sys/kern/imgact_gzip.c

139804Simp/*-
3332Sphk * ----------------------------------------------------------------------------
3332Sphk * "THE BEER-WARE LICENSE" (Revision 42):
93149Sphk * <phk@FreeBSD.org> wrote this file.  As long as you retain this notice you
3332Sphk * can do whatever you want with this stuff. If we meet some day, and you think
3332Sphk * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
3332Sphk * ----------------------------------------------------------------------------
139804Simp */
139804Simp
139804Simp/*
3332Sphk * This module handles execution of a.out files which have been run through
3784Sphk * "gzip".  This saves diskspace, but wastes cpu-cycles and VM.
3332Sphk *
3332Sphk * TODO:
3332Sphk *	text-segments should be made R/O after being filled
3332Sphk *	is the vm-stuff safe ?
3332Sphk * 	should handle the entire header of gzip'ed stuff.
3332Sphk *	inflate isn't quite reentrant yet...
3332Sphk *	error-handling is a mess...
3332Sphk *	so is the rest...
3417Scsgr *	tidy up unnecesary includes
3332Sphk */
3332Sphk
116182Sobrien#include <sys/cdefs.h>
116182Sobrien__FBSDID("$FreeBSD: head/sys/kern/imgact_gzip.c 220373 2011-04-05 20:23:59Z trasz $");
116182Sobrien
3784Sphk#include <sys/param.h>
3332Sphk#include <sys/exec.h>
3332Sphk#include <sys/imgact.h>
3332Sphk#include <sys/imgact_aout.h>
3332Sphk#include <sys/kernel.h>
76166Smarkm#include <sys/lock.h>
3507Scsgr#include <sys/mman.h>
76166Smarkm#include <sys/mutex.h>
15494Sbde#include <sys/proc.h>
220373Strasz#include <sys/racct.h>
3507Scsgr#include <sys/resourcevar.h>
3332Sphk#include <sys/sysent.h>
3507Scsgr#include <sys/systm.h>
15494Sbde#include <sys/vnode.h>
3784Sphk#include <sys/inflate.h>
3332Sphk
3332Sphk#include <vm/vm.h>
12662Sdg#include <vm/vm_param.h>
12662Sdg#include <vm/pmap.h>
12662Sdg#include <vm/vm_map.h>
3332Sphk#include <vm/vm_kern.h>
12662Sdg#include <vm/vm_extern.h>
3332Sphk
3784Sphkstruct imgact_gzip {
3784Sphk	struct image_params *ip;
3784Sphk	struct exec     a_out;
3784Sphk	int             error;
48079Shoek	int		gotheader;
3784Sphk	int             where;
3784Sphk	u_char         *inbuf;
3784Sphk	u_long          offset;
3784Sphk	u_long          output;
3784Sphk	u_long          len;
3784Sphk	int             idx;
3784Sphk	u_long          virtual_offset, file_offset, file_end, bss_size;
3784Sphk};
3784Sphk
92723Salfredstatic int exec_gzip_imgact(struct image_params *imgp);
92723Salfredstatic int NextByte(void *vp);
92723Salfredstatic int do_aout_hdr(struct imgact_gzip *);
92723Salfredstatic int Flush(void *vp, u_char *, u_long siz);
3784Sphk
12568Sbdestatic int
12130Sdgexec_gzip_imgact(imgp)
12130Sdg	struct image_params *imgp;
3332Sphk{
3784Sphk	int             error, error2 = 0;
17974Sbde	const u_char   *p = (const u_char *) imgp->image_header;
