
969 * limits after loading the segments since we do
970 * not actually fault in all the segments pages.
971 */
972 PROC_LOCK(imgp->proc);
973 if (data_size > lim_cur_proc(imgp->proc, RLIMIT_DATA))
974 err_str = "Data segment size exceeds process limit";
975 else if (text_size > maxtsiz)
976 err_str = "Text segment size exceeds system limit";
977 else if (total_size > lim_cur_proc(imgp->proc, RLIMIT_VMEM))
978 err_str = "Total segment size exceeds process limit";
979 else if (racct_set(imgp->proc, RACCT_DATA, data_size) != 0)
980 err_str = "Data segment size exceeds resource limit";
981 else if (racct_set(imgp->proc, RACCT_VMEM, total_size) != 0)
982 err_str = "Total segment size exceeds resource limit";
983 if (err_str != NULL) {
984 PROC_UNLOCK(imgp->proc);
985 uprintf("%s\n", err_str);
986 error = ENOMEM;
987 goto ret;
988 }
989
990 vmspace = imgp->proc->p_vmspace;
991 vmspace->vm_tsize = text_size >> PAGE_SHIFT;
992 vmspace->vm_taddr = (caddr_t)(uintptr_t)text_addr;
993 vmspace->vm_dsize = data_size >> PAGE_SHIFT;
994 vmspace->vm_daddr = (caddr_t)(uintptr_t)data_addr;
995
996 /*
997 * We load the dynamic linker where a userland call
998 * to mmap(0, ...) would put it. The rationale behind this
999 * calculation is that it leaves room for the heap to grow to
1000 * its maximum allowed size.
1001 */
1002 addr = round_page((vm_offset_t)vmspace->vm_daddr + lim_max(td,
1003 RLIMIT_DATA));
1004 PROC_UNLOCK(imgp->proc);
1005
1006 imgp->entry_addr = entry;
1007
1008 if (interp != NULL) {
1009 have_interp = FALSE;
1010 VOP_UNLOCK(imgp->vp, 0);
1011 if (brand_info->emul_path != NULL &&
1012 brand_info->emul_path[0] != '\0') {
1013 path = malloc(MAXPATHLEN, M_TEMP, M_WAITOK);
1014 snprintf(path, MAXPATHLEN, "%s%s",
1015 brand_info->emul_path, interp);
1016 error = __elfN(load_file)(imgp->proc, path, &addr,
1017 &imgp->entry_addr, sv->sv_pagesize);
1018 free(path, M_TEMP);
1019 if (error == 0)
1020 have_interp = TRUE;
1021 }
1022 if (!have_interp && newinterp != NULL &&
1023 (brand_info->interp_path == NULL ||
1024 strcmp(interp, brand_info->interp_path) == 0)) {
1025 error = __elfN(load_file)(imgp->proc, newinterp, &addr,
1026 &imgp->entry_addr, sv->sv_pagesize);
1027 if (error == 0)
1028 have_interp = TRUE;
1029 }
1030 if (!have_interp) {
1031 error = __elfN(load_file)(imgp->proc, interp, &addr,
1032 &imgp->entry_addr, sv->sv_pagesize);
1033 }
1034 vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY);
1035 if (error != 0) {
1036 uprintf("ELF interpreter %s not found, error %d\n",
1037 interp, error);
1038 goto ret;
1039 }
1040 } else
1041 addr = et_dyn_addr;
1042
1043 /*
1044 * Construct auxargs table (used by the fixup routine)
1045 */
1046 elf_auxargs = malloc(sizeof(Elf_Auxargs), M_TEMP, M_WAITOK);
1047 elf_auxargs->execfd = -1;
1048 elf_auxargs->phdr = proghdr;
1049 elf_auxargs->phent = hdr->e_phentsize;
1050 elf_auxargs->phnum = hdr->e_phnum;
1051 elf_auxargs->pagesz = PAGE_SIZE;
1052 elf_auxargs->base = addr;
1053 elf_auxargs->flags = 0;
1054 elf_auxargs->entry = entry;
1055 elf_auxargs->hdr_eflags = hdr->e_flags;
1056
1057 imgp->auxargs = elf_auxargs;
1058 imgp->interpreted = 0;
1059 imgp->reloc_base = addr;
1060 imgp->proc->p_osrel = osrel;
1061
1062 ret:
1063 free(interp_buf, M_TEMP);
1064 return (error);
1065 }
1066
1067 #define suword __CONCAT(suword, __ELF_WORD_SIZE)
1068
1069 int
1070 __elfN(freebsd_fixup)(register_t **stack_base, struct image_params *imgp)
1071 {
1072 Elf_Auxargs *args = (Elf_Auxargs *)imgp->auxargs;
1073 Elf_Addr *base;
1074 Elf_Addr *pos;
1075
1076 base = (Elf_Addr *)*stack_base;
1077 pos = base + (imgp->args->argc + imgp->args->envc + 2);
1078
1079 if (args->execfd != -1)
1080 AUXARGS_ENTRY(pos, AT_EXECFD, args->execfd);
1081 AUXARGS_ENTRY(pos, AT_PHDR, args->phdr);
1082 AUXARGS_ENTRY(pos, AT_PHENT, args->phent);
1083 AUXARGS_ENTRY(pos, AT_PHNUM, args->phnum);
1084 AUXARGS_ENTRY(pos, AT_PAGESZ, args->pagesz);
1085 AUXARGS_ENTRY(pos, AT_FLAGS, args->flags);
1086 AUXARGS_ENTRY(pos, AT_ENTRY, args->entry);
1087 AUXARGS_ENTRY(pos, AT_BASE, args->base);
1088 #ifdef AT_EHDRFLAGS
1089 AUXARGS_ENTRY(pos, AT_EHDRFLAGS, args->hdr_eflags);
1090 #endif
1091 if (imgp->execpathp != 0)
1092 AUXARGS_ENTRY(pos, AT_EXECPATH, imgp->execpathp);
1093 AUXARGS_ENTRY(pos, AT_OSRELDATE,
1094 imgp->proc->p_ucred->cr_prison->pr_osreldate);
1095 if (imgp->canary != 0) {
1096 AUXARGS_ENTRY(pos, AT_CANARY, imgp->canary);
1097 AUXARGS_ENTRY(pos, AT_CANARYLEN, imgp->canarylen);
1098 }
1099 AUXARGS_ENTRY(pos, AT_NCPUS, mp_ncpus);
1100 if (imgp->pagesizes != 0) {
1101 AUXARGS_ENTRY(pos, AT_PAGESIZES, imgp->pagesizes);
1102 AUXARGS_ENTRY(pos, AT_PAGESIZESLEN, imgp->pagesizeslen);
1103 }
1104 if (imgp->sysent->sv_timekeep_base != 0) {
1105 AUXARGS_ENTRY(pos, AT_TIMEKEEP,
1106 imgp->sysent->sv_timekeep_base);
1107 }
1108 AUXARGS_ENTRY(pos, AT_STACKPROT, imgp->sysent->sv_shared_page_obj
1109 != NULL && imgp->stack_prot != 0 ? imgp->stack_prot :
1110 imgp->sysent->sv_stackprot);
1111 AUXARGS_ENTRY(pos, AT_NULL, 0);
1112
1113 free(imgp->auxargs, M_TEMP);
1114 imgp->auxargs = NULL;
1115
1116 base--;
1117 suword(base, (long)imgp->args->argc);
1118 *stack_base = (register_t *)base;
1119 return (0);
1120 }
1121
1122 /*
1123 * Code for generating ELF core dumps.
