FreeBSD kernel kern code
imgact_elf.c
Go to the documentation of this file.
1/*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 2017 Dell EMC
5 * Copyright (c) 2000-2001, 2003 David O'Brien
6 * Copyright (c) 1995-1996 Søren Schmidt
7 * Copyright (c) 1996 Peter Wemm
8 * All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer
15 * in this position and unchanged.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote products
20 * derived from this software without specific prior written permission
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34#include <sys/cdefs.h>
35__FBSDID("$FreeBSD$");
36
37#include "opt_capsicum.h"
38
39#include <sys/param.h>
40#include <sys/capsicum.h>
41#include <sys/compressor.h>
42#include <sys/exec.h>
43#include <sys/fcntl.h>
44#include <sys/imgact.h>
45#include <sys/imgact_elf.h>
46#include <sys/jail.h>
47#include <sys/kernel.h>
48#include <sys/lock.h>
49#include <sys/malloc.h>
50#include <sys/mount.h>
51#include <sys/mman.h>
52#include <sys/namei.h>
53#include <sys/proc.h>
54#include <sys/procfs.h>
55#include <sys/ptrace.h>
56#include <sys/racct.h>
57#include <sys/reg.h>
58#include <sys/resourcevar.h>
59#include <sys/rwlock.h>
60#include <sys/sbuf.h>
61#include <sys/sf_buf.h>
62#include <sys/smp.h>
63#include <sys/systm.h>
64#include <sys/signalvar.h>
65#include <sys/stat.h>
66#include <sys/sx.h>
67#include <sys/syscall.h>
68#include <sys/sysctl.h>
69#include <sys/sysent.h>
70#include <sys/vnode.h>
71#include <sys/syslog.h>
72#include <sys/eventhandler.h>
73#include <sys/user.h>
74
75#include <vm/vm.h>
76#include <vm/vm_kern.h>
77#include <vm/vm_param.h>
78#include <vm/pmap.h>
79#include <vm/vm_map.h>
80#include <vm/vm_object.h>
81#include <vm/vm_extern.h>
82
83#include <machine/elf.h>
84#include <machine/md_var.h>
85
86#define ELF_NOTE_ROUNDSIZE 4
87#define OLD_EI_BRAND 8
88
89static int __elfN(check_header)(const Elf_Ehdr *hdr);
90static Elf_Brandinfo *__elfN(get_brandinfo)(struct image_params *imgp,
91 const char *interp, int32_t *osrel, uint32_t *fctl0);
92static int __elfN(load_file)(struct proc *p, const char *file, u_long *addr,
93 u_long *entry);
94static int __elfN(load_section)(struct image_params *imgp, vm_ooffset_t offset,
95 caddr_t vmaddr, size_t memsz, size_t filsz, vm_prot_t prot);
96static int __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp);
97static bool __elfN(freebsd_trans_osrel)(const Elf_Note *note,
98 int32_t *osrel);
99static bool kfreebsd_trans_osrel(const Elf_Note *note, int32_t *osrel);
100static bool __elfN(check_note)(struct image_params *imgp,
101 Elf_Brandnote *checknote, int32_t *osrel, bool *has_fctl0,
102 uint32_t *fctl0);
103static vm_prot_t __elfN(trans_prot)(Elf_Word);
104static Elf_Word __elfN(untrans_prot)(vm_prot_t);
105static size_t __elfN(prepare_register_notes)(struct thread *td,
106 struct note_info_list *list, struct thread *target_td);
107
108SYSCTL_NODE(_kern, OID_AUTO, __CONCAT(elf, __ELF_WORD_SIZE),
109 CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
110 "");
111
112int __elfN(fallback_brand) = -1;
113SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO,
114 fallback_brand, CTLFLAG_RWTUN, &__elfN(fallback_brand), 0,
115 __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) " brand of last resort");
116
117static int elf_legacy_coredump = 0;
118SYSCTL_INT(_debug, OID_AUTO, __elfN(legacy_coredump), CTLFLAG_RW,
119 &elf_legacy_coredump, 0,
120 "include all and only RW pages in core dumps");
121
122int __elfN(nxstack) =
123#if defined(__amd64__) || defined(__powerpc64__) /* both 64 and 32 bit */ || \
124 (defined(__arm__) && __ARM_ARCH >= 7) || defined(__aarch64__) || \
125 defined(__riscv)
126 1;
127#else
128 0;
129#endif
130SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO,
131 nxstack, CTLFLAG_RW, &__elfN(nxstack), 0,
132 __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) ": enable non-executable stack");
133
134#if defined(__amd64__)
135static int __elfN(vdso) = 1;
136SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO,
137 vdso, CTLFLAG_RWTUN, &__elfN(vdso), 0,
138 __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) ": enable vdso preloading");
139#else
140static int __elfN(vdso) = 0;
141#endif
142
143#if __ELF_WORD_SIZE == 32 && (defined(__amd64__) || defined(__i386__))
144int i386_read_exec = 0;
145SYSCTL_INT(_kern_elf32, OID_AUTO, read_exec, CTLFLAG_RW, &i386_read_exec, 0,
146 "enable execution from readable segments");
147#endif
148
149static u_long __elfN(pie_base) = ET_DYN_LOAD_ADDR;
150static int
151sysctl_pie_base(SYSCTL_HANDLER_ARGS)
152{
153 u_long val;
154 int error;
155
156 val = __elfN(pie_base);
157 error = sysctl_handle_long(oidp, &val, 0, req);
158 if (error != 0 || req->newptr == NULL)
159 return (error);
160 if ((val & PAGE_MASK) != 0)
161 return (EINVAL);
162 __elfN(pie_base) = val;
163 return (0);
164}
165SYSCTL_PROC(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, pie_base,
166 CTLTYPE_ULONG | CTLFLAG_MPSAFE | CTLFLAG_RW, NULL, 0,
167 sysctl_pie_base, "LU",
168 "PIE load base without randomization");
169
170SYSCTL_NODE(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, aslr,
171 CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
172 "");
173#define ASLR_NODE_OID __CONCAT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), _aslr)
174
175/*
176 * While for 64-bit machines ASLR works properly, there are
177 * still some problems when using 32-bit architectures. For this
178 * reason ASLR is only enabled by default when running native
179 * 64-bit non-PIE executables.
180 */
181static int __elfN(aslr_enabled) = __ELF_WORD_SIZE == 64;
182SYSCTL_INT(ASLR_NODE_OID, OID_AUTO, enable, CTLFLAG_RWTUN,
183 &__elfN(aslr_enabled), 0,
184 __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE))
185 ": enable address map randomization");
186
187/*
188 * Enable ASLR only for 64-bit PIE binaries by default.
189 */
190static int __elfN(pie_aslr_enabled) = __ELF_WORD_SIZE == 64;
191SYSCTL_INT(ASLR_NODE_OID, OID_AUTO, pie_enable, CTLFLAG_RWTUN,
192 &__elfN(pie_aslr_enabled), 0,
193 __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE))
194 ": enable address map randomization for PIE binaries");
195
196/*
197 * Sbrk is now deprecated and it can be assumed, that in most
198 * cases it will not be used anyway. This setting is valid only
199 * for the ASLR enabled and allows for utilizing the bss grow region.
200 */
201static int __elfN(aslr_honor_sbrk) = 0;
202SYSCTL_INT(ASLR_NODE_OID, OID_AUTO, honor_sbrk, CTLFLAG_RW,
203 &__elfN(aslr_honor_sbrk), 0,
204 __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) ": assume sbrk is used");
205
206static int __elfN(aslr_stack) = 1;
207SYSCTL_INT(ASLR_NODE_OID, OID_AUTO, stack, CTLFLAG_RWTUN,
208 &__elfN(aslr_stack), 0,
209 __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE))
210 ": enable stack address randomization");
211
212static int __elfN(sigfastblock) = 1;
213SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, sigfastblock,
214 CTLFLAG_RWTUN, &__elfN(sigfastblock), 0,
215 "enable sigfastblock for new processes");
216
217static bool __elfN(allow_wx) = true;
218SYSCTL_BOOL(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, allow_wx,
219 CTLFLAG_RWTUN, &__elfN(allow_wx), 0,
220 "Allow pages to be mapped simultaneously writable and executable");
221
222static Elf_Brandinfo *elf_brand_list[MAX_BRANDS];
223
224#define aligned(a, t) (rounddown2((u_long)(a), sizeof(t)) == (u_long)(a))
225
226Elf_Brandnote __elfN(freebsd_brandnote) = {
227 .hdr.n_namesz = sizeof(FREEBSD_ABI_VENDOR),
228 .hdr.n_descsz = sizeof(int32_t),
229 .hdr.n_type = NT_FREEBSD_ABI_TAG,
230 .vendor = FREEBSD_ABI_VENDOR,
231 .flags = BN_TRANSLATE_OSREL,
232 .trans_osrel = __elfN(freebsd_trans_osrel)
233};
234
235static bool
236__elfN(freebsd_trans_osrel)(const Elf_Note *note, int32_t *osrel)
237{
238 uintptr_t p;
239
240 p = (uintptr_t)(note + 1);
241 p += roundup2(note->n_namesz, ELF_NOTE_ROUNDSIZE);
242 *osrel = *(const int32_t *)(p);
243
244 return (true);
245}
246
247static const char GNU_ABI_VENDOR[] = "GNU";
248static int GNU_KFREEBSD_ABI_DESC = 3;
249
250Elf_Brandnote __elfN(kfreebsd_brandnote) = {
251 .hdr.n_namesz = sizeof(GNU_ABI_VENDOR),
252 .hdr.n_descsz = 16, /* XXX at least 16 */
253 .hdr.n_type = 1,
254 .vendor = GNU_ABI_VENDOR,
255 .flags = BN_TRANSLATE_OSREL,
256 .trans_osrel = kfreebsd_trans_osrel
257};
258
259static bool
260kfreebsd_trans_osrel(const Elf_Note *note, int32_t *osrel)
261{
262 const Elf32_Word *desc;
263 uintptr_t p;
264
265 p = (uintptr_t)(note + 1);
266 p += roundup2(note->n_namesz, ELF_NOTE_ROUNDSIZE);
267
268 desc = (const Elf32_Word *)p;
269 if (desc[0] != GNU_KFREEBSD_ABI_DESC)
270 return (false);
271
272 /*
273 * Debian GNU/kFreeBSD embed the earliest compatible kernel version
274 * (__FreeBSD_version: <major><two digit minor>Rxx) in the LSB way.
275 */
276 *osrel = desc[1] * 100000 + desc[2] * 1000 + desc[3];
277
278 return (true);
279}
280
281int
282__elfN(insert_brand_entry)(Elf_Brandinfo *entry)
283{
284 int i;
285
286 for (i = 0; i < MAX_BRANDS; i++) {
287 if (elf_brand_list[i] == NULL) {
288 elf_brand_list[i] = entry;
289 break;
290 }
291 }
292 if (i == MAX_BRANDS) {
293 printf("WARNING: %s: could not insert brandinfo entry: %p\n",
294 __func__, entry);
295 return (-1);
296 }
297 return (0);
298}
299
300int
301__elfN(remove_brand_entry)(Elf_Brandinfo *entry)
302{
303 int i;
304
305 for (i = 0; i < MAX_BRANDS; i++) {
306 if (elf_brand_list[i] == entry) {
307 elf_brand_list[i] = NULL;
308 break;
309 }
310 }
311 if (i == MAX_BRANDS)
312 return (-1);
313 return (0);
314}
315
316bool
317__elfN(brand_inuse)(Elf_Brandinfo *entry)
318{
319 struct proc *p;
320 bool rval = false;
321
322 sx_slock(&allproc_lock);
323 FOREACH_PROC_IN_SYSTEM(p) {
324 if (p->p_sysent == entry->sysvec) {
325 rval = true;
326 break;
327 }
328 }
329 sx_sunlock(&allproc_lock);
330
331 return (rval);
332}
333
334static Elf_Brandinfo *
335__elfN(get_brandinfo)(struct image_params *imgp, const char *interp,
336 int32_t *osrel, uint32_t *fctl0)
337{
338 const Elf_Ehdr *hdr = (const Elf_Ehdr *)imgp->image_header;
339 Elf_Brandinfo *bi, *bi_m;
340 bool ret, has_fctl0;
341 int i, interp_name_len;
342
343 interp_name_len = interp != NULL ? strlen(interp) + 1 : 0;
344
345 /*
346 * We support four types of branding -- (1) the ELF EI_OSABI field
347 * that SCO added to the ELF spec, (2) FreeBSD 3.x's traditional string
348 * branding w/in the ELF header, (3) path of the `interp_path'
349 * field, and (4) the ".note.ABI-tag" ELF section.
350 */
351
352 /* Look for an ".note.ABI-tag" ELF section */
353 bi_m = NULL;
354 for (i = 0; i < MAX_BRANDS; i++) {
355 bi = elf_brand_list[i];
356 if (bi == NULL)
357 continue;
358 if (interp != NULL && (bi->flags & BI_BRAND_ONLY_STATIC) != 0)
359 continue;
360 if (hdr->e_machine == bi->machine && (bi->flags &
361 (BI_BRAND_NOTE|BI_BRAND_NOTE_MANDATORY)) != 0) {
362 has_fctl0 = false;
363 *fctl0 = 0;
364 *osrel = 0;
365 ret = __elfN(check_note)(imgp, bi->brand_note, osrel,
366 &has_fctl0, fctl0);
367 /* Give brand a chance to veto check_note's guess */
368 if (ret && bi->header_supported) {
369 ret = bi->header_supported(imgp, osrel,
370 has_fctl0 ? fctl0 : NULL);
371 }
372 /*
373 * If note checker claimed the binary, but the
374 * interpreter path in the image does not
375 * match default one for the brand, try to
376 * search for other brands with the same
377 * interpreter. Either there is better brand
378 * with the right interpreter, or, failing
379 * this, we return first brand which accepted
380 * our note and, optionally, header.
381 */
382 if (ret && bi_m == NULL && interp != NULL &&
383 (bi->interp_path == NULL ||
384 (strlen(bi->interp_path) + 1 != interp_name_len ||
385 strncmp(interp, bi->interp_path, interp_name_len)
386 != 0))) {
387 bi_m = bi;
388 ret = 0;
389 }
390 if (ret)
391 return (bi);
392 }
393 }
394 if (bi_m != NULL)
395 return (bi_m);
396
397 /* If the executable has a brand, search for it in the brand list. */
398 for (i = 0; i < MAX_BRANDS; i++) {
399 bi = elf_brand_list[i];
400 if (bi == NULL || (bi->flags & BI_BRAND_NOTE_MANDATORY) != 0 ||
401 (interp != NULL && (bi->flags & BI_BRAND_ONLY_STATIC) != 0))
402 continue;
403 if (hdr->e_machine == bi->machine &&
404 (hdr->e_ident[EI_OSABI] == bi->brand ||
405 (bi->compat_3_brand != NULL &&
406 strcmp((const char *)&hdr->e_ident[OLD_EI_BRAND],
407 bi->compat_3_brand) == 0))) {
408 /* Looks good, but give brand a chance to veto */
409 if (bi->header_supported == NULL ||
410 bi->header_supported(imgp, NULL, NULL)) {
411 /*
412 * Again, prefer strictly matching
413 * interpreter path.
