mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2025-01-11 17:04:19 +01:00
956d3333ca
----------------------------- The compatibility code and/or emulators have been updated: iBCS2 now mostly uses the older syscalls. SVR4 now properly handles all signals. This has been achieved by using the new sigset_t throughout the emulator. The Linuxulator has been severely updated. Internally the new Linux sigset_t is made the default. These are then mapped to and from the new FreeBSD sigset_t. Also, rt_sigsuspend has been implemented in the Linuxulator. Implementing this syscall basicly caused all this sigset_t changing in the first place and the syscall has been used throughout the change as a means for testing. It basicly is too much work to undo the implementation so that it can later be added again. A special note on the use of sv_sigtbl and sv_sigsize in struct sysentvec: Every signal larger than sv_sigsize is not translated and is passed on to the signal handler unmodified. Signals in the range 1 upto and including sv_sigsize are translated. The rationale is that only the system defined signals need to be translated. The emulators also have been updated so that the translation tables are only indexed for valid (system defined) signals. This change also fixes the translation bug already in the SVR4 emulator.
502 lines
14 KiB
C
502 lines
14 KiB
C
/*-
|
|
* Copyright (c) 1994-1996 Søren Schmidt
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer
|
|
* in this position and unchanged.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. The name of the author may not be used to endorse or promote products
|
|
* derived from this software withough specific prior written permission
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*
|
|
* $FreeBSD$
|
|
*/
|
|
|
|
/* XXX we use functions that might not exist. */
|
|
#include "opt_compat.h"
|
|
|
|
#ifndef COMPAT_43
|
|
#error "Unable to compile Linux-emulator due to missing COMPAT_43 option!"
|
|
#endif
|
|
|
|
#include <sys/param.h>
|
|
#include <sys/systm.h>
|
|
#include <sys/buf.h>
|
|
#include <sys/proc.h>
|
|
#include <sys/sysent.h>
|
|
#include <sys/imgact.h>
|
|
#include <sys/imgact_aout.h>
|
|
#include <sys/imgact_elf.h>
|
|
#include <sys/signalvar.h>
|
|
#include <sys/malloc.h>
|
|
#include <vm/vm.h>
|
|
#include <vm/vm_param.h>
|
|
#include <vm/vm_prot.h>
|
|
#include <vm/vm_page.h>
|
|
#include <vm/vm_extern.h>
|
|
#include <sys/exec.h>
|
|
#include <sys/kernel.h>
|
|
#include <sys/module.h>
|
|
#include <machine/cpu.h>
|
|
|
|
#include <i386/linux/linux.h>
|
|
#include <i386/linux/linux_proto.h>
|
|
|
|
static int linux_fixup __P((long **stack_base,
|
|
struct image_params *iparams));
