1/*
2 * Copyright (c) 1993, David Greenman
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
| 1/*
2 * Copyright (c) 1993, David Greenman
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
|
26 * $Id: kern_exec.c,v 1.72 1997/12/27 02:56:21 bde Exp $
| 26 * $Id: kern_exec.c,v 1.73 1998/01/06 05:15:34 dyson Exp $
|
27 */
28
29#include <sys/param.h>
30#include <sys/systm.h>
31#include <sys/sysproto.h>
32#include <sys/signalvar.h>
33#include <sys/kernel.h>
34#include <sys/mount.h>
35#include <sys/filedesc.h>
36#include <sys/fcntl.h>
37#include <sys/acct.h>
38#include <sys/exec.h>
39#include <sys/imgact.h>
40#include <sys/imgact_elf.h>
41#include <sys/wait.h>
42#include <sys/proc.h>
43#include <sys/pioctl.h>
44#include <sys/malloc.h>
45#include <sys/namei.h>
46#include <sys/sysent.h>
47#include <sys/shm.h>
48#include <sys/sysctl.h>
49#include <sys/vnode.h>
50#include <sys/buf.h>
51
52#include <vm/vm.h>
53#include <vm/vm_param.h>
54#include <vm/vm_prot.h>
55#include <sys/lock.h>
56#include <vm/pmap.h>
| 27 */
28
29#include <sys/param.h>
30#include <sys/systm.h>
31#include <sys/sysproto.h>
32#include <sys/signalvar.h>
33#include <sys/kernel.h>
34#include <sys/mount.h>
35#include <sys/filedesc.h>
36#include <sys/fcntl.h>
37#include <sys/acct.h>
38#include <sys/exec.h>
39#include <sys/imgact.h>
40#include <sys/imgact_elf.h>
41#include <sys/wait.h>
42#include <sys/proc.h>
43#include <sys/pioctl.h>
44#include <sys/malloc.h>
45#include <sys/namei.h>
46#include <sys/sysent.h>
47#include <sys/shm.h>
48#include <sys/sysctl.h>
49#include <sys/vnode.h>
50#include <sys/buf.h>
51
52#include <vm/vm.h>
53#include <vm/vm_param.h>
54#include <vm/vm_prot.h>
55#include <sys/lock.h>
56#include <vm/pmap.h>
|
| 57#include <vm/vm_page.h>
|
57#include <vm/vm_map.h>
58#include <vm/vm_kern.h>
59#include <vm/vm_extern.h>
60#include <vm/vm_object.h>
61#include <vm/vm_zone.h>
| 58#include <vm/vm_map.h>
59#include <vm/vm_kern.h>
60#include <vm/vm_extern.h>
61#include <vm/vm_object.h>
62#include <vm/vm_zone.h>
|
| 63#include <vm/vm_pager.h>
64#include <vm/vm_pageout.h>
|
62
63#include <machine/reg.h>
64
65static int *exec_copyout_strings __P((struct image_params *));
66
| 65
66#include <machine/reg.h>
67
68static int *exec_copyout_strings __P((struct image_params *));
69
|
67static int exec_check_permissions(struct image_params *);
| 70static int exec_check_permissions __P((struct image_params *));
71static int exec_map_first_page __P((struct image_params *));
72static void exec_unmap_first_page __P((struct image_params *));
|
68
69/*
70 * XXX trouble here if sizeof(caddr_t) != sizeof(int), other parts
71 * of the sysctl code also assumes this, and sizeof(int) == sizeof(long).
72 */
73static struct ps_strings *ps_strings = PS_STRINGS;
74SYSCTL_INT(_kern, KERN_PS_STRINGS, ps_strings, 0, &ps_strings, 0, "");
75
76static caddr_t usrstack = (caddr_t)USRSTACK;
77SYSCTL_INT(_kern, KERN_USRSTACK, usrstack, 0, &usrstack, 0, "");
78
79/*
80 * execsw_set is constructed for us by the linker. Each of the items
81 * is a pointer to a `const struct execsw', hence the double pointer here.
82 */
83static const struct execsw **execsw =
84 (const struct execsw **)&execsw_set.ls_items[0];
85
86#ifndef _SYS_SYSPROTO_H_
87struct execve_args {
88 char *fname;
89 char **argv;
90 char **envv;
91};
92#endif
93
94/*
95 * execve() system call.
96 */
97int
98execve(p, uap)
99 struct proc *p;
100 register struct execve_args *uap;
101{
102 struct nameidata nd, *ndp;
103 int *stack_base;
104 int error, len, i;
105 struct image_params image_params, *imgp;
106 struct vattr attr;
107 struct buf *bp = NULL;
108
109 imgp = &image_params;
110
111 /*
112 * Initialize part of the common data
113 */
114 imgp->proc = p;
115 imgp->uap = uap;
116 imgp->attr = &attr;
| 73
74/*
75 * XXX trouble here if sizeof(caddr_t) != sizeof(int), other parts
76 * of the sysctl code also assumes this, and sizeof(int) == sizeof(long).
77 */
78static struct ps_strings *ps_strings = PS_STRINGS;
79SYSCTL_INT(_kern, KERN_PS_STRINGS, ps_strings, 0, &ps_strings, 0, "");
80
81static caddr_t usrstack = (caddr_t)USRSTACK;
82SYSCTL_INT(_kern, KERN_USRSTACK, usrstack, 0, &usrstack, 0, "");
83
84/*
85 * execsw_set is constructed for us by the linker. Each of the items
86 * is a pointer to a `const struct execsw', hence the double pointer here.