414 */
415 if (interp_name_len == 0 &&
416 bi->interp_path == NULL)
417 return (bi);
418 if (bi->interp_path != NULL &&
419 strlen(bi->interp_path) + 1 ==
420 interp_name_len && strncmp(interp,
421 bi->interp_path, interp_name_len) == 0)
422 return (bi);
423 if (bi_m == NULL)
424 bi_m = bi;
425 }
426 }
427 }
428 if (bi_m != NULL)
429 return (bi_m);
430
431 /* No known brand, see if the header is recognized by any brand */
432 for (i = 0; i < MAX_BRANDS; i++) {
433 bi = elf_brand_list[i];
434 if (bi == NULL || bi->flags & BI_BRAND_NOTE_MANDATORY ||
435 bi->header_supported == NULL)
436 continue;
437 if (hdr->e_machine == bi->machine) {
438 ret = bi->header_supported(imgp, NULL, NULL);
439 if (ret)
440 return (bi);
441 }
442 }
443
444 /* Lacking a known brand, search for a recognized interpreter. */
445 if (interp != NULL) {
446 for (i = 0; i < MAX_BRANDS; i++) {
447 bi = elf_brand_list[i];
448 if (bi == NULL || (bi->flags &
449 (BI_BRAND_NOTE_MANDATORY | BI_BRAND_ONLY_STATIC))
450 != 0)
451 continue;
452 if (hdr->e_machine == bi->machine &&
453 bi->interp_path != NULL &&
454 /* ELF image p_filesz includes terminating zero */
455 strlen(bi->interp_path) + 1 == interp_name_len &&
456 strncmp(interp, bi->interp_path, interp_name_len)
457 == 0 && (bi->header_supported == NULL ||
458 bi->header_supported(imgp, NULL, NULL)))
459 return (bi);
460 }
461 }
462
463 /* Lacking a recognized interpreter, try the default brand */
464 for (i = 0; i < MAX_BRANDS; i++) {
465 bi = elf_brand_list[i];
466 if (bi == NULL || (bi->flags & BI_BRAND_NOTE_MANDATORY) != 0 ||
467 (interp != NULL && (bi->flags & BI_BRAND_ONLY_STATIC) != 0))
468 continue;
469 if (hdr->e_machine == bi->machine &&
470 __elfN(fallback_brand) == bi->brand &&
471 (bi->header_supported == NULL ||
472 bi->header_supported(imgp, NULL, NULL)))
473 return (bi);
474 }
475 return (NULL);
476}
477
478static bool
479__elfN(phdr_in_zero_page)(const Elf_Ehdr *hdr)
480{
481 return (hdr->e_phoff <= PAGE_SIZE &&
482 (u_int)hdr->e_phentsize * hdr->e_phnum <= PAGE_SIZE - hdr->e_phoff);
483}
484
485static int
486__elfN(check_header)(const Elf_Ehdr *hdr)
487{
488 Elf_Brandinfo *bi;
489 int i;
490
491 if (!IS_ELF(*hdr) ||
492 hdr->e_ident[EI_CLASS] != ELF_TARG_CLASS ||
493 hdr->e_ident[EI_DATA] != ELF_TARG_DATA ||
494 hdr->e_ident[EI_VERSION] != EV_CURRENT ||
495 hdr->e_phentsize != sizeof(Elf_Phdr) ||
496 hdr->e_version != ELF_TARG_VER)
497 return (ENOEXEC);
498
499 /*
500 * Make sure we have at least one brand for this machine.
501 */
502
503 for (i = 0; i < MAX_BRANDS; i++) {
504 bi = elf_brand_list[i];
505 if (bi != NULL && bi->machine == hdr->e_machine)
506 break;
507 }
508 if (i == MAX_BRANDS)
509 return (ENOEXEC);
510
511 return (0);
512}
513
514static int
515__elfN(map_partial)(vm_map_t map, vm_object_t object, vm_ooffset_t offset,
516 vm_offset_t start, vm_offset_t end, vm_prot_t prot)
517{
518 struct sf_buf *sf;
519 int error;
520 vm_offset_t off;
521
522 /*
523 * Create the page if it doesn't exist yet. Ignore errors.
524 */
525 vm_map_fixed(map, NULL, 0, trunc_page(start), round_page(end) -
526 trunc_page(start), VM_PROT_ALL, VM_PROT_ALL, MAP_CHECK_EXCL);
527
528 /*
529 * Find the page from the underlying object.
530 */
531 if (object != NULL) {
532 sf = vm_imgact_map_page(object, offset);
533 if (sf == NULL)
534 return (KERN_FAILURE);
535 off = offset - trunc_page(offset);
536 error = copyout((caddr_t)sf_buf_kva(sf) + off, (caddr_t)start,
537 end - start);
538 vm_imgact_unmap_page(sf);
539 if (error != 0)
540 return (KERN_FAILURE);
541 }
542
543 return (KERN_SUCCESS);
544}
545
546static int
547__elfN(map_insert)(struct image_params *imgp, vm_map_t map, vm_object_t object,
548 vm_ooffset_t offset, vm_offset_t start, vm_offset_t end, vm_prot_t prot,
549 int cow)
550{
551 struct sf_buf *sf;
552 vm_offset_t off;
553 vm_size_t sz;
554 int error, locked, rv;
555
556 if (start != trunc_page(start)) {
557 rv = __elfN(map_partial)(map, object, offset, start,
558 round_page(start), prot);
559 if (rv != KERN_SUCCESS)
560 return (rv);
561 offset += round_page(start) - start;
562 start = round_page(start);
563 }
564 if (end != round_page(end)) {
565 rv = __elfN(map_partial)(map, object, offset +
566 trunc_page(end) - start, trunc_page(end), end, prot);
567 if (rv != KERN_SUCCESS)
568 return (rv);
569 end = trunc_page(end);
570 }
571 if (start >= end)
572 return (KERN_SUCCESS);
573 if ((offset & PAGE_MASK) != 0) {
574 /*
575 * The mapping is not page aligned. This means that we have
576 * to copy the data.
577 */
578 rv = vm_map_fixed(map, NULL, 0, start, end - start,
579 prot | VM_PROT_WRITE, VM_PROT_ALL, MAP_CHECK_EXCL);
580 if (rv != KERN_SUCCESS)
581 return (rv);
582 if (object == NULL)
583 return (KERN_SUCCESS);
584 for (; start < end; start += sz) {
585 sf = vm_imgact_map_page(object, offset);
586 if (sf == NULL)
587 return (KERN_FAILURE);
588 off = offset - trunc_page(offset);
589 sz = end - start;
590 if (sz > PAGE_SIZE - off)
591 sz = PAGE_SIZE - off;
592 error = copyout((caddr_t)sf_buf_kva(sf) + off,
593 (caddr_t)start, sz);
594 vm_imgact_unmap_page(sf);
595 if (error != 0)
596 return (KERN_FAILURE);
597 offset += sz;
598 }
599 } else {
600 vm_object_reference(object);
601 rv = vm_map_fixed(map, object, offset, start, end - start,
602 prot, VM_PROT_ALL, cow | MAP_CHECK_EXCL |
603 (object != NULL ? MAP_VN_EXEC : 0));
604 if (rv != KERN_SUCCESS) {
605 locked = VOP_ISLOCKED(imgp->vp);
606 VOP_UNLOCK(imgp->vp);
607 vm_object_deallocate(object);
608 vn_lock(imgp->vp, locked | LK_RETRY);
609 return (rv);
610 } else if (object != NULL) {
611 MPASS(imgp->vp->v_object == object);
612 VOP_SET_TEXT_CHECKED(imgp->vp);
613 }
614 }
615 return (KERN_SUCCESS);
616}
617
618static int
619__elfN(load_section)(struct image_params *imgp, vm_ooffset_t offset,
620 caddr_t vmaddr, size_t memsz, size_t filsz, vm_prot_t prot)
621{
622 struct sf_buf *sf;
623 size_t map_len;
624 vm_map_t map;
625 vm_object_t object;
626 vm_offset_t map_addr;
627 int error, rv, cow;
628 size_t copy_len;
629 vm_ooffset_t file_addr;
630
631 /*
632 * It's necessary to fail if the filsz + offset taken from the
633 * header is greater than the actual file pager object's size.
634 * If we were to allow this, then the vm_map_find() below would
635 * walk right off the end of the file object and into the ether.
636 *
637 * While I'm here, might as well check for something else that
638 * is invalid: filsz cannot be greater than memsz.
639 */
640 if ((filsz != 0 && (off_t)filsz + offset > imgp->attr->va_size) ||
641 filsz > memsz) {
642 uprintf("elf_load_section: truncated ELF file\n");
643 return (ENOEXEC);
644 }
645
646 object = imgp->object;
647 map = &imgp->proc->p_vmspace->vm_map;
648 map_addr = trunc_page((vm_offset_t)vmaddr);
649 file_addr = trunc_page(offset);
650
651 /*
652 * We have two choices. We can either clear the data in the last page
653 * of an oversized mapping, or we can start the anon mapping a page
654 * early and copy the initialized data into that first page. We
655 * choose the second.
656 */
657 if (filsz == 0)
658 map_len = 0;
659 else if (memsz > filsz)
660 map_len = trunc_page(offset + filsz) - file_addr;
661 else
662 map_len = round_page(offset + filsz) - file_addr;
663
664 if (map_len != 0) {
665 /* cow flags: don't dump readonly sections in core */
666 cow = MAP_COPY_ON_WRITE | MAP_PREFAULT |
667 (prot & VM_PROT_WRITE ? 0 : MAP_DISABLE_COREDUMP);
668
669 rv = __elfN(map_insert)(imgp, map, object, file_addr,
670 map_addr, map_addr + map_len, prot, cow);
671 if (rv != KERN_SUCCESS)
672 return (EINVAL);
673
674 /* we can stop now if we've covered it all */
675 if (memsz == filsz)
676 return (0);
677 }
678
679 /*
680 * We have to get the remaining bit of the file into the first part
681 * of the oversized map segment. This is normally because the .data
682 * segment in the file is extended to provide bss. It's a neat idea
683 * to try and save a page, but it's a pain in the behind to implement.
684 */
685 copy_len = filsz == 0 ? 0 : (offset + filsz) - trunc_page(offset +
686 filsz);
687 map_addr = trunc_page((vm_offset_t)vmaddr + filsz);
688 map_len = round_page((vm_offset_t)vmaddr + memsz) - map_addr;
689
690 /* This had damn well better be true! */
691 if (map_len != 0) {
692 rv = __elfN(map_insert)(imgp, map, NULL, 0, map_addr,
693 map_addr + map_len, prot, 0);
694 if (rv != KERN_SUCCESS)
695 return (EINVAL);
696 }
697
698 if (copy_len != 0) {
699 sf = vm_imgact_map_page(object, offset + filsz);
700 if (sf == NULL)
701 return (EIO);
702
703 /* send the page fragment to user space */
704 error = copyout((caddr_t)sf_buf_kva(sf), (caddr_t)map_addr,
705 copy_len);
706 vm_imgact_unmap_page(sf);
707 if (error != 0)
708 return (error);
709 }
710
711 /*
712 * Remove write access to the page if it was only granted by map_insert
713 * to allow copyout.
714 */
715 if ((prot & VM_PROT_WRITE) == 0)
716 vm_map_protect(map, trunc_page(map_addr), round_page(map_addr +
717 map_len), prot, 0, VM_MAP_PROTECT_SET_PROT);
718
719 return (0);
720}
721
722static int
723__elfN(load_sections)(struct image_params *imgp, const Elf_Ehdr *hdr,
724 const Elf_Phdr *phdr, u_long rbase, u_long *base_addrp)
725{
726 vm_prot_t prot;
727 u_long base_addr;
728 bool first;
729 int error, i;
730
731 ASSERT_VOP_LOCKED(imgp->vp, __func__);
732
733 base_addr = 0;
734 first = true;
735
736 for (i = 0; i < hdr->e_phnum; i++) {
737 if (phdr[i].p_type != PT_LOAD || phdr[i].p_memsz == 0)
738 continue;
739
740 /* Loadable segment */
741 prot = __elfN(trans_prot)(phdr[i].p_flags);
742 error = __elfN(load_section)(imgp, phdr[i].p_offset,
743 (caddr_t)(uintptr_t)phdr[i].p_vaddr + rbase,
744 phdr[i].p_memsz, phdr[i].p_filesz, prot);
745 if (error != 0)
746 return (error);
747
748 /*
749 * Establish the base address if this is the first segment.
750 */
751 if (first) {
752 base_addr = trunc_page(phdr[i].p_vaddr + rbase);
753 first = false;
754 }
755 }
756
757 if (base_addrp != NULL)
758 *base_addrp = base_addr;
759
760 return (0);
761}
762
763/*
764 * Load the file "file" into memory. It may be either a shared object
765 * or an executable.
766 *
767 * The "addr" reference parameter is in/out. On entry, it specifies
768 * the address where a shared object should be loaded. If the file is
769 * an executable, this value is ignored. On exit, "addr" specifies
770 * where the file was actually loaded.
771 *
772 * The "entry" reference parameter is out only. On exit, it specifies
773 * the entry point for the loaded file.
774 */
775static int
776__elfN(load_file)(struct proc *p, const char *file, u_long *addr,
777 u_long *entry)
778{
779 struct {
780 struct nameidata nd;
781 struct vattr attr;
782 struct image_params image_params;
783 } *tempdata;
784 const Elf_Ehdr *hdr = NULL;
785 const Elf_Phdr *phdr = NULL;
786 struct nameidata *nd;
787 struct vattr *attr;
788 struct image_params *imgp;
789 u_long rbase;
790 u_long base_addr = 0;
791 int error;
792
793#ifdef CAPABILITY_MODE
794 /*
795 * XXXJA: This check can go away once we are sufficiently confident
796 * that the checks in namei() are correct.
797 */
798 if (IN_CAPABILITY_MODE(curthread))
799 return (ECAPMODE);
800#endif
801
802 tempdata = malloc(sizeof(*tempdata), M_TEMP, M_WAITOK | M_ZERO);
803 nd = &tempdata->nd;
804 attr = &tempdata->attr;
805 imgp = &tempdata->image_params;
806
807 /*
808 * Initialize part of the common data
809 */
810 imgp->proc = p;
811 imgp->attr = attr;
812
813 NDINIT(nd, LOOKUP, ISOPEN | FOLLOW | LOCKSHARED | LOCKLEAF,
814 UIO_SYSSPACE, file);
815 if ((error = namei(nd)) != 0) {
816 nd->ni_vp = NULL;
817 goto fail;
818 }
819 NDFREE(nd, NDF_ONLY_PNBUF);
820 imgp->vp = nd->ni_vp;
821
822 /*
823 * Check permissions, modes, uid, etc on the file, and "open" it.
824 */
825 error = exec_check_permissions(imgp);
826 if (error)
827 goto fail;
828
829 error = exec_map_first_page(imgp);
830 if (error)
831 goto fail;
832
833 imgp->object = nd->ni_vp->v_object;
834
835 hdr = (const Elf_Ehdr *)imgp->image_header;
836 if ((error = __elfN(check_header)(hdr)) != 0)
837 goto fail;
838 if (hdr->e_type == ET_DYN)
839 rbase = *addr;
840 else if (hdr->e_type == ET_EXEC)
841 rbase = 0;
842 else {
843 error = ENOEXEC;
844 goto fail;
845 }
846
847 /* Only support headers that fit within first page for now */
848 if (!__elfN(phdr_in_zero_page)(hdr)) {
849 error = ENOEXEC;
850 goto fail;
851 }
852
853 phdr = (const Elf_Phdr *)(imgp->image_header + hdr->e_phoff);
854 if (!aligned(phdr, Elf_Addr)) {
855 error = ENOEXEC;
856 goto fail;
857 }
858
859 error = __elfN(load_sections)(imgp, hdr, phdr, rbase, &base_addr);
860 if (error != 0)
861 goto fail;
862
863 *addr = base_addr;
864 *entry = (unsigned long)hdr->e_entry + rbase;
865
866fail:
867 if (imgp->firstpage)
868 exec_unmap_first_page(imgp);
869
870 if (nd->ni_vp) {
871 if (imgp->textset)
872 VOP_UNSET_TEXT_CHECKED(nd->ni_vp);
873 vput(nd->ni_vp);
874 }
875 free(tempdata, M_TEMP);
876
877 return (error);
878}
879
880/*
881 * Select randomized valid address in the map map, between minv and
882 * maxv, with specified alignment. The [minv, maxv) range must belong
883 * to the map. Note that function only allocates the address, it is
884 * up to caller to clamp maxv in a way that the final allocation
885 * length fit into the map.
886 *
887 * Result is returned in *resp, error code indicates that arguments
888 * did not pass sanity checks for overflow and range correctness.
889 */
890static int
891__CONCAT(rnd_, __elfN(base))(vm_map_t map, u_long minv, u_long maxv,
892 u_int align, u_long *resp)
893{
894 u_long rbase, res;
895
896 MPASS(vm_map_min(map) <= minv);
897
898 if (minv >= maxv || minv + align >= maxv || maxv > vm_map_max(map)) {
899 uprintf("Invalid ELF segments layout\n");
900 return (ENOEXEC);
901 }
902
903 arc4rand(&rbase, sizeof(rbase), 0);
904 res = roundup(minv, (u_long)align) + rbase % (maxv - minv);
905 res &= ~((u_long)align - 1);
906 if (res >= maxv)
907 res -= align;
908
909 KASSERT(res >= minv,
910 ("res %#lx < minv %#lx, maxv %#lx rbase %#lx",
911 res, minv, maxv, rbase));
912 KASSERT(res < maxv,
913 ("res %#lx > maxv %#lx, minv %#lx rbase %#lx",
914 res, maxv, minv, rbase));
915
916 *resp = res;
917 return (0);
918}
919
920static int
921__elfN(enforce_limits)(struct image_params *imgp, const Elf_Ehdr *hdr,
922 const Elf_Phdr *phdr, u_long et_dyn_addr)
923{
924 struct vmspace *vmspace;
925 const char *err_str;
926 u_long text_size, data_size, total_size, text_addr, data_addr;
927 u_long seg_size, seg_addr;
928 int i;
929
930 err_str = NULL;
931 text_size = data_size = total_size = text_addr = data_addr = 0;
932
933 for (i = 0; i < hdr->e_phnum; i++) {
934 if (phdr[i].p_type != PT_LOAD || phdr[i].p_memsz == 0)
935 continue;
936
937 seg_addr = trunc_page(phdr[i].p_vaddr + et_dyn_addr);
938 seg_size = round_page(phdr[i].p_memsz +
939 phdr[i].p_vaddr + et_dyn_addr - seg_addr);
940
941 /*
942 * Make the largest executable segment the official
943 * text segment and all others data.