1124 */
1125
1126 typedef void (*segment_callback)(vm_map_entry_t, void *);
1127
1128 /* Closure for cb_put_phdr(). */
1129 struct phdr_closure {
1130 Elf_Phdr *phdr; /* Program header to fill in */
1131 Elf_Off offset; /* Offset of segment in core file */
1132 };
1133
1134 /* Closure for cb_size_segment(). */
1135 struct sseg_closure {
1136 int count; /* Count of writable segments. */
1137 size_t size; /* Total size of all writable segments. */
1138 };
1139
1140 typedef void (*outfunc_t)(void *, struct sbuf *, size_t *);
1141
1142 struct note_info {
1143 int type; /* Note type. */
1144 outfunc_t outfunc; /* Output function. */
1145 void *outarg; /* Argument for the output function. */
1146 size_t outsize; /* Output size. */
1147 TAILQ_ENTRY(note_info) link; /* Link to the next note info. */
1148 };
1149
1150 TAILQ_HEAD(note_info_list, note_info);
1151
1152 /* Coredump output parameters. */
1153 struct coredump_params {
1154 off_t offset;
1155 struct ucred *active_cred;
1156 struct ucred *file_cred;
1157 struct thread *td;
1158 struct vnode *vp;
1159 struct gzio_stream *gzs;
1160 };
1161
1162 static void cb_put_phdr(vm_map_entry_t, void *);
1163 static void cb_size_segment(vm_map_entry_t, void *);
1164 static int core_write(struct coredump_params *, void *, size_t, off_t,
1165 enum uio_seg);
1166 static void each_writable_segment(struct thread *, segment_callback, void *);
1167 static int __elfN(corehdr)(struct coredump_params *, int, void *, size_t,
1168 struct note_info_list *, size_t);
1169 static void __elfN(prepare_notes)(struct thread *, struct note_info_list *,
1170 size_t *);
1171 static void __elfN(puthdr)(struct thread *, void *, size_t, int, size_t);
1172 static void __elfN(putnote)(struct note_info *, struct sbuf *);
1173 static size_t register_note(struct note_info_list *, int, outfunc_t, void *);
1174 static int sbuf_drain_core_output(void *, const char *, int);
1175 static int sbuf_drain_count(void *arg, const char *data, int len);
1176
1177 static void __elfN(note_fpregset)(void *, struct sbuf *, size_t *);
1178 static void __elfN(note_prpsinfo)(void *, struct sbuf *, size_t *);
1179 static void __elfN(note_prstatus)(void *, struct sbuf *, size_t *);
1180 static void __elfN(note_threadmd)(void *, struct sbuf *, size_t *);
1181 static void __elfN(note_thrmisc)(void *, struct sbuf *, size_t *);
1182 static void __elfN(note_procstat_auxv)(void *, struct sbuf *, size_t *);
1183 static void __elfN(note_procstat_proc)(void *, struct sbuf *, size_t *);
1184 static void __elfN(note_procstat_psstrings)(void *, struct sbuf *, size_t *);
1185 static void note_procstat_files(void *, struct sbuf *, size_t *);
1186 static void note_procstat_groups(void *, struct sbuf *, size_t *);
1187 static void note_procstat_osrel(void *, struct sbuf *, size_t *);
1188 static void note_procstat_rlimit(void *, struct sbuf *, size_t *);
1189 static void note_procstat_umask(void *, struct sbuf *, size_t *);
1190 static void note_procstat_vmmap(void *, struct sbuf *, size_t *);
1191
1192 #ifdef GZIO
1193 extern int compress_user_cores_gzlevel;
1194
1195 /*
1196 * Write out a core segment to the compression stream.
1197 */
1198 static int
1199 compress_chunk(struct coredump_params *p, char *base, char *buf, u_int len)
1200 {
1201 u_int chunk_len;
1202 int error;
1203
1204 while (len > 0) {
1205 chunk_len = MIN(len, CORE_BUF_SIZE);
1206 copyin(base, buf, chunk_len);
1207 error = gzio_write(p->gzs, buf, chunk_len);
1208 if (error != 0)
1209 break;
1210 base += chunk_len;
1211 len -= chunk_len;
1212 }
1213 return (error);
1214 }
1215
1216 static int
1217 core_gz_write(void *base, size_t len, off_t offset, void *arg)
1218 {
1219
1220 return (core_write((struct coredump_params *)arg, base, len, offset,
1221 UIO_SYSSPACE));
1222 }
1223 #endif /* GZIO */
1224
1225 static int
1226 core_write(struct coredump_params *p, void *base, size_t len, off_t offset,
1227 enum uio_seg seg)
1228 {
1229
1230 return (vn_rdwr_inchunks(UIO_WRITE, p->vp, base, len, offset,
1231 seg, IO_UNIT | IO_DIRECT | IO_RANGELOCKED,
1232 p->active_cred, p->file_cred, NULL, p->td));
1233 }
1234
1235 static int
1236 core_output(void *base, size_t len, off_t offset, struct coredump_params *p,
1237 void *tmpbuf)
1238 {
1239
1240 #ifdef GZIO
1241 if (p->gzs != NULL)
1242 return (compress_chunk(p, base, tmpbuf, len));
1243 #endif
1244 return (core_write(p, base, len, offset, UIO_USERSPACE));
1245 }
1246
1247 /*
1248 * Drain into a core file.
1249 */
1250 static int
1251 sbuf_drain_core_output(void *arg, const char *data, int len)
1252 {
1253 struct coredump_params *p;
1254 int error, locked;
1255
1256 p = (struct coredump_params *)arg;
1257
1258 /*
1259 * Some kern_proc out routines that print to this sbuf may
1260 * call us with the process lock held. Draining with the
1261 * non-sleepable lock held is unsafe. The lock is needed for
1262 * those routines when dumping a live process. In our case we
1263 * can safely release the lock before draining and acquire
1264 * again after.
1265 */
1266 locked = PROC_LOCKED(p->td->td_proc);
1267 if (locked)
1268 PROC_UNLOCK(p->td->td_proc);
1269 #ifdef GZIO
1270 if (p->gzs != NULL)
1271 error = gzio_write(p->gzs, __DECONST(char *, data), len);
1272 else
1273 #endif
1274 error = core_write(p, __DECONST(void *, data), len, p->offset,
1275 UIO_SYSSPACE);
1276 if (locked)
1277 PROC_LOCK(p->td->td_proc);
1278 if (error != 0)
1279 return (-error);
1280 p->offset += len;
1281 return (len);
1282 }
1283
1284 /*
1285 * Drain into a counter.