87 */
88static const struct execsw **execsw =
89 (const struct execsw **)&execsw_set.ls_items[0];
90
91#ifndef _SYS_SYSPROTO_H_
92struct execve_args {
93 char *fname;
94 char **argv;
95 char **envv;
96};
97#endif
98
99/*
100 * execve() system call.
101 */
102int
103execve(p, uap)
104 struct proc *p;
105 register struct execve_args *uap;
106{
107 struct nameidata nd, *ndp;
108 int *stack_base;
109 int error, len, i;
110 struct image_params image_params, *imgp;
111 struct vattr attr;
112 struct buf *bp = NULL;
113
114 imgp = &image_params;
115
116 /*
117 * Initialize part of the common data
118 */
119 imgp->proc = p;
120 imgp->uap = uap;
121 imgp->attr = &attr;
|
117 imgp->image_header = NULL;
| |
118 imgp->argc = imgp->envc = 0;
119 imgp->argv0 = NULL;
120 imgp->entry_addr = 0;
121 imgp->vmspace_destroyed = 0;
122 imgp->interpreted = 0;
123 imgp->interpreter_name[0] = '\0';
124 imgp->auxargs = NULL;
| 122 imgp->argc = imgp->envc = 0;
123 imgp->argv0 = NULL;
124 imgp->entry_addr = 0;
125 imgp->vmspace_destroyed = 0;
126 imgp->interpreted = 0;
127 imgp->interpreter_name[0] = '\0';
128 imgp->auxargs = NULL;
|
| 129 imgp->vp = NULL;
130 imgp->firstpage = NULL;
|
125
126 /*
127 * Allocate temporary demand zeroed space for argument and
128 * environment strings
129 */
| 131
132 /*
133 * Allocate temporary demand zeroed space for argument and
134 * environment strings
135 */
|
130 imgp->stringbase = (char *)kmem_alloc_wait(exec_map, ARG_MAX);
| 136 imgp->stringbase = (char *)kmem_alloc_wait(exec_map, ARG_MAX + PAGE_SIZE);
|
131 if (imgp->stringbase == NULL) {
132 error = ENOMEM;
133 goto exec_fail;
134 }
135 imgp->stringp = imgp->stringbase;
136 imgp->stringspace = ARG_MAX;
| 137 if (imgp->stringbase == NULL) {
138 error = ENOMEM;
139 goto exec_fail;
140 }
141 imgp->stringp = imgp->stringbase;
142 imgp->stringspace = ARG_MAX;
|
| 143 imgp->image_header = imgp->stringbase + ARG_MAX;
|
137
138 /*
139 * Translate the file name. namei() returns a vnode pointer
140 * in ni_vp amoung other things.
141 */
142 ndp = &nd;
143 NDINIT(ndp, LOOKUP, LOCKLEAF | FOLLOW | SAVENAME,
144 UIO_USERSPACE, uap->fname, p);
145
146interpret:
147
148 error = namei(ndp);
149 if (error) {
| 144
145 /*
146 * Translate the file name. namei() returns a vnode pointer
147 * in ni_vp amoung other things.
148 */
149 ndp = &nd;
150 NDINIT(ndp, LOOKUP, LOCKLEAF | FOLLOW | SAVENAME,
151 UIO_USERSPACE, uap->fname, p);
152
153interpret:
154
155 error = namei(ndp);
156 if (error) {
|
150 kmem_free_wakeup(exec_map, (vm_offset_t)imgp->stringbase, ARG_MAX);
| 157 kmem_free_wakeup(exec_map, (vm_offset_t)imgp->stringbase,
158 ARG_MAX + PAGE_SIZE);
|
151 goto exec_fail;
152 }
153
154 imgp->vp = ndp->ni_vp;
155
156 /*
157 * Check file permissions (also 'opens' file)
158 */
159 error = exec_check_permissions(imgp);
160 if (error) {
161 VOP_UNLOCK(imgp->vp, 0, p);
162 goto exec_fail_dealloc;
163 }
164
| 159 goto exec_fail;
160 }
161
162 imgp->vp = ndp->ni_vp;
163
164 /*
165 * Check file permissions (also 'opens' file)
166 */
167 error = exec_check_permissions(imgp);
168 if (error) {
169 VOP_UNLOCK(imgp->vp, 0, p);
170 goto exec_fail_dealloc;
171 }
172
|
165 /*
166 * Get the image header, which we define here as meaning the first
167 * page of the executable.
168 */
169 if (imgp->vp->v_object && imgp->vp->v_mount &&
170 imgp->vp->v_mount->mnt_stat.f_iosize >= PAGE_SIZE &&
171 imgp->vp->v_object->un_pager.vnp.vnp_size >=
172 imgp->vp->v_mount->mnt_stat.f_iosize) {
173 /*
174 * Get a buffer with (at least) the first page.
175 */
176 error = bread(imgp->vp, 0, imgp->vp->v_mount->mnt_stat.f_iosize,
177 p->p_ucred, &bp);
178 imgp->image_header = bp->b_data;
179 } else {
180 int resid;
181
182 /*
183 * The filesystem block size is too small, so do this the hard
184 * way. Malloc some space and read PAGE_SIZE worth of the image
185 * header into it.