3784Sphk	struct imgact_gzip igz;
3784Sphk	struct inflate  infl;
17386Sphk	struct vmspace *vmspace;
3332Sphk
3348Sphk	/* If these four are not OK, it isn't a gzip file */
3784Sphk	if (p[0] != 0x1f)
3784Sphk		return -1;	/* 0    Simply magic	 */
3784Sphk	if (p[1] != 0x8b)
3784Sphk		return -1;	/* 1    Simply magic	 */
3784Sphk	if (p[2] != 0x08)
3784Sphk		return -1;	/* 2    Compression method	 */
3784Sphk	if (p[9] != 0x03)
3784Sphk		return -1;	/* 9    OS compressed on	 */
3332Sphk
3784Sphk	/*
3784Sphk	 * If this one contains anything but a comment or a filename marker,
3784Sphk	 * we don't want to chew on it
3348Sphk	 */
3784Sphk	if (p[3] & ~(0x18))
3784Sphk		return ENOEXEC;	/* 3    Flags		 */
3332Sphk
3348Sphk	/* These are of no use to us */
3784Sphk	/* 4-7  Timestamp		 */
3784Sphk	/* 8    Extra flags		 */
3348Sphk
3784Sphk	bzero(&igz, sizeof igz);
3784Sphk	bzero(&infl, sizeof infl);
3784Sphk	infl.gz_private = (void *) &igz;
3784Sphk	infl.gz_input = NextByte;
3784Sphk	infl.gz_output = Flush;
3332Sphk
12130Sdg	igz.ip = imgp;
3784Sphk	igz.idx = 10;
3353Sphk
3784Sphk	if (p[3] & 0x08) {	/* skip a filename */
3784Sphk		while (p[igz.idx++])
3784Sphk			if (igz.idx >= PAGE_SIZE)
3784Sphk				return ENOEXEC;
3348Sphk	}
3784Sphk	if (p[3] & 0x10) {	/* skip a comment */
3784Sphk		while (p[igz.idx++])
3784Sphk			if (igz.idx >= PAGE_SIZE)
3784Sphk				return ENOEXEC;
3348Sphk	}
17386Sphk	igz.len = imgp->attr->va_size;
3332Sphk
3784Sphk	error = inflate(&infl);
3348Sphk
48079Shoek	/*
48079Shoek	 * The unzipped file may not even have been long enough to contain
48079Shoek	 * a header giving Flush() a chance to return error.  Check for this.
48079Shoek	 */
48079Shoek	if ( !igz.gotheader )
48079Shoek		return ENOEXEC;
48079Shoek
17386Sphk	if ( !error ) {
17386Sphk		vmspace = imgp->proc->p_vmspace;
17386Sphk		error = vm_map_protect(&vmspace->vm_map,
17386Sphk			(vm_offset_t) vmspace->vm_taddr,
17386Sphk			(vm_offset_t) (vmspace->vm_taddr +
17386Sphk				      (vmspace->vm_tsize << PAGE_SHIFT)) ,
17386Sphk			VM_PROT_READ|VM_PROT_EXECUTE,0);
17386Sphk	}
17386Sphk
3784Sphk	if (igz.inbuf) {
3784Sphk		error2 =
6579Sdg			vm_map_remove(kernel_map, (vm_offset_t) igz.inbuf,
6579Sdg			    (vm_offset_t) igz.inbuf + PAGE_SIZE);
3332Sphk	}
3784Sphk	if (igz.error || error || error2) {
3784Sphk		printf("Output=%lu ", igz.output);
3784Sphk		printf("Inflate_error=%d igz.error=%d error2=%d where=%d\n",
3784Sphk		       error, igz.error, error2, igz.where);
3348Sphk	}
3784Sphk	if (igz.error)
3784Sphk		return igz.error;
3784Sphk	if (error)
3784Sphk		return ENOEXEC;
8876Srgrimes	if (error2)
3784Sphk		return error2;
3784Sphk	return 0;
3332Sphk}
3332Sphk
3784Sphkstatic int
3784Sphkdo_aout_hdr(struct imgact_gzip * gz)
3332Sphk{
3784Sphk	int             error;
24848Sdyson	struct vmspace *vmspace;