|
|
static int elf_linux_fixup __P((long **stack_base,
|
|
struct image_params *iparams));
|
|
static void linux_prepsyscall __P((struct trapframe *tf, int *args,
|
|
u_int *code, caddr_t *params));
|
|
static void linux_sendsig __P((sig_t catcher, int sig, sigset_t *mask,
|
|
u_long code));
|
|
|
|
/*
|
|
* Linux syscalls return negative errno's, we do positive and map them
|
|
*/
|
|
static int bsd_to_linux_errno[ELAST + 1] = {
|
|
-0, -1, -2, -3, -4, -5, -6, -7, -8, -9,
|
|
-10, -35, -12, -13, -14, -15, -16, -17, -18, -19,
|
|
-20, -21, -22, -23, -24, -25, -26, -27, -28, -29,
|
|
-30, -31, -32, -33, -34, -11,-115,-114, -88, -89,
|
|
-90, -91, -92, -93, -94, -95, -96, -97, -98, -99,
|
|
-100,-101,-102,-103,-104,-105,-106,-107,-108,-109,
|
|
-110,-111, -40, -36,-112,-113, -39, -11, -87,-122,
|
|
-116, -66, -6, -6, -6, -6, -6, -37, -38, -9,
|
|
-6, -6, -43, -42, -75, -6, -84
|
|
};
|
|
|
|
int bsd_to_linux_signal[LINUX_SIGTBLSZ] = {
|
|
LINUX_SIGHUP, LINUX_SIGINT, LINUX_SIGQUIT, LINUX_SIGILL,
|
|
LINUX_SIGTRAP, LINUX_SIGABRT, 0, LINUX_SIGFPE,
|
|
LINUX_SIGKILL, LINUX_SIGBUS, LINUX_SIGSEGV, 0,
|
|
LINUX_SIGPIPE, LINUX_SIGALRM, LINUX_SIGTERM, LINUX_SIGURG,
|
|
LINUX_SIGSTOP, LINUX_SIGTSTP, LINUX_SIGCONT, LINUX_SIGCHLD,
|
|
LINUX_SIGTTIN, LINUX_SIGTTOU, LINUX_SIGIO, LINUX_SIGXCPU,
|
|
LINUX_SIGXFSZ, LINUX_SIGVTALRM, LINUX_SIGPROF, LINUX_SIGWINCH,
|
|
0, LINUX_SIGUSR1, LINUX_SIGUSR2
|
|
};
|
|
|
|
int linux_to_bsd_signal[LINUX_SIGTBLSZ] = {
|
|
SIGHUP, SIGINT, SIGQUIT, SIGILL,
|
|
SIGTRAP, SIGABRT, SIGBUS, SIGFPE,
|
|
SIGKILL, SIGUSR1, SIGSEGV, SIGUSR2,
|
|
SIGPIPE, SIGALRM, SIGTERM, SIGBUS,
|
|
SIGCHLD, SIGCONT, SIGSTOP, SIGTSTP,
|
|
SIGTTIN, SIGTTOU, SIGURG, SIGXCPU,
|
|
SIGXFSZ, SIGVTALRM, SIGPROF, SIGWINCH,
|
|
SIGIO, SIGURG, 0
|
|
};
|
|
|
|
/*
|
|
* If FreeBSD & Linux have a difference of opinion about what a trap
|
|
* means, deal with it here.
|
|
*/
|
|
static int
|
|
translate_traps(int signal, int trap_code)
|
|
{
|
|
if (signal != SIGBUS)
|
|
return signal;
|
|
switch (trap_code) {
|
|
case T_PROTFLT:
|
|
case T_TSSFLT:
|
|
case T_DOUBLEFLT:
|
|
case T_PAGEFLT:
|
|
return SIGSEGV;
|
|
default:
|
|
return signal;
|
|
}
|
|
}
|
|
|
|
static int
|
|
linux_fixup(long **stack_base, struct image_params *imgp)
|
|
{
|
|
long *argv, *envp;
|
|
|
|
argv = *stack_base;
|
|
envp = *stack_base + (imgp->argc + 1);
|
|
(*stack_base)--;
|
|
**stack_base = (intptr_t)(void *)envp;
|
|
(*stack_base)--;
|
|
**stack_base = (intptr_t)(void *)argv;
|
|
(*stack_base)--;
|
|
**stack_base = imgp->argc;
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
elf_linux_fixup(long **stack_base, struct image_params *imgp)
|
|
{
|
|
