2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 2017 Dell EMC
5 * Copyright (c) 2000-2001, 2003 David O'Brien
6 * Copyright (c) 1995-1996 Søren Schmidt
7 * Copyright (c) 1996 Peter Wemm
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer
15 * in this position and unchanged.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote products
20 * derived from this software without specific prior written permission
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 #include <sys/cdefs.h>
35 __FBSDID("$FreeBSD$");
37 #include "opt_capsicum.h"
39 #include <sys/param.h>
40 #include <sys/capsicum.h>
41 #include <sys/compressor.h>
43 #include <sys/fcntl.h>
44 #include <sys/imgact.h>
45 #include <sys/imgact_elf.h>
47 #include <sys/kernel.h>
49 #include <sys/malloc.h>
50 #include <sys/mount.h>
52 #include <sys/namei.h>
54 #include <sys/procfs.h>
55 #include <sys/ptrace.h>
56 #include <sys/racct.h>
57 #include <sys/resourcevar.h>
58 #include <sys/rwlock.h>
60 #include <sys/sf_buf.h>
62 #include <sys/systm.h>
63 #include <sys/signalvar.h>
66 #include <sys/syscall.h>
67 #include <sys/sysctl.h>
68 #include <sys/sysent.h>
69 #include <sys/vnode.h>
70 #include <sys/syslog.h>
71 #include <sys/eventhandler.h>
75 #include <vm/vm_kern.h>
76 #include <vm/vm_param.h>
78 #include <vm/vm_map.h>
79 #include <vm/vm_object.h>
80 #include <vm/vm_extern.h>
82 #include <machine/elf.h>
83 #include <machine/md_var.h>
85 #define ELF_NOTE_ROUNDSIZE 4
86 #define OLD_EI_BRAND 8
88 static int __elfN(check_header)(const Elf_Ehdr *hdr);
89 static Elf_Brandinfo *__elfN(get_brandinfo)(struct image_params *imgp,
90 const char *interp, int32_t *osrel, uint32_t *fctl0);
91 static int __elfN(load_file)(struct proc *p, const char *file, u_long *addr,
93 static int __elfN(load_section)(struct image_params *imgp, vm_ooffset_t offset,
94 caddr_t vmaddr, size_t memsz, size_t filsz, vm_prot_t prot);
95 static int __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp);
96 static bool __elfN(freebsd_trans_osrel)(const Elf_Note *note,
98 static bool kfreebsd_trans_osrel(const Elf_Note *note, int32_t *osrel);
99 static boolean_t __elfN(check_note)(struct image_params *imgp,
100 Elf_Brandnote *checknote, int32_t *osrel, boolean_t *has_fctl0,
102 static vm_prot_t __elfN(trans_prot)(Elf_Word);
103 static Elf_Word __elfN(untrans_prot)(vm_prot_t);
105 SYSCTL_NODE(_kern, OID_AUTO, __CONCAT(elf, __ELF_WORD_SIZE),
106 CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
109 #define CORE_BUF_SIZE (16 * 1024)
111 int __elfN(fallback_brand) = -1;
112 SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO,
113 fallback_brand, CTLFLAG_RWTUN, &__elfN(fallback_brand), 0,
114 __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) " brand of last resort");
116 static int elf_legacy_coredump = 0;
117 SYSCTL_INT(_debug, OID_AUTO, __elfN(legacy_coredump), CTLFLAG_RW,
118 &elf_legacy_coredump, 0,
119 "include all and only RW pages in core dumps");
121 int __elfN(nxstack) =
122 #if defined(__amd64__) || defined(__powerpc64__) /* both 64 and 32 bit */ || \
123 (defined(__arm__) && __ARM_ARCH >= 7) || defined(__aarch64__) || \
129 SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO,
130 nxstack, CTLFLAG_RW, &__elfN(nxstack), 0,
131 __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) ": enable non-executable stack");
133 #if __ELF_WORD_SIZE == 32 && (defined(__amd64__) || defined(__i386__))
134 int i386_read_exec = 0;
135 SYSCTL_INT(_kern_elf32, OID_AUTO, read_exec, CTLFLAG_RW, &i386_read_exec, 0,
136 "enable execution from readable segments");
139 static u_long __elfN(pie_base) = ET_DYN_LOAD_ADDR;
141 sysctl_pie_base(SYSCTL_HANDLER_ARGS)
146 val = __elfN(pie_base);
147 error = sysctl_handle_long(oidp, &val, 0, req);
148 if (error != 0 || req->newptr == NULL)
150 if ((val & PAGE_MASK) != 0)
152 __elfN(pie_base) = val;
155 SYSCTL_PROC(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, pie_base,
156 CTLTYPE_ULONG | CTLFLAG_MPSAFE | CTLFLAG_RW, NULL, 0,
157 sysctl_pie_base, "LU",
158 "PIE load base without randomization");
160 SYSCTL_NODE(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, aslr,
161 CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
163 #define ASLR_NODE_OID __CONCAT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), _aslr)
165 static int __elfN(aslr_enabled) = 0;
166 SYSCTL_INT(ASLR_NODE_OID, OID_AUTO, enable, CTLFLAG_RWTUN,
167 &__elfN(aslr_enabled), 0,
168 __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE))
169 ": enable address map randomization");
171 static int __elfN(pie_aslr_enabled) = 0;
172 SYSCTL_INT(ASLR_NODE_OID, OID_AUTO, pie_enable, CTLFLAG_RWTUN,
173 &__elfN(pie_aslr_enabled), 0,
174 __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE))
175 ": enable address map randomization for PIE binaries");
177 static int __elfN(aslr_honor_sbrk) = 1;
178 SYSCTL_INT(ASLR_NODE_OID, OID_AUTO, honor_sbrk, CTLFLAG_RW,
179 &__elfN(aslr_honor_sbrk), 0,
180 __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) ": assume sbrk is used");
182 static int __elfN(aslr_stack_gap) = 3;
183 SYSCTL_INT(ASLR_NODE_OID, OID_AUTO, stack_gap, CTLFLAG_RW,
184 &__elfN(aslr_stack_gap), 0,
185 __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE))
186 ": maximum percentage of main stack to waste on a random gap");
188 static int __elfN(sigfastblock) = 1;
189 SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, sigfastblock,
190 CTLFLAG_RWTUN, &__elfN(sigfastblock), 0,
191 "enable sigfastblock for new processes");
193 static Elf_Brandinfo *elf_brand_list[MAX_BRANDS];
195 #define aligned(a, t) (rounddown2((u_long)(a), sizeof(t)) == (u_long)(a))
197 static const char FREEBSD_ABI_VENDOR[] = "FreeBSD";
199 Elf_Brandnote __elfN(freebsd_brandnote) = {
200 .hdr.n_namesz = sizeof(FREEBSD_ABI_VENDOR),
201 .hdr.n_descsz = sizeof(int32_t),
202 .hdr.n_type = NT_FREEBSD_ABI_TAG,
203 .vendor = FREEBSD_ABI_VENDOR,
204 .flags = BN_TRANSLATE_OSREL,
205 .trans_osrel = __elfN(freebsd_trans_osrel)
209 __elfN(freebsd_trans_osrel)(const Elf_Note *note, int32_t *osrel)
213 p = (uintptr_t)(note + 1);
214 p += roundup2(note->n_namesz, ELF_NOTE_ROUNDSIZE);
215 *osrel = *(const int32_t *)(p);
220 static const char GNU_ABI_VENDOR[] = "GNU";
221 static int GNU_KFREEBSD_ABI_DESC = 3;
223 Elf_Brandnote __elfN(kfreebsd_brandnote) = {
224 .hdr.n_namesz = sizeof(GNU_ABI_VENDOR),
225 .hdr.n_descsz = 16, /* XXX at least 16 */
227 .vendor = GNU_ABI_VENDOR,
228 .flags = BN_TRANSLATE_OSREL,
229 .trans_osrel = kfreebsd_trans_osrel
233 kfreebsd_trans_osrel(const Elf_Note *note, int32_t *osrel)
235 const Elf32_Word *desc;
238 p = (uintptr_t)(note + 1);
239 p += roundup2(note->n_namesz, ELF_NOTE_ROUNDSIZE);
241 desc = (const Elf32_Word *)p;
242 if (desc[0] != GNU_KFREEBSD_ABI_DESC)
246 * Debian GNU/kFreeBSD embed the earliest compatible kernel version
247 * (__FreeBSD_version: <major><two digit minor>Rxx) in the LSB way.
249 *osrel = desc[1] * 100000 + desc[2] * 1000 + desc[3];
255 __elfN(insert_brand_entry)(Elf_Brandinfo *entry)
259 for (i = 0; i < MAX_BRANDS; i++) {
260 if (elf_brand_list[i] == NULL) {
261 elf_brand_list[i] = entry;
265 if (i == MAX_BRANDS) {
266 printf("WARNING: %s: could not insert brandinfo entry: %p\n",
274 __elfN(remove_brand_entry)(Elf_Brandinfo *entry)
278 for (i = 0; i < MAX_BRANDS; i++) {
279 if (elf_brand_list[i] == entry) {
280 elf_brand_list[i] = NULL;
290 __elfN(brand_inuse)(Elf_Brandinfo *entry)
295 sx_slock(&allproc_lock);
296 FOREACH_PROC_IN_SYSTEM(p) {
297 if (p->p_sysent == entry->sysvec) {
302 sx_sunlock(&allproc_lock);
307 static Elf_Brandinfo *
308 __elfN(get_brandinfo)(struct image_params *imgp, const char *interp,
309 int32_t *osrel, uint32_t *fctl0)
311 const Elf_Ehdr *hdr = (const Elf_Ehdr *)imgp->image_header;
312 Elf_Brandinfo *bi, *bi_m;
313 boolean_t ret, has_fctl0;
314 int i, interp_name_len;
316 interp_name_len = interp != NULL ? strlen(interp) + 1 : 0;
319 * We support four types of branding -- (1) the ELF EI_OSABI field
320 * that SCO added to the ELF spec, (2) FreeBSD 3.x's traditional string
321 * branding w/in the ELF header, (3) path of the `interp_path'
322 * field, and (4) the ".note.ABI-tag" ELF section.
325 /* Look for an ".note.ABI-tag" ELF section */
327 for (i = 0; i < MAX_BRANDS; i++) {
328 bi = elf_brand_list[i];
331 if (interp != NULL && (bi->flags & BI_BRAND_ONLY_STATIC) != 0)
333 if (hdr->e_machine == bi->machine && (bi->flags &
334 (BI_BRAND_NOTE|BI_BRAND_NOTE_MANDATORY)) != 0) {
338 ret = __elfN(check_note)(imgp, bi->brand_note, osrel,
340 /* Give brand a chance to veto check_note's guess */
341 if (ret && bi->header_supported) {
342 ret = bi->header_supported(imgp, osrel,
343 has_fctl0 ? fctl0 : NULL);
346 * If note checker claimed the binary, but the
347 * interpreter path in the image does not
348 * match default one for the brand, try to
349 * search for other brands with the same
350 * interpreter. Either there is better brand
351 * with the right interpreter, or, failing
352 * this, we return first brand which accepted
353 * our note and, optionally, header.
