2 * Copyright (c) 1993, David Greenman
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
30 #include "opt_ktrace.h"
33 #include <sys/param.h>
34 #include <sys/systm.h>
35 #include <sys/eventhandler.h>
37 #include <sys/mutex.h>
38 #include <sys/sysproto.h>
39 #include <sys/signalvar.h>
40 #include <sys/kernel.h>
42 #include <sys/mount.h>
43 #include <sys/filedesc.h>
44 #include <sys/fcntl.h>
47 #include <sys/imgact.h>
48 #include <sys/imgact_elf.h>
50 #include <sys/malloc.h>
52 #include <sys/pioctl.h>
53 #include <sys/namei.h>
54 #include <sys/resourcevar.h>
55 #include <sys/sf_buf.h>
56 #include <sys/syscallsubr.h>
57 #include <sys/sysent.h>
59 #include <sys/sysctl.h>
60 #include <sys/vnode.h>
62 #include <sys/ktrace.h>
66 #include <vm/vm_param.h>
68 #include <vm/vm_page.h>
69 #include <vm/vm_map.h>
70 #include <vm/vm_kern.h>
71 #include <vm/vm_extern.h>
72 #include <vm/vm_object.h>
73 #include <vm/vm_pager.h>
75 #include <machine/reg.h>
77 MALLOC_DEFINE(M_PARGS, "proc-args", "Process arguments");
79 static int sysctl_kern_ps_strings(SYSCTL_HANDLER_ARGS);
80 static int sysctl_kern_usrstack(SYSCTL_HANDLER_ARGS);
81 static int sysctl_kern_stackprot(SYSCTL_HANDLER_ARGS);
82 static int do_execve(struct thread *td, char *fname, char **argv,
83 char **envv, struct mac *mac_p);
85 /* XXX This should be vm_size_t. */
86 SYSCTL_PROC(_kern, KERN_PS_STRINGS, ps_strings, CTLTYPE_ULONG|CTLFLAG_RD,
87 NULL, 0, sysctl_kern_ps_strings, "LU", "");
89 /* XXX This should be vm_size_t. */
90 SYSCTL_PROC(_kern, KERN_USRSTACK, usrstack, CTLTYPE_ULONG|CTLFLAG_RD,
91 NULL, 0, sysctl_kern_usrstack, "LU", "");
93 SYSCTL_PROC(_kern, OID_AUTO, stackprot, CTLTYPE_INT|CTLFLAG_RD,
94 NULL, 0, sysctl_kern_stackprot, "I", "");
96 u_long ps_arg_cache_limit = PAGE_SIZE / 16;
97 SYSCTL_ULONG(_kern, OID_AUTO, ps_arg_cache_limit, CTLFLAG_RW,
98 &ps_arg_cache_limit, 0, "");
101 sysctl_kern_ps_strings(SYSCTL_HANDLER_ARGS)
108 if (req->flags & SCTL_MASK32) {
110 val = (unsigned int)p->p_sysent->sv_psstrings;
111 error = SYSCTL_OUT(req, &val, sizeof(val));
114 error = SYSCTL_OUT(req, &p->p_sysent->sv_psstrings,
115 sizeof(p->p_sysent->sv_psstrings));
120 sysctl_kern_usrstack(SYSCTL_HANDLER_ARGS)
127 if (req->flags & SCTL_MASK32) {
129 val = (unsigned int)p->p_sysent->sv_usrstack;
130 error = SYSCTL_OUT(req, &val, sizeof(val));
133 error = SYSCTL_OUT(req, &p->p_sysent->sv_usrstack,
134 sizeof(p->p_sysent->sv_usrstack));
139 sysctl_kern_stackprot(SYSCTL_HANDLER_ARGS)
144 return (SYSCTL_OUT(req, &p->p_sysent->sv_stackprot,
145 sizeof(p->p_sysent->sv_stackprot)));
149 * Each of the items is a pointer to a `const struct execsw', hence the
150 * double pointer here.
