9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 1988, 2010, Oracle and/or its affiliates. All rights reserved.
24 */
25
26 /* Copyright (c) 1988 AT&T */
27 /* All Rights Reserved */
28 /*
29 * Copyright 2014, Joyent, Inc. All rights reserved.
30 */
31
32 #include <sys/types.h>
33 #include <sys/param.h>
34 #include <sys/sysmacros.h>
35 #include <sys/systm.h>
36 #include <sys/signal.h>
37 #include <sys/cred_impl.h>
38 #include <sys/policy.h>
39 #include <sys/user.h>
40 #include <sys/errno.h>
41 #include <sys/file.h>
42 #include <sys/vfs.h>
43 #include <sys/vnode.h>
44 #include <sys/mman.h>
45 #include <sys/acct.h>
46 #include <sys/cpuvar.h>
47 #include <sys/proc.h>
48 #include <sys/cmn_err.h>
49 #include <sys/debug.h>
52 #include <sys/lgrp.h>
53 #include <sys/vtrace.h>
54 #include <sys/exec.h>
55 #include <sys/exechdr.h>
56 #include <sys/kmem.h>
57 #include <sys/prsystm.h>
58 #include <sys/modctl.h>
59 #include <sys/vmparam.h>
60 #include <sys/door.h>
61 #include <sys/schedctl.h>
62 #include <sys/utrap.h>
63 #include <sys/systeminfo.h>
64 #include <sys/stack.h>
65 #include <sys/rctl.h>
66 #include <sys/dtrace.h>
67 #include <sys/lwpchan_impl.h>
68 #include <sys/pool.h>
69 #include <sys/sdt.h>
70 #include <sys/brand.h>
71 #include <sys/klpd.h>
72
73 #include <c2/audit.h>
74
75 #include <vm/hat.h>
76 #include <vm/anon.h>
77 #include <vm/as.h>
78 #include <vm/seg.h>
79 #include <vm/seg_vn.h>
80
81 #define PRIV_RESET 0x01 /* needs to reset privs */
82 #define PRIV_SETID 0x02 /* needs to change uids */
83 #define PRIV_SETUGID 0x04 /* is setuid/setgid/forced privs */
84 #define PRIV_INCREASE 0x08 /* child runs with more privs */
85 #define MAC_FLAGS 0x10 /* need to adjust MAC flags */
86 #define PRIV_FORCED 0x20 /* has forced privileges */
87
88 static int execsetid(struct vnode *, struct vattr *, uid_t *, uid_t *,
89 priv_set_t *, cred_t *, const char *);
90 static int hold_execsw(struct execsw *);
91
92 uint_t auxv_hwcap = 0; /* auxv AT_SUN_HWCAP value; determined on the fly */
93 uint_t auxv_hwcap_2 = 0; /* AT_SUN_HWCAP2 */
94 #if defined(_SYSCALL32_IMPL)
95 uint_t auxv_hwcap32 = 0; /* 32-bit version of auxv_hwcap */
96 uint_t auxv_hwcap32_2 = 0; /* 32-bit version of auxv_hwcap2 */
97 #endif
98
99 #define PSUIDFLAGS (SNOCD|SUGID)
100
101 /*
102 * exece() - system call wrapper around exec_common()
103 */
104 int
105 exece(const char *fname, const char **argp, const char **envp)
106 {
107 int error;
108
109 error = exec_common(fname, argp, envp, EBA_NONE);
110 return (error ? (set_errno(error)) : 0);
111 }
112
113 int
114 exec_common(const char *fname, const char **argp, const char **envp,
115 int brand_action)
116 {
117 vnode_t *vp = NULL, *dir = NULL, *tmpvp = NULL;
118 proc_t *p = ttoproc(curthread);
119 klwp_t *lwp = ttolwp(curthread);
280 crfree(args.pfcred);
281 args.pfcred = NULL;
282 args.scrubenv = B_FALSE;
283 }
284 }
285
286 /*
287 * Specific exec handlers, or policies determined via
288 * /etc/system may override the historical default.
289 */
290 args.stk_prot = PROT_ZFOD;
291 args.dat_prot = PROT_ZFOD;
292
293 CPU_STATS_ADD_K(sys, sysexec, 1);
294 DTRACE_PROC1(exec, char *, args.pathname);
295
296 ua.fname = fname;
297 ua.argp = argp;
298 ua.envp = envp;
299
300 /* If necessary, brand this process before we start the exec. */
301 if (brandme)
302 brand_setbrand(p);
303
304 if ((error = gexec(&vp, &ua, &args, NULL, 0, &execsz,
305 exec_file, p->p_cred, brand_action)) != 0) {
306 if (brandme)
307 brand_clearbrand(p, B_FALSE);
308 VN_RELE(vp);
309 if (dir != NULL)
310 VN_RELE(dir);
311 pn_free(&resolvepn);
312 goto fail;
313 }
314
315 /*
316 * Free floating point registers (sun4u only)
317 */
318 ASSERT(lwp != NULL);
319 lwp_freeregs(lwp, 1);
320
321 /*
322 * Free thread and process context ops.
323 */
324 if (curthread->t_ctx)
325 freectx(curthread, 1);
326 if (p->p_pctx)
327 freepctx(p, 1);
328
329 /*
330 * Remember file name for accounting; clear any cached DTrace predicate.
331 */
332 up->u_acflag &= ~AFORK;
333 bcopy(exec_file, up->u_comm, MAXCOMLEN+1);
334 curthread->t_predcache = NULL;
335
336 /*
337 * Clear contract template state
338 */
339 lwp_ctmpl_clear(lwp);
340
341 /*
342 * Save the directory in which we found the executable for expanding
343 * the %d token used in core file patterns.