355 if (ret && bi_m == NULL && interp != NULL &&
356 (bi->interp_path == NULL ||
357 (strlen(bi->interp_path) + 1 != interp_name_len ||
358 strncmp(interp, bi->interp_path, interp_name_len)
370 /* If the executable has a brand, search for it in the brand list. */
371 for (i = 0; i < MAX_BRANDS; i++) {
372 bi = elf_brand_list[i];
373 if (bi == NULL || (bi->flags & BI_BRAND_NOTE_MANDATORY) != 0 ||
374 (interp != NULL && (bi->flags & BI_BRAND_ONLY_STATIC) != 0))
376 if (hdr->e_machine == bi->machine &&
377 (hdr->e_ident[EI_OSABI] == bi->brand ||
378 (bi->compat_3_brand != NULL &&
379 strcmp((const char *)&hdr->e_ident[OLD_EI_BRAND],
380 bi->compat_3_brand) == 0))) {
381 /* Looks good, but give brand a chance to veto */
382 if (bi->header_supported == NULL ||
383 bi->header_supported(imgp, NULL, NULL)) {
385 * Again, prefer strictly matching
388 if (interp_name_len == 0 &&
389 bi->interp_path == NULL)
391 if (bi->interp_path != NULL &&
392 strlen(bi->interp_path) + 1 ==
393 interp_name_len && strncmp(interp,
394 bi->interp_path, interp_name_len) == 0)
404 /* No known brand, see if the header is recognized by any brand */
405 for (i = 0; i < MAX_BRANDS; i++) {
406 bi = elf_brand_list[i];
407 if (bi == NULL || bi->flags & BI_BRAND_NOTE_MANDATORY ||
408 bi->header_supported == NULL)
410 if (hdr->e_machine == bi->machine) {
411 ret = bi->header_supported(imgp, NULL, NULL);
417 /* Lacking a known brand, search for a recognized interpreter. */
418 if (interp != NULL) {
419 for (i = 0; i < MAX_BRANDS; i++) {
420 bi = elf_brand_list[i];
421 if (bi == NULL || (bi->flags &
422 (BI_BRAND_NOTE_MANDATORY | BI_BRAND_ONLY_STATIC))
425 if (hdr->e_machine == bi->machine &&
426 bi->interp_path != NULL &&
427 /* ELF image p_filesz includes terminating zero */
428 strlen(bi->interp_path) + 1 == interp_name_len &&
429 strncmp(interp, bi->interp_path, interp_name_len)
430 == 0 && (bi->header_supported == NULL ||
431 bi->header_supported(imgp, NULL, NULL)))
436 /* Lacking a recognized interpreter, try the default brand */
437 for (i = 0; i < MAX_BRANDS; i++) {
438 bi = elf_brand_list[i];
439 if (bi == NULL || (bi->flags & BI_BRAND_NOTE_MANDATORY) != 0 ||
440 (interp != NULL && (bi->flags & BI_BRAND_ONLY_STATIC) != 0))
442 if (hdr->e_machine == bi->machine &&
443 __elfN(fallback_brand) == bi->brand &&
444 (bi->header_supported == NULL ||
445 bi->header_supported(imgp, NULL, NULL)))
452 __elfN(check_header)(const Elf_Ehdr *hdr)
458 hdr->e_ident[EI_CLASS] != ELF_TARG_CLASS ||
459 hdr->e_ident[EI_DATA] != ELF_TARG_DATA ||
460 hdr->e_ident[EI_VERSION] != EV_CURRENT ||
461 hdr->e_phentsize != sizeof(Elf_Phdr) ||
462 hdr->e_version != ELF_TARG_VER)
466 * Make sure we have at least one brand for this machine.
469 for (i = 0; i < MAX_BRANDS; i++) {
470 bi = elf_brand_list[i];
471 if (bi != NULL && bi->machine == hdr->e_machine)
481 __elfN(map_partial)(vm_map_t map, vm_object_t object, vm_ooffset_t offset,
482 vm_offset_t start, vm_offset_t end, vm_prot_t prot)
489 * Create the page if it doesn't exist yet. Ignore errors.
491 vm_map_fixed(map, NULL, 0, trunc_page(start), round_page(end) -
492 trunc_page(start), VM_PROT_ALL, VM_PROT_ALL, MAP_CHECK_EXCL);
495 * Find the page from the underlying object.
497 if (object != NULL) {
498 sf = vm_imgact_map_page(object, offset);
500 return (KERN_FAILURE);
501 off = offset - trunc_page(offset);
502 error = copyout((caddr_t)sf_buf_kva(sf) + off, (caddr_t)start,
504 vm_imgact_unmap_page(sf);
506 return (KERN_FAILURE);
509 return (KERN_SUCCESS);
513 __elfN(map_insert)(struct image_params *imgp, vm_map_t map, vm_object_t object,
514 vm_ooffset_t offset, vm_offset_t start, vm_offset_t end, vm_prot_t prot,
520 int error, locked, rv;
522 if (start != trunc_page(start)) {
523 rv = __elfN(map_partial)(map, object, offset, start,
524 round_page(start), prot);
525 if (rv != KERN_SUCCESS)
527 offset += round_page(start) - start;
528 start = round_page(start);
530 if (end != round_page(end)) {
531 rv = __elfN(map_partial)(map, object, offset +
532 trunc_page(end) - start, trunc_page(end), end, prot);
533 if (rv != KERN_SUCCESS)
535 end = trunc_page(end);
538 return (KERN_SUCCESS);
539 if ((offset & PAGE_MASK) != 0) {
541 * The mapping is not page aligned. This means that we have
544 rv = vm_map_fixed(map, NULL, 0, start, end - start,
545 prot | VM_PROT_WRITE, VM_PROT_ALL, MAP_CHECK_EXCL);
546 if (rv != KERN_SUCCESS)
549 return (KERN_SUCCESS);
550 for (; start < end; start += sz) {
551 sf = vm_imgact_map_page(object, offset);
553 return (KERN_FAILURE);
554 off = offset - trunc_page(offset);
556 if (sz > PAGE_SIZE - off)
557 sz = PAGE_SIZE - off;
558 error = copyout((caddr_t)sf_buf_kva(sf) + off,
560 vm_imgact_unmap_page(sf);
562 return (KERN_FAILURE);
566 vm_object_reference(object);
567 rv = vm_map_fixed(map, object, offset, start, end - start,
568 prot, VM_PROT_ALL, cow | MAP_CHECK_EXCL |
569 (object != NULL ? MAP_VN_EXEC : 0));
570 if (rv != KERN_SUCCESS) {
571 locked = VOP_ISLOCKED(imgp->vp);
572 VOP_UNLOCK(imgp->vp);
573 vm_object_deallocate(object);
574 vn_lock(imgp->vp, locked | LK_RETRY);
576 } else if (object != NULL) {
577 MPASS(imgp->vp->v_object == object);
578 VOP_SET_TEXT_CHECKED(imgp->vp);
581 return (KERN_SUCCESS);
585 __elfN(load_section)(struct image_params *imgp, vm_ooffset_t offset,
586 caddr_t vmaddr, size_t memsz, size_t filsz, vm_prot_t prot)
592 vm_offset_t map_addr;
595 vm_ooffset_t file_addr;
598 * It's necessary to fail if the filsz + offset taken from the
599 * header is greater than the actual file pager object's size.
600 * If we were to allow this, then the vm_map_find() below would
601 * walk right off the end of the file object and into the ether.
603 * While I'm here, might as well check for something else that
604 * is invalid: filsz cannot be greater than memsz.
606 if ((filsz != 0 && (off_t)filsz + offset > imgp->attr->va_size) ||
608 uprintf("elf_load_section: truncated ELF file\n");
612 object = imgp->object;
613 map = &imgp->proc->p_vmspace->vm_map;
614 map_addr = trunc_page((vm_offset_t)vmaddr);
615 file_addr = trunc_page(offset);
618 * We have two choices. We can either clear the data in the last page
619 * of an oversized mapping, or we can start the anon mapping a page
620 * early and copy the initialized data into that first page. We
625 else if (memsz > filsz)
626 map_len = trunc_page(offset + filsz) - file_addr;
628 map_len = round_page(offset + filsz) - file_addr;
631 /* cow flags: don't dump readonly sections in core */
632 cow = MAP_COPY_ON_WRITE | MAP_PREFAULT |
633 (prot & VM_PROT_WRITE ? 0 : MAP_DISABLE_COREDUMP);
635 rv = __elfN(map_insert)(imgp, map, object, file_addr,
636 map_addr, map_addr + map_len, prot, cow);
637 if (rv != KERN_SUCCESS)
640 /* we can stop now if we've covered it all */
646 * We have to get the remaining bit of the file into the first part
647 * of the oversized map segment. This is normally because the .data
648 * segment in the file is extended to provide bss. It's a neat idea
649 * to try and save a page, but it's a pain in the behind to implement.
651 copy_len = filsz == 0 ? 0 : (offset + filsz) - trunc_page(offset +
653 map_addr = trunc_page((vm_offset_t)vmaddr + filsz);
654 map_len = round_page((vm_offset_t)vmaddr + memsz) - map_addr;
656 /* This had damn well better be true! */
658 rv = __elfN(map_insert)(imgp, map, NULL, 0, map_addr,
659 map_addr + map_len, prot, 0);
660 if (rv != KERN_SUCCESS)
665 sf = vm_imgact_map_page(object, offset + filsz);
669 /* send the page fragment to user space */
670 error = copyout((caddr_t)sf_buf_kva(sf), (caddr_t)map_addr,
672 vm_imgact_unmap_page(sf);
678 * Remove write access to the page if it was only granted by map_insert
681 if ((prot & VM_PROT_WRITE) == 0)
682 vm_map_protect(map, trunc_page(map_addr), round_page(map_addr +
683 map_len), prot, FALSE);
689 __elfN(load_sections)(struct image_params *imgp, const Elf_Ehdr *hdr,
690 const Elf_Phdr *phdr, u_long rbase, u_long *base_addrp)
697 ASSERT_VOP_LOCKED(imgp->vp, __func__);
702 for (i = 0; i < hdr->e_phnum; i++) {
703 if (phdr[i].p_type != PT_LOAD || phdr[i].p_memsz == 0)
706 /* Loadable segment */
707 prot = __elfN(trans_prot)(phdr[i].p_flags);
708 error = __elfN(load_section)(imgp, phdr[i].p_offset,
709 (caddr_t)(uintptr_t)phdr[i].p_vaddr + rbase,
710 phdr[i].p_memsz, phdr[i].p_filesz, prot);
715 * Establish the base address if this is the first segment.
718 base_addr = trunc_page(phdr[i].p_vaddr + rbase);
723 if (base_addrp != NULL)
724 *base_addrp = base_addr;
730 * Load the file "file" into memory. It may be either a shared object
733 * The "addr" reference parameter is in/out. On entry, it specifies
734 * the address where a shared object should be loaded. If the file is
735 * an executable, this value is ignored. On exit, "addr" specifies
736 * where the file was actually loaded.
738 * The "entry" reference parameter is out only. On exit, it specifies
739 * the entry point for the loaded file.