152 static const struct execsw **execsw;
154 #ifndef _SYS_SYSPROTO_H_
168 struct execve_args /* {
175 return (kern_execve(td, uap->fname, uap->argv, uap->envv, NULL));
178 #ifndef _SYS_SYSPROTO_H_
179 struct __mac_execve_args {
191 __mac_execve(td, uap)
193 struct __mac_execve_args /* {
202 return (kern_execve(td, uap->fname, uap->argv, uap->envv,
210 kern_execve(td, fname, argv, envv, mac_p)
217 struct proc *p = td->td_proc;
220 if (p->p_flag & P_HADTHREADS) {
222 if (thread_single(SINGLE_BOUNDARY)) {
224 return (ERESTART); /* Try again later. */
229 error = do_execve(td, fname, argv, envv, mac_p);
231 if (p->p_flag & P_HADTHREADS) {
234 * If success, we upgrade to SINGLE_EXIT state to
235 * force other threads to suicide.
238 thread_single(SINGLE_EXIT);
248 * In-kernel implementation of execve(). All arguments are assumed to be
249 * userspace pointers from the passed thread.
254 do_execve(td, fname, argv, envv, mac_p)
261 struct proc *p = td->td_proc;
262 struct nameidata nd, *ndp;
263 struct ucred *newcred = NULL, *oldcred;
264 struct uidinfo *euip;
265 register_t *stack_base;
267 struct image_params image_params, *imgp;
269 int (*img_first)(struct image_params *);
270 struct pargs *oldargs = NULL, *newargs = NULL;
271 struct sigacts *oldsigacts, *newsigacts;
273 struct vnode *tracevp = NULL;
274 struct ucred *tracecred = NULL;
276 struct vnode *textvp = NULL;
277 int credential_changing;
280 struct label *interplabel = NULL;
284 imgp = &image_params;
287 * Lock the process and set the P_INEXEC flag to indicate that
288 * it should be left alone until we're done here. This is
289 * necessary to avoid race conditions - e.g. in ptrace() -
290 * that might allow a local user to illicitly obtain elevated
294 KASSERT((p->p_flag & P_INEXEC) == 0,
295 ("%s(): process already has P_INEXEC flag", __func__));
296 p->p_flag |= P_INEXEC;
300 * Initialize part of the common data
303 imgp->userspace_argv = argv;
304 imgp->userspace_envv = envv;
305 imgp->execlabel = NULL;
307 imgp->argc = imgp->envc = 0;
309 imgp->entry_addr = 0;
310 imgp->vmspace_destroyed = 0;
311 imgp->interpreted = 0;
312 imgp->interpreter_name[0] = '\0';
313 imgp->auxargs = NULL;
316 imgp->firstpage = NULL;
317 imgp->ps_strings = 0;
318 imgp->auxarg_size = 0;
321 error = mac_execve_enter(imgp, mac_p);
329 * Allocate temporary demand zeroed space for argument and
330 * environment strings
332 imgp->stringbase = (char *)kmem_alloc_wait(exec_map, ARG_MAX);
333 if (imgp->stringbase == NULL) {
338 imgp->stringp = imgp->stringbase;
339 imgp->stringspace = ARG_MAX;
340 imgp->image_header = NULL;
343 * Translate the file name. namei() returns a vnode pointer
344 * in ni_vp amoung other things.
347 NDINIT(ndp, LOOKUP, LOCKLEAF | FOLLOW | SAVENAME,
348 UIO_USERSPACE, fname, td);
355 kmem_free_wakeup(exec_map, (vm_offset_t)imgp->stringbase,
360 imgp->vp = ndp->ni_vp;
364 * Check file permissions (also 'opens' file)
366 error = exec_check_permissions(imgp);
368 goto exec_fail_dealloc;
370 if (VOP_GETVOBJECT(imgp->vp, &imgp->object) == 0)
371 vm_object_reference(imgp->object);
374 * Set VV_TEXT now so no one can write to the executable while we're
377 * Remember if this was set before and unset it in case this is not
378 * actually an executable image.
380 textset = imgp->vp->v_vflag & VV_TEXT;
381 imgp->vp->v_vflag |= VV_TEXT;
383 error = exec_map_first_page(imgp);
385 goto exec_fail_dealloc;
388 * If the current process has a special image activator it
389 * wants to try first, call it. For example, emulating shell
390 * scripts differently.
393 if ((img_first = imgp->proc->p_sysent->sv_imgact_try) != NULL)
394 error = img_first(imgp);
397 * Loop through the list of image activators, calling each one.