344 */
345 mutex_enter(&p->p_lock);
346 tmpvp = p->p_execdir;
347 p->p_execdir = dir;
348 if (p->p_execdir != NULL)
349 VN_HOLD(p->p_execdir);
350 mutex_exit(&p->p_lock);
351
352 if (tmpvp != NULL)
353 VN_RELE(tmpvp);
354
355 /*
356 * Reset stack state to the user stack, clear set of signals
357 * caught on the signal stack, and reset list of signals that
358 * restart system calls; the new program's environment should
359 * not be affected by detritus from the old program. Any
360 * pending held signals remain held, so don't clear t_hold.
361 */
362 mutex_enter(&p->p_lock);
363 lwp->lwp_oldcontext = 0;
364 lwp->lwp_ustack = 0;
365 lwp->lwp_old_stk_ctl = 0;
366 sigemptyset(&up->u_signodefer);
367 sigemptyset(&up->u_sigonstack);
368 sigemptyset(&up->u_sigresethand);
369 lwp->lwp_sigaltstack.ss_sp = 0;
370 lwp->lwp_sigaltstack.ss_size = 0;
371 lwp->lwp_sigaltstack.ss_flags = SS_DISABLE;
372
373 /*
374 * Make saved resource limit == current resource limit.
375 */
376 for (i = 0; i < RLIM_NLIMITS; i++) {
377 /*CONSTCOND*/
378 if (RLIM_SAVED(i)) {
379 (void) rctl_rlimit_get(rctlproc_legacy[i], p,
380 &up->u_saved_rlimit[i]);
381 }
382 }
402 p->p_prof.pr_size = 0;
403 p->p_prof.pr_off = 0;
404 p->p_prof.pr_scale = 0;
405 p->p_prof.pr_samples = 0;
406 mutex_exit(&p->p_pflock);
407
408 ASSERT(curthread->t_schedctl == NULL);
409
410 #if defined(__sparc)
411 if (p->p_utraps != NULL)
412 utrap_free(p);
413 #endif /* __sparc */
414
415 /*
416 * Close all close-on-exec files.
417 */
418 close_exec(P_FINFO(p));
419 TRACE_2(TR_FAC_PROC, TR_PROC_EXEC, "proc_exec:p %p up %p", p, up);
420
421 /* Unbrand ourself if necessary. */
422 if (PROC_IS_BRANDED(p) && (brand_action == EBA_NATIVE))
423 brand_clearbrand(p, B_FALSE);
424
425 setregs(&args);
426
427 /* Mark this as an executable vnode */
428 mutex_enter(&vp->v_lock);
429 vp->v_flag |= VVMEXEC;
430 mutex_exit(&vp->v_lock);
431
432 VN_RELE(vp);
433 if (dir != NULL)
434 VN_RELE(dir);
435 pn_free(&resolvepn);
436
437 /*
438 * Allocate a new lwp directory and lwpid hash table if necessary.
439 */
440 if (curthread->t_tid != 1 || p->p_lwpdir_sz != 2) {
441 lwpdir = kmem_zalloc(2 * sizeof (lwpdir_t), KM_SLEEP);
442 lwpdir->ld_next = lwpdir + 1;
443 tidhash = kmem_zalloc(2 * sizeof (tidhash_t), KM_SLEEP);
527 mutex_exit(&p->p_lock);
528 ASSERT(error != 0);
529 return (error);
530 }
531
532
533 /*
534 * Perform generic exec duties and switchout to object-file specific
535 * handler.
536 */
537 int
538 gexec(
539 struct vnode **vpp,
540 struct execa *uap,
541 struct uarg *args,
542 struct intpdata *idatap,
543 int level,
544 long *execsz,
545 caddr_t exec_file,
546 struct cred *cred,
547 int brand_action)
548 {
549 struct vnode *vp, *execvp = NULL;
550 proc_t *pp = ttoproc(curthread);
551 struct execsw *eswp;
552 int error = 0;
553 int suidflags = 0;
554 ssize_t resid;
555 uid_t uid, gid;
556 struct vattr vattr;
557 char magbuf[MAGIC_BYTES];
558 int setid;
559 cred_t *oldcred, *newcred = NULL;
560 int privflags = 0;
561 int setidfl;
562 priv_set_t fset;
563
564 /*
565 * If the SNOCD or SUGID flag is set, turn it off and remember the
566 * previous setting so we can restore it if we encounter an error.
567 */
841 if (newcred != NULL && oruid != newcred->cr_ruid) {
842 /* Note that the process remains in the same zone. */
843 mutex_enter(&pidlock);
844 upcount_dec(oruid, crgetzoneid(newcred));
845 upcount_inc(newcred->cr_ruid, crgetzoneid(newcred));
846 mutex_exit(&pidlock);
847 }
848 if (suidflags) {
849 mutex_enter(&pp->p_lock);
850 pp->p_flag |= suidflags;
851 mutex_exit(&pp->p_lock);
852 }
853 if (setid && (pp->p_proc_flag & P_PR_PTRACE) == 0) {
854 /*
855 * If process is traced via /proc, arrange to
856 * invalidate the associated /proc vnode.