1286 */
1287 static int
1288 sbuf_drain_count(void *arg, const char *data __unused, int len)
1289 {
1290 size_t *sizep;
1291
1292 sizep = (size_t *)arg;
1293 *sizep += len;
1294 return (len);
1295 }
1296
1297 int
1298 __elfN(coredump)(struct thread *td, struct vnode *vp, off_t limit, int flags)
1299 {
1300 struct ucred *cred = td->td_ucred;
1301 int error = 0;
1302 struct sseg_closure seginfo;
1303 struct note_info_list notelst;
1304 struct coredump_params params;
1305 struct note_info *ninfo;
1306 void *hdr, *tmpbuf;
1307 size_t hdrsize, notesz, coresize;
1308 #ifdef GZIO
1309 boolean_t compress;
1310
1311 compress = (flags & IMGACT_CORE_COMPRESS) != 0;
1312 #endif
1313 hdr = NULL;
1314 tmpbuf = NULL;
1315 TAILQ_INIT(&notelst);
1316
1317 /* Size the program segments. */
1318 seginfo.count = 0;
1319 seginfo.size = 0;
1320 each_writable_segment(td, cb_size_segment, &seginfo);
1321
1322 /*
1323 * Collect info about the core file header area.
1324 */
1325 hdrsize = sizeof(Elf_Ehdr) + sizeof(Elf_Phdr) * (1 + seginfo.count);
1326 __elfN(prepare_notes)(td, &notelst, &notesz);
1327 coresize = round_page(hdrsize + notesz) + seginfo.size;
1328
1329 /* Set up core dump parameters. */
1330 params.offset = 0;
1331 params.active_cred = cred;
1332 params.file_cred = NOCRED;
1333 params.td = td;
1334 params.vp = vp;
1335 params.gzs = NULL;
1336
1337 #ifdef RACCT
1338 if (racct_enable) {
1339 PROC_LOCK(td->td_proc);
1340 error = racct_add(td->td_proc, RACCT_CORE, coresize);
1341 PROC_UNLOCK(td->td_proc);
1342 if (error != 0) {
1343 error = EFAULT;
1344 goto done;
1345 }
1346 }
1347 #endif
1348 if (coresize >= limit) {
1349 error = EFAULT;
1350 goto done;
1351 }
1352
1353 #ifdef GZIO
1354 /* Create a compression stream if necessary. */
1355 if (compress) {
1356 params.gzs = gzio_init(core_gz_write, GZIO_DEFLATE,
1357 CORE_BUF_SIZE, compress_user_cores_gzlevel, &params);
1358 if (params.gzs == NULL) {
1359 error = EFAULT;
1360 goto done;
1361 }
1362 tmpbuf = malloc(CORE_BUF_SIZE, M_TEMP, M_WAITOK | M_ZERO);
1363 }
1364 #endif
1365
1366 /*
1367 * Allocate memory for building the header, fill it up,
1368 * and write it out following the notes.
1369 */
1370 hdr = malloc(hdrsize, M_TEMP, M_WAITOK);
1371 error = __elfN(corehdr)(&params, seginfo.count, hdr, hdrsize, &notelst,
1372 notesz);
1373
1374 /* Write the contents of all of the writable segments. */
1375 if (error == 0) {
1376 Elf_Phdr *php;
1377 off_t offset;
1378 int i;
1379
1380 php = (Elf_Phdr *)((char *)hdr + sizeof(Elf_Ehdr)) + 1;
1381 offset = round_page(hdrsize + notesz);
1382 for (i = 0; i < seginfo.count; i++) {
1383 error = core_output((caddr_t)(uintptr_t)php->p_vaddr,
1384 php->p_filesz, offset, &params, tmpbuf);
1385 if (error != 0)
1386 break;
1387 offset += php->p_filesz;
1388 php++;
1389 }
1390 #ifdef GZIO
1391 if (error == 0 && compress)
1392 error = gzio_flush(params.gzs);
1393 #endif
1394 }
1395 if (error) {
1396 log(LOG_WARNING,
1397 "Failed to write core file for process %s (error %d)\n",
1398 curproc->p_comm, error);
1399 }
1400
1401 done:
1402 #ifdef GZIO
1403 if (compress) {
1404 free(tmpbuf, M_TEMP);
1405 if (params.gzs != NULL)
1406 gzio_fini(params.gzs);
1407 }
1408 #endif
1409 while ((ninfo = TAILQ_FIRST(&notelst)) != NULL) {
1410 TAILQ_REMOVE(&notelst, ninfo, link);
1411 free(ninfo, M_TEMP);
1412 }
1413 if (hdr != NULL)
1414 free(hdr, M_TEMP);
1415
1416 return (error);
1417 }
1418
1419 /*
1420 * A callback for each_writable_segment() to write out the segment's
1421 * program header entry.
1422 */
1423 static void
1424 cb_put_phdr(entry, closure)
1425 vm_map_entry_t entry;
1426 void *closure;
1427 {
1428 struct phdr_closure *phc = (struct phdr_closure *)closure;
1429 Elf_Phdr *phdr = phc->phdr;
1430
1431 phc->offset = round_page(phc->offset);
1432
1433 phdr->p_type = PT_LOAD;
1434 phdr->p_offset = phc->offset;
1435 phdr->p_vaddr = entry->start;
1436 phdr->p_paddr = 0;
1437 phdr->p_filesz = phdr->p_memsz = entry->end - entry->start;
1438 phdr->p_align = PAGE_SIZE;
1439 phdr->p_flags = __elfN(untrans_prot)(entry->protection);
1440
1441 phc->offset += phdr->p_filesz;
1442 phc->phdr++;
1443 }
1444
1445 /*
1446 * A callback for each_writable_segment() to gather information about
1447 * the number of segments and their total size.
1448 */
1449 static void
1450 cb_size_segment(entry, closure)
1451 vm_map_entry_t entry;
1452 void *closure;
1453 {
1454 struct sseg_closure *ssc = (struct sseg_closure *)closure;
1455
1456 ssc->count++;
1457 ssc->size += entry->end - entry->start;
1458 }
1459
1460 /*
1461 * For each writable segment in the process's memory map, call the given
1462 * function with a pointer to the map entry and some arbitrary
1463 * caller-supplied data.
1464 */
1465 static void
1466 each_writable_segment(td, func, closure)
1467 struct thread *td;
1468 segment_callback func;
1469 void *closure;
1470 {
1471 struct proc *p = td->td_proc;
1472 vm_map_t map = &p->p_vmspace->vm_map;
1473 vm_map_entry_t entry;
1474 vm_object_t backing_object, object;
1475 boolean_t ignore_entry;
1476
1477 vm_map_lock_read(map);
1478 for (entry = map->header.next; entry != &map->header;
1479 entry = entry->next) {
1480 /*
1481 * Don't dump inaccessible mappings, deal with legacy
1482 * coredump mode.
1483 *
1484 * Note that read-only segments related to the elf binary
1485 * are marked MAP_ENTRY_NOCOREDUMP now so we no longer
1486 * need to arbitrarily ignore such segments.