742 __elfN(load_file)(struct proc *p, const char *file, u_long *addr,
748 struct image_params image_params;
750 const Elf_Ehdr *hdr = NULL;
751 const Elf_Phdr *phdr = NULL;
752 struct nameidata *nd;
754 struct image_params *imgp;
756 u_long base_addr = 0;
759 #ifdef CAPABILITY_MODE
761 * XXXJA: This check can go away once we are sufficiently confident
762 * that the checks in namei() are correct.
764 if (IN_CAPABILITY_MODE(curthread))
768 tempdata = malloc(sizeof(*tempdata), M_TEMP, M_WAITOK | M_ZERO);
770 attr = &tempdata->attr;
771 imgp = &tempdata->image_params;
774 * Initialize part of the common data
779 NDINIT(nd, LOOKUP, ISOPEN | FOLLOW | LOCKSHARED | LOCKLEAF,
780 UIO_SYSSPACE, file, curthread);
781 if ((error = namei(nd)) != 0) {
785 NDFREE(nd, NDF_ONLY_PNBUF);
786 imgp->vp = nd->ni_vp;
789 * Check permissions, modes, uid, etc on the file, and "open" it.
791 error = exec_check_permissions(imgp);
795 error = exec_map_first_page(imgp);
799 imgp->object = nd->ni_vp->v_object;
801 hdr = (const Elf_Ehdr *)imgp->image_header;
802 if ((error = __elfN(check_header)(hdr)) != 0)
804 if (hdr->e_type == ET_DYN)
806 else if (hdr->e_type == ET_EXEC)
813 /* Only support headers that fit within first page for now */
814 if ((hdr->e_phoff > PAGE_SIZE) ||
815 (u_int)hdr->e_phentsize * hdr->e_phnum > PAGE_SIZE - hdr->e_phoff) {
820 phdr = (const Elf_Phdr *)(imgp->image_header + hdr->e_phoff);
821 if (!aligned(phdr, Elf_Addr)) {
826 error = __elfN(load_sections)(imgp, hdr, phdr, rbase, &base_addr);
831 *entry = (unsigned long)hdr->e_entry + rbase;
835 exec_unmap_first_page(imgp);
839 VOP_UNSET_TEXT_CHECKED(nd->ni_vp);
842 free(tempdata, M_TEMP);
848 __CONCAT(rnd_, __elfN(base))(vm_map_t map __unused, u_long minv, u_long maxv,
853 MPASS(vm_map_min(map) <= minv);
854 MPASS(maxv <= vm_map_max(map));
856 MPASS(minv + align < maxv);
857 arc4rand(&rbase, sizeof(rbase), 0);
858 res = roundup(minv, (u_long)align) + rbase % (maxv - minv);
859 res &= ~((u_long)align - 1);
863 ("res %#lx < minv %#lx, maxv %#lx rbase %#lx",
864 res, minv, maxv, rbase));
866 ("res %#lx > maxv %#lx, minv %#lx rbase %#lx",
867 res, maxv, minv, rbase));
872 __elfN(enforce_limits)(struct image_params *imgp, const Elf_Ehdr *hdr,
873 const Elf_Phdr *phdr, u_long et_dyn_addr)
875 struct vmspace *vmspace;
877 u_long text_size, data_size, total_size, text_addr, data_addr;
878 u_long seg_size, seg_addr;
882 text_size = data_size = total_size = text_addr = data_addr = 0;
884 for (i = 0; i < hdr->e_phnum; i++) {
885 if (phdr[i].p_type != PT_LOAD || phdr[i].p_memsz == 0)
888 seg_addr = trunc_page(phdr[i].p_vaddr + et_dyn_addr);
889 seg_size = round_page(phdr[i].p_memsz +
890 phdr[i].p_vaddr + et_dyn_addr - seg_addr);
893 * Make the largest executable segment the official
894 * text segment and all others data.
896 * Note that obreak() assumes that data_addr + data_size == end
897 * of data load area, and the ELF file format expects segments
898 * to be sorted by address. If multiple data segments exist,
899 * the last one will be used.
902 if ((phdr[i].p_flags & PF_X) != 0 && text_size < seg_size) {
903 text_size = seg_size;
904 text_addr = seg_addr;
906 data_size = seg_size;
907 data_addr = seg_addr;
909 total_size += seg_size;
912 if (data_addr == 0 && data_size == 0) {
913 data_addr = text_addr;
914 data_size = text_size;
918 * Check limits. It should be safe to check the
919 * limits after loading the segments since we do
920 * not actually fault in all the segments pages.
922 PROC_LOCK(imgp->proc);
923 if (data_size > lim_cur_proc(imgp->proc, RLIMIT_DATA))
924 err_str = "Data segment size exceeds process limit";
925 else if (text_size > maxtsiz)
926 err_str = "Text segment size exceeds system limit";
927 else if (total_size > lim_cur_proc(imgp->proc, RLIMIT_VMEM))
928 err_str = "Total segment size exceeds process limit";
929 else if (racct_set(imgp->proc, RACCT_DATA, data_size) != 0)
930 err_str = "Data segment size exceeds resource limit";
931 else if (racct_set(imgp->proc, RACCT_VMEM, total_size) != 0)
932 err_str = "Total segment size exceeds resource limit";
933 PROC_UNLOCK(imgp->proc);
934 if (err_str != NULL) {
935 uprintf("%s\n", err_str);
939 vmspace = imgp->proc->p_vmspace;
940 vmspace->vm_tsize = text_size >> PAGE_SHIFT;
941 vmspace->vm_taddr = (caddr_t)(uintptr_t)text_addr;
942 vmspace->vm_dsize = data_size >> PAGE_SHIFT;
943 vmspace->vm_daddr = (caddr_t)(uintptr_t)data_addr;
949 __elfN(get_interp)(struct image_params *imgp, const Elf_Phdr *phdr,
950 char **interpp, bool *free_interpp)
954 int error, interp_name_len;
956 KASSERT(phdr->p_type == PT_INTERP,
957 ("%s: p_type %u != PT_INTERP", __func__, phdr->p_type));
958 ASSERT_VOP_LOCKED(imgp->vp, __func__);
962 /* Path to interpreter */
963 if (phdr->p_filesz < 2 || phdr->p_filesz > MAXPATHLEN) {
964 uprintf("Invalid PT_INTERP\n");
968 interp_name_len = phdr->p_filesz;
969 if (phdr->p_offset > PAGE_SIZE ||
970 interp_name_len > PAGE_SIZE - phdr->p_offset) {
972 * The vnode lock might be needed by the pagedaemon to
973 * clean pages owned by the vnode. Do not allow sleep
974 * waiting for memory with the vnode locked, instead
975 * try non-sleepable allocation first, and if it
976 * fails, go to the slow path were we drop the lock
977 * and do M_WAITOK. A text reference prevents
978 * modifications to the vnode content.
980 interp = malloc(interp_name_len + 1, M_TEMP, M_NOWAIT);
981 if (interp == NULL) {
982 VOP_UNLOCK(imgp->vp);
983 interp = malloc(interp_name_len + 1, M_TEMP, M_WAITOK);
984 vn_lock(imgp->vp, LK_SHARED | LK_RETRY);
987 error = vn_rdwr(UIO_READ, imgp->vp, interp,
988 interp_name_len, phdr->p_offset,
989 UIO_SYSSPACE, IO_NODELOCKED, td->td_ucred,
992 free(interp, M_TEMP);
993 uprintf("i/o error PT_INTERP %d\n", error);
996 interp[interp_name_len] = '\0';
999 *free_interpp = true;
1003 interp = __DECONST(char *, imgp->image_header) + phdr->p_offset;
1004 if (interp[interp_name_len - 1] != '\0') {
1005 uprintf("Invalid PT_INTERP\n");
1010 *free_interpp = false;
1015 __elfN(load_interp)(struct image_params *imgp, const Elf_Brandinfo *brand_info,
1016 const char *interp, u_long *addr, u_long *entry)
1021 if (brand_info->emul_path != NULL &&
1022 brand_info->emul_path[0] != '\0') {
1023 path = malloc(MAXPATHLEN, M_TEMP, M_WAITOK);
1024 snprintf(path, MAXPATHLEN, "%s%s",
1025 brand_info->emul_path, interp);
1026 error = __elfN(load_file)(imgp->proc, path, addr, entry);
1032 if (brand_info->interp_newpath != NULL &&
1033 (brand_info->interp_path == NULL ||
1034 strcmp(interp, brand_info->interp_path) == 0)) {
1035 error = __elfN(load_file)(imgp->proc,
1036 brand_info->interp_newpath, addr, entry);
1041 error = __elfN(load_file)(imgp->proc, interp, addr, entry);
1045 uprintf("ELF interpreter %s not found, error %d\n", interp, error);
1050 * Impossible et_dyn_addr initial value indicating that the real base
1051 * must be calculated later with some randomization applied.
1053 #define ET_DYN_ADDR_RAND 1
1056 __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp)
1059 const Elf_Ehdr *hdr;
1060 const Elf_Phdr *phdr;
1061 Elf_Auxargs *elf_auxargs;
1062 struct vmspace *vmspace;
1065 Elf_Brandinfo *brand_info;
1066 struct sysentvec *sv;
1067 u_long addr, baddr, et_dyn_addr, entry, proghdr;
1068 u_long maxalign, mapsz, maxv, maxv1;
1074 hdr = (const Elf_Ehdr *)imgp->image_header;
1077 * Do we have a valid ELF header ?
1079 * Only allow ET_EXEC & ET_DYN here, reject ET_DYN later
1080 * if particular brand doesn't support it.
1082 if (__elfN(check_header)(hdr) != 0 ||
1083 (hdr->e_type != ET_EXEC && hdr->e_type != ET_DYN))
1087 * From here on down, we return an errno, not -1, as we've
1088 * detected an ELF file.
1091 if ((hdr->e_phoff > PAGE_SIZE) ||
1092 (u_int)hdr->e_phentsize * hdr->e_phnum > PAGE_SIZE - hdr->e_phoff) {
1093 /* Only support headers in first page for now */
1094 uprintf("Program headers not in the first page\n");
1097 phdr = (const Elf_Phdr *)(imgp->image_header + hdr->e_phoff);
1098 if (!aligned(phdr, Elf_Addr)) {
1099 uprintf("Unaligned program headers\n");
1107 entry = proghdr = 0;
1109 free_interp = false;
1111 maxalign = PAGE_SIZE;
1114 for (i = 0; i < hdr->e_phnum; i++) {
1115 switch (phdr[i].p_type) {
1118 baddr = phdr[i].p_vaddr;
1119 if (phdr[i].p_align > maxalign)
1120 maxalign = phdr[i].p_align;
1121 mapsz += phdr[i].p_memsz;
1125 * If this segment contains the program headers,
1126 * remember their virtual address for the AT_PHDR
1127 * aux entry. Static binaries don't usually include
1130 if (phdr[i].p_offset == 0 &&
1131 hdr->e_phoff + hdr->e_phnum * hdr->e_phentsize
1132 <= phdr[i].p_filesz)
1133 proghdr = phdr[i].p_vaddr + hdr->e_phoff;
1136 /* Path to interpreter */
1137 if (interp != NULL) {
1138 uprintf("Multiple PT_INTERP headers\n");
1142 error = __elfN(get_interp)(imgp, &phdr[i], &interp,
1148 if (__elfN(nxstack))
1150 __elfN(trans_prot)(phdr[i].p_flags);
1151 imgp->stack_sz = phdr[i].p_memsz;
1153 case PT_PHDR: /* Program header table info */
1154 proghdr = phdr[i].p_vaddr;
1159 brand_info = __elfN(get_brandinfo)(imgp, interp, &osrel, &fctl0);
1160 if (brand_info == NULL) {
1161 uprintf("ELF binary type \"%u\" not known.\n",
1162 hdr->e_ident[EI_OSABI]);
1166 sv = brand_info->sysvec;
1168 if (hdr->e_type == ET_DYN) {
1169 if ((brand_info->flags & BI_CAN_EXEC_DYN) == 0) {
1170 uprintf("Cannot execute shared object\n");
1175 * Honour the base load address from the dso if it is
1176 * non-zero for some reason.