857 */
858 if (pp->p_plist || (pp->p_proc_flag & P_PR_TRACE))
859 args->traceinval = 1;
860 }
861 if (pp->p_proc_flag & P_PR_PTRACE)
862 psignal(pp, SIGTRAP);
863 if (args->traceinval)
864 prinvalidate(&pp->p_user);
865 }
866 if (execvp)
867 VN_RELE(execvp);
868 return (0);
869
870 bad:
871 (void) VOP_CLOSE(vp, FREAD, 1, (offset_t)0, cred, NULL);
872
873 bad_noclose:
874 if (newcred != NULL)
875 crfree(newcred);
876 if (error == 0)
877 error = ENOEXEC;
878
879 if (suidflags) {
880 mutex_enter(&pp->p_lock);
881 pp->p_flag |= suidflags;
882 mutex_exit(&pp->p_lock);
1500 if (STK_AVAIL(args) < sizeof (int))
1501 return (E2BIG);
1502 *--args->stk_offp = args->stk_strp - args->stk_base;
1503
1504 if (segflg == UIO_USERSPACE) {
1505 error = copyinstr(sp, args->stk_strp, STK_AVAIL(args), &len);
1506 if (error != 0)
1507 return (error);
1508 } else {
1509 len = strlen(sp) + 1;
1510 if (len > STK_AVAIL(args))
1511 return (E2BIG);
1512 bcopy(sp, args->stk_strp, len);
1513 }
1514
1515 args->stk_strp += len;
1516
1517 return (0);
1518 }
1519
1520 static int
1521 stk_getptr(uarg_t *args, char *src, char **dst)
1522 {
1523 int error;
1524
1525 if (args->from_model == DATAMODEL_NATIVE) {
1526 ulong_t ptr;
1527 error = fulword(src, &ptr);
1528 *dst = (caddr_t)ptr;
1529 } else {
1530 uint32_t ptr;
1531 error = fuword32(src, &ptr);
1532 *dst = (caddr_t)(uintptr_t)ptr;
1533 }
1534 return (error);
1535 }
1536
1537 static int
1538 stk_putptr(uarg_t *args, char *addr, char *value)
1539 {
1540 if (args->to_model == DATAMODEL_NATIVE)
1541 return (sulword(addr, (ulong_t)value));
1542 else
1543 return (suword32(addr, (uint32_t)(uintptr_t)value));
1544 }
1545
1546 static int
1547 stk_copyin(execa_t *uap, uarg_t *args, intpdata_t *intp, void **auxvpp)
1548 {
1549 char *sp;
1550 int argc, error;
1551 int argv_empty = 0;
1552 size_t ptrsize = args->from_ptrsize;
1553 size_t size, pad;
1554 char *argv = (char *)uap->argp;
1555 char *envp = (char *)uap->envp;
1556
1557 /*
1558 * Copy interpreter's name and argument to argv[0] and argv[1].
1559 * In the rare case that we have nested interpreters then those names
1560 * and arguments are also copied to the subsequent slots in argv.
1561 */
1562 if (intp != NULL && intp->intp_name[0] != NULL) {
1563 int i;
1564
1565 for (i = 0; i < INTP_MAXDEPTH; i++) {
1566 if (intp->intp_name[i] == NULL)
1567 break;
1568 error = stk_add(args, intp->intp_name[i], UIO_SYSSPACE);
1569 if (error != 0)
1570 return (error);
1571 if (intp->intp_arg[i] != NULL) {
1572 error = stk_add(args, intp->intp_arg[i],
1573 UIO_SYSSPACE);
1574 if (error != 0)
1575 return (error);
1618 for (;;) {
1619 char *tmp = args->stk_strp;
1620 if (stk_getptr(args, envp, &sp))
1621 return (EFAULT);
1622 if (sp == NULL)
1623 break;
1624 if ((error = stk_add(args, sp, UIO_USERSPACE)) != 0)
1625 return (error);
1626 if (args->scrubenv && strncmp(tmp, "LD_", 3) == 0) {
1627 /* Undo the copied string */
1628 args->stk_strp = tmp;
1629 *(args->stk_offp++) = NULL;
1630 }
1631 envp += ptrsize;
1632 }
1633 }
1634 args->na = (int *)(args->stk_base + args->stk_size) - args->stk_offp;
1635 args->ne = args->na - argc;
1636
1637 /*
1638 * Add AT_SUN_PLATFORM, AT_SUN_EXECNAME, AT_SUN_BRANDNAME, and
1639 * AT_SUN_EMULATOR strings to the stack.
1640 */
1641 if (auxvpp != NULL && *auxvpp != NULL) {
1642 if ((error = stk_add(args, platform, UIO_SYSSPACE)) != 0)
1643 return (error);
1644 if ((error = stk_add(args, args->pathname, UIO_SYSSPACE)) != 0)
1645 return (error);
1646 if (args->brandname != NULL &&
1647 (error = stk_add(args, args->brandname, UIO_SYSSPACE)) != 0)
1648 return (error);
1649 if (args->emulator != NULL &&
1650 (error = stk_add(args, args->emulator, UIO_SYSSPACE)) != 0)
1651 return (error);
1652 }
1653
1654 /*
1655 * Compute the size of the stack. This includes all the pointers,
1656 * the space reserved for the aux vector, and all the strings.
1657 * The total number of pointers is args->na (which is argc + envc)
1658 * plus 4 more: (1) a pointer's worth of space for argc; (2) the NULL
1659 * after the last argument (i.e. argv[argc]); (3) the NULL after the
1660 * last environment variable (i.e. envp[envc]); and (4) the NULL after
1661 * all the strings, at the very top of the stack.
1662 */
1663 size = (args->na + 4) * args->to_ptrsize + args->auxsize +
1664 (args->stk_strp - args->stk_base);
1665
1666 /*
1667 * Pad the string section with zeroes to align the stack size.
1668 */
1669 pad = P2NPHASE(size, args->stk_align);
1670
1671 if (STK_AVAIL(args) < pad)
1738 */
1739 for (i = 0; i < envc; i++, usp += ptrsize)
1740 if (stk_putptr(args, usp, &ustrp[*--offp]))
1741 return (-1);
1742
1743 /*
1744 * Add space for envp[]'s NULL terminator (ptrsize) to usp and
1745 * remember where the stack ends, which is also where auxv begins.