1487 */
1488 if (elf_legacy_coredump) {
1489 if ((entry->protection & VM_PROT_RW) != VM_PROT_RW)
1490 continue;
1491 } else {
1492 if ((entry->protection & VM_PROT_ALL) == 0)
1493 continue;
1494 }
1495
1496 /*
1497 * Dont include memory segment in the coredump if
1498 * MAP_NOCORE is set in mmap(2) or MADV_NOCORE in
1499 * madvise(2). Do not dump submaps (i.e. parts of the
1500 * kernel map).
1501 */
1502 if (entry->eflags & (MAP_ENTRY_NOCOREDUMP|MAP_ENTRY_IS_SUB_MAP))
1503 continue;
1504
1505 if ((object = entry->object.vm_object) == NULL)
1506 continue;
1507
1508 /* Ignore memory-mapped devices and such things. */
1509 VM_OBJECT_RLOCK(object);
1510 while ((backing_object = object->backing_object) != NULL) {
1511 VM_OBJECT_RLOCK(backing_object);
1512 VM_OBJECT_RUNLOCK(object);
1513 object = backing_object;
1514 }
1515 ignore_entry = object->type != OBJT_DEFAULT &&
1516 object->type != OBJT_SWAP && object->type != OBJT_VNODE &&
1517 object->type != OBJT_PHYS;
1518 VM_OBJECT_RUNLOCK(object);
1519 if (ignore_entry)
1520 continue;
1521
1522 (*func)(entry, closure);
1523 }
1524 vm_map_unlock_read(map);
1525 }
1526
1527 /*
1528 * Write the core file header to the file, including padding up to
1529 * the page boundary.
1530 */
1531 static int
1532 __elfN(corehdr)(struct coredump_params *p, int numsegs, void *hdr,
1533 size_t hdrsize, struct note_info_list *notelst, size_t notesz)
1534 {
1535 struct note_info *ninfo;
1536 struct sbuf *sb;
1537 int error;
1538
1539 /* Fill in the header. */
1540 bzero(hdr, hdrsize);
1541 __elfN(puthdr)(p->td, hdr, hdrsize, numsegs, notesz);
1542
1543 sb = sbuf_new(NULL, NULL, CORE_BUF_SIZE, SBUF_FIXEDLEN);
1544 sbuf_set_drain(sb, sbuf_drain_core_output, p);
1545 sbuf_start_section(sb, NULL);
1546 sbuf_bcat(sb, hdr, hdrsize);
1547 TAILQ_FOREACH(ninfo, notelst, link)
1548 __elfN(putnote)(ninfo, sb);
1549 /* Align up to a page boundary for the program segments. */
1550 sbuf_end_section(sb, -1, PAGE_SIZE, 0);
1551 error = sbuf_finish(sb);
1552 sbuf_delete(sb);
1553
1554 return (error);
1555 }
1556
1557 static void
1558 __elfN(prepare_notes)(struct thread *td, struct note_info_list *list,
1559 size_t *sizep)
1560 {
1561 struct proc *p;
1562 struct thread *thr;
1563 size_t size;
1564
1565 p = td->td_proc;
1566 size = 0;
1567
1568 size += register_note(list, NT_PRPSINFO, __elfN(note_prpsinfo), p);
1569
1570 /*
1571 * To have the debugger select the right thread (LWP) as the initial
1572 * thread, we dump the state of the thread passed to us in td first.
1573 * This is the thread that causes the core dump and thus likely to
1574 * be the right thread one wants to have selected in the debugger.
1575 */
1576 thr = td;
1577 while (thr != NULL) {
1578 size += register_note(list, NT_PRSTATUS,
1579 __elfN(note_prstatus), thr);
1580 size += register_note(list, NT_FPREGSET,
1581 __elfN(note_fpregset), thr);
1582 size += register_note(list, NT_THRMISC,
1583 __elfN(note_thrmisc), thr);
1584 size += register_note(list, -1,
1585 __elfN(note_threadmd), thr);
1586
1587 thr = (thr == td) ? TAILQ_FIRST(&p->p_threads) :
1588 TAILQ_NEXT(thr, td_plist);
1589 if (thr == td)
1590 thr = TAILQ_NEXT(thr, td_plist);
1591 }
1592
1593 size += register_note(list, NT_PROCSTAT_PROC,
1594 __elfN(note_procstat_proc), p);
1595 size += register_note(list, NT_PROCSTAT_FILES,
1596 note_procstat_files, p);
1597 size += register_note(list, NT_PROCSTAT_VMMAP,
1598 note_procstat_vmmap, p);
1599 size += register_note(list, NT_PROCSTAT_GROUPS,
1600 note_procstat_groups, p);
1601 size += register_note(list, NT_PROCSTAT_UMASK,
1602 note_procstat_umask, p);
1603 size += register_note(list, NT_PROCSTAT_RLIMIT,
1604 note_procstat_rlimit, p);
1605 size += register_note(list, NT_PROCSTAT_OSREL,
1606 note_procstat_osrel, p);
1607 size += register_note(list, NT_PROCSTAT_PSSTRINGS,
1608 __elfN(note_procstat_psstrings), p);
1609 size += register_note(list, NT_PROCSTAT_AUXV,
1610 __elfN(note_procstat_auxv), p);
1611
1612 *sizep = size;
1613 }
1614
1615 static void
1616 __elfN(puthdr)(struct thread *td, void *hdr, size_t hdrsize, int numsegs,
1617 size_t notesz)
1618 {
1619 Elf_Ehdr *ehdr;
1620 Elf_Phdr *phdr;
1621 struct phdr_closure phc;
1622
1623 ehdr = (Elf_Ehdr *)hdr;
1624 phdr = (Elf_Phdr *)((char *)hdr + sizeof(Elf_Ehdr));
1625
1626 ehdr->e_ident[EI_MAG0] = ELFMAG0;
1627 ehdr->e_ident[EI_MAG1] = ELFMAG1;
1628 ehdr->e_ident[EI_MAG2] = ELFMAG2;
1629 ehdr->e_ident[EI_MAG3] = ELFMAG3;
1630 ehdr->e_ident[EI_CLASS] = ELF_CLASS;
1631 ehdr->e_ident[EI_DATA] = ELF_DATA;
1632 ehdr->e_ident[EI_VERSION] = EV_CURRENT;
1633 ehdr->e_ident[EI_OSABI] = ELFOSABI_FREEBSD;
1634 ehdr->e_ident[EI_ABIVERSION] = 0;
1635 ehdr->e_ident[EI_PAD] = 0;
1636 ehdr->e_type = ET_CORE;
1637 #if defined(COMPAT_FREEBSD32) && __ELF_WORD_SIZE == 32
1638 ehdr->e_machine = ELF_ARCH32;
1639 #else
1640 ehdr->e_machine = ELF_ARCH;
1641 #endif
1642 ehdr->e_version = EV_CURRENT;
1643 ehdr->e_entry = 0;
1644 ehdr->e_phoff = sizeof(Elf_Ehdr);
1645 ehdr->e_flags = 0;
1646 ehdr->e_ehsize = sizeof(Elf_Ehdr);
1647 ehdr->e_phentsize = sizeof(Elf_Phdr);
1648 ehdr->e_phnum = numsegs + 1;
1649 ehdr->e_shentsize = sizeof(Elf_Shdr);
1650 ehdr->e_shnum = 0;
1651 ehdr->e_shstrndx = SHN_UNDEF;
1652
1653 /*
1654 * Fill in the program header entries.