186 */
187 imgp->image_header = malloc(PAGE_SIZE, M_TEMP, M_WAITOK);
188 error = vn_rdwr(UIO_READ, imgp->vp,
189 (void *)imgp->image_header, PAGE_SIZE, 0,
190 UIO_SYSSPACE, IO_NODELOCKED, p->p_ucred, &resid, p);
191 /*
192 * Clear out any remaining junk.
193 */
194 if (!error && resid)
195 bzero((char *)imgp->image_header + PAGE_SIZE - resid, resid);
196 }
| 173 error = exec_map_first_page(imgp);
|
197 VOP_UNLOCK(imgp->vp, 0, p);
198 if (error)
199 goto exec_fail_dealloc;
200
201 /*
202 * Loop through list of image activators, calling each one.
203 * If there is no match, the activator returns -1. If there
204 * is a match, but there was an error during the activation,
205 * the error is returned. Otherwise 0 means success. If the
206 * image is interpreted, loop back up and try activating
207 * the interpreter.
208 */
209 for (i = 0; execsw[i]; ++i) {
210 if (execsw[i]->ex_imgact)
211 error = (*execsw[i]->ex_imgact)(imgp);
212 else
213 continue;
214 if (error == -1)
215 continue;
216 if (error)
217 goto exec_fail_dealloc;
218 if (imgp->interpreted) {
| 174 VOP_UNLOCK(imgp->vp, 0, p);
175 if (error)
176 goto exec_fail_dealloc;
177
178 /*
179 * Loop through list of image activators, calling each one.
180 * If there is no match, the activator returns -1. If there
181 * is a match, but there was an error during the activation,
182 * the error is returned. Otherwise 0 means success. If the
183 * image is interpreted, loop back up and try activating
184 * the interpreter.
185 */
186 for (i = 0; execsw[i]; ++i) {
187 if (execsw[i]->ex_imgact)
188 error = (*execsw[i]->ex_imgact)(imgp);
189 else
190 continue;
191 if (error == -1)
192 continue;
193 if (error)
194 goto exec_fail_dealloc;
195 if (imgp->interpreted) {
|
219 /* free old bp/image_header */
220 if (bp != NULL) {
221 brelse(bp);
222 bp = NULL;
223 } else
224 free((void *)imgp->image_header, M_TEMP);
225 imgp->image_header = NULL;
| 196 exec_unmap_first_page(imgp);
|
226 /* free old vnode and name buffer */
227 vrele(ndp->ni_vp);
228 zfree(namei_zone, ndp->ni_cnd.cn_pnbuf);
229 /* set new name to that of the interpreter */
230 NDINIT(ndp, LOOKUP, LOCKLEAF | FOLLOW | SAVENAME,
231 UIO_SYSSPACE, imgp->interpreter_name, p);
232 goto interpret;
233 }
234 break;
235 }
236 /* If we made it through all the activators and none matched, exit. */
237 if (error == -1) {
238 error = ENOEXEC;
239 goto exec_fail_dealloc;
240 }
241
242 /*
243 * Copy out strings (args and env) and initialize stack base
244 */
245 stack_base = exec_copyout_strings(imgp);
246 p->p_vmspace->vm_minsaddr = (char *)stack_base;
247
248 /*
249 * If custom stack fixup routine present for this process
250 * let it do the stack setup.
251 * Else stuff argument count as first item on stack
252 */
253 if (p->p_sysent->sv_fixup)
254 (*p->p_sysent->sv_fixup)(&stack_base, imgp);
255 else
256 suword(--stack_base, imgp->argc);
257
258 /*
259 * For security and other reasons, the file descriptor table cannot
260 * be shared after an exec.
261 */
262 if (p->p_fd->fd_refcnt > 1) {
263 struct filedesc *tmp;
264
265 tmp = fdcopy(p);
266 fdfree(p);
267 p->p_fd = tmp;
268 }
269
270 /* close files on exec */
271 fdcloseexec(p);
272
273 /* reset caught signals */
274 execsigs(p);
275
276 /* name this process - nameiexec(p, ndp) */
277 len = min(ndp->ni_cnd.cn_namelen,MAXCOMLEN);
278 bcopy(ndp->ni_cnd.cn_nameptr, p->p_comm, len);
279 p->p_comm[len] = 0;
280
281 /*
282 * mark as execed, wakeup the process that vforked (if any) and tell
283 * it that it now has it's own resources back
284 */
285 p->p_flag |= P_EXEC;
286 if (p->p_pptr && (p->p_flag & P_PPWAIT)) {
287 p->p_flag &= ~P_PPWAIT;
288 wakeup((caddr_t)p->p_pptr);
289 }
290
291 /*
292 * Implement image setuid/setgid.
293 *
294 * Don't honor setuid/setgid if the filesystem prohibits it or if
295 * the process is being traced.
296 */
297 if ((attr.va_mode & VSUID && p->p_ucred->cr_uid != attr.va_uid ||
298 attr.va_mode & VSGID && p->p_ucred->cr_gid != attr.va_gid) &&
299 (imgp->vp->v_mount->mnt_flag & MNT_NOSUID) == 0 &&
300 (p->p_flag & P_TRACED) == 0) {
301 /*
302 * Turn off syscall tracing for set-id programs, except for
303 * root.
304 */
305 if (p->p_tracep && suser(p->p_ucred, &p->p_acflag)) {
306 p->p_traceflag = 0;
307 vrele(p->p_tracep);
308 p->p_tracep = NULL;
309 }
310 /*
311 * Set the new credentials.