1746 */
1747 args->stackend = usp += ptrsize;
1748
1749 /*
1750 * Put all the argv[], envp[], and auxv strings on the stack.
1751 */
1752 if (copyout(args->stk_base, ustrp, args->nc))
1753 return (-1);
1754
1755 /*
1756 * Fill in the aux vector now that we know the user stack addresses
1757 * for the AT_SUN_PLATFORM, AT_SUN_EXECNAME, AT_SUN_BRANDNAME and
1758 * AT_SUN_EMULATOR strings.
1759 */
1760 if (auxvpp != NULL && *auxvpp != NULL) {
1761 if (args->to_model == DATAMODEL_NATIVE) {
1762 auxv_t **a = (auxv_t **)auxvpp;
1763 ADDAUX(*a, AT_SUN_PLATFORM, (long)&ustrp[*--offp])
1764 ADDAUX(*a, AT_SUN_EXECNAME, (long)&ustrp[*--offp])
1765 if (args->brandname != NULL)
1766 ADDAUX(*a,
1767 AT_SUN_BRANDNAME, (long)&ustrp[*--offp])
1768 if (args->emulator != NULL)
1769 ADDAUX(*a,
1770 AT_SUN_EMULATOR, (long)&ustrp[*--offp])
1771 } else {
1772 auxv32_t **a = (auxv32_t **)auxvpp;
1773 ADDAUX(*a,
1774 AT_SUN_PLATFORM, (int)(uintptr_t)&ustrp[*--offp])
1775 ADDAUX(*a,
1776 AT_SUN_EXECNAME, (int)(uintptr_t)&ustrp[*--offp])
1777 if (args->brandname != NULL)
1778 ADDAUX(*a, AT_SUN_BRANDNAME,
1779 (int)(uintptr_t)&ustrp[*--offp])
1780 if (args->emulator != NULL)
1781 ADDAUX(*a, AT_SUN_EMULATOR,
1782 (int)(uintptr_t)&ustrp[*--offp])
1783 }
1784 }
1785
1786 return (0);
1787 }
1788
1789 /*
1790 * Initialize a new user stack with the specified arguments and environment.
1791 * The initial user stack layout is as follows:
1792 *
1793 * User Stack
1794 * +---------------+ <--- curproc->p_usrstack
1795 * | |
1796 * | slew |
1797 * | |
1798 * +---------------+
1799 * | NULL |
1800 * +---------------+
1801 * | |
1802 * | auxv strings |
1803 * | |
1804 * +---------------+
1851 args->from_ptrsize = sizeof (long);
1852 } else {
1853 args->from_ptrsize = sizeof (int32_t);
1854 }
1855
1856 if (args->to_model == DATAMODEL_NATIVE) {
1857 args->to_ptrsize = sizeof (long);
1858 args->ncargs = NCARGS;
1859 args->stk_align = STACK_ALIGN;
1860 if (args->addr32)
1861 usrstack = (char *)USRSTACK64_32;
1862 else
1863 usrstack = (char *)USRSTACK;
1864 } else {
1865 args->to_ptrsize = sizeof (int32_t);
1866 args->ncargs = NCARGS32;
1867 args->stk_align = STACK_ALIGN32;
1868 usrstack = (char *)USRSTACK32;
1869 }
1870
1871 ASSERT(P2PHASE((uintptr_t)usrstack, args->stk_align) == 0);
1872
1873 #if defined(__sparc)
1874 /*
1875 * Make sure user register windows are empty before
1876 * attempting to make a new stack.
1877 */
1878 (void) flush_user_windows_to_stack(NULL);
1879 #endif
1880
1881 for (size = PAGESIZE; ; size *= 2) {
1882 args->stk_size = size;
1883 args->stk_base = kmem_alloc(size, KM_SLEEP);
1884 args->stk_strp = args->stk_base;
1885 args->stk_offp = (int *)(args->stk_base + size);
1886 error = stk_copyin(uap, args, intp, auxvpp);
1887 if (error == 0)
1888 break;
1889 kmem_free(args->stk_base, size);
1890 if (error != E2BIG && error != ENAMETOOLONG)
|
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 1988, 2010, Oracle and/or its affiliates. All rights reserved.
24 */
25
26 /* Copyright (c) 1988 AT&T */
27 /* All Rights Reserved */
28 /*
29 * Copyright 2015, Joyent, Inc. All rights reserved.