Elf32_Auxargs *args = (Elf32_Auxargs *)imgp->auxargs;
|
|
long *pos;
|
|
|
|
pos = *stack_base + (imgp->argc + imgp->envc + 2);
|
|
|
|
if (args->trace) {
|
|
AUXARGS_ENTRY(pos, AT_DEBUG, 1);
|
|
}
|
|
if (args->execfd != -1) {
|
|
AUXARGS_ENTRY(pos, AT_EXECFD, args->execfd);
|
|
}
|
|
AUXARGS_ENTRY(pos, AT_PHDR, args->phdr);
|
|
AUXARGS_ENTRY(pos, AT_PHENT, args->phent);
|
|
AUXARGS_ENTRY(pos, AT_PHNUM, args->phnum);
|
|
AUXARGS_ENTRY(pos, AT_PAGESZ, args->pagesz);
|
|
AUXARGS_ENTRY(pos, AT_FLAGS, args->flags);
|
|
AUXARGS_ENTRY(pos, AT_ENTRY, args->entry);
|
|
AUXARGS_ENTRY(pos, AT_BASE, args->base);
|
|
AUXARGS_ENTRY(pos, AT_UID, imgp->proc->p_cred->p_ruid);
|
|
AUXARGS_ENTRY(pos, AT_EUID, imgp->proc->p_cred->p_svuid);
|
|
AUXARGS_ENTRY(pos, AT_GID, imgp->proc->p_cred->p_rgid);
|
|
AUXARGS_ENTRY(pos, AT_EGID, imgp->proc->p_cred->p_svgid);
|
|
AUXARGS_ENTRY(pos, AT_NULL, 0);
|
|
|
|
free(imgp->auxargs, M_TEMP);
|
|
imgp->auxargs = NULL;
|
|
|
|
(*stack_base)--;
|
|
**stack_base = (long)imgp->argc;
|
|
return 0;
|
|
}
|
|
|
|
extern int _ucodesel, _udatasel;
|
|
|
|
/*
|
|
* Send an interrupt to process.
|
|
*
|
|
* Stack is set up to allow sigcode stored
|
|
* in u. to call routine, followed by kcall
|
|
* to sigreturn routine below. After sigreturn
|
|
* resets the signal mask, the stack, and the
|
|
* frame pointer, it returns to the user
|
|
* specified pc, psl.
|
|
*/
|
|
|
|
static void
|
|
linux_sendsig(sig_t catcher, int sig, sigset_t *mask, u_long code)
|
|
{
|
|
register struct proc *p = curproc;
|
|
register struct trapframe *regs;
|
|
struct linux_sigframe *fp, frame;
|
|
struct sigacts *psp = p->p_sigacts;
|
|
int oonstack;
|
|
|
|
regs = p->p_md.md_regs;
|
|
oonstack = psp->ps_sigstk.ss_flags & SS_ONSTACK;
|
|
|
|
#ifdef DEBUG
|
|
printf("Linux-emul(%ld): linux_sendsig(%p, %d, %p, %lu)\n",
|
|
(long)p->p_pid, catcher, sig, (void*)mask, code);
|
|
#endif
|
|
/*
|
|
* Allocate space for the signal handler context.
|
|
*/
|
|
if ((psp->ps_flags & SAS_ALTSTACK) && !oonstack &&
|
|
SIGISMEMBER(psp->ps_sigonstack, sig)) {
|
|
fp = (struct linux_sigframe *)(psp->ps_sigstk.ss_sp +
|
|
psp->ps_sigstk.ss_size - sizeof(struct linux_sigframe));
|
|
psp->ps_sigstk.ss_flags |= SS_ONSTACK;
|
|
} else {
|
|
fp = (struct linux_sigframe *)regs->tf_esp - 1;
|
|
}
|
|
|
|
/*
|
|
* grow() will return FALSE if the fp will not fit inside the stack
|
|
* and the stack can not be grown. useracc will return FALSE
|
|
* if access is denied.
|
|
*/
|
|
if ((grow_stack (p, (int)fp) == FALSE) ||
|
|
(useracc((caddr_t)fp, sizeof (struct linux_sigframe), B_WRITE) == FALSE)) {
|
|
/*
|
|
* Process has trashed its stack; give it an illegal
|
|
* instruction to halt it in its tracks.