312 */
313 p->p_ucred = crcopy(p->p_ucred);
314 if (attr.va_mode & VSUID)
315 p->p_ucred->cr_uid = attr.va_uid;
316 if (attr.va_mode & VSGID)
317 p->p_ucred->cr_gid = attr.va_gid;
318 setsugid(p);
319 } else {
320 if (p->p_ucred->cr_uid == p->p_cred->p_ruid &&
321 p->p_ucred->cr_gid == p->p_cred->p_rgid)
322 p->p_flag &= ~P_SUGID;
323 }
324
325 /*
326 * Implement correct POSIX saved-id behavior.
327 */
328 p->p_cred->p_svuid = p->p_ucred->cr_uid;
329 p->p_cred->p_svgid = p->p_ucred->cr_gid;
330
331 /*
332 * Store the vp for use in procfs
333 */
334 if (p->p_textvp) /* release old reference */
335 vrele(p->p_textvp);
336 VREF(ndp->ni_vp);
337 p->p_textvp = ndp->ni_vp;
338
339 /*
340 * If tracing the process, trap to debugger so breakpoints
341 * can be set before the program executes.
342 */
343 STOPEVENT(p, S_EXEC, 0);
344
345 if (p->p_flag & P_TRACED)
346 psignal(p, SIGTRAP);
347
348 /* clear "fork but no exec" flag, as we _are_ execing */
349 p->p_acflag &= ~AFORK;
350
351 /* Set entry address */
352 setregs(p, imgp->entry_addr, (u_long)stack_base);
353
| 197 /* free old vnode and name buffer */
198 vrele(ndp->ni_vp);
199 zfree(namei_zone, ndp->ni_cnd.cn_pnbuf);
200 /* set new name to that of the interpreter */
201 NDINIT(ndp, LOOKUP, LOCKLEAF | FOLLOW | SAVENAME,
202 UIO_SYSSPACE, imgp->interpreter_name, p);
203 goto interpret;
204 }
205 break;
206 }
207 /* If we made it through all the activators and none matched, exit. */
208 if (error == -1) {
209 error = ENOEXEC;
210 goto exec_fail_dealloc;
211 }
212
213 /*
214 * Copy out strings (args and env) and initialize stack base
215 */
216 stack_base = exec_copyout_strings(imgp);
217 p->p_vmspace->vm_minsaddr = (char *)stack_base;
218
219 /*
220 * If custom stack fixup routine present for this process
221 * let it do the stack setup.
222 * Else stuff argument count as first item on stack
223 */
224 if (p->p_sysent->sv_fixup)
225 (*p->p_sysent->sv_fixup)(&stack_base, imgp);
226 else
227 suword(--stack_base, imgp->argc);
228
229 /*
230 * For security and other reasons, the file descriptor table cannot
231 * be shared after an exec.
232 */
233 if (p->p_fd->fd_refcnt > 1) {
234 struct filedesc *tmp;
235
236 tmp = fdcopy(p);
237 fdfree(p);
238 p->p_fd = tmp;
239 }
240
241 /* close files on exec */
242 fdcloseexec(p);
243
244 /* reset caught signals */
245 execsigs(p);
246
247 /* name this process - nameiexec(p, ndp) */
248 len = min(ndp->ni_cnd.cn_namelen,MAXCOMLEN);
249 bcopy(ndp->ni_cnd.cn_nameptr, p->p_comm, len);
250 p->p_comm[len] = 0;
251
252 /*
253 * mark as execed, wakeup the process that vforked (if any) and tell
254 * it that it now has it's own resources back
255 */
256 p->p_flag |= P_EXEC;
257 if (p->p_pptr && (p->p_flag & P_PPWAIT)) {
258 p->p_flag &= ~P_PPWAIT;
259 wakeup((caddr_t)p->p_pptr);
260 }
261
262 /*
263 * Implement image setuid/setgid.
264 *
265 * Don't honor setuid/setgid if the filesystem prohibits it or if
266 * the process is being traced.
267 */
268 if ((attr.va_mode & VSUID && p->p_ucred->cr_uid != attr.va_uid ||
269 attr.va_mode & VSGID && p->p_ucred->cr_gid != attr.va_gid) &&
270 (imgp->vp->v_mount->mnt_flag & MNT_NOSUID) == 0 &&
271 (p->p_flag & P_TRACED) == 0) {
272 /*
273 * Turn off syscall tracing for set-id programs, except for
274 * root.
275 */
276 if (p->p_tracep && suser(p->p_ucred, &p->p_acflag)) {
277 p->p_traceflag = 0;
278 vrele(p->p_tracep);
279 p->p_tracep = NULL;
280 }
281 /*
282 * Set the new credentials.
283 */
284 p->p_ucred = crcopy(p->p_ucred);
285 if (attr.va_mode & VSUID)
286 p->p_ucred->cr_uid = attr.va_uid;
287 if (attr.va_mode & VSGID)
288 p->p_ucred->cr_gid = attr.va_gid;
289 setsugid(p);
290 } else {
291 if (p->p_ucred->cr_uid == p->p_cred->p_ruid &&
292 p->p_ucred->cr_gid == p->p_cred->p_rgid)
293 p->p_flag &= ~P_SUGID;
294 }
295
296 /*
297 * Implement correct POSIX saved-id behavior.
