search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
kill tsol ("Trusted Solaris") aka TX ("Trusted Extensions")
[unleashed.git] / kernel / os / brand.c
blob7fa3d147524e686288f991a28490a8ef3e77adf5
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
23 */
24
25 #include <sys/kmem.h>
26 #include <sys/errno.h>
27 #include <sys/systm.h>
28 #include <sys/cmn_err.h>
29 #include <sys/brand.h>
30 #include <sys/machbrand.h>
31 #include <sys/modctl.h>
32 #include <sys/rwlock.h>
33 #include <sys/zone.h>
34 #include <sys/pathname.h>
35
36 #define SUPPORTED_BRAND_VERSION BRAND_VER_1
37
38 #if defined(__sparcv9)
39 /* sparcv9 uses system wide brand interposition hooks */
40 static void brand_plat_interposition_enable(void);
41 static void brand_plat_interposition_disable(void);
42
43 struct brand_mach_ops native_mach_ops = {
44 NULL, NULL
45 };
46 #else /* !__sparcv9 */
47 struct brand_mach_ops native_mach_ops = {
48 NULL, NULL, NULL, NULL
49 };
50 #endif /* !__sparcv9 */
51
52 brand_t native_brand = {
53 BRAND_VER_1,
54 "native",
55 NULL,
56 &native_mach_ops
57 };
58
59 /*
60 * Used to maintain a list of all the brands currently loaded into the
61 * kernel.
62 */
63 struct brand_list {
64 int bl_refcnt;
65 struct brand_list *bl_next;
66 brand_t *bl_brand;
67 };
68
69 static struct brand_list *brand_list = NULL;
70
71 /*
72 * This lock protects the integrity of the brand list.
73 */
74 static kmutex_t brand_list_lock;
75
76 void
77 brand_init()
78 {
79 mutex_init(&brand_list_lock, NULL, MUTEX_DEFAULT, NULL);
80 p0.p_brand = &native_brand;
81 }
82
83 int
84 brand_register(brand_t *brand)
85 {
86 struct brand_list *list, *scan;
87
88 if (brand == NULL)
89 return (EINVAL);
90
91 if (brand->b_version != SUPPORTED_BRAND_VERSION) {
92 if (brand->b_version < SUPPORTED_BRAND_VERSION) {
93 cmn_err(CE_WARN,
94 "brand '%s' was built to run on older versions "
95 "of Solaris.",
96 brand->b_name);
97 } else {
98 cmn_err(CE_WARN,
99 "brand '%s' was built to run on a newer version "
100 "of Solaris.",
101 brand->b_name);
102 }
103 return (EINVAL);
104 }
105
106 /* Sanity checks */
107 if (brand->b_name == NULL || brand->b_ops == NULL ||
108 brand->b_ops->b_brandsys == NULL) {
109 cmn_err(CE_WARN, "Malformed brand");
110 return (EINVAL);
111 }
112
113 list = kmem_alloc(sizeof (struct brand_list), KM_SLEEP);
114
115 /* Add the brand to the list of loaded brands. */
116 mutex_enter(&brand_list_lock);
117
118 /*
119 * Check to be sure we haven't already registered this brand.
120 */
121 for (scan = brand_list; scan != NULL; scan = scan->bl_next) {
122 if (strcmp(brand->b_name, scan->bl_brand->b_name) == 0) {
123 cmn_err(CE_WARN,
124 "Invalid attempt to load a second instance of "
125 "brand %s", brand->b_name);
126 mutex_exit(&brand_list_lock);
127 kmem_free(list, sizeof (struct brand_list));
128 return (EINVAL);
129 }
130 }
131
132 #if defined(__sparcv9)
133 /* sparcv9 uses system wide brand interposition hooks */
134 if (brand_list == NULL)
135 brand_plat_interposition_enable();
136 #endif /* __sparcv9 */
137
138 list->bl_brand = brand;
139 list->bl_refcnt = 0;
140 list->bl_next = brand_list;
141 brand_list = list;
142
143 mutex_exit(&brand_list_lock);
144
145 return (0);
146 }
147
148 /*
149 * The kernel module implementing this brand is being unloaded, so remove
150 * it from the list of active brands.
151 */
152 int
153 brand_unregister(brand_t *brand)
154 {
155 struct brand_list *list, *prev;
156
157 /* Sanity checks */
158 if (brand == NULL || brand->b_name == NULL) {
159 cmn_err(CE_WARN, "Malformed brand");
160 return (EINVAL);
161 }
162
163 prev = NULL;
164 mutex_enter(&brand_list_lock);
165
166 for (list = brand_list; list != NULL; list = list->bl_next) {
167 if (list->bl_brand == brand)
168 break;
169 prev = list;
170 }
171
172 if (list == NULL) {
173 cmn_err(CE_WARN, "Brand %s wasn't registered", brand->b_name);
174 mutex_exit(&brand_list_lock);
175 return (EINVAL);
176 }
177
178 if (list->bl_refcnt > 0) {
179 cmn_err(CE_WARN, "Unregistering brand %s which is still in use",
180 brand->b_name);
181 mutex_exit(&brand_list_lock);
182 return (EBUSY);
183 }
184
185 /* Remove brand from the list */
186 if (prev != NULL)
187 prev->bl_next = list->bl_next;
188 else
189 brand_list = list->bl_next;
190
191 #if defined(__sparcv9)
192 /* sparcv9 uses system wide brand interposition hooks */
193 if (brand_list == NULL)
194 brand_plat_interposition_disable();
195 #endif /* __sparcv9 */
196
197 mutex_exit(&brand_list_lock);
198
199 kmem_free(list, sizeof (struct brand_list));
200
201 return (0);
202 }
203
204 /*
205 * Record that a zone of this brand has been instantiated. If the kernel
206 * module implementing this brand's functionality is not present, this
207 * routine attempts to load the module as a side effect.