1655 */
1656
1657 /* The note segement. */
1658 phdr->p_type = PT_NOTE;
1659 phdr->p_offset = hdrsize;
1660 phdr->p_vaddr = 0;
1661 phdr->p_paddr = 0;
1662 phdr->p_filesz = notesz;
1663 phdr->p_memsz = 0;
1664 phdr->p_flags = PF_R;
1665 phdr->p_align = ELF_NOTE_ROUNDSIZE;
1666 phdr++;
1667
1668 /* All the writable segments from the program. */
1669 phc.phdr = phdr;
1670 phc.offset = round_page(hdrsize + notesz);
1671 each_writable_segment(td, cb_put_phdr, &phc);
1672 }
1673
1674 static size_t
1675 register_note(struct note_info_list *list, int type, outfunc_t out, void *arg)
1676 {
1677 struct note_info *ninfo;
1678 size_t size, notesize;
1679
1680 size = 0;
1681 out(arg, NULL, &size);
1682 ninfo = malloc(sizeof(*ninfo), M_TEMP, M_ZERO | M_WAITOK);
1683 ninfo->type = type;
1684 ninfo->outfunc = out;
1685 ninfo->outarg = arg;
1686 ninfo->outsize = size;
1687 TAILQ_INSERT_TAIL(list, ninfo, link);
1688
1689 if (type == -1)
1690 return (size);
1691
1692 notesize = sizeof(Elf_Note) + /* note header */
1693 roundup2(sizeof(FREEBSD_ABI_VENDOR), ELF_NOTE_ROUNDSIZE) +
1694 /* note name */
1695 roundup2(size, ELF_NOTE_ROUNDSIZE); /* note description */
1696
1697 return (notesize);
1698 }
1699
1700 static size_t
1701 append_note_data(const void *src, void *dst, size_t len)
1702 {
1703 size_t padded_len;
1704
1705 padded_len = roundup2(len, ELF_NOTE_ROUNDSIZE);
1706 if (dst != NULL) {
1707 bcopy(src, dst, len);
1708 bzero((char *)dst + len, padded_len - len);
1709 }
1710 return (padded_len);
1711 }
1712
1713 size_t
1714 __elfN(populate_note)(int type, void *src, void *dst, size_t size, void **descp)
1715 {
1716 Elf_Note *note;
1717 char *buf;
1718 size_t notesize;
1719
1720 buf = dst;
1721 if (buf != NULL) {
1722 note = (Elf_Note *)buf;
1723 note->n_namesz = sizeof(FREEBSD_ABI_VENDOR);
1724 note->n_descsz = size;
1725 note->n_type = type;
1726 buf += sizeof(*note);
1727 buf += append_note_data(FREEBSD_ABI_VENDOR, buf,
1728 sizeof(FREEBSD_ABI_VENDOR));
1729 append_note_data(src, buf, size);
1730 if (descp != NULL)
1731 *descp = buf;
1732 }
1733
1734 notesize = sizeof(Elf_Note) + /* note header */
1735 roundup2(sizeof(FREEBSD_ABI_VENDOR), ELF_NOTE_ROUNDSIZE) +
1736 /* note name */
1737 roundup2(size, ELF_NOTE_ROUNDSIZE); /* note description */
1738
1739 return (notesize);
1740 }
1741
1742 static void
1743 __elfN(putnote)(struct note_info *ninfo, struct sbuf *sb)
1744 {
1745 Elf_Note note;
1746 ssize_t old_len, sect_len;
1747 size_t new_len, descsz, i;
1748
1749 if (ninfo->type == -1) {
1750 ninfo->outfunc(ninfo->outarg, sb, &ninfo->outsize);
1751 return;
1752 }
1753
1754 note.n_namesz = sizeof(FREEBSD_ABI_VENDOR);
1755 note.n_descsz = ninfo->outsize;
1756 note.n_type = ninfo->type;
1757
1758 sbuf_bcat(sb, &note, sizeof(note));
1759 sbuf_start_section(sb, &old_len);
1760 sbuf_bcat(sb, FREEBSD_ABI_VENDOR, sizeof(FREEBSD_ABI_VENDOR));
1761 sbuf_end_section(sb, old_len, ELF_NOTE_ROUNDSIZE, 0);
1762 if (note.n_descsz == 0)
1763 return;
1764 sbuf_start_section(sb, &old_len);
1765 ninfo->outfunc(ninfo->outarg, sb, &ninfo->outsize);
1766 sect_len = sbuf_end_section(sb, old_len, ELF_NOTE_ROUNDSIZE, 0);
1767 if (sect_len < 0)
1768 return;
1769
1770 new_len = (size_t)sect_len;
1771 descsz = roundup(note.n_descsz, ELF_NOTE_ROUNDSIZE);
1772 if (new_len < descsz) {
1773 /*
1774 * It is expected that individual note emitters will correctly
1775 * predict their expected output size and fill up to that size
1776 * themselves, padding in a format-specific way if needed.
1777 * However, in case they don't, just do it here with zeros.
1778 */
1779 for (i = 0; i < descsz - new_len; i++)
1780 sbuf_putc(sb, 0);
1781 } else if (new_len > descsz) {
1782 /*
1783 * We can't always truncate sb -- we may have drained some
1784 * of it already.
1785 */
1786 KASSERT(new_len == descsz, ("%s: Note type %u changed as we "
1787 "read it (%zu > %zu). Since it is longer than "
1788 "expected, this coredump's notes are corrupt. THIS "
1789 "IS A BUG in the note_procstat routine for type %u.\n",
1790 __func__, (unsigned)note.n_type, new_len, descsz,
1791 (unsigned)note.n_type));
1792 }
1793 }
1794
1795 /*
1796 * Miscellaneous note out functions.