944 *
945 * Note that obreak() assumes that data_addr + data_size == end
946 * of data load area, and the ELF file format expects segments
947 * to be sorted by address. If multiple data segments exist,
948 * the last one will be used.
949 */
950
951 if ((phdr[i].p_flags & PF_X) != 0 && text_size < seg_size) {
952 text_size = seg_size;
953 text_addr = seg_addr;
954 } else {
955 data_size = seg_size;
956 data_addr = seg_addr;
957 }
958 total_size += seg_size;
959 }
960
961 if (data_addr == 0 && data_size == 0) {
962 data_addr = text_addr;
963 data_size = text_size;
964 }
965
966 /*
967 * Check limits. It should be safe to check the
968 * limits after loading the segments since we do
969 * not actually fault in all the segments pages.
970 */
971 PROC_LOCK(imgp->proc);
972 if (data_size > lim_cur_proc(imgp->proc, RLIMIT_DATA))
973 err_str = "Data segment size exceeds process limit";
974 else if (text_size > maxtsiz)
975 err_str = "Text segment size exceeds system limit";
976 else if (total_size > lim_cur_proc(imgp->proc, RLIMIT_VMEM))
977 err_str = "Total segment size exceeds process limit";
978 else if (racct_set(imgp->proc, RACCT_DATA, data_size) != 0)
979 err_str = "Data segment size exceeds resource limit";
980 else if (racct_set(imgp->proc, RACCT_VMEM, total_size) != 0)
981 err_str = "Total segment size exceeds resource limit";
982 PROC_UNLOCK(imgp->proc);
983 if (err_str != NULL) {
984 uprintf("%s\n", err_str);
985 return (ENOMEM);
986 }
987
988 vmspace = imgp->proc->p_vmspace;
989 vmspace->vm_tsize = text_size >> PAGE_SHIFT;
990 vmspace->vm_taddr = (caddr_t)(uintptr_t)text_addr;
991 vmspace->vm_dsize = data_size >> PAGE_SHIFT;
992 vmspace->vm_daddr = (caddr_t)(uintptr_t)data_addr;
993
994 return (0);
995}
996
997static int
998__elfN(get_interp)(struct image_params *imgp, const Elf_Phdr *phdr,
999 char **interpp, bool *free_interpp)
1000{
1001 struct thread *td;
1002 char *interp;
1003 int error, interp_name_len;
1004
1005 KASSERT(phdr->p_type == PT_INTERP,
1006 ("%s: p_type %u != PT_INTERP", __func__, phdr->p_type));
1007 ASSERT_VOP_LOCKED(imgp->vp, __func__);
1008
1009 td = curthread;
1010
1011 /* Path to interpreter */
1012 if (phdr->p_filesz < 2 || phdr->p_filesz > MAXPATHLEN) {
1013 uprintf("Invalid PT_INTERP\n");
1014 return (ENOEXEC);
1015 }
1016
1017 interp_name_len = phdr->p_filesz;
1018 if (phdr->p_offset > PAGE_SIZE ||
1019 interp_name_len > PAGE_SIZE - phdr->p_offset) {
1020 /*
1021 * The vnode lock might be needed by the pagedaemon to
1022 * clean pages owned by the vnode. Do not allow sleep
1023 * waiting for memory with the vnode locked, instead
1024 * try non-sleepable allocation first, and if it
1025 * fails, go to the slow path were we drop the lock
1026 * and do M_WAITOK. A text reference prevents
1027 * modifications to the vnode content.
1028 */
1029 interp = malloc(interp_name_len + 1, M_TEMP, M_NOWAIT);
1030 if (interp == NULL) {
1031 VOP_UNLOCK(imgp->vp);
1032 interp = malloc(interp_name_len + 1, M_TEMP, M_WAITOK);
1033 vn_lock(imgp->vp, LK_SHARED | LK_RETRY);
1034 }
1035
1036 error = vn_rdwr(UIO_READ, imgp->vp, interp,
1037 interp_name_len, phdr->p_offset,
1038 UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred,
1039 NOCRED, NULL, td);
1040 if (error != 0) {
1041 free(interp, M_TEMP);
1042 uprintf("i/o error PT_INTERP %d\n", error);
1043 return (error);
1044 }
1045 interp[interp_name_len] = '\0';
1046
1047 *interpp = interp;
1048 *free_interpp = true;
1049 return (0);
1050 }
1051
1052 interp = __DECONST(char *, imgp->image_header) + phdr->p_offset;
1053 if (interp[interp_name_len - 1] != '\0') {
1054 uprintf("Invalid PT_INTERP\n");
1055 return (ENOEXEC);
1056 }
1057
1058 *interpp = interp;
1059 *free_interpp = false;
1060 return (0);
1061}
1062
1063static int
1064__elfN(load_interp)(struct image_params *imgp, const Elf_Brandinfo *brand_info,
1065 const char *interp, u_long *addr, u_long *entry)
1066{
1067 char *path;
1068 int error;
1069
1070 if (brand_info->emul_path != NULL &&
1071 brand_info->emul_path[0] != '\0') {
1072 path = malloc(MAXPATHLEN, M_TEMP, M_WAITOK);
1073 snprintf(path, MAXPATHLEN, "%s%s",
1074 brand_info->emul_path, interp);
1075 error = __elfN(load_file)(imgp->proc, path, addr, entry);
1076 free(path, M_TEMP);
1077 if (error == 0)
1078 return (0);
1079 }
1080
1081 if (brand_info->interp_newpath != NULL &&
1082 (brand_info->interp_path == NULL ||
1083 strcmp(interp, brand_info->interp_path) == 0)) {
1084 error = __elfN(load_file)(imgp->proc,
1085 brand_info->interp_newpath, addr, entry);
1086 if (error == 0)
1087 return (0);
1088 }
1089
1090 error = __elfN(load_file)(imgp->proc, interp, addr, entry);
1091 if (error == 0)
1092 return (0);
1093
1094 uprintf("ELF interpreter %s not found, error %d\n", interp, error);
1095 return (error);
1096}
1097
1098/*
1099 * Impossible et_dyn_addr initial value indicating that the real base
1100 * must be calculated later with some randomization applied.
1101 */
1102#define ET_DYN_ADDR_RAND 1
1103
1104static int
1105__CONCAT(exec_, __elfN(imgact))(struct image_params *imgp)
1106{
1107 struct thread *td;
1108 const Elf_Ehdr *hdr;
1109 const Elf_Phdr *phdr;
1110 Elf_Auxargs *elf_auxargs;
1111 struct vmspace *vmspace;
1112 vm_map_t map;
1113 char *interp;
1114 Elf_Brandinfo *brand_info;
1115 struct sysentvec *sv;
1116 u_long addr, baddr, et_dyn_addr, entry, proghdr;
1117 u_long maxalign, maxsalign, mapsz, maxv, maxv1, anon_loc;
1118 uint32_t fctl0;
1119 int32_t osrel;
1120 bool free_interp;
1121 int error, i, n;
1122
1123 hdr = (const Elf_Ehdr *)imgp->image_header;
1124
1125 /*
1126 * Do we have a valid ELF header ?
1127 *
1128 * Only allow ET_EXEC & ET_DYN here, reject ET_DYN later
1129 * if particular brand doesn't support it.
1130 */
1131 if (__elfN(check_header)(hdr) != 0 ||
1132 (hdr->e_type != ET_EXEC && hdr->e_type != ET_DYN))
1133 return (-1);
1134
1135 /*
1136 * From here on down, we return an errno, not -1, as we've
1137 * detected an ELF file.
1138 */
1139
1140 if (!__elfN(phdr_in_zero_page)(hdr)) {
1141 uprintf("Program headers not in the first page\n");
1142 return (ENOEXEC);
1143 }
1144 phdr = (const Elf_Phdr *)(imgp->image_header + hdr->e_phoff);
1145 if (!aligned(phdr, Elf_Addr)) {
1146 uprintf("Unaligned program headers\n");
1147 return (ENOEXEC);
1148 }
1149
1150 n = error = 0;
1151 baddr = 0;
1152 osrel = 0;
1153 fctl0 = 0;
1154 entry = proghdr = 0;
1155 interp = NULL;
1156 free_interp = false;
1157 td = curthread;
1158
1159 /*
1160 * Somewhat arbitrary, limit accepted max alignment for the
1161 * loadable segment to the max supported superpage size. Too
1162 * large alignment requests are not useful and are indicators
1163 * of corrupted or outright malicious binary.
1164 */
1165 maxalign = PAGE_SIZE;
1166 maxsalign = PAGE_SIZE * 1024;
1167 for (i = MAXPAGESIZES - 1; i > 0; i--) {
1168 if (pagesizes[i] > maxsalign)
1169 maxsalign = pagesizes[i];
1170 }
1171
1172 mapsz = 0;
1173
1174 for (i = 0; i < hdr->e_phnum; i++) {
1175 switch (phdr[i].p_type) {
1176 case PT_LOAD:
1177 if (n == 0)
1178 baddr = phdr[i].p_vaddr;
1179 if (!powerof2(phdr[i].p_align) ||
1180 phdr[i].p_align > maxsalign) {
1181 uprintf("Invalid segment alignment\n");
1182 error = ENOEXEC;
1183 goto ret;
1184 }
1185 if (phdr[i].p_align > maxalign)
1186 maxalign = phdr[i].p_align;
1187 if (mapsz + phdr[i].p_memsz < mapsz) {
1188 uprintf("Mapsize overflow\n");
1189 error = ENOEXEC;
1190 goto ret;
1191 }
1192 mapsz += phdr[i].p_memsz;
1193 n++;
1194
1195 /*
1196 * If this segment contains the program headers,
1197 * remember their virtual address for the AT_PHDR
1198 * aux entry. Static binaries don't usually include
1199 * a PT_PHDR entry.
1200 */
1201 if (phdr[i].p_offset == 0 &&
1202 hdr->e_phoff + hdr->e_phnum * hdr->e_phentsize <=
1203 phdr[i].p_filesz)
1204 proghdr = phdr[i].p_vaddr + hdr->e_phoff;
1205 break;
1206 case PT_INTERP:
1207 /* Path to interpreter */
1208 if (interp != NULL) {
1209 uprintf("Multiple PT_INTERP headers\n");
1210 error = ENOEXEC;
1211 goto ret;
1212 }
1213 error = __elfN(get_interp)(imgp, &phdr[i], &interp,
1214 &free_interp);
1215 if (error != 0)
1216 goto ret;
1217 break;
1218 case PT_GNU_STACK:
1219 if (__elfN(nxstack))
1220 imgp->stack_prot =
1221 __elfN(trans_prot)(phdr[i].p_flags);
1222 imgp->stack_sz = phdr[i].p_memsz;
1223 break;
1224 case PT_PHDR: /* Program header table info */
1225 proghdr = phdr[i].p_vaddr;
1226 break;
1227 }
1228 }
1229
1230 brand_info = __elfN(get_brandinfo)(imgp, interp, &osrel, &fctl0);
1231 if (brand_info == NULL) {
1232 uprintf("ELF binary type \"%u\" not known.\n",
1233 hdr->e_ident[EI_OSABI]);
1234 error = ENOEXEC;
1235 goto ret;
1236 }
1237 sv = brand_info->sysvec;
1238 et_dyn_addr = 0;
1239 if (hdr->e_type == ET_DYN) {
1240 if ((brand_info->flags & BI_CAN_EXEC_DYN) == 0) {
1241 uprintf("Cannot execute shared object\n");
1242 error = ENOEXEC;
1243 goto ret;
1244 }
1245 /*
1246 * Honour the base load address from the dso if it is
1247 * non-zero for some reason.
1248 */
1249 if (baddr == 0) {
1250 if ((sv->sv_flags & SV_ASLR) == 0 ||
1251 (fctl0 & NT_FREEBSD_FCTL_ASLR_DISABLE) != 0)
1252 et_dyn_addr = __elfN(pie_base);
1253 else if ((__elfN(pie_aslr_enabled) &&
1254 (imgp->proc->p_flag2 & P2_ASLR_DISABLE) == 0) ||
1255 (imgp->proc->p_flag2 & P2_ASLR_ENABLE) != 0)
1256 et_dyn_addr = ET_DYN_ADDR_RAND;
1257 else
1258 et_dyn_addr = __elfN(pie_base);
1259 }
1260 }
1261
1262 /*
1263 * Avoid a possible deadlock if the current address space is destroyed
1264 * and that address space maps the locked vnode. In the common case,
1265 * the locked vnode's v_usecount is decremented but remains greater
1266 * than zero. Consequently, the vnode lock is not needed by vrele().
1267 * However, in cases where the vnode lock is external, such as nullfs,
1268 * v_usecount may become zero.
1269 *
1270 * The VV_TEXT flag prevents modifications to the executable while
1271 * the vnode is unlocked.
1272 */
1273 VOP_UNLOCK(imgp->vp);
1274
1275 /*
1276 * Decide whether to enable randomization of user mappings.
1277 * First, reset user preferences for the setid binaries.
1278 * Then, account for the support of the randomization by the
1279 * ABI, by user preferences, and make special treatment for
1280 * PIE binaries.
1281 */
1282 if (imgp->credential_setid) {
1283 PROC_LOCK(imgp->proc);
1284 imgp->proc->p_flag2 &= ~(P2_ASLR_ENABLE | P2_ASLR_DISABLE |
1285 P2_WXORX_DISABLE | P2_WXORX_ENABLE_EXEC);
1286 PROC_UNLOCK(imgp->proc);
1287 }
1288 if ((sv->sv_flags & SV_ASLR) == 0 ||
1289 (imgp->proc->p_flag2 & P2_ASLR_DISABLE) != 0 ||
1290 (fctl0 & NT_FREEBSD_FCTL_ASLR_DISABLE) != 0) {
1291 KASSERT(et_dyn_addr != ET_DYN_ADDR_RAND,
1292 ("et_dyn_addr == RAND and !ASLR"));
1293 } else if ((imgp->proc->p_flag2 & P2_ASLR_ENABLE) != 0 ||
1294 (__elfN(aslr_enabled) && hdr->e_type == ET_EXEC) ||
1295 et_dyn_addr == ET_DYN_ADDR_RAND) {
1296 imgp->map_flags |= MAP_ASLR;
1297 /*
1298 * If user does not care about sbrk, utilize the bss
1299 * grow region for mappings as well. We can select
1300 * the base for the image anywere and still not suffer
1301 * from the fragmentation.
1302 */
1303 if (!__elfN(aslr_honor_sbrk) ||
1304 (imgp->proc->p_flag2 & P2_ASLR_IGNSTART) != 0)
1305 imgp->map_flags |= MAP_ASLR_IGNSTART;
1306 if (__elfN(aslr_stack))
1307 imgp->map_flags |= MAP_ASLR_STACK;
1308 }
1309
1310 if ((!__elfN(allow_wx) && (fctl0 & NT_FREEBSD_FCTL_WXNEEDED) == 0 &&
1311 (imgp->proc->p_flag2 & P2_WXORX_DISABLE) == 0) ||
1312 (imgp->proc->p_flag2 & P2_WXORX_ENABLE_EXEC) != 0)
1313 imgp->map_flags |= MAP_WXORX;
1314
1315 error = exec_new_vmspace(imgp, sv);
1316
1317 imgp->proc->p_sysent = sv;
1318 imgp->proc->p_elf_brandinfo = brand_info;
1319
1320 vmspace = imgp->proc->p_vmspace;
1321 map = &vmspace->vm_map;
1322 maxv = sv->sv_usrstack;
1323 if ((imgp->map_flags & MAP_ASLR_STACK) == 0)
1324 maxv -= lim_max(td, RLIMIT_STACK);
1325 if (error == 0 && mapsz >= maxv - vm_map_min(map)) {
1326 uprintf("Excessive mapping size\n");
1327 error = ENOEXEC;
1328 }
1329
1330 if (error == 0 && et_dyn_addr == ET_DYN_ADDR_RAND) {
1331 KASSERT((map->flags & MAP_ASLR) != 0,
1332 ("ET_DYN_ADDR_RAND but !MAP_ASLR"));
1333 error = __CONCAT(rnd_, __elfN(base))(map,
1334 vm_map_min(map) + mapsz + lim_max(td, RLIMIT_DATA),
1335 /* reserve half of the address space to interpreter */
1336 maxv / 2, maxalign, &et_dyn_addr);
1337 }
1338
1339 vn_lock(imgp->vp, LK_SHARED | LK_RETRY);
1340 if (error != 0)
1341 goto ret;
1342
1343 error = __elfN(load_sections)(imgp, hdr, phdr, et_dyn_addr, NULL);
1344 if (error != 0)
1345 goto ret;
1346
1347 error = __elfN(enforce_limits)(imgp, hdr, phdr, et_dyn_addr);
1348 if (error != 0)
1349 goto ret;
1350
1351 /*
1352 * We load the dynamic linker where a userland call
1353 * to mmap(0, ...) would put it. The rationale behind this
1354 * calculation is that it leaves room for the heap to grow to
1355 * its maximum allowed size.