208 */
209 brand_t *
210 brand_register_zone(struct brand_attr *attr)
211 {
212 struct brand_list *l = NULL;
213 ddi_modhandle_t hdl = NULL;
214 char *modname;
215 int err = 0;
216
217 /*
218 * We make at most two passes through this loop. The first time
219 * through, we're looking to see if this is a new user of an
220 * already loaded brand. If the brand hasn't been loaded, we
221 * call ddi_modopen() to force it to be loaded and then make a
222 * second pass through the list of brands. If we don't find the
223 * brand the second time through it means that the modname
224 * specified in the brand_attr structure doesn't provide the brand
225 * specified in the brandname field. This would suggest a bug in
226 * the brand's config.xml file. We close the module and return
227 * 'NULL' to the caller.
228 */
229 for (;;) {
230 /*
231 * Search list of loaded brands
232 */
233 mutex_enter(&brand_list_lock);
234 for (l = brand_list; l != NULL; l = l->bl_next)
235 if (strcmp(attr->ba_brandname,
236 l->bl_brand->b_name) == 0)
237 break;
238 if ((l != NULL) || (hdl != NULL))
239 break;
240 mutex_exit(&brand_list_lock);
241
242 /*
243 * We didn't find that the requested brand has been loaded
244 * yet, so we trigger the load of the appropriate kernel
245 * module and search the list again.
246 */
247 modname = kmem_alloc(MAXPATHLEN, KM_SLEEP);
248 (void) strcpy(modname, "brand/");
249 (void) strcat(modname, attr->ba_modname);
250 hdl = ddi_modopen(modname, KRTLD_MODE_FIRST, &err);
251 kmem_free(modname, MAXPATHLEN);
252
253 if (err != 0)
254 return (NULL);
255 }
256
257 /*
258 * If we found the matching brand, bump its reference count.
259 */
260 if (l != NULL)
261 l->bl_refcnt++;
262
263 mutex_exit(&brand_list_lock);
264
265 if (hdl != NULL)
266 (void) ddi_modclose(hdl);
267
268 return ((l != NULL) ? l->bl_brand : NULL);
269 }
270
271 /*
272 * Return the number of zones currently using this brand.
273 */
274 int
275 brand_zone_count(struct brand *bp)
276 {
277 struct brand_list *l;
278 int cnt = 0;
279
280 mutex_enter(&brand_list_lock);
281 for (l = brand_list; l != NULL; l = l->bl_next)
282 if (l->bl_brand == bp) {
283 cnt = l->bl_refcnt;
284 break;
285 }
286 mutex_exit(&brand_list_lock);
287
288 return (cnt);
289 }
290
291 void
292 brand_unregister_zone(struct brand *bp)
293 {
294 struct brand_list *list;
295
296 mutex_enter(&brand_list_lock);
297 for (list = brand_list; list != NULL; list = list->bl_next) {
298 if (list->bl_brand == bp) {
299 ASSERT(list->bl_refcnt > 0);
300 list->bl_refcnt--;
301 break;
302 }
303 }
304 mutex_exit(&brand_list_lock);
305 }
306
307 void
308 brand_setbrand(proc_t *p)
309 {
310 brand_t *bp = p->p_zone->zone_brand;
311
312 ASSERT(bp != NULL);
313 ASSERT(p->p_brand == &native_brand);
314
315 /*
316 * We should only be called from exec(), when we know the process
317 * is single-threaded.
318 */
319 ASSERT(p->p_tlist == p->p_tlist->t_forw);
320
321 p->p_brand = bp;
322 ASSERT(PROC_IS_BRANDED(p));
323 BROP(p)->b_setbrand(p);
324 }
325
326 void
327 brand_clearbrand(proc_t *p, boolean_t no_lwps)
328 {
329 brand_t *bp = p->p_zone->zone_brand;
330 klwp_t *lwp = NULL;
331 ASSERT(bp != NULL);
332 ASSERT(!no_lwps || (p->p_tlist == NULL));
333
334 /*
335 * If called from exec_common() or proc_exit(),
336 * we know the process is single-threaded.
337 * If called from fork_fail, p_tlist is NULL.
338 */
339 if (!no_lwps) {
340 ASSERT(p->p_tlist == p->p_tlist->t_forw);
341 lwp = p->p_tlist->t_lwp;
342 }
343
344 ASSERT(PROC_IS_BRANDED(p));
345 BROP(p)->b_proc_exit(p, lwp);
346 p->p_brand = &native_brand;
347 }
348
349 #if defined(__sparcv9)
350 /*
351 * Currently, only sparc has system level brand syscall interposition.