1179 if ((sv->sv_flags & SV_ASLR) == 0 ||
1180 (fctl0 & NT_FREEBSD_FCTL_ASLR_DISABLE) != 0)
1181 et_dyn_addr = __elfN(pie_base);
1182 else if ((__elfN(pie_aslr_enabled) &&
1183 (imgp->proc->p_flag2 & P2_ASLR_DISABLE) == 0) ||
1184 (imgp->proc->p_flag2 & P2_ASLR_ENABLE) != 0)
1185 et_dyn_addr = ET_DYN_ADDR_RAND;
1187 et_dyn_addr = __elfN(pie_base);
1192 * Avoid a possible deadlock if the current address space is destroyed
1193 * and that address space maps the locked vnode. In the common case,
1194 * the locked vnode's v_usecount is decremented but remains greater
1195 * than zero. Consequently, the vnode lock is not needed by vrele().
1196 * However, in cases where the vnode lock is external, such as nullfs,
1197 * v_usecount may become zero.
1199 * The VV_TEXT flag prevents modifications to the executable while
1200 * the vnode is unlocked.
1202 VOP_UNLOCK(imgp->vp);
1205 * Decide whether to enable randomization of user mappings.
1206 * First, reset user preferences for the setid binaries.
1207 * Then, account for the support of the randomization by the
1208 * ABI, by user preferences, and make special treatment for
1211 if (imgp->credential_setid) {
1212 PROC_LOCK(imgp->proc);
1213 imgp->proc->p_flag2 &= ~(P2_ASLR_ENABLE | P2_ASLR_DISABLE);
1214 PROC_UNLOCK(imgp->proc);
1216 if ((sv->sv_flags & SV_ASLR) == 0 ||
1217 (imgp->proc->p_flag2 & P2_ASLR_DISABLE) != 0 ||
1218 (fctl0 & NT_FREEBSD_FCTL_ASLR_DISABLE) != 0) {
1219 KASSERT(et_dyn_addr != ET_DYN_ADDR_RAND,
1220 ("et_dyn_addr == RAND and !ASLR"));
1221 } else if ((imgp->proc->p_flag2 & P2_ASLR_ENABLE) != 0 ||
1222 (__elfN(aslr_enabled) && hdr->e_type == ET_EXEC) ||
1223 et_dyn_addr == ET_DYN_ADDR_RAND) {
1224 imgp->map_flags |= MAP_ASLR;
1226 * If user does not care about sbrk, utilize the bss
1227 * grow region for mappings as well. We can select
1228 * the base for the image anywere and still not suffer
1229 * from the fragmentation.
1231 if (!__elfN(aslr_honor_sbrk) ||
1232 (imgp->proc->p_flag2 & P2_ASLR_IGNSTART) != 0)
1233 imgp->map_flags |= MAP_ASLR_IGNSTART;
1236 error = exec_new_vmspace(imgp, sv);
1237 vmspace = imgp->proc->p_vmspace;
1238 map = &vmspace->vm_map;
1240 imgp->proc->p_sysent = sv;
1242 maxv = vm_map_max(map) - lim_max(td, RLIMIT_STACK);
1243 if (et_dyn_addr == ET_DYN_ADDR_RAND) {
1244 KASSERT((map->flags & MAP_ASLR) != 0,
1245 ("ET_DYN_ADDR_RAND but !MAP_ASLR"));
1246 et_dyn_addr = __CONCAT(rnd_, __elfN(base))(map,
1247 vm_map_min(map) + mapsz + lim_max(td, RLIMIT_DATA),
1248 /* reserve half of the address space to interpreter */
1249 maxv / 2, 1UL << flsl(maxalign));
1252 vn_lock(imgp->vp, LK_SHARED | LK_RETRY);
1256 error = __elfN(load_sections)(imgp, hdr, phdr, et_dyn_addr, NULL);
1260 error = __elfN(enforce_limits)(imgp, hdr, phdr, et_dyn_addr);
1264 entry = (u_long)hdr->e_entry + et_dyn_addr;
1267 * We load the dynamic linker where a userland call
1268 * to mmap(0, ...) would put it. The rationale behind this
1269 * calculation is that it leaves room for the heap to grow to
1270 * its maximum allowed size.
1272 addr = round_page((vm_offset_t)vmspace->vm_daddr + lim_max(td,
1274 if ((map->flags & MAP_ASLR) != 0) {
1275 maxv1 = maxv / 2 + addr / 2;
1276 MPASS(maxv1 >= addr); /* No overflow */
1277 map->anon_loc = __CONCAT(rnd_, __elfN(base))(map, addr, maxv1,
1278 MAXPAGESIZES > 1 ? pagesizes[1] : pagesizes[0]);
1280 map->anon_loc = addr;
1283 imgp->entry_addr = entry;
1285 if (interp != NULL) {
1286 VOP_UNLOCK(imgp->vp);
1287 if ((map->flags & MAP_ASLR) != 0) {
1288 /* Assume that interpeter fits into 1/4 of AS */
1289 maxv1 = maxv / 2 + addr / 2;
1290 MPASS(maxv1 >= addr); /* No overflow */
1291 addr = __CONCAT(rnd_, __elfN(base))(map, addr,
1294 error = __elfN(load_interp)(imgp, brand_info, interp, &addr,
1296 vn_lock(imgp->vp, LK_SHARED | LK_RETRY);
1303 * Construct auxargs table (used by the copyout_auxargs routine)
1305 elf_auxargs = malloc(sizeof(Elf_Auxargs), M_TEMP, M_NOWAIT);
1306 if (elf_auxargs == NULL) {
1307 VOP_UNLOCK(imgp->vp);
1308 elf_auxargs = malloc(sizeof(Elf_Auxargs), M_TEMP, M_WAITOK);
1309 vn_lock(imgp->vp, LK_SHARED | LK_RETRY);
1311 elf_auxargs->execfd = -1;
1312 elf_auxargs->phdr = proghdr + et_dyn_addr;
1313 elf_auxargs->phent = hdr->e_phentsize;
1314 elf_auxargs->phnum = hdr->e_phnum;
1315 elf_auxargs->pagesz = PAGE_SIZE;
1316 elf_auxargs->base = addr;
1317 elf_auxargs->flags = 0;
1318 elf_auxargs->entry = entry;
1319 elf_auxargs->hdr_eflags = hdr->e_flags;
1321 imgp->auxargs = elf_auxargs;
1322 imgp->interpreted = 0;
1323 imgp->reloc_base = addr;
1324 imgp->proc->p_osrel = osrel;
1325 imgp->proc->p_fctl0 = fctl0;
1326 imgp->proc->p_elf_machine = hdr->e_machine;
1327 imgp->proc->p_elf_flags = hdr->e_flags;
1331 free(interp, M_TEMP);
1335 #define suword __CONCAT(suword, __ELF_WORD_SIZE)
1338 __elfN(freebsd_copyout_auxargs)(struct image_params *imgp, uintptr_t base)
1340 Elf_Auxargs *args = (Elf_Auxargs *)imgp->auxargs;
1341 Elf_Auxinfo *argarray, *pos;
1344 argarray = pos = malloc(AT_COUNT * sizeof(*pos), M_TEMP,
1347 if (args->execfd != -1)
1348 AUXARGS_ENTRY(pos, AT_EXECFD, args->execfd);
1349 AUXARGS_ENTRY(pos, AT_PHDR, args->phdr);
1350 AUXARGS_ENTRY(pos, AT_PHENT, args->phent);
1351 AUXARGS_ENTRY(pos, AT_PHNUM, args->phnum);
1352 AUXARGS_ENTRY(pos, AT_PAGESZ, args->pagesz);
1353 AUXARGS_ENTRY(pos, AT_FLAGS, args->flags);
1354 AUXARGS_ENTRY(pos, AT_ENTRY, args->entry);
1355 AUXARGS_ENTRY(pos, AT_BASE, args->base);
1356 AUXARGS_ENTRY(pos, AT_EHDRFLAGS, args->hdr_eflags);
1357 if (imgp->execpathp != 0)
1358 AUXARGS_ENTRY_PTR(pos, AT_EXECPATH, imgp->execpathp);
1359 AUXARGS_ENTRY(pos, AT_OSRELDATE,
1360 imgp->proc->p_ucred->cr_prison->pr_osreldate);
1361 if (imgp->canary != 0) {
1362 AUXARGS_ENTRY_PTR(pos, AT_CANARY, imgp->canary);
1363 AUXARGS_ENTRY(pos, AT_CANARYLEN, imgp->canarylen);
1365 AUXARGS_ENTRY(pos, AT_NCPUS, mp_ncpus);
1366 if (imgp->pagesizes != 0) {
1367 AUXARGS_ENTRY_PTR(pos, AT_PAGESIZES, imgp->pagesizes);
1368 AUXARGS_ENTRY(pos, AT_PAGESIZESLEN, imgp->pagesizeslen);
1370 if (imgp->sysent->sv_timekeep_base != 0) {
1371 AUXARGS_ENTRY(pos, AT_TIMEKEEP,
1372 imgp->sysent->sv_timekeep_base);
1374 AUXARGS_ENTRY(pos, AT_STACKPROT, imgp->sysent->sv_shared_page_obj
1375 != NULL && imgp->stack_prot != 0 ? imgp->stack_prot :
1376 imgp->sysent->sv_stackprot);
1377 if (imgp->sysent->sv_hwcap != NULL)
1378 AUXARGS_ENTRY(pos, AT_HWCAP, *imgp->sysent->sv_hwcap);
1379 if (imgp->sysent->sv_hwcap2 != NULL)
1380 AUXARGS_ENTRY(pos, AT_HWCAP2, *imgp->sysent->sv_hwcap2);
1381 AUXARGS_ENTRY(pos, AT_BSDFLAGS, __elfN(sigfastblock) ?
1382 ELF_BSDF_SIGFASTBLK : 0);
1383 AUXARGS_ENTRY(pos, AT_ARGC, imgp->args->argc);
1384 AUXARGS_ENTRY_PTR(pos, AT_ARGV, imgp->argv);
1385 AUXARGS_ENTRY(pos, AT_ENVC, imgp->args->envc);
1386 AUXARGS_ENTRY_PTR(pos, AT_ENVV, imgp->envv);
1387 AUXARGS_ENTRY_PTR(pos, AT_PS_STRINGS, imgp->ps_strings);
1388 AUXARGS_ENTRY(pos, AT_NULL, 0);
1390 free(imgp->auxargs, M_TEMP);
1391 imgp->auxargs = NULL;
1392 KASSERT(pos - argarray <= AT_COUNT, ("Too many auxargs"));
1394 error = copyout(argarray, (void *)base, sizeof(*argarray) * AT_COUNT);
1395 free(argarray, M_TEMP);
1400 __elfN(freebsd_fixup)(uintptr_t *stack_base, struct image_params *imgp)
1404 base = (Elf_Addr *)*stack_base;
1406 if (suword(base, imgp->args->argc) == -1)
1408 *stack_base = (uintptr_t)base;
1413 * Code for generating ELF core dumps.