1797 */
1798
1799 #if defined(COMPAT_FREEBSD32) && __ELF_WORD_SIZE == 32
1800 #include <compat/freebsd32/freebsd32.h>
1801
1802 typedef struct prstatus32 elf_prstatus_t;
1803 typedef struct prpsinfo32 elf_prpsinfo_t;
1804 typedef struct fpreg32 elf_prfpregset_t;
1805 typedef struct fpreg32 elf_fpregset_t;
1806 typedef struct reg32 elf_gregset_t;
1807 typedef struct thrmisc32 elf_thrmisc_t;
1808 #define ELF_KERN_PROC_MASK KERN_PROC_MASK32
1809 typedef struct kinfo_proc32 elf_kinfo_proc_t;
1810 typedef uint32_t elf_ps_strings_t;
1811 #else
1812 typedef prstatus_t elf_prstatus_t;
1813 typedef prpsinfo_t elf_prpsinfo_t;
1814 typedef prfpregset_t elf_prfpregset_t;
1815 typedef prfpregset_t elf_fpregset_t;
1816 typedef gregset_t elf_gregset_t;
1817 typedef thrmisc_t elf_thrmisc_t;
1818 #define ELF_KERN_PROC_MASK 0
1819 typedef struct kinfo_proc elf_kinfo_proc_t;
1820 typedef vm_offset_t elf_ps_strings_t;
1821 #endif
1822
1823 static void
1824 __elfN(note_prpsinfo)(void *arg, struct sbuf *sb, size_t *sizep)
1825 {
1826 struct proc *p;
1827 elf_prpsinfo_t *psinfo;
1828
1829 p = (struct proc *)arg;
1830 if (sb != NULL) {
1831 KASSERT(*sizep == sizeof(*psinfo), ("invalid size"));
1832 psinfo = malloc(sizeof(*psinfo), M_TEMP, M_ZERO | M_WAITOK);
1833 psinfo->pr_version = PRPSINFO_VERSION;
1834 psinfo->pr_psinfosz = sizeof(elf_prpsinfo_t);
1835 strlcpy(psinfo->pr_fname, p->p_comm, sizeof(psinfo->pr_fname));
1836 /*
1837 * XXX - We don't fill in the command line arguments properly
1838 * yet.
1839 */
1840 strlcpy(psinfo->pr_psargs, p->p_comm,
1841 sizeof(psinfo->pr_psargs));
1842
1843 sbuf_bcat(sb, psinfo, sizeof(*psinfo));
1844 free(psinfo, M_TEMP);
1845 }
1846 *sizep = sizeof(*psinfo);
1847 }
1848
1849 static void
1850 __elfN(note_prstatus)(void *arg, struct sbuf *sb, size_t *sizep)
1851 {
1852 struct thread *td;
1853 elf_prstatus_t *status;
1854
1855 td = (struct thread *)arg;
1856 if (sb != NULL) {
1857 KASSERT(*sizep == sizeof(*status), ("invalid size"));
1858 status = malloc(sizeof(*status), M_TEMP, M_ZERO | M_WAITOK);
1859 status->pr_version = PRSTATUS_VERSION;
1860 status->pr_statussz = sizeof(elf_prstatus_t);
1861 status->pr_gregsetsz = sizeof(elf_gregset_t);
1862 status->pr_fpregsetsz = sizeof(elf_fpregset_t);
1863 status->pr_osreldate = osreldate;
1864 status->pr_cursig = td->td_proc->p_sig;
1865 status->pr_pid = td->td_tid;
1866 #if defined(COMPAT_FREEBSD32) && __ELF_WORD_SIZE == 32
1867 fill_regs32(td, &status->pr_reg);
1868 #else
1869 fill_regs(td, &status->pr_reg);
1870 #endif
1871 sbuf_bcat(sb, status, sizeof(*status));
1872 free(status, M_TEMP);
1873 }
1874 *sizep = sizeof(*status);
1875 }
1876
1877 static void
1878 __elfN(note_fpregset)(void *arg, struct sbuf *sb, size_t *sizep)
1879 {
1880 struct thread *td;
1881 elf_prfpregset_t *fpregset;
1882
1883 td = (struct thread *)arg;
1884 if (sb != NULL) {
1885 KASSERT(*sizep == sizeof(*fpregset), ("invalid size"));
1886 fpregset = malloc(sizeof(*fpregset), M_TEMP, M_ZERO | M_WAITOK);
1887 #if defined(COMPAT_FREEBSD32) && __ELF_WORD_SIZE == 32
1888 fill_fpregs32(td, fpregset);
1889 #else
1890 fill_fpregs(td, fpregset);
1891 #endif
1892 sbuf_bcat(sb, fpregset, sizeof(*fpregset));
1893 free(fpregset, M_TEMP);
1894 }
1895 *sizep = sizeof(*fpregset);
1896 }
1897
1898 static void
1899 __elfN(note_thrmisc)(void *arg, struct sbuf *sb, size_t *sizep)
1900 {
1901 struct thread *td;
1902 elf_thrmisc_t thrmisc;
1903
1904 td = (struct thread *)arg;
1905 if (sb != NULL) {
1906 KASSERT(*sizep == sizeof(thrmisc), ("invalid size"));
1907 bzero(&thrmisc._pad, sizeof(thrmisc._pad));
1908 strcpy(thrmisc.pr_tname, td->td_name);
1909 sbuf_bcat(sb, &thrmisc, sizeof(thrmisc));
1910 }
1911 *sizep = sizeof(thrmisc);
1912 }
1913
1914 /*
1915 * Allow for MD specific notes, as well as any MD
1916 * specific preparations for writing MI notes.
1917 */
1918 static void
1919 __elfN(note_threadmd)(void *arg, struct sbuf *sb, size_t *sizep)
1920 {
1921 struct thread *td;
1922 void *buf;
1923 size_t size;
1924
1925 td = (struct thread *)arg;
1926 size = *sizep;
1927 if (size != 0 && sb != NULL)
1928 buf = malloc(size, M_TEMP, M_ZERO | M_WAITOK);
1929 else
1930 buf = NULL;
1931 size = 0;
1932 __elfN(dump_thread)(td, buf, &size);
1933 KASSERT(sb == NULL || *sizep == size, ("invalid size"));
1934 if (size != 0 && sb != NULL)
1935 sbuf_bcat(sb, buf, size);
1936 free(buf, M_TEMP);
1937 *sizep = size;
1938 }
1939
1940 #ifdef KINFO_PROC_SIZE
1941 CTASSERT(sizeof(struct kinfo_proc) == KINFO_PROC_SIZE);
1942 #endif
1943
1944 static void
1945 __elfN(note_procstat_proc)(void *arg, struct sbuf *sb, size_t *sizep)
1946 {
1947 struct proc *p;
1948 size_t size;
1949 int structsize;
1950
1951 p = (struct proc *)arg;
1952 size = sizeof(structsize) + p->p_numthreads *
1953 sizeof(elf_kinfo_proc_t);
1954
1955 if (sb != NULL) {
1956 KASSERT(*sizep == size, ("invalid size"));
1957 structsize = sizeof(elf_kinfo_proc_t);
1958 sbuf_bcat(sb, &structsize, sizeof(structsize));
1959 sx_slock(&proctree_lock);
1960 PROC_LOCK(p);
1961 kern_proc_out(p, sb, ELF_KERN_PROC_MASK);
1962 sx_sunlock(&proctree_lock);
1963 }
1964 *sizep = size;
1965 }
1966
1967 #ifdef KINFO_FILE_SIZE