352 * On x86 we're able to enable syscall interposition on a per-cpu basis
353 * when a branded thread is scheduled to run on a cpu.
354 */
355
356 /* Local variables needed for dynamic syscall interposition support */
357 static uint32_t syscall_trap_patch_instr_orig;
358 static uint32_t syscall_trap32_patch_instr_orig;
359
360 /* Trap Table syscall entry hot patch points */
361 extern void syscall_trap_patch_point(void);
362 extern void syscall_trap32_patch_point(void);
363
364 /* Alternate syscall entry handlers used when branded zones are running */
365 extern void syscall_wrapper(void);
366 extern void syscall_wrapper32(void);
367
368 /* Macros used to facilitate sparcv9 instruction generation */
369 #define BA_A_INSTR 0x30800000 /* ba,a addr */
370 #define DISP22(from, to) \
371 ((((uintptr_t)(to) - (uintptr_t)(from)) >> 2) & 0x3fffff)
372
373 /*ARGSUSED*/
374 static void
375 brand_plat_interposition_enable(void)
376 {
377 ASSERT(MUTEX_HELD(&brand_list_lock));
378
379 /*
380 * Before we hot patch the kernel save the current instructions
381 * so that we can restore them later.
382 */
383 syscall_trap_patch_instr_orig =
384 *(uint32_t *)syscall_trap_patch_point;
385 syscall_trap32_patch_instr_orig =
386 *(uint32_t *)syscall_trap32_patch_point;
387
388 /*
389 * Modify the trap table at the patch points.
390 *
391 * We basically replace the first instruction at the patch
392 * point with a ba,a instruction that will transfer control
393 * to syscall_wrapper or syscall_wrapper32 for 64-bit and
394 * 32-bit syscalls respectively. It's important to note that
395 * the annul bit is set in the branch so we don't execute
396 * the instruction directly following the one we're patching
397 * during the branch's delay slot.
398 *
399 * It also doesn't matter that we're not atomically updating both
400 * the 64 and 32 bit syscall paths at the same time since there's
401 * no actual branded processes running on the system yet.
402 */
403 hot_patch_kernel_text((caddr_t)syscall_trap_patch_point,
404 BA_A_INSTR | DISP22(syscall_trap_patch_point, syscall_wrapper),
405 4);
406 hot_patch_kernel_text((caddr_t)syscall_trap32_patch_point,
407 BA_A_INSTR | DISP22(syscall_trap32_patch_point, syscall_wrapper32),
408 4);
409 }
410
411 /*ARGSUSED*/
412 static void
413 brand_plat_interposition_disable(void)
414 {
415 ASSERT(MUTEX_HELD(&brand_list_lock));
416
417 /*
418 * Restore the original instructions at the trap table syscall
419 * patch points to disable the brand syscall interposition
420 * mechanism.
421 */
422 hot_patch_kernel_text((caddr_t)syscall_trap_patch_point,
423 syscall_trap_patch_instr_orig, 4);
424 hot_patch_kernel_text((caddr_t)syscall_trap32_patch_point,
425 syscall_trap32_patch_instr_orig, 4);
426 }
427 #endif /* __sparcv9 */
428
429 /*
430 * The following functions can be shared among kernel brand modules which
431 * implement Solaris-derived brands, all of which need to do similar tasks
432 * to manage the brand.
433 */
434
435 #if defined(_LP64)
436 static void
437 Ehdr32to64(Elf32_Ehdr *src, Ehdr *dst)
438 {
439 bcopy(src->e_ident, dst->e_ident, sizeof (src->e_ident));
440 dst->e_type = src->e_type;
441 dst->e_machine = src->e_machine;
442 dst->e_version = src->e_version;
443 dst->e_entry = src->e_entry;
444 dst->e_phoff = src->e_phoff;
445 dst->e_shoff = src->e_shoff;
446 dst->e_flags = src->e_flags;
447 dst->e_ehsize = src->e_ehsize;
448 dst->e_phentsize = src->e_phentsize;
449 dst->e_phnum = src->e_phnum;
450 dst->e_shentsize = src->e_shentsize;
451 dst->e_shnum = src->e_shnum;
452 dst->e_shstrndx = src->e_shstrndx;
453 }
454 #endif /* _LP64 */
455
456 /*
457 * Return -1 if the cmd was not handled by this function.
458 */
459 /*ARGSUSED*/
460 int
461 brand_solaris_cmd(int cmd, uintptr_t arg1, uintptr_t arg2, uintptr_t arg3,
462 struct brand *pbrand, int brandvers)
463 {
464 brand_proc_data_t *spd;
465 brand_proc_reg_t reg;
466 proc_t *p = curproc;
467 int err;
468
469 /*
470 * There is one operation that is supported for a native
471 * process; B_EXEC_BRAND. This brand operaion is redundant
472 * since the kernel assumes a native process doing an exec
473 * in a branded zone is going to run a branded processes.
474 * hence we don't support this operation.