1356 */
1357 addr = round_page((vm_offset_t)vmspace->vm_daddr + lim_max(td,
1358 RLIMIT_DATA));
1359 if ((map->flags & MAP_ASLR) != 0) {
1360 maxv1 = maxv / 2 + addr / 2;
1361 error = __CONCAT(rnd_, __elfN(base))(map, addr, maxv1,
1362 (MAXPAGESIZES > 1 && pagesizes[1] != 0) ?
1363 pagesizes[1] : pagesizes[0], &anon_loc);
1364 if (error != 0)
1365 goto ret;
1366 map->anon_loc = anon_loc;
1367 } else {
1368 map->anon_loc = addr;
1369 }
1370
1371 entry = (u_long)hdr->e_entry + et_dyn_addr;
1372 imgp->entry_addr = entry;
1373
1374 if (interp != NULL) {
1375 VOP_UNLOCK(imgp->vp);
1376 if ((map->flags & MAP_ASLR) != 0) {
1377 /* Assume that interpreter fits into 1/4 of AS */
1378 maxv1 = maxv / 2 + addr / 2;
1379 error = __CONCAT(rnd_, __elfN(base))(map, addr,
1380 maxv1, PAGE_SIZE, &addr);
1381 }
1382 if (error == 0) {
1383 error = __elfN(load_interp)(imgp, brand_info, interp,
1384 &addr, &imgp->entry_addr);
1385 }
1386 vn_lock(imgp->vp, LK_SHARED | LK_RETRY);
1387 if (error != 0)
1388 goto ret;
1389 } else
1390 addr = et_dyn_addr;
1391
1392 error = exec_map_stack(imgp);
1393 if (error != 0)
1394 goto ret;
1395
1396 /*
1397 * Construct auxargs table (used by the copyout_auxargs routine)
1398 */
1399 elf_auxargs = malloc(sizeof(Elf_Auxargs), M_TEMP, M_NOWAIT);
1400 if (elf_auxargs == NULL) {
1401 VOP_UNLOCK(imgp->vp);
1402 elf_auxargs = malloc(sizeof(Elf_Auxargs), M_TEMP, M_WAITOK);
1403 vn_lock(imgp->vp, LK_SHARED | LK_RETRY);
1404 }
1405 elf_auxargs->execfd = -1;
1406 elf_auxargs->phdr = proghdr + et_dyn_addr;
1407 elf_auxargs->phent = hdr->e_phentsize;
1408 elf_auxargs->phnum = hdr->e_phnum;
1409 elf_auxargs->pagesz = PAGE_SIZE;
1410 elf_auxargs->base = addr;
1411 elf_auxargs->flags = 0;
1412 elf_auxargs->entry = entry;
1413 elf_auxargs->hdr_eflags = hdr->e_flags;
1414
1415 imgp->auxargs = elf_auxargs;
1416 imgp->interpreted = 0;
1417 imgp->reloc_base = addr;
1418 imgp->proc->p_osrel = osrel;
1419 imgp->proc->p_fctl0 = fctl0;
1420 imgp->proc->p_elf_flags = hdr->e_flags;
1421
1422ret:
1423 ASSERT_VOP_LOCKED(imgp->vp, "skipped relock");
1424 if (free_interp)
1425 free(interp, M_TEMP);
1426 return (error);
1427}
1428
1429#define elf_suword __CONCAT(suword, __ELF_WORD_SIZE)
1430
1431int
1432__elfN(freebsd_copyout_auxargs)(struct image_params *imgp, uintptr_t base)
1433{
1434 Elf_Auxargs *args = (Elf_Auxargs *)imgp->auxargs;
1435 Elf_Auxinfo *argarray, *pos;
1436 int error;
1437
1438 argarray = pos = malloc(AT_COUNT * sizeof(*pos), M_TEMP,
1439 M_WAITOK | M_ZERO);
1440
1441 if (args->execfd != -1)
1442 AUXARGS_ENTRY(pos, AT_EXECFD, args->execfd);
1443 AUXARGS_ENTRY(pos, AT_PHDR, args->phdr);
1444 AUXARGS_ENTRY(pos, AT_PHENT, args->phent);
1445 AUXARGS_ENTRY(pos, AT_PHNUM, args->phnum);
1446 AUXARGS_ENTRY(pos, AT_PAGESZ, args->pagesz);
1447 AUXARGS_ENTRY(pos, AT_FLAGS, args->flags);
1448 AUXARGS_ENTRY(pos, AT_ENTRY, args->entry);
1449 AUXARGS_ENTRY(pos, AT_BASE, args->base);
1450 AUXARGS_ENTRY(pos, AT_EHDRFLAGS, args->hdr_eflags);
1451 if (imgp->execpathp != 0)
1452 AUXARGS_ENTRY_PTR(pos, AT_EXECPATH, imgp->execpathp);
1453 AUXARGS_ENTRY(pos, AT_OSRELDATE,
1454 imgp->proc->p_ucred->cr_prison->pr_osreldate);
1455 if (imgp->canary != 0) {
1456 AUXARGS_ENTRY_PTR(pos, AT_CANARY, imgp->canary);
1457 AUXARGS_ENTRY(pos, AT_CANARYLEN, imgp->canarylen);
1458 }
1459 AUXARGS_ENTRY(pos, AT_NCPUS, mp_ncpus);
1460 if (imgp->pagesizes != 0) {
1461 AUXARGS_ENTRY_PTR(pos, AT_PAGESIZES, imgp->pagesizes);
1462 AUXARGS_ENTRY(pos, AT_PAGESIZESLEN, imgp->pagesizeslen);
1463 }
1464 if (imgp->sysent->sv_timekeep_base != 0) {
1465 AUXARGS_ENTRY(pos, AT_TIMEKEEP,
1466 imgp->sysent->sv_timekeep_base);
1467 }
1468 AUXARGS_ENTRY(pos, AT_STACKPROT, imgp->sysent->sv_shared_page_obj
1469 != NULL && imgp->stack_prot != 0 ? imgp->stack_prot :
1470 imgp->sysent->sv_stackprot);
1471 if (imgp->sysent->sv_hwcap != NULL)
1472 AUXARGS_ENTRY(pos, AT_HWCAP, *imgp->sysent->sv_hwcap);
1473 if (imgp->sysent->sv_hwcap2 != NULL)
1474 AUXARGS_ENTRY(pos, AT_HWCAP2, *imgp->sysent->sv_hwcap2);
1475 AUXARGS_ENTRY(pos, AT_BSDFLAGS, __elfN(sigfastblock) ?
1476 ELF_BSDF_SIGFASTBLK : 0);
1477 AUXARGS_ENTRY(pos, AT_ARGC, imgp->args->argc);
1478 AUXARGS_ENTRY_PTR(pos, AT_ARGV, imgp->argv);
1479 AUXARGS_ENTRY(pos, AT_ENVC, imgp->args->envc);
1480 AUXARGS_ENTRY_PTR(pos, AT_ENVV, imgp->envv);
1481 AUXARGS_ENTRY_PTR(pos, AT_PS_STRINGS, imgp->ps_strings);
1482 if (imgp->sysent->sv_fxrng_gen_base != 0)
1483 AUXARGS_ENTRY(pos, AT_FXRNG, imgp->sysent->sv_fxrng_gen_base);
1484 if (imgp->sysent->sv_vdso_base != 0 && __elfN(vdso) != 0)
1485 AUXARGS_ENTRY(pos, AT_KPRELOAD, imgp->sysent->sv_vdso_base);
1486 AUXARGS_ENTRY(pos, AT_NULL, 0);
1487
1488 free(imgp->auxargs, M_TEMP);
1489 imgp->auxargs = NULL;
1490 KASSERT(pos - argarray <= AT_COUNT, ("Too many auxargs"));
1491
1492 error = copyout(argarray, (void *)base, sizeof(*argarray) * AT_COUNT);
1493 free(argarray, M_TEMP);
1494 return (error);
1495}
1496
1497int
1498__elfN(freebsd_fixup)(uintptr_t *stack_base, struct image_params *imgp)
1499{
1500 Elf_Addr *base;
1501
1502 base = (Elf_Addr *)*stack_base;
1503 base--;
1504 if (elf_suword(base, imgp->args->argc) == -1)
1505 return (EFAULT);
1506 *stack_base = (uintptr_t)base;
1507 return (0);
1508}
1509
1510/*
1511 * Code for generating ELF core dumps.
1512 */
1513
1514typedef void (*segment_callback)(vm_map_entry_t, void *);
1515
1516/* Closure for cb_put_phdr(). */
1517struct phdr_closure {
1518 Elf_Phdr *phdr; /* Program header to fill in */
1519 Elf_Off offset; /* Offset of segment in core file */
1520};
1521
1522struct note_info {
1523 int type; /* Note type. */
1524 struct regset *regset; /* Register set. */
1525 outfunc_t outfunc; /* Output function. */
1526 void *outarg; /* Argument for the output function. */
1527 size_t outsize; /* Output size. */
1528 TAILQ_ENTRY(note_info) link; /* Link to the next note info. */
1529};
1530
1531TAILQ_HEAD(note_info_list, note_info);
1532
1533extern int compress_user_cores;
1534extern int compress_user_cores_level;
1535
1536static void cb_put_phdr(vm_map_entry_t, void *);
1537static void cb_size_segment(vm_map_entry_t, void *);
1538static void each_dumpable_segment(struct thread *, segment_callback, void *,
1539 int);
1540static int __elfN(corehdr)(struct coredump_params *, int, void *, size_t,
1541 struct note_info_list *, size_t, int);
1542static void __elfN(putnote)(struct thread *td, struct note_info *, struct sbuf *);
1543
1544static void __elfN(note_prpsinfo)(void *, struct sbuf *, size_t *);
1545static void __elfN(note_threadmd)(void *, struct sbuf *, size_t *);
1546static void __elfN(note_thrmisc)(void *, struct sbuf *, size_t *);
1547static void __elfN(note_ptlwpinfo)(void *, struct sbuf *, size_t *);
1548static void __elfN(note_procstat_auxv)(void *, struct sbuf *, size_t *);
1549static void __elfN(note_procstat_proc)(void *, struct sbuf *, size_t *);
1550static void __elfN(note_procstat_psstrings)(void *, struct sbuf *, size_t *);
1551static void note_procstat_files(void *, struct sbuf *, size_t *);
1552static void note_procstat_groups(void *, struct sbuf *, size_t *);
1553static void note_procstat_osrel(void *, struct sbuf *, size_t *);
1554static void note_procstat_rlimit(void *, struct sbuf *, size_t *);
1555static void note_procstat_umask(void *, struct sbuf *, size_t *);
1556static void note_procstat_vmmap(void *, struct sbuf *, size_t *);
1557
1558static int
1559core_compressed_write(void *base, size_t len, off_t offset, void *arg)
1560{
1561
1562 return (core_write((struct coredump_params *)arg, base, len, offset,
1563 UIO_SYSSPACE, NULL));
1564}
1565
1566int
1567__elfN(coredump)(struct thread *td, struct vnode *vp, off_t limit, int flags)
1568{
1569 struct ucred *cred = td->td_ucred;
1570 int compm, error = 0;
1571 struct sseg_closure seginfo;
1572 struct note_info_list notelst;
1573 struct coredump_params params;
1574 struct note_info *ninfo;
1575 void *hdr, *tmpbuf;
1576 size_t hdrsize, notesz, coresize;
1577
1578 hdr = NULL;
1579 tmpbuf = NULL;
1580 TAILQ_INIT(&notelst);
1581
1582 /* Size the program segments. */
1583 __elfN(size_segments)(td, &seginfo, flags);
1584
1585 /*
1586 * Collect info about the core file header area.
1587 */
1588 hdrsize = sizeof(Elf_Ehdr) + sizeof(Elf_Phdr) * (1 + seginfo.count);
1589 if (seginfo.count + 1 >= PN_XNUM)
1590 hdrsize += sizeof(Elf_Shdr);
1591 td->td_proc->p_sysent->sv_elf_core_prepare_notes(td, &notelst, &notesz);
1592 coresize = round_page(hdrsize + notesz) + seginfo.size;
1593
1594 /* Set up core dump parameters. */
1595 params.offset = 0;
1596 params.active_cred = cred;
1597 params.file_cred = NOCRED;
1598 params.td = td;
1599 params.vp = vp;
1600 params.comp = NULL;
1601
1602#ifdef RACCT
1603 if (racct_enable) {
1604 PROC_LOCK(td->td_proc);
1605 error = racct_add(td->td_proc, RACCT_CORE, coresize);
1606 PROC_UNLOCK(td->td_proc);
1607 if (error != 0) {
1608 error = EFAULT;
1609 goto done;
1610 }
1611 }
1612#endif
1613 if (coresize >= limit) {
1614 error = EFAULT;
1615 goto done;
1616 }
1617
1618 /* Create a compression stream if necessary. */
1619 compm = compress_user_cores;
1620 if ((flags & (SVC_PT_COREDUMP | SVC_NOCOMPRESS)) == SVC_PT_COREDUMP &&
1621 compm == 0)
1622 compm = COMPRESS_GZIP;
1623 if (compm != 0) {
1624 params.comp = compressor_init(core_compressed_write,
1625 compm, CORE_BUF_SIZE,
1626 compress_user_cores_level, &params);
1627 if (params.comp == NULL) {
1628 error = EFAULT;
1629 goto done;
1630 }
1631 tmpbuf = malloc(CORE_BUF_SIZE, M_TEMP, M_WAITOK | M_ZERO);
1632 }
1633
1634 /*
1635 * Allocate memory for building the header, fill it up,
1636 * and write it out following the notes.
1637 */
1638 hdr = malloc(hdrsize, M_TEMP, M_WAITOK);
1639 error = __elfN(corehdr)(&params, seginfo.count, hdr, hdrsize, &notelst,
1640 notesz, flags);
1641
1642 /* Write the contents of all of the writable segments. */
1643 if (error == 0) {
1644 Elf_Phdr *php;
1645 off_t offset;
1646 int i;
1647
1648 php = (Elf_Phdr *)((char *)hdr + sizeof(Elf_Ehdr)) + 1;
1649 offset = round_page(hdrsize + notesz);
1650 for (i = 0; i < seginfo.count; i++) {
1651 error = core_output((char *)(uintptr_t)php->p_vaddr,
1652 php->p_filesz, offset, &params, tmpbuf);
1653 if (error != 0)
1654 break;
1655 offset += php->p_filesz;
1656 php++;
1657 }
1658 if (error == 0 && params.comp != NULL)
1659 error = compressor_flush(params.comp);
1660 }
1661 if (error) {
1662 log(LOG_WARNING,
1663 "Failed to write core file for process %s (error %d)\n",
1664 curproc->p_comm, error);
1665 }
1666
1667done:
1668 free(tmpbuf, M_TEMP);
1669 if (params.comp != NULL)
1670 compressor_fini(params.comp);
1671 while ((ninfo = TAILQ_FIRST(&notelst)) != NULL) {
1672 TAILQ_REMOVE(&notelst, ninfo, link);
1673 free(ninfo, M_TEMP);
1674 }
1675 if (hdr != NULL)
1676 free(hdr, M_TEMP);
1677
1678 return (error);
1679}
1680
1681/*
1682 * A callback for each_dumpable_segment() to write out the segment's
1683 * program header entry.
1684 */
1685static void
1686cb_put_phdr(vm_map_entry_t entry, void *closure)
1687{
1688 struct phdr_closure *phc = (struct phdr_closure *)closure;
1689 Elf_Phdr *phdr = phc->phdr;
1690
1691 phc->offset = round_page(phc->offset);
1692
1693 phdr->p_type = PT_LOAD;
1694 phdr->p_offset = phc->offset;
1695 phdr->p_vaddr = entry->start;
1696 phdr->p_paddr = 0;
1697 phdr->p_filesz = phdr->p_memsz = entry->end - entry->start;
1698 phdr->p_align = PAGE_SIZE;
1699 phdr->p_flags = __elfN(untrans_prot)(entry->protection);
1700
1701 phc->offset += phdr->p_filesz;
1702 phc->phdr++;
1703}
1704
1705/*
1706 * A callback for each_dumpable_segment() to gather information about
1707 * the number of segments and their total size.
1708 */
1709static void
1710cb_size_segment(vm_map_entry_t entry, void *closure)
1711{
1712 struct sseg_closure *ssc = (struct sseg_closure *)closure;
1713
1714 ssc->count++;
1715 ssc->size += entry->end - entry->start;
1716}
1717
1718void
1719__elfN(size_segments)(struct thread *td, struct sseg_closure *seginfo,
1720 int flags)
1721{
1722 seginfo->count = 0;
1723 seginfo->size = 0;
1724
1725 each_dumpable_segment(td, cb_size_segment, seginfo, flags);
1726}
1727
1728/*
1729 * For each writable segment in the process's memory map, call the given
1730 * function with a pointer to the map entry and some arbitrary
1731 * caller-supplied data.