398 * An activator returns -1 if there is no match, 0 on success,
399 * and an error otherwise.
401 for (i = 0; error == -1 && execsw[i]; ++i) {
402 if (execsw[i]->ex_imgact == NULL ||
403 execsw[i]->ex_imgact == img_first) {
406 error = (*execsw[i]->ex_imgact)(imgp);
412 imgp->vp->v_vflag &= ~VV_TEXT;
415 goto exec_fail_dealloc;
419 * Special interpreter operation, cleanup and loop up to try to
420 * activate the interpreter.
422 if (imgp->interpreted) {
423 exec_unmap_first_page(imgp);
425 * VV_TEXT needs to be unset for scripts. There is a short
426 * period before we determine that something is a script where
427 * VV_TEXT will be set. The vnode lock is held over this
428 * entire period so nothing should illegitimately be blocked.
430 imgp->vp->v_vflag &= ~VV_TEXT;
431 /* free name buffer and old vnode */
432 NDFREE(ndp, NDF_ONLY_PNBUF);
434 interplabel = mac_vnode_label_alloc();
435 mac_copy_vnode_label(ndp->ni_vp->v_label, interplabel);
438 vm_object_deallocate(imgp->object);
440 /* set new name to that of the interpreter */
441 NDINIT(ndp, LOOKUP, LOCKLEAF | FOLLOW | SAVENAME,
442 UIO_SYSSPACE, imgp->interpreter_name, td);
447 * Copy out strings (args and env) and initialize stack base
449 if (p->p_sysent->sv_copyout_strings)
450 stack_base = (*p->p_sysent->sv_copyout_strings)(imgp);
452 stack_base = exec_copyout_strings(imgp);
455 * If custom stack fixup routine present for this process
456 * let it do the stack setup.
457 * Else stuff argument count as first item on stack
459 if (p->p_sysent->sv_fixup != NULL)
460 (*p->p_sysent->sv_fixup)(&stack_base, imgp);
462 suword(--stack_base, imgp->argc);
465 * For security and other reasons, the file descriptor table cannot
466 * be shared after an exec.
471 * Malloc things before we need locks.
474 euip = uifind(attr.va_uid);
475 i = imgp->endargs - imgp->stringbase;
476 if (ps_arg_cache_limit >= i + sizeof(struct pargs))
477 newargs = pargs_alloc(i);
479 /* close files on exec */
482 /* Get a reference to the vnode prior to locking the proc */
486 * For security and other reasons, signal handlers cannot
487 * be shared after an exec. The new process gets a copy of the old
488 * handlers. In execsigs(), the new process will have its signals
492 if (sigacts_shared(p->p_sigacts)) {
493 oldsigacts = p->p_sigacts;
495 newsigacts = sigacts_alloc();
496 sigacts_copy(newsigacts, oldsigacts);
498 p->p_sigacts = newsigacts;
505 /* reset caught signals */
508 /* name this process - nameiexec(p, ndp) */
509 len = min(ndp->ni_cnd.cn_namelen,MAXCOMLEN);
510 bcopy(ndp->ni_cnd.cn_nameptr, p->p_comm, len);
514 * mark as execed, wakeup the process that vforked (if any) and tell
515 * it that it now has its own resources back
518 if (p->p_pptr && (p->p_flag & P_PPWAIT)) {
519 p->p_flag &= ~P_PPWAIT;
524 * Implement image setuid/setgid.
526 * Don't honor setuid/setgid if the filesystem prohibits it or if
527 * the process is being traced.
529 * XXXMAC: For the time being, use NOSUID to also prohibit
530 * transitions on the file system.
532 oldcred = p->p_ucred;
533 credential_changing = 0;
534 credential_changing |= (attr.va_mode & VSUID) && oldcred->cr_uid !=
536 credential_changing |= (attr.va_mode & VSGID) && oldcred->cr_gid !=
539 will_transition = mac_execve_will_transition(oldcred, imgp->vp,
541 credential_changing |= will_transition;
544 if (credential_changing &&
545 (imgp->vp->v_mount->mnt_flag & MNT_NOSUID) == 0 &&
546 (p->p_flag & P_TRACED) == 0) {
548 * Turn off syscall tracing for set-id programs, except for
549 * root. Record any set-id flags first to make sure that
550 * we do not regain any tracing during a possible block.