475 */
476 if (cmd == B_EXEC_BRAND)
477 return (ENOSYS);
478
479 /* For all other operations this must be a branded process. */
480 if (p->p_brand == &native_brand)
481 return (ENOSYS);
482
483 ASSERT(p->p_brand == pbrand);
484 ASSERT(p->p_brand_data != NULL);
485
486 spd = (brand_proc_data_t *)p->p_brand_data;
487
488 switch ((cmd)) {
489 case B_EXEC_NATIVE:
490 err = exec_common((char *)arg1, (const char **)arg2,
491 (const char **)arg3, EBA_NATIVE);
492 return (err);
493
494 /*
495 * Get the address of the user-space system call handler from
496 * the user process and attach it to the proc structure.
497 */
498 case B_REGISTER:
499 if (p->p_model == DATAMODEL_NATIVE) {
500 if (copyin((void *)arg1, &reg, sizeof (reg)) != 0)
501 return (EFAULT);
502 }
503 #if defined(_LP64)
504 else {
505 brand_common_reg32_t reg32;
506
507 if (copyin((void *)arg1, &reg32, sizeof (reg32)) != 0)
508 return (EFAULT);
509 reg.sbr_version = reg32.sbr_version;
510 reg.sbr_handler = (caddr_t)(uintptr_t)reg32.sbr_handler;
511 }
512 #endif /* _LP64 */
513
514 if (reg.sbr_version != brandvers)
515 return (ENOTSUP);
516 spd->spd_handler = reg.sbr_handler;
517 return (0);
518
519 case B_ELFDATA:
520 if (p->p_model == DATAMODEL_NATIVE) {
521 if (copyout(&spd->spd_elf_data, (void *)arg1,
522 sizeof (brand_elf_data_t)) != 0)
523 return (EFAULT);
524 }
525 #if defined(_LP64)
526 else {
527 brand_elf_data32_t sed32;
528
529 sed32.sed_phdr = spd->spd_elf_data.sed_phdr;
530 sed32.sed_phent = spd->spd_elf_data.sed_phent;
531 sed32.sed_phnum = spd->spd_elf_data.sed_phnum;
532 sed32.sed_entry = spd->spd_elf_data.sed_entry;
533 sed32.sed_base = spd->spd_elf_data.sed_base;
534 sed32.sed_ldentry = spd->spd_elf_data.sed_ldentry;
535 sed32.sed_lddata = spd->spd_elf_data.sed_lddata;
536 if (copyout(&sed32, (void *)arg1, sizeof (sed32))
537 != 0)
538 return (EFAULT);
539 }
540 #endif /* _LP64 */
541 return (0);
542
543 /*
544 * The B_TRUSS_POINT subcommand exists so that we can see
545 * truss output from interposed system calls that return
546 * without first calling any other system call, meaning they
547 * would be invisible to truss(1).
548 * If the second argument is set non-zero, set errno to that
549 * value as well.
550 *
551 * Common arguments seen with truss are:
552 *
553 * arg1: syscall number
554 * arg2: errno
555 */
556 case B_TRUSS_POINT:
557 return ((arg2 == 0) ? 0 : set_errno((uint_t)arg2));
558 }
559
560 return (-1);
561 }
562
563 /*ARGSUSED*/
564 void
565 brand_solaris_copy_procdata(proc_t *child, proc_t *parent, struct brand *pbrand)
566 {
567 brand_proc_data_t *spd;
568
569 ASSERT(parent->p_brand == pbrand);
570 ASSERT(child->p_brand == pbrand);
571 ASSERT(parent->p_brand_data != NULL);
572 ASSERT(child->p_brand_data == NULL);
573
574 /*
575 * Just duplicate all the proc data of the parent for the
576 * child
577 */
578 spd = kmem_alloc(sizeof (brand_proc_data_t), KM_SLEEP);
579 bcopy(parent->p_brand_data, spd, sizeof (brand_proc_data_t));
580 child->p_brand_data = spd;
581 }
582
583 static void
584 restoreexecenv(struct execenv *ep, stack_t *sp)
585 {
586 klwp_t *lwp = ttolwp(curthread);
587
588 setexecenv(ep);
589 lwp->lwp_sigaltstack.ss_sp = sp->ss_sp;
590 lwp->lwp_sigaltstack.ss_size = sp->ss_size;
591 lwp->lwp_sigaltstack.ss_flags = sp->ss_flags;
592 }
593
594 /*ARGSUSED*/
595 int
596 brand_solaris_elfexec(vnode_t *vp, execa_t *uap, uarg_t *args,
597 intpdata_t *idatap, int level, long *execsz, int setid, caddr_t exec_file,
598 cred_t *cred, int brand_action, struct brand *pbrand, char *bname,
599 char *brandlib, char *brandlib32, char *brandlinker, char *brandlinker32)
600 {
601
602 vnode_t *nvp;
603 Ehdr ehdr;
604 Addr uphdr_vaddr;
605 intptr_t voffset;
606 int interp;
607 int i, err;
608 struct execenv env;
609 struct execenv origenv;
610 stack_t orig_sigaltstack;
611 struct user *up = PTOU(curproc);
612 proc_t *p = ttoproc(curthread);
613 klwp_t *lwp = ttolwp(curthread);
614 brand_proc_data_t *spd;
615 brand_elf_data_t sed, *sedp;
616 char *linker;
617 uintptr_t lddata; /* lddata of executable's linker */
618
619 ASSERT(curproc->p_brand == pbrand);
620 ASSERT(curproc->p_brand_data != NULL);
621
622 spd = (brand_proc_data_t *)curproc->p_brand_data;
623 sedp = &spd->spd_elf_data;
624
625 args->brandname = bname;
626
627 /*
628 * We will exec the brand library and then map in the target
629 * application and (optionally) the brand's default linker.