1732 */
1733static void
1734each_dumpable_segment(struct thread *td, segment_callback func, void *closure,
1735 int flags)
1736{
1737 struct proc *p = td->td_proc;
1738 vm_map_t map = &p->p_vmspace->vm_map;
1739 vm_map_entry_t entry;
1740 vm_object_t backing_object, object;
1741 bool ignore_entry;
1742
1743 vm_map_lock_read(map);
1744 VM_MAP_ENTRY_FOREACH(entry, map) {
1745 /*
1746 * Don't dump inaccessible mappings, deal with legacy
1747 * coredump mode.
1748 *
1749 * Note that read-only segments related to the elf binary
1750 * are marked MAP_ENTRY_NOCOREDUMP now so we no longer
1751 * need to arbitrarily ignore such segments.
1752 */
1753 if ((flags & SVC_ALL) == 0) {
1754 if (elf_legacy_coredump) {
1755 if ((entry->protection & VM_PROT_RW) !=
1756 VM_PROT_RW)
1757 continue;
1758 } else {
1759 if ((entry->protection & VM_PROT_ALL) == 0)
1760 continue;
1761 }
1762 }
1763
1764 /*
1765 * Dont include memory segment in the coredump if
1766 * MAP_NOCORE is set in mmap(2) or MADV_NOCORE in
1767 * madvise(2). Do not dump submaps (i.e. parts of the
1768 * kernel map).
1769 */
1770 if ((entry->eflags & MAP_ENTRY_IS_SUB_MAP) != 0)
1771 continue;
1772 if ((entry->eflags & MAP_ENTRY_NOCOREDUMP) != 0 &&
1773 (flags & SVC_ALL) == 0)
1774 continue;
1775 if ((object = entry->object.vm_object) == NULL)
1776 continue;
1777
1778 /* Ignore memory-mapped devices and such things. */
1779 VM_OBJECT_RLOCK(object);
1780 while ((backing_object = object->backing_object) != NULL) {
1781 VM_OBJECT_RLOCK(backing_object);
1782 VM_OBJECT_RUNLOCK(object);
1783 object = backing_object;
1784 }
1785 ignore_entry = (object->flags & OBJ_FICTITIOUS) != 0;
1786 VM_OBJECT_RUNLOCK(object);
1787 if (ignore_entry)
1788 continue;
1789
1790 (*func)(entry, closure);
1791 }
1792 vm_map_unlock_read(map);
1793}
1794
1795/*
1796 * Write the core file header to the file, including padding up to
1797 * the page boundary.
1798 */
1799static int
1800__elfN(corehdr)(struct coredump_params *p, int numsegs, void *hdr,
1801 size_t hdrsize, struct note_info_list *notelst, size_t notesz,
1802 int flags)
1803{
1804 struct note_info *ninfo;
1805 struct sbuf *sb;
1806 int error;
1807
1808 /* Fill in the header. */
1809 bzero(hdr, hdrsize);
1810 __elfN(puthdr)(p->td, hdr, hdrsize, numsegs, notesz, flags);
1811
1812 sb = sbuf_new(NULL, NULL, CORE_BUF_SIZE, SBUF_FIXEDLEN);
1813 sbuf_set_drain(sb, sbuf_drain_core_output, p);
1814 sbuf_start_section(sb, NULL);
1815 sbuf_bcat(sb, hdr, hdrsize);
1816 TAILQ_FOREACH(ninfo, notelst, link)
1817 __elfN(putnote)(p->td, ninfo, sb);
1818 /* Align up to a page boundary for the program segments. */
1819 sbuf_end_section(sb, -1, PAGE_SIZE, 0);
1820 error = sbuf_finish(sb);
1821 sbuf_delete(sb);
1822
1823 return (error);
1824}
1825
1826void
1827__elfN(prepare_notes)(struct thread *td, struct note_info_list *list,
1828 size_t *sizep)
1829{
1830 struct proc *p;
1831 struct thread *thr;
1832 size_t size;
1833
1834 p = td->td_proc;
1835 size = 0;
1836
1837 size += __elfN(register_note)(td, list, NT_PRPSINFO,
1838 __elfN(note_prpsinfo), p);
1839
1840 /*
1841 * To have the debugger select the right thread (LWP) as the initial
1842 * thread, we dump the state of the thread passed to us in td first.
1843 * This is the thread that causes the core dump and thus likely to
1844 * be the right thread one wants to have selected in the debugger.
1845 */
1846 thr = td;
1847 while (thr != NULL) {
1848 size += __elfN(prepare_register_notes)(td, list, thr);
1849 size += __elfN(register_note)(td, list, NT_THRMISC,
1850 __elfN(note_thrmisc), thr);
1851 size += __elfN(register_note)(td, list, NT_PTLWPINFO,
1852 __elfN(note_ptlwpinfo), thr);
1853 size += __elfN(register_note)(td, list, -1,
1854 __elfN(note_threadmd), thr);
1855
1856 thr = thr == td ? TAILQ_FIRST(&p->p_threads) :
1857 TAILQ_NEXT(thr, td_plist);
1858 if (thr == td)
1859 thr = TAILQ_NEXT(thr, td_plist);
1860 }
1861
1862 size += __elfN(register_note)(td, list, NT_PROCSTAT_PROC,
1863 __elfN(note_procstat_proc), p);
1864 size += __elfN(register_note)(td, list, NT_PROCSTAT_FILES,
1865 note_procstat_files, p);
1866 size += __elfN(register_note)(td, list, NT_PROCSTAT_VMMAP,
1867 note_procstat_vmmap, p);
1868 size += __elfN(register_note)(td, list, NT_PROCSTAT_GROUPS,
1869 note_procstat_groups, p);
1870 size += __elfN(register_note)(td, list, NT_PROCSTAT_UMASK,
1871 note_procstat_umask, p);
1872 size += __elfN(register_note)(td, list, NT_PROCSTAT_RLIMIT,
1873 note_procstat_rlimit, p);
1874 size += __elfN(register_note)(td, list, NT_PROCSTAT_OSREL,
1875 note_procstat_osrel, p);
1876 size += __elfN(register_note)(td, list, NT_PROCSTAT_PSSTRINGS,
1877 __elfN(note_procstat_psstrings), p);
1878 size += __elfN(register_note)(td, list, NT_PROCSTAT_AUXV,
1879 __elfN(note_procstat_auxv), p);
1880
1881 *sizep = size;
1882}
1883
1884void
1885__elfN(puthdr)(struct thread *td, void *hdr, size_t hdrsize, int numsegs,
1886 size_t notesz, int flags)
1887{
1888 Elf_Ehdr *ehdr;
1889 Elf_Phdr *phdr;
1890 Elf_Shdr *shdr;
1891 struct phdr_closure phc;
1892 Elf_Brandinfo *bi;
1893
1894 ehdr = (Elf_Ehdr *)hdr;
1895 bi = td->td_proc->p_elf_brandinfo;
1896
1897 ehdr->e_ident[EI_MAG0] = ELFMAG0;
1898 ehdr->e_ident[EI_MAG1] = ELFMAG1;
1899 ehdr->e_ident[EI_MAG2] = ELFMAG2;
1900 ehdr->e_ident[EI_MAG3] = ELFMAG3;
1901 ehdr->e_ident[EI_CLASS] = ELF_CLASS;
1902 ehdr->e_ident[EI_DATA] = ELF_DATA;
1903 ehdr->e_ident[EI_VERSION] = EV_CURRENT;
1904 ehdr->e_ident[EI_OSABI] = td->td_proc->p_sysent->sv_elf_core_osabi;
1905 ehdr->e_ident[EI_ABIVERSION] = 0;
1906 ehdr->e_ident[EI_PAD] = 0;
1907 ehdr->e_type = ET_CORE;
1908 ehdr->e_machine = bi->machine;
1909 ehdr->e_version = EV_CURRENT;
1910 ehdr->e_entry = 0;
1911 ehdr->e_phoff = sizeof(Elf_Ehdr);
1912 ehdr->e_flags = td->td_proc->p_elf_flags;
1913 ehdr->e_ehsize = sizeof(Elf_Ehdr);
1914 ehdr->e_phentsize = sizeof(Elf_Phdr);
1915 ehdr->e_shentsize = sizeof(Elf_Shdr);
1916 ehdr->e_shstrndx = SHN_UNDEF;
1917 if (numsegs + 1 < PN_XNUM) {
1918 ehdr->e_phnum = numsegs + 1;
1919 ehdr->e_shnum = 0;
1920 } else {
1921 ehdr->e_phnum = PN_XNUM;
1922 ehdr->e_shnum = 1;
1923
1924 ehdr->e_shoff = ehdr->e_phoff +
1925 (numsegs + 1) * ehdr->e_phentsize;
1926 KASSERT(ehdr->e_shoff == hdrsize - sizeof(Elf_Shdr),
1927 ("e_shoff: %zu, hdrsize - shdr: %zu",
1928 (size_t)ehdr->e_shoff, hdrsize - sizeof(Elf_Shdr)));
1929
1930 shdr = (Elf_Shdr *)((char *)hdr + ehdr->e_shoff);
1931 memset(shdr, 0, sizeof(*shdr));
1932 /*
1933 * A special first section is used to hold large segment and
1934 * section counts. This was proposed by Sun Microsystems in
1935 * Solaris and has been adopted by Linux; the standard ELF
1936 * tools are already familiar with the technique.
1937 *
1938 * See table 7-7 of the Solaris "Linker and Libraries Guide"
1939 * (or 12-7 depending on the version of the document) for more
1940 * details.
1941 */
1942 shdr->sh_type = SHT_NULL;
1943 shdr->sh_size = ehdr->e_shnum;
1944 shdr->sh_link = ehdr->e_shstrndx;
1945 shdr->sh_info = numsegs + 1;
1946 }
1947
1948 /*
1949 * Fill in the program header entries.
1950 */
1951 phdr = (Elf_Phdr *)((char *)hdr + ehdr->e_phoff);
1952
1953 /* The note segement. */
1954 phdr->p_type = PT_NOTE;
1955 phdr->p_offset = hdrsize;
1956 phdr->p_vaddr = 0;
1957 phdr->p_paddr = 0;
1958 phdr->p_filesz = notesz;
1959 phdr->p_memsz = 0;
1960 phdr->p_flags = PF_R;
1961 phdr->p_align = ELF_NOTE_ROUNDSIZE;
1962 phdr++;
1963
1964 /* All the writable segments from the program. */
1965 phc.phdr = phdr;
1966 phc.offset = round_page(hdrsize + notesz);
1967 each_dumpable_segment(td, cb_put_phdr, &phc, flags);
1968}
1969
1970static size_t
1971__elfN(register_regset_note)(struct thread *td, struct note_info_list *list,
1972 struct regset *regset, struct thread *target_td)
1973{
1974 const struct sysentvec *sv;
1975 struct note_info *ninfo;
1976 size_t size, notesize;
1977
1978 size = 0;
1979 if (!regset->get(regset, target_td, NULL, &size) || size == 0)
1980 return (0);
1981
1982 ninfo = malloc(sizeof(*ninfo), M_TEMP, M_ZERO | M_WAITOK);
1983 ninfo->type = regset->note;
1984 ninfo->regset = regset;
1985 ninfo->outarg = target_td;
1986 ninfo->outsize = size;
1987 TAILQ_INSERT_TAIL(list, ninfo, link);
1988
1989 sv = td->td_proc->p_sysent;
1990 notesize = sizeof(Elf_Note) + /* note header */
1991 roundup2(strlen(sv->sv_elf_core_abi_vendor) + 1, ELF_NOTE_ROUNDSIZE) +
1992 /* note name */
1993 roundup2(size, ELF_NOTE_ROUNDSIZE); /* note description */
1994
1995 return (notesize);
1996}
1997
1998size_t
1999__elfN(register_note)(struct thread *td, struct note_info_list *list,
2000 int type, outfunc_t out, void *arg)
2001{
2002 const struct sysentvec *sv;
2003 struct note_info *ninfo;
2004 size_t size, notesize;
2005
2006 sv = td->td_proc->p_sysent;
2007 size = 0;
2008 out(arg, NULL, &size);
2009 ninfo = malloc(sizeof(*ninfo), M_TEMP, M_ZERO | M_WAITOK);
2010 ninfo->type = type;
2011 ninfo->outfunc = out;
2012 ninfo->outarg = arg;
2013 ninfo->outsize = size;
2014 TAILQ_INSERT_TAIL(list, ninfo, link);
2015
2016 if (type == -1)
2017 return (size);
2018
2019 notesize = sizeof(Elf_Note) + /* note header */
2020 roundup2(strlen(sv->sv_elf_core_abi_vendor) + 1, ELF_NOTE_ROUNDSIZE) +
2021 /* note name */
2022 roundup2(size, ELF_NOTE_ROUNDSIZE); /* note description */
2023
2024 return (notesize);
2025}
2026
2027static size_t
2028append_note_data(const void *src, void *dst, size_t len)
2029{
2030 size_t padded_len;
2031
2032 padded_len = roundup2(len, ELF_NOTE_ROUNDSIZE);
2033 if (dst != NULL) {
2034 bcopy(src, dst, len);
2035 bzero((char *)dst + len, padded_len - len);
2036 }
2037 return (padded_len);
2038}
2039
2040size_t
2041__elfN(populate_note)(int type, void *src, void *dst, size_t size, void **descp)
2042{
2043 Elf_Note *note;
2044 char *buf;
2045 size_t notesize;
2046
2047 buf = dst;
2048 if (buf != NULL) {
2049 note = (Elf_Note *)buf;
2050 note->n_namesz = sizeof(FREEBSD_ABI_VENDOR);
2051 note->n_descsz = size;
2052 note->n_type = type;
2053 buf += sizeof(*note);
2054 buf += append_note_data(FREEBSD_ABI_VENDOR, buf,
2055 sizeof(FREEBSD_ABI_VENDOR));
2056 append_note_data(src, buf, size);
2057 if (descp != NULL)
2058 *descp = buf;
2059 }
2060
2061 notesize = sizeof(Elf_Note) + /* note header */
2062 roundup2(sizeof(FREEBSD_ABI_VENDOR), ELF_NOTE_ROUNDSIZE) +
2063 /* note name */
2064 roundup2(size, ELF_NOTE_ROUNDSIZE); /* note description */
2065
2066 return (notesize);
2067}
2068
2069static void
2070__elfN(putnote)(struct thread *td, struct note_info *ninfo, struct sbuf *sb)
2071{
2072 Elf_Note note;
2073 const struct sysentvec *sv;
2074 ssize_t old_len, sect_len;
2075 size_t new_len, descsz, i;
2076
2077 if (ninfo->type == -1) {
2078 ninfo->outfunc(ninfo->outarg, sb, &ninfo->outsize);
2079 return;
2080 }
2081
2082 sv = td->td_proc->p_sysent;
2083
2084 note.n_namesz = strlen(sv->sv_elf_core_abi_vendor) + 1;
2085 note.n_descsz = ninfo->outsize;
2086 note.n_type = ninfo->type;
2087
2088 sbuf_bcat(sb, &note, sizeof(note));
2089 sbuf_start_section(sb, &old_len);
2090 sbuf_bcat(sb, sv->sv_elf_core_abi_vendor,
2091 strlen(sv->sv_elf_core_abi_vendor) + 1);
2092 sbuf_end_section(sb, old_len, ELF_NOTE_ROUNDSIZE, 0);
2093 if (note.n_descsz == 0)
2094 return;
2095 sbuf_start_section(sb, &old_len);
2096 if (ninfo->regset != NULL) {
2097 struct regset *regset = ninfo->regset;
2098 void *buf;
2099
2100 buf = malloc(ninfo->outsize, M_TEMP, M_ZERO | M_WAITOK);
2101 (void)regset->get(regset, ninfo->outarg, buf, &ninfo->outsize);
2102 sbuf_bcat(sb, buf, ninfo->outsize);
2103 free(buf, M_TEMP);
2104 } else
2105 ninfo->outfunc(ninfo->outarg, sb, &ninfo->outsize);
2106 sect_len = sbuf_end_section(sb, old_len, ELF_NOTE_ROUNDSIZE, 0);
2107 if (sect_len < 0)
2108 return;
2109
2110 new_len = (size_t)sect_len;
2111 descsz = roundup(note.n_descsz, ELF_NOTE_ROUNDSIZE);
2112 if (new_len < descsz) {
2113 /*
2114 * It is expected that individual note emitters will correctly
2115 * predict their expected output size and fill up to that size
2116 * themselves, padding in a format-specific way if needed.
2117 * However, in case they don't, just do it here with zeros.