298 */
299 p->p_cred->p_svuid = p->p_ucred->cr_uid;
300 p->p_cred->p_svgid = p->p_ucred->cr_gid;
301
302 /*
303 * Store the vp for use in procfs
304 */
305 if (p->p_textvp) /* release old reference */
306 vrele(p->p_textvp);
307 VREF(ndp->ni_vp);
308 p->p_textvp = ndp->ni_vp;
309
310 /*
311 * If tracing the process, trap to debugger so breakpoints
312 * can be set before the program executes.
313 */
314 STOPEVENT(p, S_EXEC, 0);
315
316 if (p->p_flag & P_TRACED)
317 psignal(p, SIGTRAP);
318
319 /* clear "fork but no exec" flag, as we _are_ execing */
320 p->p_acflag &= ~AFORK;
321
322 /* Set entry address */
323 setregs(p, imgp->entry_addr, (u_long)stack_base);
324
|
| 325exec_fail_dealloc:
326
|
354 /*
355 * free various allocated resources
356 */
| 327 /*
328 * free various allocated resources
329 */
|
357 kmem_free_wakeup(exec_map, (vm_offset_t)imgp->stringbase, ARG_MAX);
358 if (bp != NULL)
359 brelse(bp);
360 else if (imgp->image_header != NULL)
361 free((void *)imgp->image_header, M_TEMP);
362 vrele(ndp->ni_vp);
363 zfree(namei_zone, ndp->ni_cnd.cn_pnbuf);
| 330 if (imgp->firstpage)
331 exec_unmap_first_page(imgp);
|
364
| 332
|
365 return (0);
366
367exec_fail_dealloc:
| |
368 if (imgp->stringbase != NULL)
| 333 if (imgp->stringbase != NULL)
|
369 kmem_free_wakeup(exec_map, (vm_offset_t)imgp->stringbase, ARG_MAX);
370 if (bp != NULL)
371 brelse(bp);
372 else if (imgp->image_header != NULL)
373 free((void *)imgp->image_header, M_TEMP);
| 334 kmem_free_wakeup(exec_map, (vm_offset_t)imgp->stringbase,
335 ARG_MAX + PAGE_SIZE);
336
|
374 if (ndp->ni_vp) {
375 vrele(ndp->ni_vp);
376 zfree(namei_zone, ndp->ni_cnd.cn_pnbuf);
377 }
378
| 337 if (ndp->ni_vp) {
338 vrele(ndp->ni_vp);
339 zfree(namei_zone, ndp->ni_cnd.cn_pnbuf);
340 }
341
|
| 342 if (error == 0)
343 return (0);
344
|
379exec_fail:
380 if (imgp->vmspace_destroyed) {
381 /* sorry, no more process anymore. exit gracefully */
382 exit1(p, W_EXITCODE(0, SIGABRT));
383 /* NOT REACHED */
384 return(0);
385 } else {
386 return(error);
387 }
388}
389
| 345exec_fail:
346 if (imgp->vmspace_destroyed) {
347 /* sorry, no more process anymore. exit gracefully */
348 exit1(p, W_EXITCODE(0, SIGABRT));
349 /* NOT REACHED */
350 return(0);
351 } else {
352 return(error);
353 }
354}
355
|
| 356int
357exec_map_first_page(imgp)
358 struct image_params *imgp;
359{
360 int s;
361 vm_page_t m;
362 vm_object_t object;
363
364
365 if (imgp->firstpage) {
366 exec_unmap_first_page(imgp);
367 }
368
369 object = imgp->vp->v_object;
370 s = splvm();
371
372retry:
373 m = vm_page_lookup(object, 0);
374 if (m == NULL) {
375 m = vm_page_alloc(object, 0, VM_ALLOC_NORMAL);
376 if (m == NULL) {
377 VM_WAIT;
378 goto retry;
379 }
380 } else if ((m->flags & PG_BUSY) || m->busy) {
381 m->flags |= PG_WANTED;
382 tsleep(m, PVM, "execpw", 0);
383 goto retry;
384 }
385
386 m->flags |= PG_BUSY;
387
388 if ((m->valid & VM_PAGE_BITS_ALL) != VM_PAGE_BITS_ALL) {
389 int rv;
390 rv = vm_pager_get_pages(object, &m, 1, 0);
391 if (rv != VM_PAGER_OK) {
392 vm_page_protect(m, VM_PROT_NONE);
393 vm_page_deactivate(m);
394 PAGE_WAKEUP(m);
395 splx(s);
396 return EIO;
397 }
398 }
399
400 vm_page_wire(m);
401 PAGE_WAKEUP(m);
402 splx(s);
403
404 pmap_kenter((vm_offset_t) imgp->image_header, VM_PAGE_TO_PHYS(m));
405 imgp->firstpage = m;
406
407 return 0;
408}
409
410void
411exec_unmap_first_page(imgp)
412 struct image_params *imgp;
413{
414 if (imgp->firstpage) {
415 pmap_kremove((vm_offset_t) imgp->image_header);
416 vm_page_unwire(imgp->firstpage);
417 imgp->firstpage = NULL;
418 }
419}
420
|
390/*
391 * Destroy old address space, and allocate a new stack
392 * The new stack is only SGROWSIZ large because it is grown
393 * automatically in trap.c.