554 if (p->p_tracevp != NULL && suser_cred(oldcred, SUSER_ALLOWJAIL)) {
555 mtx_lock(&ktrace_mtx);
557 tracevp = p->p_tracevp;
559 tracecred = p->p_tracecred;
560 p->p_tracecred = NULL;
561 mtx_unlock(&ktrace_mtx);
565 * Close any file descriptors 0..2 that reference procfs,
566 * then make sure file descriptors 0..2 are in use.
568 * setugidsafety() may call closef() and then pfind()
569 * which may grab the process lock.
570 * fdcheckstd() may call falloc() which may block to
571 * allocate memory, so temporarily drop the process lock.
575 error = fdcheckstd(td);
580 * Set the new credentials.
582 crcopy(newcred, oldcred);
583 if (attr.va_mode & VSUID)
584 change_euid(newcred, euip);
585 if (attr.va_mode & VSGID)
586 change_egid(newcred, attr.va_gid);
588 if (will_transition) {
589 mac_execve_transition(oldcred, newcred, imgp->vp,
594 * Implement correct POSIX saved-id behavior.
596 * XXXMAC: Note that the current logic will save the
597 * uid and gid if a MAC domain transition occurs, even
598 * though maybe it shouldn't.
600 change_svuid(newcred, newcred->cr_uid);
601 change_svgid(newcred, newcred->cr_gid);
602 p->p_ucred = newcred;
605 if (oldcred->cr_uid == oldcred->cr_ruid &&
606 oldcred->cr_gid == oldcred->cr_rgid)
607 p->p_flag &= ~P_SUGID;
609 * Implement correct POSIX saved-id behavior.
611 * XXX: It's not clear that the existing behavior is
612 * POSIX-compliant. A number of sources indicate that the
613 * saved uid/gid should only be updated if the new ruid is
614 * not equal to the old ruid, or the new euid is not equal
615 * to the old euid and the new euid is not equal to the old
616 * ruid. The FreeBSD code always updates the saved uid/gid.
617 * Also, this code uses the new (replaced) euid and egid as
618 * the source, which may or may not be the right ones to use.
620 if (oldcred->cr_svuid != oldcred->cr_uid ||
621 oldcred->cr_svgid != oldcred->cr_gid) {
622 crcopy(newcred, oldcred);
623 change_svuid(newcred, newcred->cr_uid);
624 change_svgid(newcred, newcred->cr_gid);
625 p->p_ucred = newcred;
631 * Store the vp for use in procfs. This vnode was referenced prior
632 * to locking the proc lock.
634 textvp = p->p_textvp;
635 p->p_textvp = ndp->ni_vp;
638 * Notify others that we exec'd, and clear the P_INEXEC flag
639 * as we're now a bona fide freshly-execed process.
641 KNOTE_LOCKED(&p->p_klist, NOTE_EXEC);
642 p->p_flag &= ~P_INEXEC;
645 * If tracing the process, trap to debugger so breakpoints
646 * can be set before the program executes.
647 * Use tdsignal to deliver signal to current thread, use
648 * psignal may cause the signal to be delivered to wrong thread
649 * because that thread will exit, remember we are going to enter
650 * single thread mode.
652 if (p->p_flag & P_TRACED)
653 tdsignal(td, SIGTRAP, SIGTARGET_TD);
655 /* clear "fork but no exec" flag, as we _are_ execing */
656 p->p_acflag &= ~AFORK;
658 /* Free any previous argument cache */
662 /* Cache arguments if they fit inside our allowance */
663 if (ps_arg_cache_limit >= i + sizeof(struct pargs)) {
664 bcopy(imgp->stringbase, newargs->ar_args, i);
670 /* Set values passed into the program in registers. */
671 if (p->p_sysent->sv_setregs)
672 (*p->p_sysent->sv_setregs)(td, imgp->entry_addr,
673 (u_long)(uintptr_t)stack_base, imgp->ps_strings);
675 exec_setregs(td, imgp->entry_addr,
676 (u_long)(uintptr_t)stack_base, imgp->ps_strings);
680 * Free any resources malloc'd earlier that we didn't use.
688 * Handle deferred decrement of ref counts.