30 */
31
32 #include <sys/types.h>
33 #include <sys/param.h>
34 #include <sys/sysmacros.h>
35 #include <sys/systm.h>
36 #include <sys/signal.h>
37 #include <sys/cred_impl.h>
38 #include <sys/policy.h>
39 #include <sys/user.h>
40 #include <sys/errno.h>
41 #include <sys/file.h>
42 #include <sys/vfs.h>
43 #include <sys/vnode.h>
44 #include <sys/mman.h>
45 #include <sys/acct.h>
46 #include <sys/cpuvar.h>
47 #include <sys/proc.h>
48 #include <sys/cmn_err.h>
49 #include <sys/debug.h>
52 #include <sys/lgrp.h>
53 #include <sys/vtrace.h>
54 #include <sys/exec.h>
55 #include <sys/exechdr.h>
56 #include <sys/kmem.h>
57 #include <sys/prsystm.h>
58 #include <sys/modctl.h>
59 #include <sys/vmparam.h>
60 #include <sys/door.h>
61 #include <sys/schedctl.h>
62 #include <sys/utrap.h>
63 #include <sys/systeminfo.h>
64 #include <sys/stack.h>
65 #include <sys/rctl.h>
66 #include <sys/dtrace.h>
67 #include <sys/lwpchan_impl.h>
68 #include <sys/pool.h>
69 #include <sys/sdt.h>
70 #include <sys/brand.h>
71 #include <sys/klpd.h>
72 #include <sys/random.h>
73
74 #include <c2/audit.h>
75
76 #include <vm/hat.h>
77 #include <vm/anon.h>
78 #include <vm/as.h>
79 #include <vm/seg.h>
80 #include <vm/seg_vn.h>
81
82 #define PRIV_RESET 0x01 /* needs to reset privs */
83 #define PRIV_SETID 0x02 /* needs to change uids */
84 #define PRIV_SETUGID 0x04 /* is setuid/setgid/forced privs */
85 #define PRIV_INCREASE 0x08 /* child runs with more privs */
86 #define MAC_FLAGS 0x10 /* need to adjust MAC flags */
87 #define PRIV_FORCED 0x20 /* has forced privileges */
88
89 static int execsetid(struct vnode *, struct vattr *, uid_t *, uid_t *,
90 priv_set_t *, cred_t *, const char *);
91 static int hold_execsw(struct execsw *);
92
93 uint_t auxv_hwcap = 0; /* auxv AT_SUN_HWCAP value; determined on the fly */
94 uint_t auxv_hwcap_2 = 0; /* AT_SUN_HWCAP2 */
95 #if defined(_SYSCALL32_IMPL)
96 uint_t auxv_hwcap32 = 0; /* 32-bit version of auxv_hwcap */
97 uint_t auxv_hwcap32_2 = 0; /* 32-bit version of auxv_hwcap2 */
98 #endif
99
100 #define PSUIDFLAGS (SNOCD|SUGID)
101 #define RANDOM_LEN 16 /* 16 bytes for AT_RANDOM aux entry */
102
103 /*
104 * exece() - system call wrapper around exec_common()
105 */
106 int
107 exece(const char *fname, const char **argp, const char **envp)
108 {
109 int error;
110
111 error = exec_common(fname, argp, envp, EBA_NONE);
112 return (error ? (set_errno(error)) : 0);
113 }
114
115 int
116 exec_common(const char *fname, const char **argp, const char **envp,
117 int brand_action)
118 {
119 vnode_t *vp = NULL, *dir = NULL, *tmpvp = NULL;
120 proc_t *p = ttoproc(curthread);
121 klwp_t *lwp = ttolwp(curthread);
282 crfree(args.pfcred);
283 args.pfcred = NULL;
284 args.scrubenv = B_FALSE;
285 }
286 }
287
288 /*
289 * Specific exec handlers, or policies determined via
290 * /etc/system may override the historical default.
291 */
292 args.stk_prot = PROT_ZFOD;
293 args.dat_prot = PROT_ZFOD;
294
295 CPU_STATS_ADD_K(sys, sysexec, 1);
296 DTRACE_PROC1(exec, char *, args.pathname);
297
298 ua.fname = fname;
299 ua.argp = argp;
300 ua.envp = envp;
301
302 /* If necessary, brand this process/lwp before we start the exec. */
303 if (brandme) {
304 void *brand_data = NULL;
305
306 /*
307 * Process branding may fail if multiple LWPs are present and
308 * holdlwps() cannot complete successfully.
309 */
310 error = brand_setbrand(p, B_TRUE);
311
312 if (error == 0 && BROP(p)->b_lwpdata_alloc != NULL) {
313 brand_data = BROP(p)->b_lwpdata_alloc(p);
314 if (brand_data == NULL) {
315 error = 1;
316 }
317 }
318
319 if (error == 0) {
320 mutex_enter(&p->p_lock);
321 BROP(p)->b_initlwp(lwp, brand_data);
322 mutex_exit(&p->p_lock);
323 } else {
324 VN_RELE(vp);
325 if (dir != NULL) {
326 VN_RELE(dir);
327 }
328 pn_free(&resolvepn);
329 goto fail;
330 }
331 }
332
333 if ((error = gexec(&vp, &ua, &args, NULL, 0, &execsz,
334 exec_file, p->p_cred, &brand_action)) != 0) {
335 if (brandme) {
336 BROP(p)->b_freelwp(lwp);
337 brand_clearbrand(p, B_TRUE);
338 }
339 VN_RELE(vp);
340 if (dir != NULL)
341 VN_RELE(dir);
342 pn_free(&resolvepn);
343 goto fail;
344 }
345
346 /*
347 * Free floating point registers (sun4u only)
348 */
349 ASSERT(lwp != NULL);
350 lwp_freeregs(lwp, 1);
351
352 /*
353 * Free thread and process context ops.
354 */
355 if (curthread->t_ctx)
356 freectx(curthread, 1);
357 if (p->p_pctx)
358 freepctx(p, 1);
359
360 /*
361 * Remember file name for accounting; clear any cached DTrace predicate.
362 */
363 up->u_acflag &= ~AFORK;
364 bcopy(exec_file, up->u_comm, MAXCOMLEN+1);
365 curthread->t_predcache = NULL;
366
367 /*
368 * Clear contract template state
369 */
370 lwp_ctmpl_clear(lwp, B_TRUE);
371
372 /*
373 * Save the directory in which we found the executable for expanding
374 * the %d token used in core file patterns.
375 */
376 mutex_enter(&p->p_lock);
377 tmpvp = p->p_execdir;
378 p->p_execdir = dir;
379 if (p->p_execdir != NULL)
380 VN_HOLD(p->p_execdir);
381 mutex_exit(&p->p_lock);
382
383 if (tmpvp != NULL)
384 VN_RELE(tmpvp);
385
386 /*
387 * Reset stack state to the user stack, clear set of signals
388 * caught on the signal stack, and reset list of signals that
389 * restart system calls; the new program's environment should
390 * not be affected by detritus from the old program. Any
391 * pending held signals remain held, so don't clear t_hold.