14703Sbde	vm_offset_t     vmaddr;
3332Sphk
3784Sphk	/*
3784Sphk	 * Set file/virtual offset based on a.out variant. We do two cases:
3784Sphk	 * host byte order and network byte order (for NetBSD compatibility)
3784Sphk	 */
3784Sphk	switch ((int) (gz->a_out.a_magic & 0xffff)) {
3332Sphk	case ZMAGIC:
3784Sphk		gz->virtual_offset = 0;
3784Sphk		if (gz->a_out.a_text) {
15538Sphk			gz->file_offset = PAGE_SIZE;
3784Sphk		} else {
3784Sphk			/* Bill's "screwball mode" */
3784Sphk			gz->file_offset = 0;
3784Sphk		}
3784Sphk		break;
3332Sphk	case QMAGIC:
15538Sphk		gz->virtual_offset = PAGE_SIZE;
3784Sphk		gz->file_offset = 0;
3784Sphk		break;
3332Sphk	default:
3784Sphk		/* NetBSD compatibility */
3784Sphk		switch ((int) (ntohl(gz->a_out.a_magic) & 0xffff)) {
3784Sphk		case ZMAGIC:
3784Sphk		case QMAGIC:
15538Sphk			gz->virtual_offset = PAGE_SIZE;
3784Sphk			gz->file_offset = 0;
3784Sphk			break;
3784Sphk		default:
3784Sphk			gz->where = __LINE__;
3784Sphk			return (-1);
3784Sphk		}
3332Sphk	}
3332Sphk
15538Sphk	gz->bss_size = roundup(gz->a_out.a_bss, PAGE_SIZE);
3332Sphk
3784Sphk	/*
3784Sphk	 * Check various fields in header for validity/bounds.
3784Sphk	 */
3784Sphk	if (			/* entry point must lay with text region */
3784Sphk	    gz->a_out.a_entry < gz->virtual_offset ||
3784Sphk	    gz->a_out.a_entry >= gz->virtual_offset + gz->a_out.a_text ||
3332Sphk
3332Sphk	/* text and data size must each be page rounded */
15538Sphk	    gz->a_out.a_text & PAGE_MASK || gz->a_out.a_data & PAGE_MASK) {
3784Sphk		gz->where = __LINE__;
3784Sphk		return (-1);
3784Sphk	}
3784Sphk	/*
3784Sphk	 * text/data/bss must not exceed limits
3784Sphk	 */
125454Sjhb	PROC_LOCK(gz->ip->proc);
3784Sphk	if (			/* text can't exceed maximum text size */
84783Sps	    gz->a_out.a_text > maxtsiz ||
3332Sphk
3332Sphk	/* data + bss can't exceed rlimit */
3784Sphk	    gz->a_out.a_data + gz->bss_size >
220373Strasz	    lim_cur(gz->ip->proc, RLIMIT_DATA) ||
220373Strasz	    racct_set(gz->ip->proc, RACCT_DATA,
220373Strasz	    gz->a_out.a_data + gz->bss_size) != 0) {
125454Sjhb		PROC_UNLOCK(gz->ip->proc);
3784Sphk		gz->where = __LINE__;
3784Sphk		return (ENOMEM);
3784Sphk	}
125454Sjhb	PROC_UNLOCK(gz->ip->proc);
3784Sphk	/* Find out how far we should go */
3784Sphk	gz->file_end = gz->file_offset + gz->a_out.a_text + gz->a_out.a_data;
3332Sphk
3784Sphk	/*
153698Salc	 * Avoid a possible deadlock if the current address space is destroyed
153698Salc	 * and that address space maps the locked vnode.  In the common case,
153698Salc	 * the locked vnode's v_usecount is decremented but remains greater
153698Salc	 * than zero.  Consequently, the vnode lock is not needed by vrele().
153698Salc	 * However, in cases where the vnode lock is external, such as nullfs,
153698Salc	 * v_usecount may become zero.