692 if (ndp->ni_vp && error != 0)
697 if (tracecred != NULL)
704 if (oldsigacts != NULL)
705 sigacts_free(oldsigacts);
710 * free various allocated resources
712 if (imgp->firstpage != NULL)
713 exec_unmap_first_page(imgp);
715 if (imgp->vp != NULL) {
716 NDFREE(ndp, NDF_ONLY_PNBUF);
720 if (imgp->stringbase != NULL)
721 kmem_free_wakeup(exec_map, (vm_offset_t)imgp->stringbase,
724 if (imgp->object != NULL)
725 vm_object_deallocate(imgp->object);
729 * Stop the process here if its stop event mask has
730 * the S_EXEC bit set.
732 STOPEVENT(p, S_EXEC, 0);
737 /* we're done here, clear P_INEXEC */
739 p->p_flag &= ~P_INEXEC;
742 if (imgp->vmspace_destroyed) {
743 /* sorry, no more process anymore. exit gracefully */
745 mac_execve_exit(imgp);
746 if (interplabel != NULL)
747 mac_vnode_label_free(interplabel);
750 exit1(td, W_EXITCODE(0, SIGABRT));
756 mac_execve_exit(imgp);
757 if (interplabel != NULL)
758 mac_vnode_label_free(interplabel);
765 exec_map_first_page(imgp)
766 struct image_params *imgp;
770 vm_page_t ma[VM_INITIAL_PAGEIN];
775 if (imgp->firstpage != NULL)
776 exec_unmap_first_page(imgp);
778 VOP_GETVOBJECT(imgp->vp, &object);
779 VM_OBJECT_LOCK(object);
780 ma[0] = vm_page_grab(object, 0, VM_ALLOC_NORMAL | VM_ALLOC_RETRY);
781 if ((ma[0]->valid & VM_PAGE_BITS_ALL) != VM_PAGE_BITS_ALL) {
782 initial_pagein = VM_INITIAL_PAGEIN;
783 if (initial_pagein > object->size)
784 initial_pagein = object->size;
785 for (i = 1; i < initial_pagein; i++) {
786 if ((ma[i] = vm_page_lookup(object, i)) != NULL) {
789 vm_page_lock_queues();
790 if ((ma[i]->flags & PG_BUSY) || ma[i]->busy) {
791 vm_page_unlock_queues();
795 vm_page_unlock_queues();
797 ma[i] = vm_page_alloc(object, i,
804 rv = vm_pager_get_pages(object, ma, initial_pagein, 0);
805 ma[0] = vm_page_lookup(object, 0);
806 if ((rv != VM_PAGER_OK) || (ma[0] == NULL) ||
807 (ma[0]->valid == 0)) {
809 vm_page_lock_queues();
810 pmap_remove_all(ma[0]);
812 vm_page_unlock_queues();
814 VM_OBJECT_UNLOCK(object);
818 vm_page_lock_queues();
820 vm_page_wakeup(ma[0]);
821 vm_page_unlock_queues();
822 VM_OBJECT_UNLOCK(object);
824 imgp->firstpage = sf_buf_alloc(ma[0], 0);
825 imgp->image_header = (char *)sf_buf_kva(imgp->firstpage);
831 exec_unmap_first_page(imgp)
832 struct image_params *imgp;
836 if (imgp->firstpage != NULL) {
837 m = sf_buf_page(imgp->firstpage);
838 sf_buf_free(imgp->firstpage);
839 imgp->firstpage = NULL;
840 vm_page_lock_queues();
842 vm_page_unlock_queues();
847 * Destroy old address space, and allocate a new stack
848 * The new stack is only SGROWSIZ large because it is grown
849 * automatically in trap.c.
852 exec_new_vmspace(imgp, sv)
853 struct image_params *imgp;
854 struct sysentvec *sv;
857 struct proc *p = imgp->proc;
858 struct vmspace *vmspace = p->p_vmspace;
859 vm_offset_t stack_addr;
864 imgp->vmspace_destroyed = 1;
866 /* Called with Giant held, do not depend on it! */
867 EVENTHANDLER_INVOKE(process_exec, p);
870 * Here is as good a place as any to do any resource limit cleanups.
871 * This is needed if a 64 bit binary exec's a 32 bit binary - the
872 * data size limit may need to be changed to a value that makes
873 * sense for the 32 bit binary.