1968 CTASSERT(sizeof(struct kinfo_file) == KINFO_FILE_SIZE);
1969 #endif
1970
1971 static void
1972 note_procstat_files(void *arg, struct sbuf *sb, size_t *sizep)
1973 {
1974 struct proc *p;
1975 size_t size, sect_sz, i;
1976 ssize_t start_len, sect_len;
1977 int structsize, filedesc_flags;
1978
1979 if (coredump_pack_fileinfo)
1980 filedesc_flags = KERN_FILEDESC_PACK_KINFO;
1981 else
1982 filedesc_flags = 0;
1983
1984 p = (struct proc *)arg;
1985 structsize = sizeof(struct kinfo_file);
1986 if (sb == NULL) {
1987 size = 0;
1988 sb = sbuf_new(NULL, NULL, 128, SBUF_FIXEDLEN);
1989 sbuf_set_drain(sb, sbuf_drain_count, &size);
1990 sbuf_bcat(sb, &structsize, sizeof(structsize));
1991 PROC_LOCK(p);
1992 kern_proc_filedesc_out(p, sb, -1, filedesc_flags);
1993 sbuf_finish(sb);
1994 sbuf_delete(sb);
1995 *sizep = size;
1996 } else {
1997 sbuf_start_section(sb, &start_len);
1998
1999 sbuf_bcat(sb, &structsize, sizeof(structsize));
2000 PROC_LOCK(p);
2001 kern_proc_filedesc_out(p, sb, *sizep - sizeof(structsize),
2002 filedesc_flags);
2003
2004 sect_len = sbuf_end_section(sb, start_len, 0, 0);
2005 if (sect_len < 0)
2006 return;
2007 sect_sz = sect_len;
2008
2009 KASSERT(sect_sz <= *sizep,
2010 ("kern_proc_filedesc_out did not respect maxlen; "
2011 "requested %zu, got %zu", *sizep - sizeof(structsize),
2012 sect_sz - sizeof(structsize)));
2013
2014 for (i = 0; i < *sizep - sect_sz && sb->s_error == 0; i++)
2015 sbuf_putc(sb, 0);
2016 }
2017 }
2018
2019 #ifdef KINFO_VMENTRY_SIZE
2020 CTASSERT(sizeof(struct kinfo_vmentry) == KINFO_VMENTRY_SIZE);
2021 #endif
2022
2023 static void
2024 note_procstat_vmmap(void *arg, struct sbuf *sb, size_t *sizep)
2025 {
2026 struct proc *p;
2027 size_t size;
2028 int structsize, vmmap_flags;
2029
2030 if (coredump_pack_vmmapinfo)
2031 vmmap_flags = KERN_VMMAP_PACK_KINFO;
2032 else
2033 vmmap_flags = 0;
2034
2035 p = (struct proc *)arg;
2036 structsize = sizeof(struct kinfo_vmentry);
2037 if (sb == NULL) {
2038 size = 0;
2039 sb = sbuf_new(NULL, NULL, 128, SBUF_FIXEDLEN);
2040 sbuf_set_drain(sb, sbuf_drain_count, &size);
2041 sbuf_bcat(sb, &structsize, sizeof(structsize));
2042 PROC_LOCK(p);
2043 kern_proc_vmmap_out(p, sb, -1, vmmap_flags);
2044 sbuf_finish(sb);
2045 sbuf_delete(sb);
2046 *sizep = size;
2047 } else {
2048 sbuf_bcat(sb, &structsize, sizeof(structsize));
2049 PROC_LOCK(p);
2050 kern_proc_vmmap_out(p, sb, *sizep - sizeof(structsize),
2051 vmmap_flags);
2052 }
2053 }
2054
2055 static void
2056 note_procstat_groups(void *arg, struct sbuf *sb, size_t *sizep)
2057 {
2058 struct proc *p;
2059 size_t size;
2060 int structsize;
2061
2062 p = (struct proc *)arg;
2063 size = sizeof(structsize) + p->p_ucred->cr_ngroups * sizeof(gid_t);
2064 if (sb != NULL) {
2065 KASSERT(*sizep == size, ("invalid size"));
2066 structsize = sizeof(gid_t);
2067 sbuf_bcat(sb, &structsize, sizeof(structsize));
2068 sbuf_bcat(sb, p->p_ucred->cr_groups, p->p_ucred->cr_ngroups *
2069 sizeof(gid_t));
2070 }
2071 *sizep = size;
2072 }
2073
2074 static void
2075 note_procstat_umask(void *arg, struct sbuf *sb, size_t *sizep)
2076 {
2077 struct proc *p;
2078 size_t size;
2079 int structsize;
2080
2081 p = (struct proc *)arg;
2082 size = sizeof(structsize) + sizeof(p->p_fd->fd_cmask);
2083 if (sb != NULL) {
2084 KASSERT(*sizep == size, ("invalid size"));
2085 structsize = sizeof(p->p_fd->fd_cmask);
2086 sbuf_bcat(sb, &structsize, sizeof(structsize));
2087 sbuf_bcat(sb, &p->p_fd->fd_cmask, sizeof(p->p_fd->fd_cmask));
2088 }
2089 *sizep = size;
2090 }
2091
2092 static void
2093 note_procstat_rlimit(void *arg, struct sbuf *sb, size_t *sizep)
2094 {
2095 struct proc *p;
2096 struct rlimit rlim[RLIM_NLIMITS];
2097 size_t size;
2098 int structsize, i;
2099
2100 p = (struct proc *)arg;
2101 size = sizeof(structsize) + sizeof(rlim);
2102 if (sb != NULL) {
2103 KASSERT(*sizep == size, ("invalid size"));
2104 structsize = sizeof(rlim);
2105 sbuf_bcat(sb, &structsize, sizeof(structsize));
2106 PROC_LOCK(p);
2107 for (i = 0; i < RLIM_NLIMITS; i++)
2108 lim_rlimit_proc(p, i, &rlim[i]);
2109 PROC_UNLOCK(p);
2110 sbuf_bcat(sb, rlim, sizeof(rlim));
2111 }
2112 *sizep = size;
2113 }
2114
2115 static void
2116 note_procstat_osrel(void *arg, struct sbuf *sb, size_t *sizep)
2117 {
2118 struct proc *p;
2119 size_t size;
2120 int structsize;
2121
2122 p = (struct proc *)arg;
2123 size = sizeof(structsize) + sizeof(p->p_osrel);
2124 if (sb != NULL) {
2125 KASSERT(*sizep == size, ("invalid size"));
2126 structsize = sizeof(p->p_osrel);
2127 sbuf_bcat(sb, &structsize, sizeof(structsize));
2128 sbuf_bcat(sb, &p->p_osrel, sizeof(p->p_osrel));
2129 }
2130 *sizep = size;
2131 }
2132
2133 static void
2134 __elfN(note_procstat_psstrings)(void *arg, struct sbuf *sb, size_t *sizep)
2135 {
2136 struct proc *p;
2137 elf_ps_strings_t ps_strings;
2138 size_t size;
2139 int structsize;
2140
2141 p = (struct proc *)arg;
2142 size = sizeof(structsize) + sizeof(ps_strings);
2143 if (sb != NULL) {
2144 KASSERT(*sizep == size, ("invalid size"));
2145 structsize = sizeof(ps_strings);
2146 #if defined(COMPAT_FREEBSD32) && __ELF_WORD_SIZE == 32
2147 ps_strings = PTROUT(p->p_sysent->sv_psstrings);
2148 #else
2149 ps_strings = p->p_sysent->sv_psstrings;