394 */
395int
396exec_new_vmspace(imgp)
397 struct image_params *imgp;
398{
399 int error;
400 struct vmspace *vmspace = imgp->proc->p_vmspace;
401 caddr_t stack_addr = (caddr_t) (USRSTACK - SGROWSIZ);
402 vm_map_t map = &vmspace->vm_map;
403
404 imgp->vmspace_destroyed = 1;
405
406 /*
407 * Blow away entire process VM, if address space not shared,
408 * otherwise, create a new VM space so that other threads are
409 * not disrupted
410 */
411 if (vmspace->vm_refcnt == 1) {
412 if (vmspace->vm_shm)
413 shmexit(imgp->proc);
414 pmap_remove_pages(&vmspace->vm_pmap, 0, USRSTACK);
415 vm_map_remove(map, 0, USRSTACK);
416 } else {
417 vmspace_exec(imgp->proc);
418 vmspace = imgp->proc->p_vmspace;
419 map = &vmspace->vm_map;
420 }
421
422 /* Allocate a new stack */
| 421/*
422 * Destroy old address space, and allocate a new stack
423 * The new stack is only SGROWSIZ large because it is grown
424 * automatically in trap.c.
425 */
426int
427exec_new_vmspace(imgp)
428 struct image_params *imgp;
429{
430 int error;
431 struct vmspace *vmspace = imgp->proc->p_vmspace;
432 caddr_t stack_addr = (caddr_t) (USRSTACK - SGROWSIZ);
433 vm_map_t map = &vmspace->vm_map;
434
435 imgp->vmspace_destroyed = 1;
436
437 /*
438 * Blow away entire process VM, if address space not shared,
439 * otherwise, create a new VM space so that other threads are
440 * not disrupted
441 */
442 if (vmspace->vm_refcnt == 1) {
443 if (vmspace->vm_shm)
444 shmexit(imgp->proc);
445 pmap_remove_pages(&vmspace->vm_pmap, 0, USRSTACK);
446 vm_map_remove(map, 0, USRSTACK);
447 } else {
448 vmspace_exec(imgp->proc);
449 vmspace = imgp->proc->p_vmspace;
450 map = &vmspace->vm_map;
451 }
452
453 /* Allocate a new stack */
|
423 error = vm_map_find(map, NULL, 0, (vm_offset_t *)&stack_addr,
424 SGROWSIZ, FALSE, VM_PROT_ALL, VM_PROT_ALL, 0);
| 454 error = vm_map_insert(&vmspace->vm_map, NULL, 0,
455 (vm_offset_t) stack_addr, (vm_offset_t) USRSTACK,
456 VM_PROT_ALL, VM_PROT_ALL, 0);
|
425 if (error)
| 457 if (error)
|
426 return(error);
| 458 return (error);
|
427
428 vmspace->vm_ssize = SGROWSIZ >> PAGE_SHIFT;
429
430 /* Initialize maximum stack address */
431 vmspace->vm_maxsaddr = (char *)USRSTACK - MAXSSIZ;
432
433 return(0);
434}
435
436/*
437 * Copy out argument and environment strings from the old process
438 * address space into the temporary string buffer.
439 */
440int
441exec_extract_strings(imgp)
442 struct image_params *imgp;
443{
444 char **argv, **envv;
445 char *argp, *envp;
446 int error, length;
447
448 /*
449 * extract arguments first
450 */
451
452 argv = imgp->uap->argv;
453
454 if (argv) {
455 argp = (caddr_t) fuword(argv);
456 if (argp == (caddr_t) -1)
457 return (EFAULT);
458 if (argp)
459 argv++;
460 if (imgp->argv0)
461 argp = imgp->argv0;
462 if (argp) {
463 do {
464 if (argp == (caddr_t) -1)
465 return (EFAULT);
466 if ((error = copyinstr(argp, imgp->stringp,
467 imgp->stringspace, &length))) {
468 if (error == ENAMETOOLONG)
469 return(E2BIG);
470 return (error);
471 }
472 imgp->stringspace -= length;
473 imgp->stringp += length;
474 imgp->argc++;
475 } while ((argp = (caddr_t) fuword(argv++)));
476 }
477 }
478
479 /*
480 * extract environment strings
481 */
482
483 envv = imgp->uap->envv;
484
485 if (envv) {
486 while ((envp = (caddr_t) fuword(envv++))) {
487 if (envp == (caddr_t) -1)
488 return (EFAULT);
489 if ((error = copyinstr(envp, imgp->stringp,
490 imgp->stringspace, &length))) {
491 if (error == ENAMETOOLONG)
492 return(E2BIG);
493 return (error);
494 }
495 imgp->stringspace -= length;
496 imgp->stringp += length;
497 imgp->envc++;
498 }
499 }
500
501 return (0);
502}
503
504/*
505 * Copy strings out to the new process address space, constructing
506 * new arg and env vector tables. Return a pointer to the base
507 * so that it can be used as the initial stack pointer.
508 */
509int *
510exec_copyout_strings(imgp)
511 struct image_params *imgp;
512{
513 int argc, envc;
514 char **vectp;
515 char *stringp, *destp;
516 int *stack_base;
517 struct ps_strings *arginfo;
518 int szsigcode;
519
520 /*
521 * Calculate string base and vector table pointers.
522 * Also deal with signal trampoline code for this exec type.
523 */
524 arginfo = PS_STRINGS;
525 szsigcode = *(imgp->proc->p_sysent->sv_szsigcode);
526 destp = (caddr_t)arginfo - szsigcode - SPARE_USRSPACE -
527 roundup((ARG_MAX - imgp->stringspace), sizeof(char *));
528
529 /*
530 * install sigcode
531 */
532 if (szsigcode)
533 copyout(imgp->proc->p_sysent->sv_sigcode,
534 ((caddr_t)arginfo - szsigcode), szsigcode);
535
536 /*
537 * If we have a valid auxargs ptr, prepare some room
538 * on the stack.