|
|
*/
|
|
SIGACTION(p, SIGILL) = SIG_DFL;
|
|
SIGDELSET(p->p_sigignore, SIGILL);
|
|
SIGDELSET(p->p_sigcatch, SIGILL);
|
|
SIGDELSET(p->p_sigmask, SIGILL);
|
|
psignal(p, SIGILL);
|
|
return;
|
|
}
|
|
|
|
/*
|
|
* Build the argument list for the signal handler.
|
|
*/
|
|
if (p->p_sysent->sv_sigtbl)
|
|
if (sig <= p->p_sysent->sv_sigsize)
|
|
sig = p->p_sysent->sv_sigtbl[_SIG_IDX(sig)];
|
|
|
|
frame.sf_handler = catcher;
|
|
frame.sf_sig = sig;
|
|
|
|
/*
|
|
* Build the signal context to be used by sigreturn.
|
|
*/
|
|
frame.sf_sc.sc_mask = mask->__bits[0];
|
|
frame.sf_sc.sc_gs = rgs();
|
|
frame.sf_sc.sc_fs = regs->tf_fs;
|
|
frame.sf_sc.sc_es = regs->tf_es;
|
|
frame.sf_sc.sc_ds = regs->tf_ds;
|
|
frame.sf_sc.sc_edi = regs->tf_edi;
|
|
frame.sf_sc.sc_esi = regs->tf_esi;
|
|
frame.sf_sc.sc_ebp = regs->tf_ebp;
|
|
frame.sf_sc.sc_ebx = regs->tf_ebx;
|
|
frame.sf_sc.sc_edx = regs->tf_edx;
|
|
frame.sf_sc.sc_ecx = regs->tf_ecx;
|
|
frame.sf_sc.sc_eax = regs->tf_eax;
|
|
frame.sf_sc.sc_eip = regs->tf_eip;
|
|
frame.sf_sc.sc_cs = regs->tf_cs;
|
|
frame.sf_sc.sc_eflags = regs->tf_eflags;
|
|
frame.sf_sc.sc_esp_at_signal = regs->tf_esp;
|
|
frame.sf_sc.sc_ss = regs->tf_ss;
|
|
frame.sf_sc.sc_err = regs->tf_err;
|
|
frame.sf_sc.sc_trapno = code; /* XXX ???? */
|
|
|
|
if (copyout(&frame, fp, sizeof(frame)) != 0) {
|
|
/*
|
|
* Process has trashed its stack; give it an illegal
|
|
* instruction to halt it in its tracks.
|
|
*/
|
|
sigexit(p, SIGILL);
|
|
/* NOTREACHED */
|
|
}
|
|
|
|
/*
|
|
* Build context to run handler in.
|
|
*/
|
|
regs->tf_esp = (int)fp;
|
|
regs->tf_eip = PS_STRINGS - *(p->p_sysent->sv_szsigcode);
|
|
regs->tf_eflags &= ~PSL_VM;
|
|
regs->tf_cs = _ucodesel;
|
|
regs->tf_ds = _udatasel;
|
|
regs->tf_es = _udatasel;
|
|
regs->tf_fs = _udatasel;
|
|
regs->tf_ss = _udatasel;
|
|
}
|
|
|
|
/*
|
|
* System call to cleanup state after a signal
|
|
* has been taken. Reset signal mask and
|
|
* stack state from context left by sendsig (above).
|
|
* Return to previous pc and psl as specified by
|
|
* context left by sendsig. Check carefully to
|
|
* make sure that the user has not modified the
|
|
* psl to gain improper privileges or to cause
|
|
* a machine fault.
|
|
*/
|
|
int
|
|
linux_sigreturn(p, args)
|
|
struct proc *p;
|
|
struct linux_sigreturn_args *args;
|
|
{
|
|
struct linux_sigcontext *scp, context;
|
|
register struct trapframe *regs;
|
|
int eflags;
|
|
|
|
regs = p->p_md.md_regs;
|
|
|
|
#ifdef DEBUG
|
|
printf("Linux-emul(%ld): linux_sigreturn(%p)\n",
|
|
(long)p->p_pid, (void *)args->scp);
|
|
#endif
|
|
/*
|
|
* The trampoline code hands us the context.