2118 */
2119 for (i = 0; i < descsz - new_len; i++)
2120 sbuf_putc(sb, 0);
2121 } else if (new_len > descsz) {
2122 /*
2123 * We can't always truncate sb -- we may have drained some
2124 * of it already.
2125 */
2126 KASSERT(new_len == descsz, ("%s: Note type %u changed as we "
2127 "read it (%zu > %zu). Since it is longer than "
2128 "expected, this coredump's notes are corrupt. THIS "
2129 "IS A BUG in the note_procstat routine for type %u.\n",
2130 __func__, (unsigned)note.n_type, new_len, descsz,
2131 (unsigned)note.n_type));
2132 }
2133}
2134
2135/*
2136 * Miscellaneous note out functions.
2137 */
2138
2139#if defined(COMPAT_FREEBSD32) && __ELF_WORD_SIZE == 32
2140#include <compat/freebsd32/freebsd32.h>
2141#include <compat/freebsd32/freebsd32_signal.h>
2142
2143typedef struct prstatus32 elf_prstatus_t;
2144typedef struct prpsinfo32 elf_prpsinfo_t;
2145typedef struct fpreg32 elf_prfpregset_t;
2146typedef struct fpreg32 elf_fpregset_t;
2147typedef struct reg32 elf_gregset_t;
2148typedef struct thrmisc32 elf_thrmisc_t;
2149#define ELF_KERN_PROC_MASK KERN_PROC_MASK32
2150typedef struct kinfo_proc32 elf_kinfo_proc_t;
2151typedef uint32_t elf_ps_strings_t;
2152#else
2153typedef prstatus_t elf_prstatus_t;
2154typedef prpsinfo_t elf_prpsinfo_t;
2155typedef prfpregset_t elf_prfpregset_t;
2156typedef prfpregset_t elf_fpregset_t;
2157typedef gregset_t elf_gregset_t;
2158typedef thrmisc_t elf_thrmisc_t;
2159#define ELF_KERN_PROC_MASK 0
2160typedef struct kinfo_proc elf_kinfo_proc_t;
2161typedef vm_offset_t elf_ps_strings_t;
2162#endif
2163
2164static void
2165__elfN(note_prpsinfo)(void *arg, struct sbuf *sb, size_t *sizep)
2166{
2167 struct sbuf sbarg;
2168 size_t len;
2169 char *cp, *end;
2170 struct proc *p;
2171 elf_prpsinfo_t *psinfo;
2172 int error;
2173
2174 p = arg;
2175 if (sb != NULL) {
2176 KASSERT(*sizep == sizeof(*psinfo), ("invalid size"));
2177 psinfo = malloc(sizeof(*psinfo), M_TEMP, M_ZERO | M_WAITOK);
2178 psinfo->pr_version = PRPSINFO_VERSION;
2179 psinfo->pr_psinfosz = sizeof(elf_prpsinfo_t);
2180 strlcpy(psinfo->pr_fname, p->p_comm, sizeof(psinfo->pr_fname));
2181 PROC_LOCK(p);
2182 if (p->p_args != NULL) {
2183 len = sizeof(psinfo->pr_psargs) - 1;
2184 if (len > p->p_args->ar_length)
2185 len = p->p_args->ar_length;
2186 memcpy(psinfo->pr_psargs, p->p_args->ar_args, len);
2187 PROC_UNLOCK(p);
2188 error = 0;
2189 } else {
2190 _PHOLD(p);
2191 PROC_UNLOCK(p);
2192 sbuf_new(&sbarg, psinfo->pr_psargs,
2193 sizeof(psinfo->pr_psargs), SBUF_FIXEDLEN);
2194 error = proc_getargv(curthread, p, &sbarg);
2195 PRELE(p);
2196 if (sbuf_finish(&sbarg) == 0)
2197 len = sbuf_len(&sbarg) - 1;
2198 else
2199 len = sizeof(psinfo->pr_psargs) - 1;
2200 sbuf_delete(&sbarg);
2201 }
2202 if (error || len == 0)
2203 strlcpy(psinfo->pr_psargs, p->p_comm,
2204 sizeof(psinfo->pr_psargs));
2205 else {
2206 KASSERT(len < sizeof(psinfo->pr_psargs),
2207 ("len is too long: %zu vs %zu", len,
2208 sizeof(psinfo->pr_psargs)));
2209 cp = psinfo->pr_psargs;
2210 end = cp + len - 1;
2211 for (;;) {
2212 cp = memchr(cp, '\0', end - cp);
2213 if (cp == NULL)
2214 break;
2215 *cp = ' ';
2216 }
2217 }
2218 psinfo->pr_pid = p->p_pid;
2219 sbuf_bcat(sb, psinfo, sizeof(*psinfo));
2220 free(psinfo, M_TEMP);
2221 }
2222 *sizep = sizeof(*psinfo);
2223}
2224
2225static bool
2226__elfN(get_prstatus)(struct regset *rs, struct thread *td, void *buf,
2227 size_t *sizep)
2228{
2229 elf_prstatus_t *status;
2230
2231 if (buf != NULL) {
2232 KASSERT(*sizep == sizeof(*status), ("%s: invalid size",
2233 __func__));
2234 status = buf;
2235 status->pr_version = PRSTATUS_VERSION;
2236 status->pr_statussz = sizeof(elf_prstatus_t);
2237 status->pr_gregsetsz = sizeof(elf_gregset_t);
2238 status->pr_fpregsetsz = sizeof(elf_fpregset_t);
2239 status->pr_osreldate = osreldate;
2240 status->pr_cursig = td->td_proc->p_sig;
2241 status->pr_pid = td->td_tid;
2242#if defined(COMPAT_FREEBSD32) && __ELF_WORD_SIZE == 32
2243 fill_regs32(td, &status->pr_reg);
2244#else
2245 fill_regs(td, &status->pr_reg);
2246#endif
2247 }
2248 *sizep = sizeof(*status);
2249 return (true);
2250}
2251
2252static bool
2253__elfN(set_prstatus)(struct regset *rs, struct thread *td, void *buf,
2254 size_t size)
2255{
2256 elf_prstatus_t *status;
2257
2258 KASSERT(size == sizeof(*status), ("%s: invalid size", __func__));
2259 status = buf;
2260#if defined(COMPAT_FREEBSD32) && __ELF_WORD_SIZE == 32
2261 set_regs32(td, &status->pr_reg);
2262#else
2263 set_regs(td, &status->pr_reg);
2264#endif
2265 return (true);
2266}
2267
2268static struct regset __elfN(regset_prstatus) = {
2269 .note = NT_PRSTATUS,
2270 .size = sizeof(elf_prstatus_t),
2271 .get = __elfN(get_prstatus),
2272 .set = __elfN(set_prstatus),
2273};
2274ELF_REGSET(__elfN(regset_prstatus));
2275
2276static bool
2277__elfN(get_fpregset)(struct regset *rs, struct thread *td, void *buf,
2278 size_t *sizep)
2279{
2280 elf_prfpregset_t *fpregset;
2281
2282 if (buf != NULL) {
2283 KASSERT(*sizep == sizeof(*fpregset), ("%s: invalid size",
2284 __func__));
2285 fpregset = buf;
2286#if defined(COMPAT_FREEBSD32) && __ELF_WORD_SIZE == 32
2287 fill_fpregs32(td, fpregset);
2288#else
2289 fill_fpregs(td, fpregset);
2290#endif
2291 }
2292 *sizep = sizeof(*fpregset);
2293 return (true);
2294}
2295
2296static bool
2297__elfN(set_fpregset)(struct regset *rs, struct thread *td, void *buf,
2298 size_t size)
2299{
2300 elf_prfpregset_t *fpregset;
2301
2302 fpregset = buf;
2303 KASSERT(size == sizeof(*fpregset), ("%s: invalid size", __func__));
2304#if defined(COMPAT_FREEBSD32) && __ELF_WORD_SIZE == 32
2305 set_fpregs32(td, fpregset);
2306#else
2307 set_fpregs(td, fpregset);
2308#endif
2309 return (true);
2310}
2311
2312static struct regset __elfN(regset_fpregset) = {
2313 .note = NT_FPREGSET,
2314 .size = sizeof(elf_prfpregset_t),
2315 .get = __elfN(get_fpregset),
2316 .set = __elfN(set_fpregset),
2317};
2318ELF_REGSET(__elfN(regset_fpregset));
2319
2320static size_t
2321__elfN(prepare_register_notes)(struct thread *td, struct note_info_list *list,
2322 struct thread *target_td)
2323{
2324 struct sysentvec *sv = td->td_proc->p_sysent;
2325 struct regset **regsetp, **regset_end, *regset;
2326 size_t size;
2327
2328 size = 0;
2329
2330 /* NT_PRSTATUS must be the first register set note. */
2331 size += __elfN(register_regset_note)(td, list, &__elfN(regset_prstatus),
2332 target_td);
2333
2334 regsetp = sv->sv_regset_begin;
2335 if (regsetp == NULL) {
2336 /* XXX: This shouldn't be true for any FreeBSD ABIs. */
2337 size += __elfN(register_regset_note)(td, list,
2338 &__elfN(regset_fpregset), target_td);
2339 return (size);
2340 }
2341 regset_end = sv->sv_regset_end;
2342 MPASS(regset_end != NULL);
2343 for (; regsetp < regset_end; regsetp++) {
2344 regset = *regsetp;
2345 if (regset->note == NT_PRSTATUS)
2346 continue;
2347 size += __elfN(register_regset_note)(td, list, regset,
2348 target_td);
2349 }
2350 return (size);
2351}
2352
2353static void
2354__elfN(note_thrmisc)(void *arg, struct sbuf *sb, size_t *sizep)
2355{
2356 struct thread *td;
2357 elf_thrmisc_t thrmisc;
2358
2359 td = arg;
2360 if (sb != NULL) {
2361 KASSERT(*sizep == sizeof(thrmisc), ("invalid size"));
2362 bzero(&thrmisc, sizeof(thrmisc));
2363 strcpy(thrmisc.pr_tname, td->td_name);
2364 sbuf_bcat(sb, &thrmisc, sizeof(thrmisc));
2365 }
2366 *sizep = sizeof(thrmisc);
2367}
2368
2369static void
2370__elfN(note_ptlwpinfo)(void *arg, struct sbuf *sb, size_t *sizep)
2371{
2372 struct thread *td;
2373 size_t size;
2374 int structsize;
2375#if defined(COMPAT_FREEBSD32) && __ELF_WORD_SIZE == 32
2376 struct ptrace_lwpinfo32 pl;
2377#else
2378 struct ptrace_lwpinfo pl;
2379#endif
2380
2381 td = arg;
2382 size = sizeof(structsize) + sizeof(pl);
2383 if (sb != NULL) {
2384 KASSERT(*sizep == size, ("invalid size"));
2385 structsize = sizeof(pl);
2386 sbuf_bcat(sb, &structsize, sizeof(structsize));
2387 bzero(&pl, sizeof(pl));
2388 pl.pl_lwpid = td->td_tid;
2389 pl.pl_event = PL_EVENT_NONE;
2390 pl.pl_sigmask = td->td_sigmask;
2391 pl.pl_siglist = td->td_siglist;
2392 if (td->td_si.si_signo != 0) {
2393 pl.pl_event = PL_EVENT_SIGNAL;
2394 pl.pl_flags |= PL_FLAG_SI;
2395#if defined(COMPAT_FREEBSD32) && __ELF_WORD_SIZE == 32
2396 siginfo_to_siginfo32(&td->td_si, &pl.pl_siginfo);
2397#else
2398 pl.pl_siginfo = td->td_si;
2399#endif
2400 }
2401 strcpy(pl.pl_tdname, td->td_name);
2402 /* XXX TODO: supply more information in struct ptrace_lwpinfo*/
2403 sbuf_bcat(sb, &pl, sizeof(pl));
2404 }
2405 *sizep = size;
2406}
2407
2408/*
2409 * Allow for MD specific notes, as well as any MD
2410 * specific preparations for writing MI notes.