539 */
540 if (imgp->auxargs)
541 /*
542 * The '+ 2' is for the null pointers at the end of each of the
543 * arg and env vector sets, and 'AT_COUNT*2' is room for the
544 * ELF Auxargs data.
545 */
546 vectp = (char **)(destp - (imgp->argc + imgp->envc + 2 +
547 AT_COUNT*2) * sizeof(char*));
548 else
549 /*
550 * The '+ 2' is for the null pointers at the end of each of the
551 * arg and env vector sets
552 */
553 vectp = (char **)
554 (destp - (imgp->argc + imgp->envc + 2) * sizeof(char*));
555
556 /*
557 * vectp also becomes our initial stack base
558 */
559 stack_base = (int *)vectp;
560
561 stringp = imgp->stringbase;
562 argc = imgp->argc;
563 envc = imgp->envc;
564
565 /*
566 * Copy out strings - arguments and environment.
567 */
568 copyout(stringp, destp, ARG_MAX - imgp->stringspace);
569
570 /*
571 * Fill in "ps_strings" struct for ps, w, etc.
572 */
573 suword(&arginfo->ps_argvstr, (int)vectp);
574 suword(&arginfo->ps_nargvstr, argc);
575
576 /*
577 * Fill in argument portion of vector table.
578 */
579 for (; argc > 0; --argc) {
580 suword(vectp++, (int)destp);
581 while (*stringp++ != 0)
582 destp++;
583 destp++;
584 }
585
586 /* a null vector table pointer seperates the argp's from the envp's */
587 suword(vectp++, 0);
588
589 suword(&arginfo->ps_envstr, (int)vectp);
590 suword(&arginfo->ps_nenvstr, envc);
591
592 /*
593 * Fill in environment portion of vector table.
594 */
595 for (; envc > 0; --envc) {
596 suword(vectp++, (int)destp);
597 while (*stringp++ != 0)
598 destp++;
599 destp++;
600 }
601
602 /* end of vector table is a null pointer */
603 suword(vectp, 0);
604
605 return (stack_base);
606}
607
608/*
609 * Check permissions of file to execute.
610 * Return 0 for success or error code on failure.
611 */
612static int
613exec_check_permissions(imgp)
614 struct image_params *imgp;
615{
616 struct proc *p = imgp->proc;
617 struct vnode *vp = imgp->vp;
618 struct vattr *attr = imgp->attr;
619 int error;
620
621 /* Get file attributes */
622 error = VOP_GETATTR(vp, attr, p->p_ucred, p);
623 if (error)
624 return (error);
625
626 /*
627 * 1) Check if file execution is disabled for the filesystem that this
628 * file resides on.
629 * 2) Insure that at least one execute bit is on - otherwise root
630 * will always succeed, and we don't want to happen unless the
631 * file really is executable.
632 * 3) Insure that the file is a regular file.
633 */
634 if ((vp->v_mount->mnt_flag & MNT_NOEXEC) ||
635 ((attr->va_mode & 0111) == 0) ||
636 (attr->va_type != VREG)) {
637 return (EACCES);
638 }
639
640 /*
641 * Zero length files can't be exec'd
642 */
643 if (attr->va_size == 0)
644 return (ENOEXEC);
645
646 /*
647 * Check for execute permission to file based on current credentials.
648 */
649 error = VOP_ACCESS(vp, VEXEC, p->p_ucred, p);
650 if (error)
651 return (error);
652
653 /*
654 * Check number of open-for-writes on the file and deny execution
655 * if there are any.
656 */
657 if (vp->v_writecount)
658 return (ETXTBSY);
659
660 /*
661 * Call filesystem specific open routine (which does nothing in the
662 * general case).
663 */
664 error = VOP_OPEN(vp, FREAD, p->p_ucred, p);
665 if (error)
666 return (error);
667
668 return (0);
669}
| 459
460 vmspace->vm_ssize = SGROWSIZ >> PAGE_SHIFT;
461
462 /* Initialize maximum stack address */
463 vmspace->vm_maxsaddr = (char *)USRSTACK - MAXSSIZ;
464
465 return(0);
466}
467
468/*
469 * Copy out argument and environment strings from the old process
470 * address space into the temporary string buffer.
471 */
472int
473exec_extract_strings(imgp)
474 struct image_params *imgp;
475{
476 char **argv, **envv;
477 char *argp, *envp;
478 int error, length;
479
480 /*
481 * extract arguments first
482 */
483
484 argv = imgp->uap->argv;
485
486 if (argv) {
487 argp = (caddr_t) fuword(argv);
488 if (argp == (caddr_t) -1)
489 return (EFAULT);
490 if (argp)
491 argv++;
492 if (imgp->argv0)
493 argp = imgp->argv0;
494 if (argp) {
495 do {
496 if (argp == (caddr_t) -1)
497 return (EFAULT);
498 if ((error = copyinstr(argp, imgp->stringp,
499 imgp->stringspace, &length))) {
500 if (error == ENAMETOOLONG)
501 return(E2BIG);
502 return (error);
503 }
504 imgp->stringspace -= length;
505 imgp->stringp += length;
506 imgp->argc++;
507 } while ((argp = (caddr_t) fuword(argv++)));
508 }
509 }
510
511 /*
512 * extract environment strings
513 */
514
515 envv = imgp->uap->envv;
516
517 if (envv) {
518 while ((envp = (caddr_t) fuword(envv++))) {
519 if (envp == (caddr_t) -1)
520 return (EFAULT);
521 if ((error = copyinstr(envp, imgp->stringp,
522 imgp->stringspace, &length))) {
523 if (error == ENAMETOOLONG)
524 return(E2BIG);
525 return (error);
526 }
527 imgp->stringspace -= length;
528 imgp->stringp += length;
529 imgp->envc++;
530 }
531 }
532
533 return (0);
534}
535
536/*
537 * Copy strings out to the new process address space, constructing
538 * new arg and env vector tables. Return a pointer to the base
539 * so that it can be used as the initial stack pointer.