153698Salc	 */
175294Sattilio	VOP_UNLOCK(gz->ip->vp, 0);
153698Salc
153698Salc	/*
3784Sphk	 * Destroy old process VM and create a new one (with a new stack)
3784Sphk	 */
173361Skib	error = exec_new_vmspace(gz->ip, &aout_sysvec);
3348Sphk
175202Sattilio	vn_lock(gz->ip->vp, LK_EXCLUSIVE | LK_RETRY);
173361Skib	if (error) {
173361Skib		gz->where = __LINE__;
173361Skib		return (error);
173361Skib	}
153698Salc
24848Sdyson	vmspace = gz->ip->proc->p_vmspace;
24848Sdyson
3784Sphk	vmaddr = gz->virtual_offset;
3332Sphk
3784Sphk	error = vm_mmap(&vmspace->vm_map,
3784Sphk			&vmaddr,
17386Sphk			gz->a_out.a_text + gz->a_out.a_data,
17386Sphk			VM_PROT_ALL, VM_PROT_ALL, MAP_ANON | MAP_FIXED,
144501Sjhb			OBJT_DEFAULT,
144501Sjhb			NULL,
3784Sphk			0);
3332Sphk
3784Sphk	if (error) {
3784Sphk		gz->where = __LINE__;
3784Sphk		return (error);
3784Sphk	}
17386Sphk
6579Sdg	if (gz->bss_size != 0) {
6579Sdg		/*
14087Sphk		 * Allocate demand-zeroed area for uninitialized data.
14087Sphk		 * "bss" = 'block started by symbol' - named after the
14087Sphk		 * IBM 7090 instruction of the same name.
6579Sdg		 */
14087Sphk		vmaddr = gz->virtual_offset + gz->a_out.a_text +
14087Sphk			gz->a_out.a_data;
17386Sphk		error = vm_map_find(&vmspace->vm_map,
17386Sphk				NULL,
17386Sphk				0,
17386Sphk				&vmaddr,
17386Sphk				gz->bss_size,
17386Sphk				FALSE, VM_PROT_ALL, VM_PROT_ALL, 0);
6579Sdg		if (error) {
6579Sdg			gz->where = __LINE__;
6579Sdg			return (error);
6579Sdg		}
3784Sphk	}
3784Sphk	/* Fill in process VM information */
3784Sphk	vmspace->vm_tsize = gz->a_out.a_text >> PAGE_SHIFT;
3784Sphk	vmspace->vm_dsize = (gz->a_out.a_data + gz->bss_size) >> PAGE_SHIFT;
37656Sbde	vmspace->vm_taddr = (caddr_t) (uintptr_t) gz->virtual_offset;
37656Sbde	vmspace->vm_daddr = (caddr_t) (uintptr_t)
37656Sbde			    (gz->virtual_offset + gz->a_out.a_text);
3332Sphk
3784Sphk	/* Fill in image_params */
3784Sphk	gz->ip->interpreted = 0;
3784Sphk	gz->ip->entry_addr = gz->a_out.a_entry;
3332Sphk
3784Sphk	gz->ip->proc->p_sysent = &aout_sysvec;
3332Sphk
3784Sphk	return 0;
3784Sphk}
3332Sphk
3784Sphkstatic int
3784SphkNextByte(void *vp)
3784Sphk{
3784Sphk	int             error;
3784Sphk	struct imgact_gzip *igz = (struct imgact_gzip *) vp;
3332Sphk
3784Sphk	if (igz->idx >= igz->len) {
3784Sphk		igz->where = __LINE__;
3784Sphk		return GZ_EOF;
3784Sphk	}
3784Sphk	if (igz->inbuf && igz->idx < (igz->offset + PAGE_SIZE)) {
3784Sphk		return igz->inbuf[(igz->idx++) - igz->offset];
3784Sphk	}
3784Sphk	if (igz->inbuf) {
6579Sdg		error = vm_map_remove(kernel_map, (vm_offset_t) igz->inbuf,
6579Sdg			    (vm_offset_t) igz->inbuf + PAGE_SIZE);
3784Sphk		if (error) {
3784Sphk			igz->where = __LINE__;