2411 */
2412static void
2413__elfN(note_threadmd)(void *arg, struct sbuf *sb, size_t *sizep)
2414{
2415 struct thread *td;
2416 void *buf;
2417 size_t size;
2418
2419 td = (struct thread *)arg;
2420 size = *sizep;
2421 if (size != 0 && sb != NULL)
2422 buf = malloc(size, M_TEMP, M_ZERO | M_WAITOK);
2423 else
2424 buf = NULL;
2425 size = 0;
2426 __elfN(dump_thread)(td, buf, &size);
2427 KASSERT(sb == NULL || *sizep == size, ("invalid size"));
2428 if (size != 0 && sb != NULL)
2429 sbuf_bcat(sb, buf, size);
2430 free(buf, M_TEMP);
2431 *sizep = size;
2432}
2433
2434#ifdef KINFO_PROC_SIZE
2435CTASSERT(sizeof(struct kinfo_proc) == KINFO_PROC_SIZE);
2436#endif
2437
2438static void
2439__elfN(note_procstat_proc)(void *arg, struct sbuf *sb, size_t *sizep)
2440{
2441 struct proc *p;
2442 size_t size;
2443 int structsize;
2444
2445 p = arg;
2446 size = sizeof(structsize) + p->p_numthreads *
2447 sizeof(elf_kinfo_proc_t);
2448
2449 if (sb != NULL) {
2450 KASSERT(*sizep == size, ("invalid size"));
2451 structsize = sizeof(elf_kinfo_proc_t);
2452 sbuf_bcat(sb, &structsize, sizeof(structsize));
2453 sx_slock(&proctree_lock);
2454 PROC_LOCK(p);
2455 kern_proc_out(p, sb, ELF_KERN_PROC_MASK);
2456 sx_sunlock(&proctree_lock);
2457 }
2458 *sizep = size;
2459}
2460
2461#ifdef KINFO_FILE_SIZE
2462CTASSERT(sizeof(struct kinfo_file) == KINFO_FILE_SIZE);
2463#endif
2464
2465static void
2466note_procstat_files(void *arg, struct sbuf *sb, size_t *sizep)
2467{
2468 struct proc *p;
2469 size_t size, sect_sz, i;
2470 ssize_t start_len, sect_len;
2471 int structsize, filedesc_flags;
2472
2473 if (coredump_pack_fileinfo)
2474 filedesc_flags = KERN_FILEDESC_PACK_KINFO;
2475 else
2476 filedesc_flags = 0;
2477
2478 p = arg;
2479 structsize = sizeof(struct kinfo_file);
2480 if (sb == NULL) {
2481 size = 0;
2482 sb = sbuf_new(NULL, NULL, 128, SBUF_FIXEDLEN);
2483 sbuf_set_drain(sb, sbuf_count_drain, &size);
2484 sbuf_bcat(sb, &structsize, sizeof(structsize));
2485 PROC_LOCK(p);
2486 kern_proc_filedesc_out(p, sb, -1, filedesc_flags);
2487 sbuf_finish(sb);
2488 sbuf_delete(sb);
2489 *sizep = size;
2490 } else {
2491 sbuf_start_section(sb, &start_len);
2492
2493 sbuf_bcat(sb, &structsize, sizeof(structsize));
2494 PROC_LOCK(p);
2495 kern_proc_filedesc_out(p, sb, *sizep - sizeof(structsize),
2496 filedesc_flags);
2497
2498 sect_len = sbuf_end_section(sb, start_len, 0, 0);
2499 if (sect_len < 0)
2500 return;
2501 sect_sz = sect_len;
2502
2503 KASSERT(sect_sz <= *sizep,
2504 ("kern_proc_filedesc_out did not respect maxlen; "
2505 "requested %zu, got %zu", *sizep - sizeof(structsize),
2506 sect_sz - sizeof(structsize)));
2507
2508 for (i = 0; i < *sizep - sect_sz && sb->s_error == 0; i++)
2509 sbuf_putc(sb, 0);
2510 }
2511}
2512
2513#ifdef KINFO_VMENTRY_SIZE
2514CTASSERT(sizeof(struct kinfo_vmentry) == KINFO_VMENTRY_SIZE);
2515#endif
2516
2517static void
2518note_procstat_vmmap(void *arg, struct sbuf *sb, size_t *sizep)
2519{
2520 struct proc *p;
2521 size_t size;
2522 int structsize, vmmap_flags;
2523
2524 if (coredump_pack_vmmapinfo)
2525 vmmap_flags = KERN_VMMAP_PACK_KINFO;
2526 else
2527 vmmap_flags = 0;
2528
2529 p = arg;
2530 structsize = sizeof(struct kinfo_vmentry);
2531 if (sb == NULL) {
2532 size = 0;
2533 sb = sbuf_new(NULL, NULL, 128, SBUF_FIXEDLEN);
2534 sbuf_set_drain(sb, sbuf_count_drain, &size);
2535 sbuf_bcat(sb, &structsize, sizeof(structsize));
2536 PROC_LOCK(p);
2537 kern_proc_vmmap_out(p, sb, -1, vmmap_flags);
2538 sbuf_finish(sb);
2539 sbuf_delete(sb);
2540 *sizep = size;
2541 } else {
2542 sbuf_bcat(sb, &structsize, sizeof(structsize));
2543 PROC_LOCK(p);
2544 kern_proc_vmmap_out(p, sb, *sizep - sizeof(structsize),
2545 vmmap_flags);
2546 }
2547}
2548
2549static void
2550note_procstat_groups(void *arg, struct sbuf *sb, size_t *sizep)
2551{
2552 struct proc *p;
2553 size_t size;
2554 int structsize;
2555
2556 p = arg;
2557 size = sizeof(structsize) + p->p_ucred->cr_ngroups * sizeof(gid_t);
2558 if (sb != NULL) {
2559 KASSERT(*sizep == size, ("invalid size"));
2560 structsize = sizeof(gid_t);
2561 sbuf_bcat(sb, &structsize, sizeof(structsize));
2562 sbuf_bcat(sb, p->p_ucred->cr_groups, p->p_ucred->cr_ngroups *
2563 sizeof(gid_t));
2564 }
2565 *sizep = size;
2566}
2567
2568static void
2569note_procstat_umask(void *arg, struct sbuf *sb, size_t *sizep)
2570{
2571 struct proc *p;
2572 size_t size;
2573 int structsize;
2574
2575 p = arg;
2576 size = sizeof(structsize) + sizeof(p->p_pd->pd_cmask);
2577 if (sb != NULL) {
2578 KASSERT(*sizep == size, ("invalid size"));
2579 structsize = sizeof(p->p_pd->pd_cmask);
2580 sbuf_bcat(sb, &structsize, sizeof(structsize));
2581 sbuf_bcat(sb, &p->p_pd->pd_cmask, sizeof(p->p_pd->pd_cmask));
2582 }
2583 *sizep = size;
2584}
2585
2586static void
2587note_procstat_rlimit(void *arg, struct sbuf *sb, size_t *sizep)
2588{
2589 struct proc *p;
2590 struct rlimit rlim[RLIM_NLIMITS];
2591 size_t size;
2592 int structsize, i;
2593
2594 p = arg;
2595 size = sizeof(structsize) + sizeof(rlim);
2596 if (sb != NULL) {
2597 KASSERT(*sizep == size, ("invalid size"));
2598 structsize = sizeof(rlim);
2599 sbuf_bcat(sb, &structsize, sizeof(structsize));
2600 PROC_LOCK(p);
2601 for (i = 0; i < RLIM_NLIMITS; i++)
2602 lim_rlimit_proc(p, i, &rlim[i]);
2603 PROC_UNLOCK(p);
2604 sbuf_bcat(sb, rlim, sizeof(rlim));
2605 }
2606 *sizep = size;
2607}
2608
2609static void
2610note_procstat_osrel(void *arg, struct sbuf *sb, size_t *sizep)
2611{
2612 struct proc *p;
2613 size_t size;
2614 int structsize;
2615
2616 p = arg;
2617 size = sizeof(structsize) + sizeof(p->p_osrel);
2618 if (sb != NULL) {
2619 KASSERT(*sizep == size, ("invalid size"));
2620 structsize = sizeof(p->p_osrel);
2621 sbuf_bcat(sb, &structsize, sizeof(structsize));
2622 sbuf_bcat(sb, &p->p_osrel, sizeof(p->p_osrel));
2623 }
2624 *sizep = size;
2625}
2626
2627static void
2628__elfN(note_procstat_psstrings)(void *arg, struct sbuf *sb, size_t *sizep)
2629{
2630 struct proc *p;
2631 elf_ps_strings_t ps_strings;
2632 size_t size;
2633 int structsize;
2634
2635 p = arg;
2636 size = sizeof(structsize) + sizeof(ps_strings);
2637 if (sb != NULL) {
2638 KASSERT(*sizep == size, ("invalid size"));
2639 structsize = sizeof(ps_strings);
2640#if defined(COMPAT_FREEBSD32) && __ELF_WORD_SIZE == 32
2641 ps_strings = PTROUT(PROC_PS_STRINGS(p));
2642#else
2643 ps_strings = PROC_PS_STRINGS(p);
2644#endif
2645 sbuf_bcat(sb, &structsize, sizeof(structsize));
2646 sbuf_bcat(sb, &ps_strings, sizeof(ps_strings));
2647 }
2648 *sizep = size;
2649}
2650
2651static void
2652__elfN(note_procstat_auxv)(void *arg, struct sbuf *sb, size_t *sizep)
2653{
2654 struct proc *p;
2655 size_t size;
2656 int structsize;
2657
2658 p = arg;
2659 if (sb == NULL) {
2660 size = 0;
2661 sb = sbuf_new(NULL, NULL, AT_COUNT * sizeof(Elf_Auxinfo),
2662 SBUF_FIXEDLEN);
2663 sbuf_set_drain(sb, sbuf_count_drain, &size);
2664 sbuf_bcat(sb, &structsize, sizeof(structsize));
2665 PHOLD(p);
2666 proc_getauxv(curthread, p, sb);
2667 PRELE(p);
2668 sbuf_finish(sb);
2669 sbuf_delete(sb);
2670 *sizep = size;
2671 } else {
2672 structsize = sizeof(Elf_Auxinfo);
2673 sbuf_bcat(sb, &structsize, sizeof(structsize));
2674 PHOLD(p);
2675 proc_getauxv(curthread, p, sb);
2676 PRELE(p);
2677 }
2678}
2679
2680static bool
2681__elfN(parse_notes)(struct image_params *imgp, Elf_Note *checknote,
2682 const char *note_vendor, const Elf_Phdr *pnote,
2683 bool (*cb)(const Elf_Note *, void *, bool *), void *cb_arg)
2684{
2685 const Elf_Note *note, *note0, *note_end;
2686 const char *note_name;
2687 char *buf;
2688 int i, error;
2689 bool res;
2690
2691 /* We need some limit, might as well use PAGE_SIZE. */
2692 if (pnote == NULL || pnote->p_filesz > PAGE_SIZE)
2693 return (false);
2694 ASSERT_VOP_LOCKED(imgp->vp, "parse_notes");
2695 if (pnote->p_offset > PAGE_SIZE ||
2696 pnote->p_filesz > PAGE_SIZE - pnote->p_offset) {
2697 buf = malloc(pnote->p_filesz, M_TEMP, M_NOWAIT);
2698 if (buf == NULL) {
2699 VOP_UNLOCK(imgp->vp);
2700 buf = malloc(pnote->p_filesz, M_TEMP, M_WAITOK);
2701 vn_lock(imgp->vp, LK_SHARED | LK_RETRY);
2702 }
2703 error = vn_rdwr(UIO_READ, imgp->vp, buf, pnote->p_filesz,
2704 pnote->p_offset, UIO_SYSSPACE, IO_NODELOCKED,
2705 curthread->td_ucred, NOCRED, NULL, curthread);
2706 if (error != 0) {
2707 uprintf("i/o error PT_NOTE\n");
2708 goto retf;
2709 }
2710 note = note0 = (const Elf_Note *)buf;
2711 note_end = (const Elf_Note *)(buf + pnote->p_filesz);
2712 } else {
2713 note = note0 = (const Elf_Note *)(imgp->image_header +
2714 pnote->p_offset);
2715 note_end = (const Elf_Note *)(imgp->image_header +
2716 pnote->p_offset + pnote->p_filesz);
2717 buf = NULL;
2718 }
2719 for (i = 0; i < 100 && note >= note0 && note < note_end; i++) {
2720 if (!aligned(note, Elf32_Addr) || (const char *)note_end -
2721 (const char *)note < sizeof(Elf_Note)) {
2722 goto retf;
2723 }
2724 if (note->n_namesz != checknote->n_namesz ||
2725 note->n_descsz != checknote->n_descsz ||
2726 note->n_type != checknote->n_type)
2727 goto nextnote;
2728 note_name = (const char *)(note + 1);
2729 if (note_name + checknote->n_namesz >=
2730 (const char *)note_end || strncmp(note_vendor,
2731 note_name, checknote->n_namesz) != 0)
2732 goto nextnote;
2733
2734 if (cb(note, cb_arg, &res))
2735 goto ret;
2736nextnote:
2737 note = (const Elf_Note *)((const char *)(note + 1) +
2738 roundup2(note->n_namesz, ELF_NOTE_ROUNDSIZE) +
2739 roundup2(note->n_descsz, ELF_NOTE_ROUNDSIZE));
2740 }
2741retf:
2742 res = false;
2743ret:
2744 free(buf, M_TEMP);
2745 return (res);
2746}
2747
2748struct brandnote_cb_arg {
2749 Elf_Brandnote *brandnote;
2750 int32_t *osrel;
2751};
2752
2753static bool
2754brandnote_cb(const Elf_Note *note, void *arg0, bool *res)
2755{
2756 struct brandnote_cb_arg *arg;
2757
2758 arg = arg0;
2759
2760 /*
2761 * Fetch the osreldate for binary from the ELF OSABI-note if
2762 * necessary.
2763 */
2764 *res = (arg->brandnote->flags & BN_TRANSLATE_OSREL) != 0 &&
2765 arg->brandnote->trans_osrel != NULL ?
2766 arg->brandnote->trans_osrel(note, arg->osrel) : true;
2767
2768 return (true);
2769}
2770
2771static Elf_Note fctl_note = {
2772 .n_namesz = sizeof(FREEBSD_ABI_VENDOR),
2773 .n_descsz = sizeof(uint32_t),
2774 .n_type = NT_FREEBSD_FEATURE_CTL,
2775};
2776
2777struct fctl_cb_arg {
2778 bool *has_fctl0;
2779 uint32_t *fctl0;
2780};
2781
2782static bool
2783note_fctl_cb(const Elf_Note *note, void *arg0, bool *res)
2784{
2785 struct fctl_cb_arg *arg;
2786 const Elf32_Word *desc;
2787 uintptr_t p;
2788
2789 arg = arg0;
2790 p = (uintptr_t)(note + 1);
2791 p += roundup2(note->n_namesz, ELF_NOTE_ROUNDSIZE);
2792 desc = (const Elf32_Word *)p;
2793 *arg->has_fctl0 = true;
2794 *arg->fctl0 = desc[0];
2795 *res = true;
2796 return (true);
2797}
2798
2799/*
2800 * Try to find the appropriate ABI-note section for checknote, fetch
2801 * the osreldate and feature control flags for binary from the ELF
2802 * OSABI-note. Only the first page of the image is searched, the same
2803 * as for headers.
2804 */
2805static bool
2806__elfN(check_note)(struct image_params *imgp, Elf_Brandnote *brandnote,
2807 int32_t *osrel, bool *has_fctl0, uint32_t *fctl0)
2808{
2809 const Elf_Phdr *phdr;
2810 const Elf_Ehdr *hdr;
2811 struct brandnote_cb_arg b_arg;
2812 struct fctl_cb_arg f_arg;
2813 int i, j;
2814
2815 hdr = (const Elf_Ehdr *)imgp->image_header;
2816 phdr = (const Elf_Phdr *)(imgp->image_header + hdr->e_phoff);
2817 b_arg.brandnote = brandnote;
2818 b_arg.osrel = osrel;
2819 f_arg.has_fctl0 = has_fctl0;
2820 f_arg.fctl0 = fctl0;
2821
2822 for (i = 0; i < hdr->e_phnum; i++) {
2823 if (phdr[i].p_type == PT_NOTE && __elfN(parse_notes)(imgp,
2824 &brandnote->hdr, brandnote->vendor, &phdr[i], brandnote_cb,
2825 &b_arg)) {
2826 for (j = 0; j < hdr->e_phnum; j++) {
2827 if (phdr[j].p_type == PT_NOTE &&
2828 __elfN(parse_notes)(imgp, &fctl_note,
2829 FREEBSD_ABI_VENDOR, &phdr[j],
2830 note_fctl_cb, &f_arg))
2831 break;
2832 }
2833 return (true);
2834 }
2835 }
2836 return (false);
2837
2838}
2839
2840/*
2841 * Tell kern_execve.c about it, with a little help from the linker.