2150 #endif
2151 sbuf_bcat(sb, &structsize, sizeof(structsize));
2152 sbuf_bcat(sb, &ps_strings, sizeof(ps_strings));
2153 }
2154 *sizep = size;
2155 }
2156
2157 static void
2158 __elfN(note_procstat_auxv)(void *arg, struct sbuf *sb, size_t *sizep)
2159 {
2160 struct proc *p;
2161 size_t size;
2162 int structsize;
2163
2164 p = (struct proc *)arg;
2165 if (sb == NULL) {
2166 size = 0;
2167 sb = sbuf_new(NULL, NULL, 128, SBUF_FIXEDLEN);
2168 sbuf_set_drain(sb, sbuf_drain_count, &size);
2169 sbuf_bcat(sb, &structsize, sizeof(structsize));
2170 PHOLD(p);
2171 proc_getauxv(curthread, p, sb);
2172 PRELE(p);
2173 sbuf_finish(sb);
2174 sbuf_delete(sb);
2175 *sizep = size;
2176 } else {
2177 structsize = sizeof(Elf_Auxinfo);
2178 sbuf_bcat(sb, &structsize, sizeof(structsize));
2179 PHOLD(p);
2180 proc_getauxv(curthread, p, sb);
2181 PRELE(p);
2182 }
2183 }
2184
2185 static boolean_t
2186 __elfN(parse_notes)(struct image_params *imgp, Elf_Brandnote *checknote,
2187 int32_t *osrel, const Elf_Phdr *pnote)
2188 {
2189 const Elf_Note *note, *note0, *note_end;
2190 const char *note_name;
2191 char *buf;
2192 int i, error;
2193 boolean_t res;
2194
2195 /* We need some limit, might as well use PAGE_SIZE. */
2196 if (pnote == NULL || pnote->p_filesz > PAGE_SIZE)
2197 return (FALSE);
2198 ASSERT_VOP_LOCKED(imgp->vp, "parse_notes");
2199 if (pnote->p_offset > PAGE_SIZE ||
2200 pnote->p_filesz > PAGE_SIZE - pnote->p_offset) {
2201 VOP_UNLOCK(imgp->vp, 0);
2202 buf = malloc(pnote->p_filesz, M_TEMP, M_WAITOK);
2203 vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY);
2204 error = vn_rdwr(UIO_READ, imgp->vp, buf, pnote->p_filesz,
2205 pnote->p_offset, UIO_SYSSPACE, IO_NODELOCKED,
2206 curthread->td_ucred, NOCRED, NULL, curthread);
2207 if (error != 0) {
2208 uprintf("i/o error PT_NOTE\n");
2209 res = FALSE;
2210 goto ret;
2211 }
2212 note = note0 = (const Elf_Note *)buf;
2213 note_end = (const Elf_Note *)(buf + pnote->p_filesz);
2214 } else {
2215 note = note0 = (const Elf_Note *)(imgp->image_header +
2216 pnote->p_offset);
2217 note_end = (const Elf_Note *)(imgp->image_header +
2218 pnote->p_offset + pnote->p_filesz);
2219 buf = NULL;
2220 }
2221 for (i = 0; i < 100 && note >= note0 && note < note_end; i++) {
2222 if (!aligned(note, Elf32_Addr) || (const char *)note_end -
2223 (const char *)note < sizeof(Elf_Note)) {
2224 res = FALSE;
2225 goto ret;
2226 }
2227 if (note->n_namesz != checknote->hdr.n_namesz ||
2228 note->n_descsz != checknote->hdr.n_descsz ||
2229 note->n_type != checknote->hdr.n_type)
2230 goto nextnote;
2231 note_name = (const char *)(note + 1);
2232 if (note_name + checknote->hdr.n_namesz >=
2233 (const char *)note_end || strncmp(checknote->vendor,
2234 note_name, checknote->hdr.n_namesz) != 0)
2235 goto nextnote;
2236
2237 /*
2238 * Fetch the osreldate for binary
2239 * from the ELF OSABI-note if necessary.
2240 */
2241 if ((checknote->flags & BN_TRANSLATE_OSREL) != 0 &&
2242 checknote->trans_osrel != NULL) {
2243 res = checknote->trans_osrel(note, osrel);
2244 goto ret;
2245 }
2246 res = TRUE;
2247 goto ret;
2248 nextnote:
2249 note = (const Elf_Note *)((const char *)(note + 1) +
2250 roundup2(note->n_namesz, ELF_NOTE_ROUNDSIZE) +
2251 roundup2(note->n_descsz, ELF_NOTE_ROUNDSIZE));
2252 }
2253 res = FALSE;
2254 ret:
2255 free(buf, M_TEMP);
2256 return (res);
2257 }
2258
2259 /*
2260 * Try to find the appropriate ABI-note section for checknote,
2261 * fetch the osreldate for binary from the ELF OSABI-note. Only the
2262 * first page of the image is searched, the same as for headers.
2263 */
2264 static boolean_t
2265 __elfN(check_note)(struct image_params *imgp, Elf_Brandnote *checknote,
2266 int32_t *osrel)
2267 {
2268 const Elf_Phdr *phdr;
2269 const Elf_Ehdr *hdr;
2270 int i;
2271
2272 hdr = (const Elf_Ehdr *)imgp->image_header;
2273 phdr = (const Elf_Phdr *)(imgp->image_header + hdr->e_phoff);
2274
2275 for (i = 0; i < hdr->e_phnum; i++) {
2276 if (phdr[i].p_type == PT_NOTE &&
2277 __elfN(parse_notes)(imgp, checknote, osrel, &phdr[i]))
2278 return (TRUE);
2279 }
2280 return (FALSE);
2281
2282 }
2283
2284 /*
2285 * Tell kern_execve.c about it, with a little help from the linker.
2286 */
2287 static struct execsw __elfN(execsw) = {
2288 __CONCAT(exec_, __elfN(imgact)),
2289 __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE))
2290 };
2291 EXEC_SET(__CONCAT(elf, __ELF_WORD_SIZE), __elfN(execsw));
2292
2293 static vm_prot_t
2294 __elfN(trans_prot)(Elf_Word flags)
2295 {
2296 vm_prot_t prot;
2297
2298 prot = 0;
2299 if (flags & PF_X)
2300 prot |= VM_PROT_EXECUTE;
2301 if (flags & PF_W)
2302 prot |= VM_PROT_WRITE;
2303 if (flags & PF_R)
2304 prot |= VM_PROT_READ;
2305 #if __ELF_WORD_SIZE == 32
2306 #if defined(__amd64__)
2307 if (i386_read_exec && (flags & PF_R))
2308 prot |= VM_PROT_EXECUTE;
2309 #endif
2310 #endif
2311 return (prot);
2312 }
2313
2314 static Elf_Word
2315 __elfN(untrans_prot)(vm_prot_t prot)
2316 {
2317 Elf_Word flags;
2318
2319 flags = 0;
2320 if (prot & VM_PROT_EXECUTE)
2321 flags |= PF_X;
2322 if (prot & VM_PROT_READ)
2323 flags |= PF_R;
2324 if (prot & VM_PROT_WRITE)
2325 flags |= PF_W;
2326 return (flags);
2327 }
FreeBSD src