392 */
393 mutex_enter(&p->p_lock);
394 DTRACE_PROBE3(oldcontext__set, klwp_t *, lwp,
395 uintptr_t, lwp->lwp_oldcontext, uintptr_t, 0);
396 lwp->lwp_oldcontext = 0;
397 lwp->lwp_ustack = 0;
398 lwp->lwp_old_stk_ctl = 0;
399 sigemptyset(&up->u_signodefer);
400 sigemptyset(&up->u_sigonstack);
401 sigemptyset(&up->u_sigresethand);
402 lwp->lwp_sigaltstack.ss_sp = 0;
403 lwp->lwp_sigaltstack.ss_size = 0;
404 lwp->lwp_sigaltstack.ss_flags = SS_DISABLE;
405
406 /*
407 * Make saved resource limit == current resource limit.
408 */
409 for (i = 0; i < RLIM_NLIMITS; i++) {
410 /*CONSTCOND*/
411 if (RLIM_SAVED(i)) {
412 (void) rctl_rlimit_get(rctlproc_legacy[i], p,
413 &up->u_saved_rlimit[i]);
414 }
415 }
435 p->p_prof.pr_size = 0;
436 p->p_prof.pr_off = 0;
437 p->p_prof.pr_scale = 0;
438 p->p_prof.pr_samples = 0;
439 mutex_exit(&p->p_pflock);
440
441 ASSERT(curthread->t_schedctl == NULL);
442
443 #if defined(__sparc)
444 if (p->p_utraps != NULL)
445 utrap_free(p);
446 #endif /* __sparc */
447
448 /*
449 * Close all close-on-exec files.
450 */
451 close_exec(P_FINFO(p));
452 TRACE_2(TR_FAC_PROC, TR_PROC_EXEC, "proc_exec:p %p up %p", p, up);
453
454 /* Unbrand ourself if necessary. */
455 if (PROC_IS_BRANDED(p) && (brand_action == EBA_NATIVE)) {
456 BROP(p)->b_freelwp(lwp);
457 brand_clearbrand(p, B_FALSE);
458 }
459
460 setregs(&args);
461
462 /* Mark this as an executable vnode */
463 mutex_enter(&vp->v_lock);
464 vp->v_flag |= VVMEXEC;
465 mutex_exit(&vp->v_lock);
466
467 VN_RELE(vp);
468 if (dir != NULL)
469 VN_RELE(dir);
470 pn_free(&resolvepn);
471
472 /*
473 * Allocate a new lwp directory and lwpid hash table if necessary.
474 */
475 if (curthread->t_tid != 1 || p->p_lwpdir_sz != 2) {
476 lwpdir = kmem_zalloc(2 * sizeof (lwpdir_t), KM_SLEEP);
477 lwpdir->ld_next = lwpdir + 1;
478 tidhash = kmem_zalloc(2 * sizeof (tidhash_t), KM_SLEEP);
562 mutex_exit(&p->p_lock);
563 ASSERT(error != 0);
564 return (error);
565 }
566
567
568 /*
569 * Perform generic exec duties and switchout to object-file specific
570 * handler.
571 */
572 int
573 gexec(
574 struct vnode **vpp,
575 struct execa *uap,
576 struct uarg *args,
577 struct intpdata *idatap,
578 int level,
579 long *execsz,
580 caddr_t exec_file,
581 struct cred *cred,
582 int *brand_action)
583 {
584 struct vnode *vp, *execvp = NULL;
585 proc_t *pp = ttoproc(curthread);
586 struct execsw *eswp;
587 int error = 0;
588 int suidflags = 0;
589 ssize_t resid;
590 uid_t uid, gid;
591 struct vattr vattr;
592 char magbuf[MAGIC_BYTES];
593 int setid;
594 cred_t *oldcred, *newcred = NULL;
595 int privflags = 0;
596 int setidfl;
597 priv_set_t fset;
598
599 /*
600 * If the SNOCD or SUGID flag is set, turn it off and remember the
601 * previous setting so we can restore it if we encounter an error.
602 */
876 if (newcred != NULL && oruid != newcred->cr_ruid) {
877 /* Note that the process remains in the same zone. */
878 mutex_enter(&pidlock);
879 upcount_dec(oruid, crgetzoneid(newcred));
880 upcount_inc(newcred->cr_ruid, crgetzoneid(newcred));
881 mutex_exit(&pidlock);
882 }
883 if (suidflags) {
884 mutex_enter(&pp->p_lock);
885 pp->p_flag |= suidflags;
886 mutex_exit(&pp->p_lock);
887 }
888 if (setid && (pp->p_proc_flag & P_PR_PTRACE) == 0) {
889 /*
890 * If process is traced via /proc, arrange to
891 * invalidate the associated /proc vnode.
892 */
893 if (pp->p_plist || (pp->p_proc_flag & P_PR_TRACE))
894 args->traceinval = 1;
895 }
896
897 /*
898 * If legacy ptrace is enabled, generate the SIGTRAP.
899 */
900 if (pp->p_proc_flag & P_PR_PTRACE) {
901 psignal(pp, SIGTRAP);
902 }
903
904 if (args->traceinval)
905 prinvalidate(&pp->p_user);
906 }
907 if (execvp)
908 VN_RELE(execvp);
909 return (0);
910
911 bad:
912 (void) VOP_CLOSE(vp, FREAD, 1, (offset_t)0, cred, NULL);
913
914 bad_noclose:
915 if (newcred != NULL)
916 crfree(newcred);
917 if (error == 0)
918 error = ENOEXEC;
919
920 if (suidflags) {
921 mutex_enter(&pp->p_lock);
922 pp->p_flag |= suidflags;
923 mutex_exit(&pp->p_lock);
1541 if (STK_AVAIL(args) < sizeof (int))
1542 return (E2BIG);
1543 *--args->stk_offp = args->stk_strp - args->stk_base;
1544
1545 if (segflg == UIO_USERSPACE) {
1546 error = copyinstr(sp, args->stk_strp, STK_AVAIL(args), &len);
1547 if (error != 0)
1548 return (error);
1549 } else {
1550 len = strlen(sp) + 1;
1551 if (len > STK_AVAIL(args))
1552 return (E2BIG);
1553 bcopy(sp, args->stk_strp, len);
1554 }
1555
1556 args->stk_strp += len;
1557
1558 return (0);
1559 }
1560
1561 /*
1562 * Add a fixed size byte array to the stack (only from kernel space).