1416 typedef void (*segment_callback)(vm_map_entry_t, void *);
1418 /* Closure for cb_put_phdr(). */
1419 struct phdr_closure {
1420 Elf_Phdr *phdr; /* Program header to fill in */
1421 Elf_Off offset; /* Offset of segment in core file */
1424 /* Closure for cb_size_segment(). */
1425 struct sseg_closure {
1426 int count; /* Count of writable segments. */
1427 size_t size; /* Total size of all writable segments. */
1430 typedef void (*outfunc_t)(void *, struct sbuf *, size_t *);
1433 int type; /* Note type. */
1434 outfunc_t outfunc; /* Output function. */
1435 void *outarg; /* Argument for the output function. */
1436 size_t outsize; /* Output size. */
1437 TAILQ_ENTRY(note_info) link; /* Link to the next note info. */
1440 TAILQ_HEAD(note_info_list, note_info);
1442 /* Coredump output parameters. */
1443 struct coredump_params {
1445 struct ucred *active_cred;
1446 struct ucred *file_cred;
1449 struct compressor *comp;
1452 extern int compress_user_cores;
1453 extern int compress_user_cores_level;
1455 static void cb_put_phdr(vm_map_entry_t, void *);
1456 static void cb_size_segment(vm_map_entry_t, void *);
1457 static int core_write(struct coredump_params *, const void *, size_t, off_t,
1459 static void each_dumpable_segment(struct thread *, segment_callback, void *);
1460 static int __elfN(corehdr)(struct coredump_params *, int, void *, size_t,
1461 struct note_info_list *, size_t);
1462 static void __elfN(prepare_notes)(struct thread *, struct note_info_list *,
1464 static void __elfN(puthdr)(struct thread *, void *, size_t, int, size_t);
1465 static void __elfN(putnote)(struct note_info *, struct sbuf *);
1466 static size_t register_note(struct note_info_list *, int, outfunc_t, void *);
1467 static int sbuf_drain_core_output(void *, const char *, int);
1469 static void __elfN(note_fpregset)(void *, struct sbuf *, size_t *);
1470 static void __elfN(note_prpsinfo)(void *, struct sbuf *, size_t *);
1471 static void __elfN(note_prstatus)(void *, struct sbuf *, size_t *);
1472 static void __elfN(note_threadmd)(void *, struct sbuf *, size_t *);
1473 static void __elfN(note_thrmisc)(void *, struct sbuf *, size_t *);
1474 static void __elfN(note_ptlwpinfo)(void *, struct sbuf *, size_t *);
1475 static void __elfN(note_procstat_auxv)(void *, struct sbuf *, size_t *);
1476 static void __elfN(note_procstat_proc)(void *, struct sbuf *, size_t *);
1477 static void __elfN(note_procstat_psstrings)(void *, struct sbuf *, size_t *);
1478 static void note_procstat_files(void *, struct sbuf *, size_t *);
1479 static void note_procstat_groups(void *, struct sbuf *, size_t *);
1480 static void note_procstat_osrel(void *, struct sbuf *, size_t *);
1481 static void note_procstat_rlimit(void *, struct sbuf *, size_t *);
1482 static void note_procstat_umask(void *, struct sbuf *, size_t *);
1483 static void note_procstat_vmmap(void *, struct sbuf *, size_t *);
1486 * Write out a core segment to the compression stream.
1489 compress_chunk(struct coredump_params *p, char *base, char *buf, u_int len)
1495 chunk_len = MIN(len, CORE_BUF_SIZE);
1498 * We can get EFAULT error here.
1499 * In that case zero out the current chunk of the segment.
1501 error = copyin(base, buf, chunk_len);
1503 bzero(buf, chunk_len);
1504 error = compressor_write(p->comp, buf, chunk_len);
1514 core_compressed_write(void *base, size_t len, off_t offset, void *arg)
1517 return (core_write((struct coredump_params *)arg, base, len, offset,
1522 core_write(struct coredump_params *p, const void *base, size_t len,
1523 off_t offset, enum uio_seg seg)
1526 return (vn_rdwr_inchunks(UIO_WRITE, p->vp, __DECONST(void *, base),
1527 len, offset, seg, IO_UNIT | IO_DIRECT | IO_RANGELOCKED,
1528 p->active_cred, p->file_cred, NULL, p->td));
1532 core_output(void *base, size_t len, off_t offset, struct coredump_params *p,
1537 if (p->comp != NULL)
1538 return (compress_chunk(p, base, tmpbuf, len));
1541 * EFAULT is a non-fatal error that we can get, for example,
1542 * if the segment is backed by a file but extends beyond its
1545 error = core_write(p, base, len, offset, UIO_USERSPACE);
1546 if (error == EFAULT) {
1547 log(LOG_WARNING, "Failed to fully fault in a core file segment "
1548 "at VA %p with size 0x%zx to be written at offset 0x%jx "
1549 "for process %s\n", base, len, offset, curproc->p_comm);
1552 * Write a "real" zero byte at the end of the target region
1553 * in the case this is the last segment.
1554 * The intermediate space will be implicitly zero-filled.
1556 error = core_write(p, zero_region, 1, offset + len - 1,
1563 * Drain into a core file.
1566 sbuf_drain_core_output(void *arg, const char *data, int len)
1568 struct coredump_params *p;
1571 p = (struct coredump_params *)arg;
1574 * Some kern_proc out routines that print to this sbuf may
1575 * call us with the process lock held. Draining with the
1576 * non-sleepable lock held is unsafe. The lock is needed for
1577 * those routines when dumping a live process. In our case we
1578 * can safely release the lock before draining and acquire
1581 locked = PROC_LOCKED(p->td->td_proc);
1583 PROC_UNLOCK(p->td->td_proc);
1584 if (p->comp != NULL)
1585 error = compressor_write(p->comp, __DECONST(char *, data), len);
1587 error = core_write(p, __DECONST(void *, data), len, p->offset,
1590 PROC_LOCK(p->td->td_proc);
1598 __elfN(coredump)(struct thread *td, struct vnode *vp, off_t limit, int flags)
1600 struct ucred *cred = td->td_ucred;
1602 struct sseg_closure seginfo;
1603 struct note_info_list notelst;
1604 struct coredump_params params;
1605 struct note_info *ninfo;
1607 size_t hdrsize, notesz, coresize;
1611 TAILQ_INIT(¬elst);
1613 /* Size the program segments. */
1616 each_dumpable_segment(td, cb_size_segment, &seginfo);
1619 * Collect info about the core file header area.
1621 hdrsize = sizeof(Elf_Ehdr) + sizeof(Elf_Phdr) * (1 + seginfo.count);
1622 if (seginfo.count + 1 >= PN_XNUM)
1623 hdrsize += sizeof(Elf_Shdr);
1624 __elfN(prepare_notes)(td, ¬elst, ¬esz);
1625 coresize = round_page(hdrsize + notesz) + seginfo.size;
1627 /* Set up core dump parameters. */
1629 params.active_cred = cred;
1630 params.file_cred = NOCRED;
1637 PROC_LOCK(td->td_proc);
1638 error = racct_add(td->td_proc, RACCT_CORE, coresize);
1639 PROC_UNLOCK(td->td_proc);
1646 if (coresize >= limit) {
1651 /* Create a compression stream if necessary. */
1652 if (compress_user_cores != 0) {
1653 params.comp = compressor_init(core_compressed_write,
1654 compress_user_cores, CORE_BUF_SIZE,
1655 compress_user_cores_level, ¶ms);
1656 if (params.comp == NULL) {
1660 tmpbuf = malloc(CORE_BUF_SIZE, M_TEMP, M_WAITOK | M_ZERO);
1664 * Allocate memory for building the header, fill it up,
1665 * and write it out following the notes.
1667 hdr = malloc(hdrsize, M_TEMP, M_WAITOK);
1668 error = __elfN(corehdr)(¶ms, seginfo.count, hdr, hdrsize, ¬elst,
1671 /* Write the contents of all of the writable segments. */
1677 php = (Elf_Phdr *)((char *)hdr + sizeof(Elf_Ehdr)) + 1;
1678 offset = round_page(hdrsize + notesz);
1679 for (i = 0; i < seginfo.count; i++) {
1680 error = core_output((caddr_t)(uintptr_t)php->p_vaddr,
1681 php->p_filesz, offset, ¶ms, tmpbuf);
1684 offset += php->p_filesz;
1687 if (error == 0 && params.comp != NULL)
1688 error = compressor_flush(params.comp);
1692 "Failed to write core file for process %s (error %d)\n",
1693 curproc->p_comm, error);
1697 free(tmpbuf, M_TEMP);
1698 if (params.comp != NULL)
1699 compressor_fini(params.comp);
1700 while ((ninfo = TAILQ_FIRST(¬elst)) != NULL) {
1701 TAILQ_REMOVE(¬elst, ninfo, link);
1702 free(ninfo, M_TEMP);
1711 * A callback for each_dumpable_segment() to write out the segment's
1712 * program header entry.
1715 cb_put_phdr(vm_map_entry_t entry, void *closure)
1717 struct phdr_closure *phc = (struct phdr_closure *)closure;
1718 Elf_Phdr *phdr = phc->phdr;
1720 phc->offset = round_page(phc->offset);
1722 phdr->p_type = PT_LOAD;
1723 phdr->p_offset = phc->offset;
1724 phdr->p_vaddr = entry->start;
1726 phdr->p_filesz = phdr->p_memsz = entry->end - entry->start;
1727 phdr->p_align = PAGE_SIZE;
1728 phdr->p_flags = __elfN(untrans_prot)(entry->protection);
1730 phc->offset += phdr->p_filesz;
1735 * A callback for each_dumpable_segment() to gather information about
1736 * the number of segments and their total size.
1739 cb_size_segment(vm_map_entry_t entry, void *closure)
1741 struct sseg_closure *ssc = (struct sseg_closure *)closure;
1744 ssc->size += entry->end - entry->start;
1748 * For each writable segment in the process's memory map, call the given
1749 * function with a pointer to the map entry and some arbitrary
1750 * caller-supplied data.
1753 each_dumpable_segment(struct thread *td, segment_callback func, void *closure)
1755 struct proc *p = td->td_proc;
1756 vm_map_t map = &p->p_vmspace->vm_map;
1757 vm_map_entry_t entry;
1758 vm_object_t backing_object, object;
1759 boolean_t ignore_entry;
1761 vm_map_lock_read(map);
1762 VM_MAP_ENTRY_FOREACH(entry, map) {
1764 * Don't dump inaccessible mappings, deal with legacy
1767 * Note that read-only segments related to the elf binary
1768 * are marked MAP_ENTRY_NOCOREDUMP now so we no longer
1769 * need to arbitrarily ignore such segments.