630 */
631 if (args->to_model == DATAMODEL_NATIVE) {
632 args->emulator = brandlib;
633 linker = brandlinker;
634 }
635 #if defined(_LP64)
636 else {
637 args->emulator = brandlib32;
638 linker = brandlinker32;
639 }
640 #endif /* _LP64 */
641
642 if ((err = lookupname(args->emulator, UIO_SYSSPACE, FOLLOW,
643 NULLVPP, &nvp)) != 0) {
644 uprintf("%s: not found.", args->emulator);
645 return (err);
646 }
647
648 /*
649 * The following elf{32}exec call changes the execenv in the proc
650 * struct which includes changing the p_exec member to be the vnode
651 * for the brand library (e.g. /.SUNWnative/usr/lib/s10_brand.so.1).
652 * We will eventually set the p_exec member to be the vnode for the new
653 * executable when we call setexecenv(). However, if we get an error
654 * before that call we need to restore the execenv to its original
655 * values so that when we return to the caller fop_close() works
656 * properly while cleaning up from the failed exec(). Restoring the
657 * original value will also properly decrement the 2nd VN_RELE that we
658 * took on the brand library.
659 */
660 origenv.ex_bssbase = p->p_bssbase;
661 origenv.ex_brkbase = p->p_brkbase;
662 origenv.ex_brksize = p->p_brksize;
663 origenv.ex_vp = p->p_exec;
664 orig_sigaltstack.ss_sp = lwp->lwp_sigaltstack.ss_sp;
665 orig_sigaltstack.ss_size = lwp->lwp_sigaltstack.ss_size;
666 orig_sigaltstack.ss_flags = lwp->lwp_sigaltstack.ss_flags;
667
668 if (args->to_model == DATAMODEL_NATIVE) {
669 err = elfexec(nvp, uap, args, idatap, INTP_MAXDEPTH + 1, execsz,
670 setid, exec_file, cred, brand_action);
671 }
672 #if defined(_LP64)
673 else {
674 err = elf32exec(nvp, uap, args, idatap, INTP_MAXDEPTH + 1,
675 execsz, setid, exec_file, cred, brand_action);
676 }
677 #endif /* _LP64 */
678 VN_RELE(nvp);
679 if (err != 0) {
680 restoreexecenv(&origenv, &orig_sigaltstack);
681 return (err);
682 }
683
684 /*
685 * The u_auxv veCTors are set up by elfexec to point to the
686 * brand emulation library and linker. Save these so they can
687 * be copied to the specific brand aux vectors.
688 */
689 bzero(&sed, sizeof (sed));
690 for (i = 0; i < __KERN_NAUXV_IMPL; i++) {
691 switch (up->u_auxv[i].a_type) {
692 case AT_SUN_LDDATA:
693 sed.sed_lddata = up->u_auxv[i].a_un.a_val;
694 break;
695 case AT_BASE:
696 sed.sed_base = up->u_auxv[i].a_un.a_val;
697 break;
698 case AT_ENTRY:
699 sed.sed_entry = up->u_auxv[i].a_un.a_val;
700 break;
701 case AT_PHDR:
702 sed.sed_phdr = up->u_auxv[i].a_un.a_val;
703 break;
704 case AT_PHENT:
705 sed.sed_phent = up->u_auxv[i].a_un.a_val;
706 break;
707 case AT_PHNUM:
708 sed.sed_phnum = up->u_auxv[i].a_un.a_val;
709 break;
710 default:
711 break;
712 }
713 }
714 /* Make sure the emulator has an entry point */
715 ASSERT(sed.sed_entry != NULL);
716 ASSERT(sed.sed_phdr != NULL);
717
718 bzero(&env, sizeof (env));
719 if (args->to_model == DATAMODEL_NATIVE) {
720 err = mapexec_brand(vp, args, &ehdr, &uphdr_vaddr,
721 &voffset, exec_file, &interp, &env.ex_bssbase,
722 &env.ex_brkbase, &env.ex_brksize, NULL);
723 }
724 #if defined(_LP64)
725 else {
726 Elf32_Ehdr ehdr32;
727 Elf32_Addr uphdr_vaddr32;
728 err = mapexec32_brand(vp, args, &ehdr32, &uphdr_vaddr32,
729 &voffset, exec_file, &interp, &env.ex_bssbase,
730 &env.ex_brkbase, &env.ex_brksize, NULL);
731 Ehdr32to64(&ehdr32, &ehdr);
732
733 if (uphdr_vaddr32 == (Elf32_Addr)-1)
734 uphdr_vaddr = (Addr)-1;
735 else
736 uphdr_vaddr = uphdr_vaddr32;
737 }
738 #endif /* _LP64 */
739 if (err != 0) {
740 restoreexecenv(&origenv, &orig_sigaltstack);
741 return (err);
742 }
743
744 /*
745 * Save off the important properties of the executable. The
746 * brand library will ask us for this data later, when it is
747 * initializing and getting ready to transfer control to the
748 * brand application.