1563 */
1564 static int
1565 stk_byte_add(uarg_t *args, const uint8_t *sp, size_t len)
1566 {
1567 if (STK_AVAIL(args) < sizeof (int))
1568 return (E2BIG);
1569 *--args->stk_offp = args->stk_strp - args->stk_base;
1570
1571 if (len > STK_AVAIL(args))
1572 return (E2BIG);
1573 bcopy(sp, args->stk_strp, len);
1574
1575 args->stk_strp += len;
1576
1577 return (0);
1578 }
1579
1580 static int
1581 stk_getptr(uarg_t *args, char *src, char **dst)
1582 {
1583 int error;
1584
1585 if (args->from_model == DATAMODEL_NATIVE) {
1586 ulong_t ptr;
1587 error = fulword(src, &ptr);
1588 *dst = (caddr_t)ptr;
1589 } else {
1590 uint32_t ptr;
1591 error = fuword32(src, &ptr);
1592 *dst = (caddr_t)(uintptr_t)ptr;
1593 }
1594 return (error);
1595 }
1596
1597 static int
1598 stk_putptr(uarg_t *args, char *addr, char *value)
1599 {
1600 if (args->to_model == DATAMODEL_NATIVE)
1601 return (sulword(addr, (ulong_t)value));
1602 else
1603 return (suword32(addr, (uint32_t)(uintptr_t)value));
1604 }
1605
1606 static int
1607 stk_copyin(execa_t *uap, uarg_t *args, intpdata_t *intp, void **auxvpp)
1608 {
1609 char *sp;
1610 int argc, error;
1611 int argv_empty = 0;
1612 size_t ptrsize = args->from_ptrsize;
1613 size_t size, pad;
1614 char *argv = (char *)uap->argp;
1615 char *envp = (char *)uap->envp;
1616 uint8_t rdata[RANDOM_LEN];
1617
1618 /*
1619 * Copy interpreter's name and argument to argv[0] and argv[1].
1620 * In the rare case that we have nested interpreters then those names
1621 * and arguments are also copied to the subsequent slots in argv.
1622 */
1623 if (intp != NULL && intp->intp_name[0] != NULL) {
1624 int i;
1625
1626 for (i = 0; i < INTP_MAXDEPTH; i++) {
1627 if (intp->intp_name[i] == NULL)
1628 break;
1629 error = stk_add(args, intp->intp_name[i], UIO_SYSSPACE);
1630 if (error != 0)
1631 return (error);
1632 if (intp->intp_arg[i] != NULL) {
1633 error = stk_add(args, intp->intp_arg[i],
1634 UIO_SYSSPACE);
1635 if (error != 0)
1636 return (error);
1679 for (;;) {
1680 char *tmp = args->stk_strp;
1681 if (stk_getptr(args, envp, &sp))
1682 return (EFAULT);
1683 if (sp == NULL)
1684 break;
1685 if ((error = stk_add(args, sp, UIO_USERSPACE)) != 0)
1686 return (error);
1687 if (args->scrubenv && strncmp(tmp, "LD_", 3) == 0) {
1688 /* Undo the copied string */
1689 args->stk_strp = tmp;
1690 *(args->stk_offp++) = NULL;
1691 }
1692 envp += ptrsize;
1693 }
1694 }
1695 args->na = (int *)(args->stk_base + args->stk_size) - args->stk_offp;
1696 args->ne = args->na - argc;
1697
1698 /*
1699 * Add AT_SUN_PLATFORM, AT_SUN_EXECNAME, AT_SUN_BRANDNAME,
1700 * AT_SUN_BRAND_NROOT, and AT_SUN_EMULATOR strings, as well as AT_RANDOM
1701 * array, to the stack.
1702 */
1703 if (auxvpp != NULL && *auxvpp != NULL) {
1704 if ((error = stk_add(args, platform, UIO_SYSSPACE)) != 0)
1705 return (error);
1706 if ((error = stk_add(args, args->pathname, UIO_SYSSPACE)) != 0)
1707 return (error);
1708 if (args->brandname != NULL &&
1709 (error = stk_add(args, args->brandname, UIO_SYSSPACE)) != 0)
1710 return (error);
1711 if (args->emulator != NULL &&
1712 (error = stk_add(args, args->emulator, UIO_SYSSPACE)) != 0)
1713 return (error);
1714
1715 /*
1716 * For the AT_RANDOM aux vector we provide 16 bytes of random
1717 * data.
1718 */
1719 (void) random_get_pseudo_bytes(rdata, sizeof (rdata));
1720
1721 if ((error = stk_byte_add(args, rdata, sizeof (rdata))) != 0)
1722 return (error);
1723
1724 if (args->brand_nroot != NULL &&
1725 (error = stk_add(args, args->brand_nroot,
1726 UIO_SYSSPACE)) != 0)
1727 return (error);
1728 }
1729
1730 /*
1731 * Compute the size of the stack. This includes all the pointers,
1732 * the space reserved for the aux vector, and all the strings.
1733 * The total number of pointers is args->na (which is argc + envc)
1734 * plus 4 more: (1) a pointer's worth of space for argc; (2) the NULL
1735 * after the last argument (i.e. argv[argc]); (3) the NULL after the
1736 * last environment variable (i.e. envp[envc]); and (4) the NULL after
1737 * all the strings, at the very top of the stack.