1771 if (elf_legacy_coredump) {
1772 if ((entry->protection & VM_PROT_RW) != VM_PROT_RW)
1775 if ((entry->protection & VM_PROT_ALL) == 0)
1780 * Dont include memory segment in the coredump if
1781 * MAP_NOCORE is set in mmap(2) or MADV_NOCORE in
1782 * madvise(2). Do not dump submaps (i.e. parts of the
1785 if (entry->eflags & (MAP_ENTRY_NOCOREDUMP|MAP_ENTRY_IS_SUB_MAP))
1788 if ((object = entry->object.vm_object) == NULL)
1791 /* Ignore memory-mapped devices and such things. */
1792 VM_OBJECT_RLOCK(object);
1793 while ((backing_object = object->backing_object) != NULL) {
1794 VM_OBJECT_RLOCK(backing_object);
1795 VM_OBJECT_RUNLOCK(object);
1796 object = backing_object;
1798 ignore_entry = object->type != OBJT_DEFAULT &&
1799 object->type != OBJT_SWAP && object->type != OBJT_VNODE &&
1800 object->type != OBJT_PHYS;
1801 VM_OBJECT_RUNLOCK(object);
1805 (*func)(entry, closure);
1807 vm_map_unlock_read(map);
1811 * Write the core file header to the file, including padding up to
1812 * the page boundary.
1815 __elfN(corehdr)(struct coredump_params *p, int numsegs, void *hdr,
1816 size_t hdrsize, struct note_info_list *notelst, size_t notesz)
1818 struct note_info *ninfo;
1822 /* Fill in the header. */
1823 bzero(hdr, hdrsize);
1824 __elfN(puthdr)(p->td, hdr, hdrsize, numsegs, notesz);
1826 sb = sbuf_new(NULL, NULL, CORE_BUF_SIZE, SBUF_FIXEDLEN);
1827 sbuf_set_drain(sb, sbuf_drain_core_output, p);
1828 sbuf_start_section(sb, NULL);
1829 sbuf_bcat(sb, hdr, hdrsize);
1830 TAILQ_FOREACH(ninfo, notelst, link)
1831 __elfN(putnote)(ninfo, sb);
1832 /* Align up to a page boundary for the program segments. */
1833 sbuf_end_section(sb, -1, PAGE_SIZE, 0);
1834 error = sbuf_finish(sb);
1841 __elfN(prepare_notes)(struct thread *td, struct note_info_list *list,
1851 size += register_note(list, NT_PRPSINFO, __elfN(note_prpsinfo), p);
1854 * To have the debugger select the right thread (LWP) as the initial
1855 * thread, we dump the state of the thread passed to us in td first.
1856 * This is the thread that causes the core dump and thus likely to
1857 * be the right thread one wants to have selected in the debugger.
1860 while (thr != NULL) {
1861 size += register_note(list, NT_PRSTATUS,
1862 __elfN(note_prstatus), thr);
1863 size += register_note(list, NT_FPREGSET,
1864 __elfN(note_fpregset), thr);
1865 size += register_note(list, NT_THRMISC,
1866 __elfN(note_thrmisc), thr);
1867 size += register_note(list, NT_PTLWPINFO,
1868 __elfN(note_ptlwpinfo), thr);
1869 size += register_note(list, -1,
1870 __elfN(note_threadmd), thr);
1872 thr = (thr == td) ? TAILQ_FIRST(&p->p_threads) :
1873 TAILQ_NEXT(thr, td_plist);
1875 thr = TAILQ_NEXT(thr, td_plist);
1878 size += register_note(list, NT_PROCSTAT_PROC,
1879 __elfN(note_procstat_proc), p);
1880 size += register_note(list, NT_PROCSTAT_FILES,
1881 note_procstat_files, p);
1882 size += register_note(list, NT_PROCSTAT_VMMAP,
1883 note_procstat_vmmap, p);
1884 size += register_note(list, NT_PROCSTAT_GROUPS,
1885 note_procstat_groups, p);
1886 size += register_note(list, NT_PROCSTAT_UMASK,
1887 note_procstat_umask, p);
1888 size += register_note(list, NT_PROCSTAT_RLIMIT,
1889 note_procstat_rlimit, p);
1890 size += register_note(list, NT_PROCSTAT_OSREL,
1891 note_procstat_osrel, p);
1892 size += register_note(list, NT_PROCSTAT_PSSTRINGS,
1893 __elfN(note_procstat_psstrings), p);
1894 size += register_note(list, NT_PROCSTAT_AUXV,
1895 __elfN(note_procstat_auxv), p);
1901 __elfN(puthdr)(struct thread *td, void *hdr, size_t hdrsize, int numsegs,
1907 struct phdr_closure phc;
1909 ehdr = (Elf_Ehdr *)hdr;
1911 ehdr->e_ident[EI_MAG0] = ELFMAG0;
1912 ehdr->e_ident[EI_MAG1] = ELFMAG1;
1913 ehdr->e_ident[EI_MAG2] = ELFMAG2;
1914 ehdr->e_ident[EI_MAG3] = ELFMAG3;
1915 ehdr->e_ident[EI_CLASS] = ELF_CLASS;
1916 ehdr->e_ident[EI_DATA] = ELF_DATA;
1917 ehdr->e_ident[EI_VERSION] = EV_CURRENT;
1918 ehdr->e_ident[EI_OSABI] = ELFOSABI_FREEBSD;
1919 ehdr->e_ident[EI_ABIVERSION] = 0;
1920 ehdr->e_ident[EI_PAD] = 0;
1921 ehdr->e_type = ET_CORE;
1922 ehdr->e_machine = td->td_proc->p_elf_machine;
1923 ehdr->e_version = EV_CURRENT;
1925 ehdr->e_phoff = sizeof(Elf_Ehdr);
1926 ehdr->e_flags = td->td_proc->p_elf_flags;
1927 ehdr->e_ehsize = sizeof(Elf_Ehdr);
1928 ehdr->e_phentsize = sizeof(Elf_Phdr);
1929 ehdr->e_shentsize = sizeof(Elf_Shdr);
1930 ehdr->e_shstrndx = SHN_UNDEF;
1931 if (numsegs + 1 < PN_XNUM) {
1932 ehdr->e_phnum = numsegs + 1;
1935 ehdr->e_phnum = PN_XNUM;
1938 ehdr->e_shoff = ehdr->e_phoff +
1939 (numsegs + 1) * ehdr->e_phentsize;
1940 KASSERT(ehdr->e_shoff == hdrsize - sizeof(Elf_Shdr),
1941 ("e_shoff: %zu, hdrsize - shdr: %zu",
1942 (size_t)ehdr->e_shoff, hdrsize - sizeof(Elf_Shdr)));
1944 shdr = (Elf_Shdr *)((char *)hdr + ehdr->e_shoff);
1945 memset(shdr, 0, sizeof(*shdr));
1947 * A special first section is used to hold large segment and
1948 * section counts. This was proposed by Sun Microsystems in
1949 * Solaris and has been adopted by Linux; the standard ELF
1950 * tools are already familiar with the technique.
1952 * See table 7-7 of the Solaris "Linker and Libraries Guide"
1953 * (or 12-7 depending on the version of the document) for more
1956 shdr->sh_type = SHT_NULL;
1957 shdr->sh_size = ehdr->e_shnum;
1958 shdr->sh_link = ehdr->e_shstrndx;
1959 shdr->sh_info = numsegs + 1;
1963 * Fill in the program header entries.
1965 phdr = (Elf_Phdr *)((char *)hdr + ehdr->e_phoff);
1967 /* The note segement. */
1968 phdr->p_type = PT_NOTE;
1969 phdr->p_offset = hdrsize;
1972 phdr->p_filesz = notesz;
1974 phdr->p_flags = PF_R;
1975 phdr->p_align = ELF_NOTE_ROUNDSIZE;
1978 /* All the writable segments from the program. */
1980 phc.offset = round_page(hdrsize + notesz);
1981 each_dumpable_segment(td, cb_put_phdr, &phc);
1985 register_note(struct note_info_list *list, int type, outfunc_t out, void *arg)
1987 struct note_info *ninfo;
1988 size_t size, notesize;
1991 out(arg, NULL, &size);
1992 ninfo = malloc(sizeof(*ninfo), M_TEMP, M_ZERO | M_WAITOK);
1994 ninfo->outfunc = out;
1995 ninfo->outarg = arg;
1996 ninfo->outsize = size;
1997 TAILQ_INSERT_TAIL(list, ninfo, link);
2002 notesize = sizeof(Elf_Note) + /* note header */
2003 roundup2(sizeof(FREEBSD_ABI_VENDOR), ELF_NOTE_ROUNDSIZE) +
2005 roundup2(size, ELF_NOTE_ROUNDSIZE); /* note description */
2011 append_note_data(const void *src, void *dst, size_t len)
2015 padded_len = roundup2(len, ELF_NOTE_ROUNDSIZE);
2017 bcopy(src, dst, len);
2018 bzero((char *)dst + len, padded_len - len);
2020 return (padded_len);
2024 __elfN(populate_note)(int type, void *src, void *dst, size_t size, void **descp)
2032 note = (Elf_Note *)buf;
2033 note->n_namesz = sizeof(FREEBSD_ABI_VENDOR);
2034 note->n_descsz = size;
2035 note->n_type = type;
2036 buf += sizeof(*note);
2037 buf += append_note_data(FREEBSD_ABI_VENDOR, buf,
2038 sizeof(FREEBSD_ABI_VENDOR));
2039 append_note_data(src, buf, size);
2044 notesize = sizeof(Elf_Note) + /* note header */
2045 roundup2(sizeof(FREEBSD_ABI_VENDOR), ELF_NOTE_ROUNDSIZE) +
2047 roundup2(size, ELF_NOTE_ROUNDSIZE); /* note description */
2053 __elfN(putnote)(struct note_info *ninfo, struct sbuf *sb)
2056 ssize_t old_len, sect_len;
2057 size_t new_len, descsz, i;
2059 if (ninfo->type == -1) {
2060 ninfo->outfunc(ninfo->outarg, sb, &ninfo->outsize);
2064 note.n_namesz = sizeof(FREEBSD_ABI_VENDOR);
2065 note.n_descsz = ninfo->outsize;
2066 note.n_type = ninfo->type;
2068 sbuf_bcat(sb, ¬e, sizeof(note));
2069 sbuf_start_section(sb, &old_len);
2070 sbuf_bcat(sb, FREEBSD_ABI_VENDOR, sizeof(FREEBSD_ABI_VENDOR));
2071 sbuf_end_section(sb, old_len, ELF_NOTE_ROUNDSIZE, 0);
2072 if (note.n_descsz == 0)
2074 sbuf_start_section(sb, &old_len);
2075 ninfo->outfunc(ninfo->outarg, sb, &ninfo->outsize);
2076 sect_len = sbuf_end_section(sb, old_len, ELF_NOTE_ROUNDSIZE, 0);
2080 new_len = (size_t)sect_len;
2081 descsz = roundup(note.n_descsz, ELF_NOTE_ROUNDSIZE);
2082 if (new_len < descsz) {
2084 * It is expected that individual note emitters will correctly
2085 * predict their expected output size and fill up to that size
2086 * themselves, padding in a format-specific way if needed.