749 */
750 if (uphdr_vaddr == (Addr)-1)
751 sedp->sed_phdr = voffset + ehdr.e_phoff;
752 else
753 sedp->sed_phdr = voffset + uphdr_vaddr;
754 sedp->sed_entry = voffset + ehdr.e_entry;
755 sedp->sed_phent = ehdr.e_phentsize;
756 sedp->sed_phnum = ehdr.e_phnum;
757
758 if (interp) {
759 if (ehdr.e_type == ET_DYN) {
760 /*
761 * This is a shared object executable, so we
762 * need to pick a reasonable place to put the
763 * heap. Just don't use the first page.
764 */
765 env.ex_brkbase = (caddr_t)PAGESIZE;
766 env.ex_bssbase = (caddr_t)PAGESIZE;
767 }
768
769 /*
770 * If the program needs an interpreter (most do), map
771 * it in and store relevant information about it in the
772 * aux vector, where the brand library can find it.
773 */
774 if ((err = lookupname(linker, UIO_SYSSPACE,
775 FOLLOW, NULLVPP, &nvp)) != 0) {
776 uprintf("%s: not found.", brandlinker);
777 restoreexecenv(&origenv, &orig_sigaltstack);
778 return (err);
779 }
780 if (args->to_model == DATAMODEL_NATIVE) {
781 err = mapexec_brand(nvp, args, &ehdr,
782 &uphdr_vaddr, &voffset, exec_file, &interp,
783 NULL, NULL, NULL, &lddata);
784 }
785 #if defined(_LP64)
786 else {
787 Elf32_Ehdr ehdr32;
788 Elf32_Addr uphdr_vaddr32;
789 err = mapexec32_brand(nvp, args, &ehdr32,
790 &uphdr_vaddr32, &voffset, exec_file, &interp,
791 NULL, NULL, NULL, &lddata);
792 Ehdr32to64(&ehdr32, &ehdr);
793
794 if (uphdr_vaddr32 == (Elf32_Addr)-1)
795 uphdr_vaddr = (Addr)-1;
796 else
797 uphdr_vaddr = uphdr_vaddr32;
798 }
799 #endif /* _LP64 */
800 VN_RELE(nvp);
801 if (err != 0) {
802 restoreexecenv(&origenv, &orig_sigaltstack);
803 return (err);
804 }
805
806 /*
807 * Now that we know the base address of the brand's
808 * linker, place it in the aux vector.
809 */
810 sedp->sed_base = voffset;
811 sedp->sed_ldentry = voffset + ehdr.e_entry;
812 sedp->sed_lddata = voffset + lddata;
813 } else {
814 /*
815 * This program has no interpreter. The brand library
816 * will jump to the address in the AT_SUN_BRAND_LDENTRY
817 * aux vector, so in this case, put the entry point of
818 * the main executable there.
819 */
820 if (ehdr.e_type == ET_EXEC) {
821 /*
822 * An executable with no interpreter, this must
823 * be a statically linked executable, which
824 * means we loaded it at the address specified
825 * in the elf header, in which case the e_entry
826 * field of the elf header is an absolute
827 * address.
828 */
829 sedp->sed_ldentry = ehdr.e_entry;
830 sedp->sed_entry = ehdr.e_entry;
831 sedp->sed_lddata = NULL;
832 sedp->sed_base = NULL;
833 } else {
834 /*
835 * A shared object with no interpreter, we use
836 * the calculated address from above.
837 */
838 sedp->sed_ldentry = sedp->sed_entry;
839 sedp->sed_entry = NULL;
840 sedp->sed_phdr = NULL;
841 sedp->sed_phent = NULL;
842 sedp->sed_phnum = NULL;
843 sedp->sed_lddata = NULL;
844 sedp->sed_base = voffset;
845
846 if (ehdr.e_type == ET_DYN) {
847 /*
848 * Delay setting the brkbase until the
849 * first call to brk(); see elfexec()
850 * for details.
851 */
852 env.ex_bssbase = (caddr_t)0;
853 env.ex_brkbase = (caddr_t)0;
854 env.ex_brksize = 0;
855 }
856 }
857 }
858
859 env.ex_magic = elfmagic;
860 env.ex_vp = vp;
861 setexecenv(&env);
862
863 /*
864 * It's time to manipulate the process aux vectors. First
865 * we need to update the AT_SUN_AUXFLAGS aux vector to set
866 * the AF_SUN_NOPLM flag.