|
|
* It is unsafe to keep track of it ourselves, in the event that a
|
|
* program jumps out of a signal handler.
|
|
*/
|
|
scp = SCARG(args,scp);
|
|
if (copyin((caddr_t)scp, &context, sizeof(*scp)) != 0)
|
|
return (EFAULT);
|
|
|
|
/*
|
|
* Check for security violations.
|
|
*/
|
|
#define EFLAGS_SECURE(ef, oef) ((((ef) ^ (oef)) & ~PSL_USERCHANGE) == 0)
|
|
eflags = context.sc_eflags;
|
|
/*
|
|
* XXX do allow users to change the privileged flag PSL_RF. The
|
|
* cpu sets PSL_RF in tf_eflags for faults. Debuggers should
|
|
* sometimes set it there too. tf_eflags is kept in the signal
|
|
* context during signal handling and there is no other place
|
|
* to remember it, so the PSL_RF bit may be corrupted by the
|
|
* signal handler without us knowing. Corruption of the PSL_RF
|
|
* bit at worst causes one more or one less debugger trap, so
|
|
* allowing it is fairly harmless.
|
|
*/
|
|
if (!EFLAGS_SECURE(eflags & ~PSL_RF, regs->tf_eflags & ~PSL_RF)) {
|
|
return(EINVAL);
|
|
}
|
|
|
|
/*
|
|
* Don't allow users to load a valid privileged %cs. Let the
|
|
* hardware check for invalid selectors, excess privilege in
|
|
* other selectors, invalid %eip's and invalid %esp's.
|
|
*/
|
|
#define CS_SECURE(cs) (ISPL(cs) == SEL_UPL)
|
|
if (!CS_SECURE(context.sc_cs)) {
|
|
trapsignal(p, SIGBUS, T_PROTFLT);
|
|
return(EINVAL);
|
|
}
|
|
|
|
p->p_sigacts->ps_sigstk.ss_flags &= ~SS_ONSTACK;
|
|
SIGEMPTYSET(p->p_sigmask);
|
|
p->p_sigmask.__bits[0] = context.sc_mask;
|
|
SIGDELSET(p->p_sigmask, SIGKILL);
|
|
SIGDELSET(p->p_sigmask, SIGCONT);
|
|
SIGDELSET(p->p_sigmask, SIGSTOP);
|
|
|
|
/*
|
|
* Restore signal context.
|
|
*/
|
|
/* %gs was restored by the trampoline. */
|
|
regs->tf_fs = context.sc_fs;
|
|
regs->tf_es = context.sc_es;
|
|
regs->tf_ds = context.sc_ds;
|
|
regs->tf_edi = context.sc_edi;
|
|
regs->tf_esi = context.sc_esi;
|
|
regs->tf_ebp = context.sc_ebp;
|
|
regs->tf_ebx = context.sc_ebx;
|
|
regs->tf_edx = context.sc_edx;
|
|
regs->tf_ecx = context.sc_ecx;
|
|
regs->tf_eax = context.sc_eax;
|
|
regs->tf_eip = context.sc_eip;
|
|
regs->tf_cs = context.sc_cs;
|
|
regs->tf_eflags = eflags;
|
|
regs->tf_esp = context.sc_esp_at_signal;
|
|
regs->tf_ss = context.sc_ss;
|
|
|
|
return (EJUSTRETURN);
|
|
}
|
|
|
|
static void
|
|
linux_prepsyscall(struct trapframe *tf, int *args, u_int *code, caddr_t *params)
|
|
{
|
|
args[0] = tf->tf_ebx;
|
|
args[1] = tf->tf_ecx;
|
|