875 if (sv->sv_fixlimits != NULL)
876 sv->sv_fixlimits(imgp);
879 * Blow away entire process VM, if address space not shared,
880 * otherwise, create a new VM space so that other threads are
883 map = &vmspace->vm_map;
884 if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv->sv_minuser &&
885 vm_map_max(map) == sv->sv_maxuser) {
887 pmap_remove_pages(vmspace_pmap(vmspace), vm_map_min(map),
889 vm_map_remove(map, vm_map_min(map), vm_map_max(map));
891 vmspace_exec(p, sv->sv_minuser, sv->sv_maxuser);
892 vmspace = p->p_vmspace;
893 map = &vmspace->vm_map;
896 /* Allocate a new stack */
897 stack_addr = sv->sv_usrstack - maxssiz;
898 error = vm_map_stack(map, stack_addr, (vm_size_t)maxssiz,
899 sv->sv_stackprot, VM_PROT_ALL, MAP_STACK_GROWS_DOWN);
904 /* Allocate a new register stack */
905 stack_addr = IA64_BACKINGSTORE;
906 error = vm_map_stack(map, stack_addr, (vm_size_t)maxssiz,
907 sv->sv_stackprot, VM_PROT_ALL, MAP_STACK_GROWS_UP);
912 /* vm_ssize and vm_maxsaddr are somewhat antiquated concepts in the
913 * VM_STACK case, but they are still used to monitor the size of the
914 * process stack so we can check the stack rlimit.
916 vmspace->vm_ssize = sgrowsiz >> PAGE_SHIFT;
917 vmspace->vm_maxsaddr = (char *)sv->sv_usrstack - maxssiz;
923 * Copy out argument and environment strings from the old process
924 * address space into the temporary string buffer.
927 exec_extract_strings(imgp)
928 struct image_params *imgp;
936 * extract arguments first
939 argv = imgp->userspace_argv;
942 argp = (caddr_t)(intptr_t)fuword(argv);
943 if (argp == (caddr_t)-1)
951 if (argp == (caddr_t)-1)
953 if ((error = copyinstr(argp, imgp->stringp,
954 imgp->stringspace, &length))) {
955 if (error == ENAMETOOLONG)
959 imgp->stringspace -= length;
960 imgp->stringp += length;
962 } while ((argp = (caddr_t)(intptr_t)fuword(argv++)));
967 imgp->endargs = imgp->stringp;
970 * extract environment strings
973 envv = imgp->userspace_envv;
976 while ((envp = (caddr_t)(intptr_t)fuword(envv++))) {
977 if (envp == (caddr_t)-1)
979 if ((error = copyinstr(envp, imgp->stringp,
980 imgp->stringspace, &length))) {
981 if (error == ENAMETOOLONG)
985 imgp->stringspace -= length;
986 imgp->stringp += length;
995 * Copy strings out to the new process address space, constructing
996 * new arg and env vector tables. Return a pointer to the base
997 * so that it can be used as the initial stack pointer.
1000 exec_copyout_strings(imgp)
1001 struct image_params *imgp;
1005 char *stringp, *destp;
1006 register_t *stack_base;
1007 struct ps_strings *arginfo;
1012 * Calculate string base and vector table pointers.
1013 * Also deal with signal trampoline code for this exec type.
1017 arginfo = (struct ps_strings *)p->p_sysent->sv_psstrings;
1018 if (p->p_sysent->sv_szsigcode != NULL)
1019 szsigcode = *(p->p_sysent->sv_szsigcode);
1020 destp = (caddr_t)arginfo - szsigcode - SPARE_USRSPACE -
1021 roundup((ARG_MAX - imgp->stringspace), sizeof(char *));
1027 copyout(p->p_sysent->sv_sigcode, ((caddr_t)arginfo -
1028 szsigcode), szsigcode);
1031 * If we have a valid auxargs ptr, prepare some room
1034 if (imgp->auxargs) {
1036 * 'AT_COUNT*2' is size for the ELF Auxargs data. This is for
1037 * lower compatibility.
1039 imgp->auxarg_size = (imgp->auxarg_size) ? imgp->auxarg_size :
1042 * The '+ 2' is for the null pointers at the end of each of
1043 * the arg and env vector sets,and imgp->auxarg_size is room
1044 * for argument of Runtime loader.