867 */
868 if (args->to_model == DATAMODEL_NATIVE) {
869 auxv_t auxflags_auxv;
870
871 if (copyin(args->auxp_auxflags, &auxflags_auxv,
872 sizeof (auxflags_auxv)) != 0)
873 return (EFAULT);
874
875 ASSERT(auxflags_auxv.a_type == AT_SUN_AUXFLAGS);
876 auxflags_auxv.a_un.a_val |= AF_SUN_NOPLM;
877 if (copyout(&auxflags_auxv, args->auxp_auxflags,
878 sizeof (auxflags_auxv)) != 0)
879 return (EFAULT);
880 }
881 #if defined(_LP64)
882 else {
883 auxv32_t auxflags_auxv32;
884
885 if (copyin(args->auxp_auxflags, &auxflags_auxv32,
886 sizeof (auxflags_auxv32)) != 0)
887 return (EFAULT);
888
889 ASSERT(auxflags_auxv32.a_type == AT_SUN_AUXFLAGS);
890 auxflags_auxv32.a_un.a_val |= AF_SUN_NOPLM;
891 if (copyout(&auxflags_auxv32, args->auxp_auxflags,
892 sizeof (auxflags_auxv32)) != 0)
893 return (EFAULT);
894 }
895 #endif /* _LP64 */
896
897 /* Second, copy out the brand specific aux vectors. */
898 if (args->to_model == DATAMODEL_NATIVE) {
899 auxv_t brand_auxv[] = {
900 { AT_SUN_BRAND_AUX1, 0 },
901 { AT_SUN_BRAND_AUX2, 0 },
902 { AT_SUN_BRAND_AUX3, 0 }
903 };
904
905 ASSERT(brand_auxv[0].a_type ==
906 AT_SUN_BRAND_COMMON_LDDATA);
907 brand_auxv[0].a_un.a_val = sed.sed_lddata;
908
909 if (copyout(&brand_auxv, args->auxp_brand,
910 sizeof (brand_auxv)) != 0)
911 return (EFAULT);
912 }
913 #if defined(_LP64)
914 else {
915 auxv32_t brand_auxv32[] = {
916 { AT_SUN_BRAND_AUX1, 0 },
917 { AT_SUN_BRAND_AUX2, 0 },
918 { AT_SUN_BRAND_AUX3, 0 }
919 };
920
921 ASSERT(brand_auxv32[0].a_type == AT_SUN_BRAND_COMMON_LDDATA);
922 brand_auxv32[0].a_un.a_val = (uint32_t)sed.sed_lddata;
923 if (copyout(&brand_auxv32, args->auxp_brand,
924 sizeof (brand_auxv32)) != 0)
925 return (EFAULT);
926 }
927 #endif /* _LP64 */
928
929 /*
930 * Third, the /proc aux vectors set up by elfexec() point to
931 * brand emulation library and it's linker. Copy these to the
932 * /proc brand specific aux vector, and update the regular
933 * /proc aux vectors to point to the executable (and it's
934 * linker). This will enable debuggers to access the
935 * executable via the usual /proc or elf notes aux vectors.
936 *
937 * The brand emulation library's linker will get it's aux
938 * vectors off the stack, and then update the stack with the
939 * executable's aux vectors before jumping to the executable's
940 * linker.
941 *
942 * Debugging the brand emulation library must be done from
943 * the global zone, where the librtld_db module knows how to
944 * fetch the brand specific aux vectors to access the brand
945 * emulation libraries linker.
946 */
947 for (i = 0; i < __KERN_NAUXV_IMPL; i++) {
948 ulong_t val;
949
950 switch (up->u_auxv[i].a_type) {
951 case AT_SUN_BRAND_COMMON_LDDATA:
952 up->u_auxv[i].a_un.a_val = sed.sed_lddata;
953 continue;
954 case AT_BASE:
955 val = sedp->sed_base;
956 break;
957 case AT_ENTRY:
958 val = sedp->sed_entry;
959 break;
960 case AT_PHDR:
961 val = sedp->sed_phdr;
962 break;
963 case AT_PHENT:
964 val = sedp->sed_phent;
965 break;
966 case AT_PHNUM:
967 val = sedp->sed_phnum;
968 break;
969 case AT_SUN_LDDATA:
970 val = sedp->sed_lddata;
971 break;
972 default:
973 continue;
974 }
975
976 up->u_auxv[i].a_un.a_val = val;
977 if (val == NULL) {
978 /* Hide the entry for static binaries */
979 up->u_auxv[i].a_type = AT_IGNORE;
980 }
981 }
982
983 /*
984 * The last thing we do here is clear spd->spd_handler. This
985 * is important because if we're already a branded process and
986 * if this exec succeeds, there is a window between when the
987 * exec() first returns to the userland of the new process and
988 * when our brand library get's initialized, during which we
989 * don't want system calls to be re-directed to our brand
990 * library since it hasn't been initialized yet.
991 */
992 spd->spd_handler = NULL;
993
994 return (0);
995 }
996
997 void
998 brand_solaris_exec(struct brand *pbrand)
999 {
1000 brand_proc_data_t *spd = curproc->p_brand_data;
1001
1002 ASSERT(curproc->p_brand == pbrand);
1003 ASSERT(curproc->p_brand_data != NULL);
1004 ASSERT(ttolwp(curthread)->lwp_brand != NULL);
1005
1006 /*
1007 * We should only be called from exec(), when we know the process
1008 * is single-threaded.