2842 */
2843static struct execsw __elfN(execsw) = {
2844 .ex_imgact = __CONCAT(exec_, __elfN(imgact)),
2845 .ex_name = __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE))
2846};
2847EXEC_SET(__CONCAT(elf, __ELF_WORD_SIZE), __elfN(execsw));
2848
2849static vm_prot_t
2850__elfN(trans_prot)(Elf_Word flags)
2851{
2852 vm_prot_t prot;
2853
2854 prot = 0;
2855 if (flags & PF_X)
2856 prot |= VM_PROT_EXECUTE;
2857 if (flags & PF_W)
2858 prot |= VM_PROT_WRITE;
2859 if (flags & PF_R)
2860 prot |= VM_PROT_READ;
2861#if __ELF_WORD_SIZE == 32 && (defined(__amd64__) || defined(__i386__))
2862 if (i386_read_exec && (flags & PF_R))
2863 prot |= VM_PROT_EXECUTE;
2864#endif
2865 return (prot);
2866}
2867
2868static Elf_Word
2869__elfN(untrans_prot)(vm_prot_t prot)
2870{
2871 Elf_Word flags;
2872
2873 flags = 0;
2874 if (prot & VM_PROT_EXECUTE)
2875 flags |= PF_X;
2876 if (prot & VM_PROT_READ)
2877 flags |= PF_R;
2878 if (prot & VM_PROT_WRITE)
2879 flags |= PF_W;
2880 return (flags);
2881}
get
METHOD int get
Definition: cpufreq_if.m:52
type
device_property_type_t type
Definition: bus_if.m:941
__ELF_WORD_SIZE
#define __ELF_WORD_SIZE
Definition: imgact_elf32.c:32
ELF_NOTE_ROUNDSIZE
#define ELF_NOTE_ROUNDSIZE
Definition: imgact_elf.c:86
TAILQ_HEAD
TAILQ_HEAD(note_info_list, note_info)
ET_DYN_ADDR_RAND
#define ET_DYN_ADDR_RAND
Definition: imgact_elf.c:1102
load_interp
static int __elfN() load_interp(struct image_params *imgp, const Elf_Brandinfo *brand_info, const char *interp, u_long *addr, u_long *entry)
Definition: imgact_elf.c:1064
load_section
static int __elfN() load_section(struct image_params *imgp, vm_ooffset_t offset, caddr_t vmaddr, size_t memsz, size_t filsz, vm_prot_t prot)
Definition: imgact_elf.c:619
putnote
static void __elfN() putnote(struct thread *td, struct note_info *, struct sbuf *)
Definition: imgact_elf.c:2070
compress_user_cores_level
int compress_user_cores_level
Definition: kern_sig.c:3595
compress_user_cores
int compress_user_cores
Definition: kern_sig.c:3572
size_segments
void __elfN() size_segments(struct thread *td, struct sseg_closure *seginfo, int flags)
Definition: imgact_elf.c:1719
ASLR_NODE_OID
#define ASLR_NODE_OID
Definition: imgact_elf.c:173
set_fpregset
static bool __elfN() set_fpregset(struct regset *rs, struct thread *td, void *buf, size_t size)
Definition: imgact_elf.c:2297
cb_put_phdr
static void cb_put_phdr(vm_map_entry_t, void *)
Definition: imgact_elf.c:1686
get_interp
static int __elfN() get_interp(struct image_params *imgp, const Elf_Phdr *phdr, char **interpp, bool *free_interpp)
Definition: imgact_elf.c:998
freebsd_copyout_auxargs
int __elfN() freebsd_copyout_auxargs(struct image_params *imgp, uintptr_t base)
Definition: imgact_elf.c:1432
ELF_REGSET
ELF_REGSET(__elfN(regset_prstatus))
SYSCTL_NODE
SYSCTL_NODE(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, aslr, CTLFLAG_RW|CTLFLAG_MPSAFE, 0, "")
elf_suword
#define elf_suword
Definition: imgact_elf.c:1429
remove_brand_entry
int __elfN() remove_brand_entry(Elf_Brandinfo *entry)
Definition: imgact_elf.c:301
freebsd_fixup
int __elfN() freebsd_fixup(uintptr_t *stack_base, struct image_params *imgp)
Definition: imgact_elf.c:1498
elf_fpregset_t
prfpregset_t elf_fpregset_t
Definition: imgact_elf.c:2156
each_dumpable_segment
static void each_dumpable_segment(struct thread *, segment_callback, void *, int)
Definition: imgact_elf.c:1734
note_procstat_groups
static void note_procstat_groups(void *, struct sbuf *, size_t *)
Definition: imgact_elf.c:2550
note_prpsinfo
static void __elfN() note_prpsinfo(void *, struct sbuf *, size_t *)
Definition: imgact_elf.c:2165
prepare_notes
void __elfN() prepare_notes(struct thread *td, struct note_info_list *list, size_t *sizep)
Definition: imgact_elf.c:1827
SYSCTL_INT
SYSCTL_INT(ASLR_NODE_OID, OID_AUTO, enable, CTLFLAG_RWTUN, &__elfN(aslr_enabled), 0, ": enable address map randomization")
coredump
int __elfN() coredump(struct thread *td, struct vnode *vp, off_t limit, int flags)
Definition: imgact_elf.c:1567
elf_thrmisc_t
thrmisc_t elf_thrmisc_t
Definition: imgact_elf.c:2158
elf_prpsinfo_t
prpsinfo_t elf_prpsinfo_t
Definition: imgact_elf.c:2154
append_note_data
static size_t append_note_data(const void *src, void *dst, size_t len)
Definition: imgact_elf.c:2028
puthdr
void __elfN() puthdr(struct thread *td, void *hdr, size_t hdrsize, int numsegs, size_t notesz, int flags)
Definition: imgact_elf.c:1885
note_procstat_proc
static void __elfN() note_procstat_proc(void *, struct sbuf *, size_t *)
Definition: imgact_elf.c:2439
map_insert
static int __elfN() map_insert(struct image_params *imgp, vm_map_t map, vm_object_t object, vm_ooffset_t offset, vm_offset_t start, vm_offset_t end, vm_prot_t prot, int cow)
Definition: imgact_elf.c:547
elf_gregset_t
gregset_t elf_gregset_t
Definition: imgact_elf.c:2157
enforce_limits
static int __elfN() enforce_limits(struct image_params *imgp, const Elf_Ehdr *hdr, const Elf_Phdr *phdr, u_long et_dyn_addr)
Definition: imgact_elf.c:921
parse_notes
static bool __elfN() parse_notes(struct image_params *imgp, Elf_Note *checknote, const char *note_vendor, const Elf_Phdr *pnote, bool(*cb)(const Elf_Note *, void *, bool *), void *cb_arg)
Definition: imgact_elf.c:2681
untrans_prot
static Elf_Word __elfN() untrans_prot(vm_prot_t prot)
Definition: imgact_elf.c:2869
note_procstat_osrel
static void note_procstat_osrel(void *, struct sbuf *, size_t *)
Definition: imgact_elf.c:2610
trans_prot
static vm_prot_t __elfN() trans_prot(Elf_Word flags)
Definition: imgact_elf.c:2850
note_procstat_umask
static void note_procstat_umask(void *, struct sbuf *, size_t *)
Definition: imgact_elf.c:2569
note_threadmd
static void __elfN() note_threadmd(void *, struct sbuf *, size_t *)
Definition: imgact_elf.c:2413
brand_inuse
bool __elfN() brand_inuse(Elf_Brandinfo *entry)
Definition: imgact_elf.c:317
note_procstat_auxv
static void __elfN() note_procstat_auxv(void *, struct sbuf *, size_t *)
Definition: imgact_elf.c:2652
note_procstat_vmmap
static void note_procstat_vmmap(void *, struct sbuf *, size_t *)
Definition: imgact_elf.c:2518
note_procstat_rlimit
static void note_procstat_rlimit(void *, struct sbuf *, size_t *)
Definition: imgact_elf.c:2587
__elfN
static int __elfN(aslr_enabled)
GNU_ABI_VENDOR
static const char GNU_ABI_VENDOR[]
Definition: imgact_elf.c:247
__FBSDID
__FBSDID("$FreeBSD$")
elf_prstatus_t
prstatus_t elf_prstatus_t
Definition: imgact_elf.c:2153
fctl_note
static Elf_Note fctl_note
Definition: imgact_elf.c:2771
freebsd_trans_osrel
static bool __elfN() freebsd_trans_osrel(const Elf_Note *note, int32_t *osrel)
Definition: imgact_elf.c:236
note_thrmisc
static void __elfN() note_thrmisc(void *, struct sbuf *, size_t *)
Definition: imgact_elf.c:2354
elf_ps_strings_t
vm_offset_t elf_ps_strings_t
Definition: imgact_elf.c:2161
check_note
static bool __elfN() check_note(struct image_params *imgp, Elf_Brandnote *brandnote, int32_t *osrel, bool *has_fctl0, uint32_t *fctl0)
Definition: imgact_elf.c:2806
map_partial
static int __elfN() map_partial(vm_map_t map, vm_object_t object, vm_ooffset_t offset, vm_offset_t start, vm_offset_t end, vm_prot_t prot)
Definition: imgact_elf.c:515
set_prstatus
static bool __elfN() set_prstatus(struct regset *rs, struct thread *td, void *buf, size_t size)
Definition: imgact_elf.c:2253
core_compressed_write
static int core_compressed_write(void *base, size_t len, off_t offset, void *arg)
Definition: imgact_elf.c:1559
SYSCTL_BOOL
SYSCTL_BOOL(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, allow_wx, CTLFLAG_RWTUN, &__elfN(allow_wx), 0, "Allow pages to be mapped simultaneously writable and executable")
get_brandinfo
static Elf_Brandinfo *__elfN() get_brandinfo(struct image_params *imgp, const char *interp, int32_t *osrel, uint32_t *fctl0)
Definition: imgact_elf.c:335
note_procstat_files
static void note_procstat_files(void *, struct sbuf *, size_t *)
Definition: imgact_elf.c:2466
__CONCAT
static int __CONCAT(exec_, __elfN(imgact))
Definition: imgact_elf.c:96
note_procstat_psstrings
static void __elfN() note_procstat_psstrings(void *, struct sbuf *, size_t *)
Definition: imgact_elf.c:2628
brandnote_cb
static bool brandnote_cb(const Elf_Note *note, void *arg0, bool *res)
Definition: imgact_elf.c:2754
get_fpregset
static bool __elfN() get_fpregset(struct regset *rs, struct thread *td, void *buf, size_t *sizep)
Definition: imgact_elf.c:2277
EXEC_SET
EXEC_SET(__CONCAT(elf, __ELF_WORD_SIZE), __elfN(execsw))
corehdr
static int __elfN() corehdr(struct coredump_params *, int, void *, size_t, struct note_info_list *, size_t, int)
Definition: imgact_elf.c:1800
get_prstatus
static bool __elfN() get_prstatus(struct regset *rs, struct thread *td, void *buf, size_t *sizep)
Definition: imgact_elf.c:2226
check_header
static int __elfN() check_header(const Elf_Ehdr *hdr)
Definition: imgact_elf.c:486
kfreebsd_trans_osrel
static bool kfreebsd_trans_osrel(const Elf_Note *note, int32_t *osrel)
Definition: imgact_elf.c:260
SYSCTL_PROC
SYSCTL_PROC(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, pie_base, CTLTYPE_ULONG|CTLFLAG_MPSAFE|CTLFLAG_RW, NULL, 0, sysctl_pie_base, "LU", "PIE load base without randomization")
note_fctl_cb
static bool note_fctl_cb(const Elf_Note *note, void *arg0, bool *res)
Definition: imgact_elf.c:2783
elf_kinfo_proc_t
struct kinfo_proc elf_kinfo_proc_t
Definition: imgact_elf.c:2160
load_file
static int __elfN() load_file(struct proc *p, const char *file, u_long *addr, u_long *entry)
Definition: imgact_elf.c:776
populate_note
size_t __elfN() populate_note(int type, void *src, void *dst, size_t size, void **descp)
Definition: imgact_elf.c:2041
cb_size_segment
static void cb_size_segment(vm_map_entry_t, void *)
Definition: imgact_elf.c:1710
elf_brand_list
static Elf_Brandinfo * elf_brand_list[MAX_BRANDS]
Definition: imgact_elf.c:222
segment_callback
void(* segment_callback)(vm_map_entry_t, void *)
Definition: imgact_elf.c:1514
ELF_KERN_PROC_MASK
#define ELF_KERN_PROC_MASK
Definition: imgact_elf.c:2159
register_regset_note
static size_t __elfN() register_regset_note(struct thread *td, struct note_info_list *list, struct regset *regset, struct thread *target_td)
Definition: imgact_elf.c:1971
register_note
size_t __elfN() register_note(struct thread *td, struct note_info_list *list, int type, outfunc_t out, void *arg)
Definition: imgact_elf.c:1999
elf_prfpregset_t
prfpregset_t elf_prfpregset_t
Definition: imgact_elf.c:2155
aligned
#define aligned(a, t)
Definition: imgact_elf.c:224
phdr_in_zero_page
static bool __elfN() phdr_in_zero_page(const Elf_Ehdr *hdr)
Definition: imgact_elf.c:479
prepare_register_notes
static size_t __elfN() prepare_register_notes(struct thread *td, struct note_info_list *list, struct thread *target_td)
Definition: imgact_elf.c:2321
insert_brand_entry
int __elfN() insert_brand_entry(Elf_Brandinfo *entry)
Definition: imgact_elf.c:282
note_ptlwpinfo
static void __elfN() note_ptlwpinfo(void *, struct sbuf *, size_t *)
Definition: imgact_elf.c:2370
OLD_EI_BRAND
#define OLD_EI_BRAND
Definition: imgact_elf.c:87
load_sections
static int __elfN() load_sections(struct image_params *imgp, const Elf_Ehdr *hdr, const Elf_Phdr *phdr, u_long rbase, u_long *base_addrp)
Definition: imgact_elf.c:723
GNU_KFREEBSD_ABI_DESC
static int GNU_KFREEBSD_ABI_DESC
Definition: imgact_elf.c:248
CTASSERT
CTASSERT(MAXSHELLCMDLEN >=MAXINTERP+3)
kern_proc_filedesc_out
int kern_proc_filedesc_out(struct proc *p, struct sbuf *sb, ssize_t maxlen, int flags)
Definition: kern_descrip.c:4411
exec_new_vmspace
int exec_new_vmspace(struct image_params *imgp, struct sysentvec *sv)
Definition: kern_exec.c:1119
coredump_pack_vmmapinfo
int coredump_pack_vmmapinfo
Definition: kern_exec.c:115
coredump_pack_fileinfo
int coredump_pack_fileinfo
Definition: kern_exec.c:110
exec_unmap_first_page
void exec_unmap_first_page(struct image_params *imgp)
Definition: kern_exec.c:1071
execsw
static const struct execsw ** execsw
Definition: kern_exec.c:210
exec_check_permissions
int exec_check_permissions(struct image_params *imgp)
Definition: kern_exec.c:1772
exec_map_stack
int exec_map_stack(struct image_params *imgp)
Definition: kern_exec.c:1195
exec_map_first_page
int exec_map_first_page(struct image_params *imgp)
Definition: kern_exec.c:1039
sbuf_drain_core_output
int sbuf_drain_core_output(void *arg, const char *data, int len)
Definition: kern_exec.c:2014
core_output
int core_output(char *base, size_t len, off_t offset, struct coredump_params *cp, void *tmpbuf)
Definition: kern_exec.c:1937
core_write
int core_write(struct coredump_params *cp, const void *base, size_t len, off_t offset, enum uio_seg seg, size_t *resid)
Definition: kern_exec.c:1927
malloc
void *() malloc(size_t size, struct malloc_type *mtp, int flags)
Definition: kern_malloc.c:632
free
void free(void *addr, struct malloc_type *mtp)
Definition: kern_malloc.c:907
pagesizes
u_long pagesizes[MAXPAGESIZES]
Definition: kern_mib.c:249
kern_proc_vmmap_out
int kern_proc_vmmap_out(struct proc *p, struct sbuf *sb, ssize_t maxlen, int flags)
Definition: kern_proc.c:2575
proc_getargv
int proc_getargv(struct thread *td, struct proc *p, struct sbuf *sb)
Definition: kern_proc.c:2040
proctree_lock
struct sx __exclusive_cache_line proctree_lock
Definition: kern_proc.c:135
kern_proc_out
int kern_proc_out(struct proc *p, struct sbuf *sb, int flags)
Definition: kern_proc.c:1508
proc_getauxv
int proc_getauxv(struct thread *td, struct proc *p, struct sbuf *sb)
Definition: kern_proc.c:2054
allproc_lock
struct sx __exclusive_cache_line allproc_lock
Definition: kern_proc.c:134
lim_cur_proc
rlim_t lim_cur_proc(struct proc *p, int which)
Definition: kern_resource.c:1327
lim_max
rlim_t lim_max(struct thread *td, int which)
Definition: kern_resource.c:1296
lim_rlimit_proc
void lim_rlimit_proc(struct proc *p, int which, struct rlimit *rlp)
Definition: kern_resource.c:1353
sysctl_handle_long
int sysctl_handle_long(SYSCTL_HANDLER_ARGS)
Definition: kern_sysctl.c:1700
start
void *** start
Definition: linker_if.m:98
addr
uint64_t * addr
Definition: msi_if.m:89
src
struct intr_irqsrc ** src
Definition: msi_if.m:76
res
struct resource * res
Definition: pic_if.m:98
brandnote_cb_arg
Definition: imgact_elf.c:2748
brandnote_cb_arg::brandnote
Elf_Brandnote * brandnote
Definition: imgact_elf.c:2749
brandnote_cb_arg::osrel
int32_t * osrel
Definition: imgact_elf.c:2750
fctl_cb_arg
Definition: imgact_elf.c:2777
fctl_cb_arg::has_fctl0
bool * has_fctl0
Definition: imgact_elf.c:2778
fctl_cb_arg::fctl0
uint32_t * fctl0
Definition: imgact_elf.c:2779
note_info
Definition: imgact_elf.c:1522
note_info::outfunc
outfunc_t outfunc
Definition: imgact_elf.c:1525
note_info::outarg
void * outarg
Definition: imgact_elf.c:1526
note_info::regset
struct regset * regset
Definition: imgact_elf.c:1524
note_info::type
int type
Definition: imgact_elf.c:1523
note_info::outsize
size_t outsize
Definition: imgact_elf.c:1527
phdr_closure
Definition: imgact_elf.c:1517
phdr_closure::phdr
Elf_Phdr * phdr
Definition: imgact_elf.c:1518
phdr_closure::offset
Elf_Off offset
Definition: imgact_elf.c:1519
compressor_flush
int compressor_flush(struct compressor *stream)
Definition: subr_compressor.c:554
compressor_fini
void compressor_fini(struct compressor *stream)
Definition: subr_compressor.c:562
compressor_init
struct compressor * compressor_init(compressor_cb_t cb, int format, size_t maxiosize, int level, void *arg)
Definition: subr_compressor.c:512
maxtsiz
u_long maxtsiz
Definition: subr_param.c:105
printf
int printf(const char *fmt,...)
Definition: subr_prf.c:397
snprintf
int snprintf(char *str, size_t size, const char *format,...)
Definition: subr_prf.c:550
uprintf
int uprintf(const char *fmt,...)
Definition: subr_prf.c:171
log
void log(int level, const char *fmt,...)
Definition: subr_prf.c:314
sbuf_finish
int sbuf_finish(struct sbuf *s)
Definition: subr_sbuf.c:833
sbuf_start_section
void sbuf_start_section(struct sbuf *s, ssize_t *old_lenp)
Definition: subr_sbuf.c:927
sbuf_putc
int sbuf_putc(struct sbuf *s, int c)
Definition: subr_sbuf.c:754
sbuf_end_section
ssize_t sbuf_end_section(struct sbuf *s, ssize_t old_len, size_t pad, int c)
Definition: subr_sbuf.c:953
sbuf_delete
void sbuf_delete(struct sbuf *s)
Definition: subr_sbuf.c:898
sbuf_set_drain
void sbuf_set_drain(struct sbuf *s, sbuf_drain_func *func, void *ctx)
Definition: subr_sbuf.c:376
sbuf_bcat
int sbuf_bcat(struct sbuf *s, const void *buf, size_t len)
Definition: subr_sbuf.c:509
sbuf_len
ssize_t sbuf_len(struct sbuf *s)
Definition: subr_sbuf.c:877
sbuf_count_drain
int sbuf_count_drain(void *arg, const char *data __unused, int len)
Definition: subr_sbuf.c:362
sbuf_new
struct sbuf * sbuf_new(struct sbuf *s, char *buf, int length, int flags)
Definition: subr_sbuf.c:196
mp_ncpus
int mp_ncpus
Definition: subr_smp.c:72
flags
uint16_t flags
Definition: subr_stats.c:2
path
const char * path
Definition: vfs_extattr.c:715
NDFREE
void() NDFREE(struct nameidata *ndp, const u_int flags)
Definition: vfs_lookup.c:1555
namei
int namei(struct nameidata *ndp)
Definition: vfs_lookup.c:535
vput
void vput(struct vnode *vp)
Definition: vfs_subr.c:3348
buf
struct stat * buf
Definition: vfs_syscalls.c:2423
vn_rdwr
int vn_rdwr(enum uio_rw rw, struct vnode *vp, void *base, int len, off_t offset, enum uio_seg segflg, int ioflg, struct ucred *active_cred, struct ucred *file_cred, ssize_t *aresid, struct thread *td)
Definition: vfs_vnops.c:614