1738 */
1739 size = (args->na + 4) * args->to_ptrsize + args->auxsize +
1740 (args->stk_strp - args->stk_base);
1741
1742 /*
1743 * Pad the string section with zeroes to align the stack size.
1744 */
1745 pad = P2NPHASE(size, args->stk_align);
1746
1747 if (STK_AVAIL(args) < pad)
1814 */
1815 for (i = 0; i < envc; i++, usp += ptrsize)
1816 if (stk_putptr(args, usp, &ustrp[*--offp]))
1817 return (-1);
1818
1819 /*
1820 * Add space for envp[]'s NULL terminator (ptrsize) to usp and
1821 * remember where the stack ends, which is also where auxv begins.
1822 */
1823 args->stackend = usp += ptrsize;
1824
1825 /*
1826 * Put all the argv[], envp[], and auxv strings on the stack.
1827 */
1828 if (copyout(args->stk_base, ustrp, args->nc))
1829 return (-1);
1830
1831 /*
1832 * Fill in the aux vector now that we know the user stack addresses
1833 * for the AT_SUN_PLATFORM, AT_SUN_EXECNAME, AT_SUN_BRANDNAME and
1834 * AT_SUN_EMULATOR strings, as well as the AT_RANDOM array.
1835 */
1836 if (auxvpp != NULL && *auxvpp != NULL) {
1837 if (args->to_model == DATAMODEL_NATIVE) {
1838 auxv_t **a = (auxv_t **)auxvpp;
1839 ADDAUX(*a, AT_SUN_PLATFORM, (long)&ustrp[*--offp])
1840 ADDAUX(*a, AT_SUN_EXECNAME, (long)&ustrp[*--offp])
1841 if (args->brandname != NULL)
1842 ADDAUX(*a,
1843 AT_SUN_BRANDNAME, (long)&ustrp[*--offp])
1844 if (args->emulator != NULL)
1845 ADDAUX(*a,
1846 AT_SUN_EMULATOR, (long)&ustrp[*--offp])
1847 ADDAUX(*a, AT_RANDOM, (long)&ustrp[*--offp])
1848 if (args->brand_nroot != NULL) {
1849 ADDAUX(*a,
1850 AT_SUN_BRAND_NROOT, (long)&ustrp[*--offp])
1851 }
1852 } else {
1853 auxv32_t **a = (auxv32_t **)auxvpp;
1854 ADDAUX(*a,
1855 AT_SUN_PLATFORM, (int)(uintptr_t)&ustrp[*--offp])
1856 ADDAUX(*a,
1857 AT_SUN_EXECNAME, (int)(uintptr_t)&ustrp[*--offp])
1858 if (args->brandname != NULL)
1859 ADDAUX(*a, AT_SUN_BRANDNAME,
1860 (int)(uintptr_t)&ustrp[*--offp])
1861 if (args->emulator != NULL)
1862 ADDAUX(*a, AT_SUN_EMULATOR,
1863 (int)(uintptr_t)&ustrp[*--offp])
1864 ADDAUX(*a, AT_RANDOM, (int)(uintptr_t)&ustrp[*--offp])
1865 if (args->brand_nroot != NULL) {
1866 ADDAUX(*a, AT_SUN_BRAND_NROOT,
1867 (int)(uintptr_t)&ustrp[*--offp])
1868 }
1869 }
1870 }
1871
1872 return (0);
1873 }
1874
1875 /*
1876 * Initialize a new user stack with the specified arguments and environment.
1877 * The initial user stack layout is as follows:
1878 *
1879 * User Stack
1880 * +---------------+ <--- curproc->p_usrstack
1881 * | |
1882 * | slew |
1883 * | |
1884 * +---------------+
1885 * | NULL |
1886 * +---------------+
1887 * | |
1888 * | auxv strings |
1889 * | |
1890 * +---------------+
1937 args->from_ptrsize = sizeof (long);
1938 } else {
1939 args->from_ptrsize = sizeof (int32_t);
1940 }
1941
1942 if (args->to_model == DATAMODEL_NATIVE) {
1943 args->to_ptrsize = sizeof (long);
1944 args->ncargs = NCARGS;
1945 args->stk_align = STACK_ALIGN;
1946 if (args->addr32)
1947 usrstack = (char *)USRSTACK64_32;
1948 else
1949 usrstack = (char *)USRSTACK;
1950 } else {
1951 args->to_ptrsize = sizeof (int32_t);
1952 args->ncargs = NCARGS32;
1953 args->stk_align = STACK_ALIGN32;
1954 usrstack = (char *)USRSTACK32;
1955 }
1956
1957 if (args->maxstack != 0 && (uintptr_t)usrstack > args->maxstack)
1958 usrstack = (char *)args->maxstack;
1959
1960 ASSERT(P2PHASE((uintptr_t)usrstack, args->stk_align) == 0);
1961
1962 #if defined(__sparc)
1963 /*
1964 * Make sure user register windows are empty before
1965 * attempting to make a new stack.
1966 */
1967 (void) flush_user_windows_to_stack(NULL);
1968 #endif
1969
1970 for (size = PAGESIZE; ; size *= 2) {
1971 args->stk_size = size;
1972 args->stk_base = kmem_alloc(size, KM_SLEEP);
1973 args->stk_strp = args->stk_base;
1974 args->stk_offp = (int *)(args->stk_base + size);
1975 error = stk_copyin(uap, args, intp, auxvpp);
1976 if (error == 0)
1977 break;
1978 kmem_free(args->stk_base, size);
1979 if (error != E2BIG && error != ENAMETOOLONG)
|