1009 */
1010 ASSERT(curproc->p_tlist == curproc->p_tlist->t_forw);
1011
1012 /* Upon exec, reset our lwp brand data. */
1013 (void) brand_solaris_freelwp(ttolwp(curthread), pbrand);
1014 (void) brand_solaris_initlwp(ttolwp(curthread), pbrand);
1015
1016 /*
1017 * Upon exec, reset all the proc brand data, except for the elf
1018 * data associated with the executable we are exec'ing.
1019 */
1020 spd->spd_handler = NULL;
1021 }
1022
1023 int
1024 brand_solaris_fini(char **emul_table, struct modlinkage *modlinkage,
1025 struct brand *pbrand)
1026 {
1027 int err;
1028
1029 /*
1030 * If there are any zones using this brand, we can't allow it
1031 * to be unloaded.
1032 */
1033 if (brand_zone_count(pbrand))
1034 return (EBUSY);
1035
1036 kmem_free(*emul_table, NSYSCALL);
1037 *emul_table = NULL;
1038
1039 err = mod_remove(modlinkage);
1040 if (err)
1041 cmn_err(CE_WARN, "Couldn't unload brand module");
1042
1043 return (err);
1044 }
1045
1046 /*ARGSUSED*/
1047 void
1048 brand_solaris_forklwp(klwp_t *p, klwp_t *c, struct brand *pbrand)
1049 {
1050 ASSERT(p->lwp_procp->p_brand == pbrand);
1051 ASSERT(c->lwp_procp->p_brand == pbrand);
1052
1053 ASSERT(p->lwp_procp->p_brand_data != NULL);
1054 ASSERT(c->lwp_procp->p_brand_data != NULL);
1055
1056 /*
1057 * Both LWPs have already had been initialized via
1058 * brand_solaris_initlwp().
1059 */
1060 ASSERT(p->lwp_brand != NULL);
1061 ASSERT(c->lwp_brand != NULL);
1062 }
1063
1064 /*ARGSUSED*/
1065 void
1066 brand_solaris_freelwp(klwp_t *l, struct brand *pbrand)
1067 {
1068 ASSERT(l->lwp_procp->p_brand == pbrand);
1069 ASSERT(l->lwp_procp->p_brand_data != NULL);
1070 ASSERT(l->lwp_brand != NULL);
1071 l->lwp_brand = NULL;
1072 }
1073
1074 /*ARGSUSED*/
1075 int
1076 brand_solaris_initlwp(klwp_t *l, struct brand *pbrand)
1077 {
1078 ASSERT(l->lwp_procp->p_brand == pbrand);
1079 ASSERT(l->lwp_procp->p_brand_data != NULL);
1080 ASSERT(l->lwp_brand == NULL);
1081 l->lwp_brand = (void *)-1;
1082 return (0);
1083 }
1084
1085 /*ARGSUSED*/
1086 void
1087 brand_solaris_lwpexit(klwp_t *l, struct brand *pbrand)
1088 {
1089 proc_t *p = l->lwp_procp;
1090
1091 ASSERT(l->lwp_procp->p_brand == pbrand);
1092 ASSERT(l->lwp_procp->p_brand_data != NULL);
1093 ASSERT(l->lwp_brand != NULL);
1094
1095 /*
1096 * We should never be called for the last thread in a process.
1097 * (That case is handled by brand_solaris_proc_exit().)
1098 * Therefore this lwp must be exiting from a multi-threaded
1099 * process.
1100 */
1101 ASSERT(p->p_tlist != p->p_tlist->t_forw);
1102
1103 l->lwp_brand = NULL;
1104 }
1105
1106 /*ARGSUSED*/
1107 void
1108 brand_solaris_proc_exit(struct proc *p, klwp_t *l, struct brand *pbrand)
1109 {
1110 ASSERT(p->p_brand == pbrand);
1111 ASSERT(p->p_brand_data != NULL);
1112
1113 /*
1114 * When called from proc_exit(), we know that process is
1115 * single-threaded and free our lwp brand data.
1116 * otherwise just free p_brand_data and return.
1117 */
1118 if (l != NULL) {
1119 ASSERT(p->p_tlist == p->p_tlist->t_forw);
1120 ASSERT(p->p_tlist->t_lwp == l);
1121 (void) brand_solaris_freelwp(l, pbrand);
1122 }
1123
1124 /* upon exit, free our proc brand data */
1125 kmem_free(p->p_brand_data, sizeof (brand_proc_data_t));
1126 p->p_brand_data = NULL;
1127 }
1128
1129 void
1130 brand_solaris_setbrand(proc_t *p, struct brand *pbrand)
1131 {
1132 ASSERT(p->p_brand == pbrand);
1133 ASSERT(p->p_brand_data == NULL);
1134
1135 /*
1136 * We should only be called from exec(), when we know the process
1137 * is single-threaded.
1138 */
1139 ASSERT(p->p_tlist == p->p_tlist->t_forw);
1140
1141 p->p_brand_data = kmem_zalloc(sizeof (brand_proc_data_t), KM_SLEEP);
1142 (void) brand_solaris_initlwp(p->p_tlist->t_lwp, pbrand);
1143 }
Unleashed OS