540 */
541int *
542exec_copyout_strings(imgp)
543 struct image_params *imgp;
544{
545 int argc, envc;
546 char **vectp;
547 char *stringp, *destp;
548 int *stack_base;
549 struct ps_strings *arginfo;
550 int szsigcode;
551
552 /*
553 * Calculate string base and vector table pointers.
554 * Also deal with signal trampoline code for this exec type.
555 */
556 arginfo = PS_STRINGS;
557 szsigcode = *(imgp->proc->p_sysent->sv_szsigcode);
558 destp = (caddr_t)arginfo - szsigcode - SPARE_USRSPACE -
559 roundup((ARG_MAX - imgp->stringspace), sizeof(char *));
560
561 /*
562 * install sigcode
563 */
564 if (szsigcode)
565 copyout(imgp->proc->p_sysent->sv_sigcode,
566 ((caddr_t)arginfo - szsigcode), szsigcode);
567
568 /*
569 * If we have a valid auxargs ptr, prepare some room
570 * on the stack.
571 */
572 if (imgp->auxargs)
573 /*
574 * The '+ 2' is for the null pointers at the end of each of the
575 * arg and env vector sets, and 'AT_COUNT*2' is room for the
576 * ELF Auxargs data.
577 */
578 vectp = (char **)(destp - (imgp->argc + imgp->envc + 2 +
579 AT_COUNT*2) * sizeof(char*));
580 else
581 /*
582 * The '+ 2' is for the null pointers at the end of each of the
583 * arg and env vector sets
584 */
585 vectp = (char **)
586 (destp - (imgp->argc + imgp->envc + 2) * sizeof(char*));
587
588 /*
589 * vectp also becomes our initial stack base
590 */
591 stack_base = (int *)vectp;
592
593 stringp = imgp->stringbase;
594 argc = imgp->argc;
595 envc = imgp->envc;
596
597 /*
598 * Copy out strings - arguments and environment.
599 */
600 copyout(stringp, destp, ARG_MAX - imgp->stringspace);
601
602 /*
603 * Fill in "ps_strings" struct for ps, w, etc.
604 */
605 suword(&arginfo->ps_argvstr, (int)vectp);
606 suword(&arginfo->ps_nargvstr, argc);
607
608 /*
609 * Fill in argument portion of vector table.
610 */
611 for (; argc > 0; --argc) {
612 suword(vectp++, (int)destp);
613 while (*stringp++ != 0)
614 destp++;
615 destp++;
616 }
617
618 /* a null vector table pointer seperates the argp's from the envp's */
619 suword(vectp++, 0);
620
621 suword(&arginfo->ps_envstr, (int)vectp);
622 suword(&arginfo->ps_nenvstr, envc);
623
624 /*
625 * Fill in environment portion of vector table.
626 */
627 for (; envc > 0; --envc) {
628 suword(vectp++, (int)destp);
629 while (*stringp++ != 0)
630 destp++;
631 destp++;
632 }
633
634 /* end of vector table is a null pointer */
635 suword(vectp, 0);
636
637 return (stack_base);
638}
639
640/*
641 * Check permissions of file to execute.
642 * Return 0 for success or error code on failure.
643 */
644static int
645exec_check_permissions(imgp)
646 struct image_params *imgp;
647{
648 struct proc *p = imgp->proc;
649 struct vnode *vp = imgp->vp;
650 struct vattr *attr = imgp->attr;
651 int error;
652
653 /* Get file attributes */
654 error = VOP_GETATTR(vp, attr, p->p_ucred, p);
655 if (error)
656 return (error);
657
658 /*
659 * 1) Check if file execution is disabled for the filesystem that this
660 * file resides on.
661 * 2) Insure that at least one execute bit is on - otherwise root
662 * will always succeed, and we don't want to happen unless the
663 * file really is executable.
664 * 3) Insure that the file is a regular file.
665 */
666 if ((vp->v_mount->mnt_flag & MNT_NOEXEC) ||
667 ((attr->va_mode & 0111) == 0) ||
668 (attr->va_type != VREG)) {
669 return (EACCES);
670 }
671
672 /*
673 * Zero length files can't be exec'd
674 */
675 if (attr->va_size == 0)
676 return (ENOEXEC);
677
678 /*
679 * Check for execute permission to file based on current credentials.
680 */
681 error = VOP_ACCESS(vp, VEXEC, p->p_ucred, p);
682 if (error)
683 return (error);
684
685 /*
686 * Check number of open-for-writes on the file and deny execution
687 * if there are any.
688 */
689 if (vp->v_writecount)
690 return (ETXTBSY);
691
692 /*
693 * Call filesystem specific open routine (which does nothing in the
694 * general case).
695 */
696 error = VOP_OPEN(vp, FREAD, p->p_ucred, p);
697 if (error)
698 return (error);
699
700 return (0);
701}
|