3784Sphk			igz->error = error;
3784Sphk			return GZ_EOF;
3784Sphk		}
3784Sphk	}
6342Sphk	igz->offset = igz->idx & ~PAGE_MASK;
3332Sphk
3784Sphk	error = vm_mmap(kernel_map,	/* map */
3784Sphk			(vm_offset_t *) & igz->inbuf,	/* address */
3784Sphk			PAGE_SIZE,	/* size */
3784Sphk			VM_PROT_READ,	/* protection */
3784Sphk			VM_PROT_READ,	/* max protection */
3784Sphk			0,	/* flags */
144501Sjhb			OBJT_VNODE,	/* handle type */
144501Sjhb			igz->ip->vp,	/* vnode */
3784Sphk			igz->offset);	/* offset */
3784Sphk	if (error) {
3784Sphk		igz->where = __LINE__;
3784Sphk		igz->error = error;
3784Sphk		return GZ_EOF;
3784Sphk	}
3784Sphk	return igz->inbuf[(igz->idx++) - igz->offset];
3784Sphk}
3332Sphk
3784Sphkstatic int
3784SphkFlush(void *vp, u_char * ptr, u_long siz)
3784Sphk{
3784Sphk	struct imgact_gzip *gz = (struct imgact_gzip *) vp;
3784Sphk	u_char         *p = ptr, *q;
3784Sphk	int             i;
3348Sphk
108533Sschweikh	/* First, find an a.out-header. */
3784Sphk	if (gz->output < sizeof gz->a_out) {
3784Sphk		q = (u_char *) & gz->a_out;
3784Sphk		i = min(siz, sizeof gz->a_out - gz->output);
3784Sphk		bcopy(p, q + gz->output, i);
3784Sphk		gz->output += i;
3784Sphk		p += i;
3784Sphk		siz -= i;
3784Sphk		if (gz->output == sizeof gz->a_out) {
48079Shoek			gz->gotheader = 1;
3784Sphk			i = do_aout_hdr(gz);
3784Sphk			if (i == -1) {
3785Sphk				if (!gz->where)
3785Sphk					gz->where = __LINE__;
3784Sphk				gz->error = ENOEXEC;
3784Sphk				return ENOEXEC;
3784Sphk			} else if (i) {
3784Sphk				gz->where = __LINE__;
3784Sphk				gz->error = i;
3784Sphk				return ENOEXEC;
3784Sphk			}
31718Sjdp			if (gz->file_offset == 0) {
37656Sbde				q = (u_char *) (uintptr_t) gz->virtual_offset;
37015Sbde				copyout(&gz->a_out, q, sizeof gz->a_out);
3784Sphk			}
3784Sphk		}
3784Sphk	}
3784Sphk	/* Skip over zero-padded first PAGE if needed */
37015Sbde	if (gz->output < gz->file_offset &&
37015Sbde	    gz->output + siz > gz->file_offset) {
3784Sphk		i = min(siz, gz->file_offset - gz->output);
3784Sphk		gz->output += i;
3784Sphk		p += i;
3784Sphk		siz -= i;
3784Sphk	}
3784Sphk	if (gz->output >= gz->file_offset && gz->output < gz->file_end) {
3784Sphk		i = min(siz, gz->file_end - gz->output);
37656Sbde		q = (u_char *) (uintptr_t)
37656Sbde		    (gz->virtual_offset + gz->output - gz->file_offset);
37015Sbde		copyout(p, q, i);
3784Sphk		gz->output += i;
3784Sphk		p += i;
3784Sphk		siz -= i;
3784Sphk	}
3784Sphk	gz->output += siz;
3784Sphk	return 0;
3332Sphk}
3332Sphk
3784Sphk
3332Sphk/*
3332Sphk * Tell kern_execve.c about it, with a little help from the linker.
3332Sphk */
43402Sdillonstatic struct execsw gzip_execsw = {exec_gzip_imgact, "gzip"};
40435SpeterEXEC_SET(execgzip, gzip_execsw);