args[2] = tf->tf_edx;
|
|
args[3] = tf->tf_esi;
|
|
args[4] = tf->tf_edi;
|
|
*params = NULL; /* no copyin */
|
|
}
|
|
|
|
struct sysentvec linux_sysvec = {
|
|
LINUX_SYS_MAXSYSCALL,
|
|
linux_sysent,
|
|
0xff,
|
|
LINUX_SIGTBLSZ,
|
|
bsd_to_linux_signal,
|
|
ELAST + 1,
|
|
bsd_to_linux_errno,
|
|
translate_traps,
|
|
linux_fixup,
|
|
linux_sendsig,
|
|
linux_sigcode,
|
|
&linux_szsigcode,
|
|
linux_prepsyscall,
|
|
"Linux a.out",
|
|
aout_coredump
|
|
};
|
|
|
|
struct sysentvec elf_linux_sysvec = {
|
|
LINUX_SYS_MAXSYSCALL,
|
|
linux_sysent,
|
|
0xff,
|
|
LINUX_SIGTBLSZ,
|
|
bsd_to_linux_signal,
|
|
ELAST + 1,
|
|
bsd_to_linux_errno,
|
|
translate_traps,
|
|
elf_linux_fixup,
|
|
linux_sendsig,
|
|
linux_sigcode,
|
|
&linux_szsigcode,
|
|
linux_prepsyscall,
|
|
"Linux ELF",
|
|
elf_coredump
|
|
};
|
|
|
|
static Elf32_Brandinfo linux_brand = {
|
|
"Linux",
|
|
"/compat/linux",
|
|
"/lib/ld-linux.so.1",
|
|
&elf_linux_sysvec
|
|
};
|
|
|
|
static Elf32_Brandinfo linux_glibc2brand = {
|
|
"Linux",
|
|
"/compat/linux",
|
|
"/lib/ld-linux.so.2",
|
|
&elf_linux_sysvec
|
|
};
|
|
|
|
Elf32_Brandinfo *linux_brandlist[] = {
|
|
&linux_brand,
|
|
&linux_glibc2brand,
|
|
NULL
|
|
};
|
|
|
|
static int
|
|
linux_elf_modevent(module_t mod, int type, void *data)
|
|
{
|
|
Elf32_Brandinfo **brandinfo;
|
|
int error;
|
|
|
|
error = 0;
|
|
|
|
switch(type) {
|
|
case MOD_LOAD:
|
|
for (brandinfo = &linux_brandlist[0]; *brandinfo != NULL;
|
|
++brandinfo)
|
|
if (elf_insert_brand_entry(*brandinfo) < 0)
|
|
error = EINVAL;
|
|
if (error)
|
|
printf("cannot insert Linux elf brand handler\n");
|
|
else if (bootverbose)
|
|
printf("Linux-ELF exec handler installed\n");
|
|
break;
|
|
case MOD_UNLOAD:
|
|
for (brandinfo = &linux_brandlist[0]; *brandinfo != NULL;
|
|
++brandinfo)
|
|
if (elf_brand_inuse(*brandinfo)) {
|
|
error = EBUSY;
|
|
}
|
|
|
|
if (error == 0) {
|
|
for (brandinfo = &linux_brandlist[0];
|
|
*brandinfo != NULL; ++brandinfo)
|
|
if (elf_remove_brand_entry(*brandinfo) < 0)
|
|
error = EINVAL;
|
|
}
|
|
if (error)
|
|
printf("Could not deinstall ELF interpreter entry\n");
|
|
else if (bootverbose)
|
|
printf("Linux-elf exec handler removed\n");
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
return error;
|
|
}
|
|
static moduledata_t linux_elf_mod = {
|
|
"linuxelf",
|
|
linux_elf_modevent,
|
|
0
|
|
};
|
|
DECLARE_MODULE(linuxelf, linux_elf_mod, SI_SUB_EXEC, SI_ORDER_ANY);
|