2087 * However, in case they don't, just do it here with zeros.
2089 for (i = 0; i < descsz - new_len; i++)
2091 } else if (new_len > descsz) {
2093 * We can't always truncate sb -- we may have drained some
2096 KASSERT(new_len == descsz, ("%s: Note type %u changed as we "
2097 "read it (%zu > %zu). Since it is longer than "
2098 "expected, this coredump's notes are corrupt. THIS "
2099 "IS A BUG in the note_procstat routine for type %u.\n",
2100 __func__, (unsigned)note.n_type, new_len, descsz,
2101 (unsigned)note.n_type));
2106 * Miscellaneous note out functions.
2109 #if defined(COMPAT_FREEBSD32) && __ELF_WORD_SIZE == 32
2110 #include <compat/freebsd32/freebsd32.h>
2111 #include <compat/freebsd32/freebsd32_signal.h>
2113 typedef struct prstatus32 elf_prstatus_t;
2114 typedef struct prpsinfo32 elf_prpsinfo_t;
2115 typedef struct fpreg32 elf_prfpregset_t;
2116 typedef struct fpreg32 elf_fpregset_t;
2117 typedef struct reg32 elf_gregset_t;
2118 typedef struct thrmisc32 elf_thrmisc_t;
2119 #define ELF_KERN_PROC_MASK KERN_PROC_MASK32
2120 typedef struct kinfo_proc32 elf_kinfo_proc_t;
2121 typedef uint32_t elf_ps_strings_t;
2123 typedef prstatus_t elf_prstatus_t;
2124 typedef prpsinfo_t elf_prpsinfo_t;
2125 typedef prfpregset_t elf_prfpregset_t;
2126 typedef prfpregset_t elf_fpregset_t;
2127 typedef gregset_t elf_gregset_t;
2128 typedef thrmisc_t elf_thrmisc_t;
2129 #define ELF_KERN_PROC_MASK 0
2130 typedef struct kinfo_proc elf_kinfo_proc_t;
2131 typedef vm_offset_t elf_ps_strings_t;
2135 __elfN(note_prpsinfo)(void *arg, struct sbuf *sb, size_t *sizep)
2141 elf_prpsinfo_t *psinfo;
2144 p = (struct proc *)arg;
2146 KASSERT(*sizep == sizeof(*psinfo), ("invalid size"));
2147 psinfo = malloc(sizeof(*psinfo), M_TEMP, M_ZERO | M_WAITOK);
2148 psinfo->pr_version = PRPSINFO_VERSION;
2149 psinfo->pr_psinfosz = sizeof(elf_prpsinfo_t);
2150 strlcpy(psinfo->pr_fname, p->p_comm, sizeof(psinfo->pr_fname));
2152 if (p->p_args != NULL) {
2153 len = sizeof(psinfo->pr_psargs) - 1;
2154 if (len > p->p_args->ar_length)
2155 len = p->p_args->ar_length;
2156 memcpy(psinfo->pr_psargs, p->p_args->ar_args, len);
2162 sbuf_new(&sbarg, psinfo->pr_psargs,
2163 sizeof(psinfo->pr_psargs), SBUF_FIXEDLEN);
2164 error = proc_getargv(curthread, p, &sbarg);
2166 if (sbuf_finish(&sbarg) == 0)
2167 len = sbuf_len(&sbarg) - 1;
2169 len = sizeof(psinfo->pr_psargs) - 1;
2170 sbuf_delete(&sbarg);
2172 if (error || len == 0)
2173 strlcpy(psinfo->pr_psargs, p->p_comm,
2174 sizeof(psinfo->pr_psargs));
2176 KASSERT(len < sizeof(psinfo->pr_psargs),
2177 ("len is too long: %zu vs %zu", len,
2178 sizeof(psinfo->pr_psargs)));
2179 cp = psinfo->pr_psargs;
2182 cp = memchr(cp, '\0', end - cp);
2188 psinfo->pr_pid = p->p_pid;
2189 sbuf_bcat(sb, psinfo, sizeof(*psinfo));
2190 free(psinfo, M_TEMP);
2192 *sizep = sizeof(*psinfo);
2196 __elfN(note_prstatus)(void *arg, struct sbuf *sb, size_t *sizep)
2199 elf_prstatus_t *status;
2201 td = (struct thread *)arg;
2203 KASSERT(*sizep == sizeof(*status), ("invalid size"));
2204 status = malloc(sizeof(*status), M_TEMP, M_ZERO | M_WAITOK);
2205 status->pr_version = PRSTATUS_VERSION;
2206 status->pr_statussz = sizeof(elf_prstatus_t);
2207 status->pr_gregsetsz = sizeof(elf_gregset_t);
2208 status->pr_fpregsetsz = sizeof(elf_fpregset_t);
2209 status->pr_osreldate = osreldate;
2210 status->pr_cursig = td->td_proc->p_sig;
2211 status->pr_pid = td->td_tid;
2212 #if defined(COMPAT_FREEBSD32) && __ELF_WORD_SIZE == 32
2213 fill_regs32(td, &status->pr_reg);
2215 fill_regs(td, &status->pr_reg);
2217 sbuf_bcat(sb, status, sizeof(*status));
2218 free(status, M_TEMP);
2220 *sizep = sizeof(*status);
2224 __elfN(note_fpregset)(void *arg, struct sbuf *sb, size_t *sizep)
2227 elf_prfpregset_t *fpregset;
2229 td = (struct thread *)arg;
2231 KASSERT(*sizep == sizeof(*fpregset), ("invalid size"));
2232 fpregset = malloc(sizeof(*fpregset), M_TEMP, M_ZERO | M_WAITOK);
2233 #if defined(COMPAT_FREEBSD32) && __ELF_WORD_SIZE == 32
2234 fill_fpregs32(td, fpregset);
2236 fill_fpregs(td, fpregset);
2238 sbuf_bcat(sb, fpregset, sizeof(*fpregset));
2239 free(fpregset, M_TEMP);
2241 *sizep = sizeof(*fpregset);
2245 __elfN(note_thrmisc)(void *arg, struct sbuf *sb, size_t *sizep)
2248 elf_thrmisc_t thrmisc;
2250 td = (struct thread *)arg;
2252 KASSERT(*sizep == sizeof(thrmisc), ("invalid size"));
2253 bzero(&thrmisc, sizeof(thrmisc));
2254 strcpy(thrmisc.pr_tname, td->td_name);
2255 sbuf_bcat(sb, &thrmisc, sizeof(thrmisc));
2257 *sizep = sizeof(thrmisc);
2261 __elfN(note_ptlwpinfo)(void *arg, struct sbuf *sb, size_t *sizep)
2266 #if defined(COMPAT_FREEBSD32) && __ELF_WORD_SIZE == 32
2267 struct ptrace_lwpinfo32 pl;
2269 struct ptrace_lwpinfo pl;
2272 td = (struct thread *)arg;
2273 size = sizeof(structsize) + sizeof(pl);
2275 KASSERT(*sizep == size, ("invalid size"));
2276 structsize = sizeof(pl);
2277 sbuf_bcat(sb, &structsize, sizeof(structsize));
2278 bzero(&pl, sizeof(pl));
2279 pl.pl_lwpid = td->td_tid;
2280 pl.pl_event = PL_EVENT_NONE;
2281 pl.pl_sigmask = td->td_sigmask;
2282 pl.pl_siglist = td->td_siglist;
2283 if (td->td_si.si_signo != 0) {
2284 pl.pl_event = PL_EVENT_SIGNAL;
2285 pl.pl_flags |= PL_FLAG_SI;
2286 #if defined(COMPAT_FREEBSD32) && __ELF_WORD_SIZE == 32
2287 siginfo_to_siginfo32(&td->td_si, &pl.pl_siginfo);
2289 pl.pl_siginfo = td->td_si;
2292 strcpy(pl.pl_tdname, td->td_name);
2293 /* XXX TODO: supply more information in struct ptrace_lwpinfo*/
2294 sbuf_bcat(sb, &pl, sizeof(pl));
2300 * Allow for MD specific notes, as well as any MD
2301 * specific preparations for writing MI notes.