1046 vectp = (char **)(destp - (imgp->argc + imgp->envc + 2 +
1047 imgp->auxarg_size) * sizeof(char *));
1051 * The '+ 2' is for the null pointers at the end of each of
1052 * the arg and env vector sets
1054 vectp = (char **)(destp - (imgp->argc + imgp->envc + 2) *
1058 * vectp also becomes our initial stack base
1060 stack_base = (register_t *)vectp;
1062 stringp = imgp->stringbase;
1067 * Copy out strings - arguments and environment.
1069 copyout(stringp, destp, ARG_MAX - imgp->stringspace);
1072 * Fill in "ps_strings" struct for ps, w, etc.
1074 suword(&arginfo->ps_argvstr, (long)(intptr_t)vectp);
1075 suword(&arginfo->ps_nargvstr, argc);
1078 * Fill in argument portion of vector table.
1080 for (; argc > 0; --argc) {
1081 suword(vectp++, (long)(intptr_t)destp);
1082 while (*stringp++ != 0)
1087 /* a null vector table pointer separates the argp's from the envp's */
1090 suword(&arginfo->ps_envstr, (long)(intptr_t)vectp);
1091 suword(&arginfo->ps_nenvstr, envc);
1094 * Fill in environment portion of vector table.
1096 for (; envc > 0; --envc) {
1097 suword(vectp++, (long)(intptr_t)destp);
1098 while (*stringp++ != 0)
1103 /* end of vector table is a null pointer */
1106 return (stack_base);
1110 * Check permissions of file to execute.
1111 * Called with imgp->vp locked.
1112 * Return 0 for success or error code on failure.
1115 exec_check_permissions(imgp)
1116 struct image_params *imgp;
1118 struct vnode *vp = imgp->vp;
1119 struct vattr *attr = imgp->attr;
1123 td = curthread; /* XXXKSE */
1125 /* Get file attributes */
1126 error = VOP_GETATTR(vp, attr, td->td_ucred, td);
1131 error = mac_check_vnode_exec(td->td_ucred, imgp->vp, imgp);
1137 * 1) Check if file execution is disabled for the filesystem that this
1139 * 2) Insure that at least one execute bit is on - otherwise root
1140 * will always succeed, and we don't want to happen unless the
1141 * file really is executable.
1142 * 3) Insure that the file is a regular file.
1144 if ((vp->v_mount->mnt_flag & MNT_NOEXEC) ||
1145 ((attr->va_mode & 0111) == 0) ||
1146 (attr->va_type != VREG))
1150 * Zero length files can't be exec'd
1152 if (attr->va_size == 0)
1156 * Check for execute permission to file based on current credentials.
1158 error = VOP_ACCESS(vp, VEXEC, td->td_ucred, td);
1163 * Check number of open-for-writes on the file and deny execution
1166 if (vp->v_writecount)
1170 * Call filesystem specific open routine (which does nothing in the
1173 error = VOP_OPEN(vp, FREAD, td->td_ucred, td, -1);
1178 * Exec handler registration
1181 exec_register(execsw_arg)
1182 const struct execsw *execsw_arg;
1184 const struct execsw **es, **xs, **newexecsw;
1185 int count = 2; /* New slot and trailing NULL */
1188 for (es = execsw; *es; es++)
1190 newexecsw = malloc(count * sizeof(*es), M_TEMP, M_WAITOK);
1191 if (newexecsw == NULL)
1195 for (es = execsw; *es; es++)
1200 free(execsw, M_TEMP);
1206 exec_unregister(execsw_arg)
1207 const struct execsw *execsw_arg;
1209 const struct execsw **es, **xs, **newexecsw;
1213 panic("unregister with no handlers left?\n");
1215 for (es = execsw; *es; es++) {
1216 if (*es == execsw_arg)
1221 for (es = execsw; *es; es++)
1222 if (*es != execsw_arg)
1224 newexecsw = malloc(count * sizeof(*es), M_TEMP, M_WAITOK);
1225 if (newexecsw == NULL)
1228 for (es = execsw; *es; es++)
1229 if (*es != execsw_arg)
1233 free(execsw, M_TEMP);