2304 __elfN(note_threadmd)(void *arg, struct sbuf *sb, size_t *sizep)
2310 td = (struct thread *)arg;
2312 if (size != 0 && sb != NULL)
2313 buf = malloc(size, M_TEMP, M_ZERO | M_WAITOK);
2317 __elfN(dump_thread)(td, buf, &size);
2318 KASSERT(sb == NULL || *sizep == size, ("invalid size"));
2319 if (size != 0 && sb != NULL)
2320 sbuf_bcat(sb, buf, size);
2325 #ifdef KINFO_PROC_SIZE
2326 CTASSERT(sizeof(struct kinfo_proc) == KINFO_PROC_SIZE);
2330 __elfN(note_procstat_proc)(void *arg, struct sbuf *sb, size_t *sizep)
2336 p = (struct proc *)arg;
2337 size = sizeof(structsize) + p->p_numthreads *
2338 sizeof(elf_kinfo_proc_t);
2341 KASSERT(*sizep == size, ("invalid size"));
2342 structsize = sizeof(elf_kinfo_proc_t);
2343 sbuf_bcat(sb, &structsize, sizeof(structsize));
2345 kern_proc_out(p, sb, ELF_KERN_PROC_MASK);
2350 #ifdef KINFO_FILE_SIZE
2351 CTASSERT(sizeof(struct kinfo_file) == KINFO_FILE_SIZE);
2355 note_procstat_files(void *arg, struct sbuf *sb, size_t *sizep)
2358 size_t size, sect_sz, i;
2359 ssize_t start_len, sect_len;
2360 int structsize, filedesc_flags;
2362 if (coredump_pack_fileinfo)
2363 filedesc_flags = KERN_FILEDESC_PACK_KINFO;
2367 p = (struct proc *)arg;
2368 structsize = sizeof(struct kinfo_file);
2371 sb = sbuf_new(NULL, NULL, 128, SBUF_FIXEDLEN);
2372 sbuf_set_drain(sb, sbuf_count_drain, &size);
2373 sbuf_bcat(sb, &structsize, sizeof(structsize));
2375 kern_proc_filedesc_out(p, sb, -1, filedesc_flags);
2380 sbuf_start_section(sb, &start_len);
2382 sbuf_bcat(sb, &structsize, sizeof(structsize));
2384 kern_proc_filedesc_out(p, sb, *sizep - sizeof(structsize),
2387 sect_len = sbuf_end_section(sb, start_len, 0, 0);
2392 KASSERT(sect_sz <= *sizep,
2393 ("kern_proc_filedesc_out did not respect maxlen; "
2394 "requested %zu, got %zu", *sizep - sizeof(structsize),
2395 sect_sz - sizeof(structsize)));
2397 for (i = 0; i < *sizep - sect_sz && sb->s_error == 0; i++)
2402 #ifdef KINFO_VMENTRY_SIZE
2403 CTASSERT(sizeof(struct kinfo_vmentry) == KINFO_VMENTRY_SIZE);
2407 note_procstat_vmmap(void *arg, struct sbuf *sb, size_t *sizep)
2411 int structsize, vmmap_flags;
2413 if (coredump_pack_vmmapinfo)
2414 vmmap_flags = KERN_VMMAP_PACK_KINFO;
2418 p = (struct proc *)arg;
2419 structsize = sizeof(struct kinfo_vmentry);
2422 sb = sbuf_new(NULL, NULL, 128, SBUF_FIXEDLEN);
2423 sbuf_set_drain(sb, sbuf_count_drain, &size);
2424 sbuf_bcat(sb, &structsize, sizeof(structsize));
2426 kern_proc_vmmap_out(p, sb, -1, vmmap_flags);
2431 sbuf_bcat(sb, &structsize, sizeof(structsize));
2433 kern_proc_vmmap_out(p, sb, *sizep - sizeof(structsize),
2439 note_procstat_groups(void *arg, struct sbuf *sb, size_t *sizep)
2445 p = (struct proc *)arg;
2446 size = sizeof(structsize) + p->p_ucred->cr_ngroups * sizeof(gid_t);
2448 KASSERT(*sizep == size, ("invalid size"));
2449 structsize = sizeof(gid_t);
2450 sbuf_bcat(sb, &structsize, sizeof(structsize));
2451 sbuf_bcat(sb, p->p_ucred->cr_groups, p->p_ucred->cr_ngroups *
2458 note_procstat_umask(void *arg, struct sbuf *sb, size_t *sizep)
2464 p = (struct proc *)arg;
2465 size = sizeof(structsize) + sizeof(p->p_fd->fd_cmask);
2467 KASSERT(*sizep == size, ("invalid size"));
2468 structsize = sizeof(p->p_fd->fd_cmask);
2469 sbuf_bcat(sb, &structsize, sizeof(structsize));
2470 sbuf_bcat(sb, &p->p_fd->fd_cmask, sizeof(p->p_fd->fd_cmask));
2476 note_procstat_rlimit(void *arg, struct sbuf *sb, size_t *sizep)
2479 struct rlimit rlim[RLIM_NLIMITS];
2483 p = (struct proc *)arg;
2484 size = sizeof(structsize) + sizeof(rlim);
2486 KASSERT(*sizep == size, ("invalid size"));
2487 structsize = sizeof(rlim);
2488 sbuf_bcat(sb, &structsize, sizeof(structsize));
2490 for (i = 0; i < RLIM_NLIMITS; i++)
2491 lim_rlimit_proc(p, i, &rlim[i]);
2493 sbuf_bcat(sb, rlim, sizeof(rlim));
2499 note_procstat_osrel(void *arg, struct sbuf *sb, size_t *sizep)
2505 p = (struct proc *)arg;
2506 size = sizeof(structsize) + sizeof(p->p_osrel);
2508 KASSERT(*sizep == size, ("invalid size"));
2509 structsize = sizeof(p->p_osrel);
2510 sbuf_bcat(sb, &structsize, sizeof(structsize));
2511 sbuf_bcat(sb, &p->p_osrel, sizeof(p->p_osrel));
2517 __elfN(note_procstat_psstrings)(void *arg, struct sbuf *sb, size_t *sizep)
2520 elf_ps_strings_t ps_strings;
2524 p = (struct proc *)arg;
2525 size = sizeof(structsize) + sizeof(ps_strings);
2527 KASSERT(*sizep == size, ("invalid size"));
2528 structsize = sizeof(ps_strings);
2529 #if defined(COMPAT_FREEBSD32) && __ELF_WORD_SIZE == 32
2530 ps_strings = PTROUT(p->p_sysent->sv_psstrings);
2532 ps_strings = p->p_sysent->sv_psstrings;
2534 sbuf_bcat(sb, &structsize, sizeof(structsize));
2535 sbuf_bcat(sb, &ps_strings, sizeof(ps_strings));
2541 __elfN(note_procstat_auxv)(void *arg, struct sbuf *sb, size_t *sizep)
2547 p = (struct proc *)arg;
2550 sb = sbuf_new(NULL, NULL, 128, SBUF_FIXEDLEN);
2551 sbuf_set_drain(sb, sbuf_count_drain, &size);
2552 sbuf_bcat(sb, &structsize, sizeof(structsize));
2554 proc_getauxv(curthread, p, sb);
2560 structsize = sizeof(Elf_Auxinfo);
2561 sbuf_bcat(sb, &structsize, sizeof(structsize));
2563 proc_getauxv(curthread, p, sb);
2569 __elfN(parse_notes)(struct image_params *imgp, Elf_Note *checknote,
2570 const char *note_vendor, const Elf_Phdr *pnote,
2571 boolean_t (*cb)(const Elf_Note *, void *, boolean_t *), void *cb_arg)
2573 const Elf_Note *note, *note0, *note_end;
2574 const char *note_name;
2579 /* We need some limit, might as well use PAGE_SIZE. */
2580 if (pnote == NULL || pnote->p_filesz > PAGE_SIZE)
2582 ASSERT_VOP_LOCKED(imgp->vp, "parse_notes");
2583 if (pnote->p_offset > PAGE_SIZE ||
2584 pnote->p_filesz > PAGE_SIZE - pnote->p_offset) {
2585 buf = malloc(pnote->p_filesz, M_TEMP, M_NOWAIT);
2587 VOP_UNLOCK(imgp->vp);
2588 buf = malloc(pnote->p_filesz, M_TEMP, M_WAITOK);
2589 vn_lock(imgp->vp, LK_SHARED | LK_RETRY);
2591 error = vn_rdwr(UIO_READ, imgp->vp, buf, pnote->p_filesz,
2592 pnote->p_offset, UIO_SYSSPACE, IO_NODELOCKED,
2593 curthread->td_ucred, NOCRED, NULL, curthread);
2595 uprintf("i/o error PT_NOTE\n");
2598 note = note0 = (const Elf_Note *)buf;
2599 note_end = (const Elf_Note *)(buf + pnote->p_filesz);
2601 note = note0 = (const Elf_Note *)(imgp->image_header +
2603 note_end = (const Elf_Note *)(imgp->image_header +
2604 pnote->p_offset + pnote->p_filesz);
2607 for (i = 0; i < 100 && note >= note0 && note < note_end; i++) {
2608 if (!aligned(note, Elf32_Addr) || (const char *)note_end -
2609 (const char *)note < sizeof(Elf_Note)) {
2612 if (note->n_namesz != checknote->n_namesz ||
2613 note->n_descsz != checknote->n_descsz ||
2614 note->n_type != checknote->n_type)
2616 note_name = (const char *)(note + 1);
2617 if (note_name + checknote->n_namesz >=
2618 (const char *)note_end || strncmp(note_vendor,
2619 note_name, checknote->n_namesz) != 0)
2622 if (cb(note, cb_arg, &res))
2625 note = (const Elf_Note *)((const char *)(note + 1) +
2626 roundup2(note->n_namesz, ELF_NOTE_ROUNDSIZE) +
2627 roundup2(note->n_descsz, ELF_NOTE_ROUNDSIZE));
2636 struct brandnote_cb_arg {
2637 Elf_Brandnote *brandnote;
2642 brandnote_cb(const Elf_Note *note, void *arg0, boolean_t *res)
2644 struct brandnote_cb_arg *arg;
2649 * Fetch the osreldate for binary from the ELF OSABI-note if
2652 *res = (arg->brandnote->flags & BN_TRANSLATE_OSREL) != 0 &&
2653 arg->brandnote->trans_osrel != NULL ?
2654 arg->brandnote->trans_osrel(note, arg->osrel) : TRUE;
2659 static Elf_Note fctl_note = {
2660 .n_namesz = sizeof(FREEBSD_ABI_VENDOR),
2661 .n_descsz = sizeof(uint32_t),
2662 .n_type = NT_FREEBSD_FEATURE_CTL,
2665 struct fctl_cb_arg {
2666 boolean_t *has_fctl0;
2671 note_fctl_cb(const Elf_Note *note, void *arg0, boolean_t *res)
2673 struct fctl_cb_arg *arg;
2674 const Elf32_Word *desc;
2678 p = (uintptr_t)(note + 1);
2679 p += roundup2(note->n_namesz, ELF_NOTE_ROUNDSIZE);
2680 desc = (const Elf32_Word *)p;
2681 *arg->has_fctl0 = TRUE;
2682 *arg->fctl0 = desc[0];
2687 * Try to find the appropriate ABI-note section for checknote, fetch
2688 * the osreldate and feature control flags for binary from the ELF
2689 * OSABI-note. Only the first page of the image is searched, the same
2693 __elfN(check_note)(struct image_params *imgp, Elf_Brandnote *brandnote,
2694 int32_t *osrel, boolean_t *has_fctl0, uint32_t *fctl0)
2696 const Elf_Phdr *phdr;
2697 const Elf_Ehdr *hdr;
2698 struct brandnote_cb_arg b_arg;
2699 struct fctl_cb_arg f_arg;
2702 hdr = (const Elf_Ehdr *)imgp->image_header;
2703 phdr = (const Elf_Phdr *)(imgp->image_header + hdr->e_phoff);
2704 b_arg.brandnote = brandnote;
2705 b_arg.osrel = osrel;
2706 f_arg.has_fctl0 = has_fctl0;
2707 f_arg.fctl0 = fctl0;
2709 for (i = 0; i < hdr->e_phnum; i++) {
2710 if (phdr[i].p_type == PT_NOTE && __elfN(parse_notes)(imgp,
2711 &brandnote->hdr, brandnote->vendor, &phdr[i], brandnote_cb,
2713 for (j = 0; j < hdr->e_phnum; j++) {
2714 if (phdr[j].p_type == PT_NOTE &&
2715 __elfN(parse_notes)(imgp, &fctl_note,
2716 FREEBSD_ABI_VENDOR, &phdr[j],
2717 note_fctl_cb, &f_arg))
2728 * Tell kern_execve.c about it, with a little help from the linker.
2730 static struct execsw __elfN(execsw) = {
2731 .ex_imgact = __CONCAT(exec_, __elfN(imgact)),
2732 .ex_name = __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE))
2734 EXEC_SET(__CONCAT(elf, __ELF_WORD_SIZE), __elfN(execsw));
2737 __elfN(trans_prot)(Elf_Word flags)
2743 prot |= VM_PROT_EXECUTE;
2745 prot |= VM_PROT_WRITE;
2747 prot |= VM_PROT_READ;
2748 #if __ELF_WORD_SIZE == 32 && (defined(__amd64__) || defined(__i386__))
2749 if (i386_read_exec && (flags & PF_R))
2750 prot |= VM_PROT_EXECUTE;
2756 __elfN(untrans_prot)(vm_prot_t prot)
2761 if (prot & VM_PROT_EXECUTE)
2763 if (prot & VM_PROT_READ)
2765 if (prot & VM_PROT_WRITE)
2771 __elfN(stackgap)(struct image_params *imgp, uintptr_t *stack_base)
2773 uintptr_t range, rbase, gap;
2776 if ((imgp->map_flags & MAP_ASLR) == 0)
2778 pct = __elfN(aslr_stack_gap);
2783 range = imgp->eff_stack_sz * pct / 100;
2784 arc4rand(&rbase, sizeof(rbase), 0);
2785 gap = rbase % range;
2786 gap &= ~(sizeof(u_long) - 1);
projects / FreeBSD / FreeBSD.git / blob