Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
237,960 Commits 606 Branches 0 Tags 3.1 GiB
9ed595918a
Commit Graph

417 Commits

Author SHA1 Message Date
maxv
9ed595918a Revamp the way processes are PaX'ed in the kernel. Sent on tech-kern@ two 
months ago, but no one reviewed it - probably because it's not a trivial
change.

This change fixes the following bug: when loading a PaX'ed binary, the
kernel updates the PaX flag of the calling process before it makes sure
the new process is actually launched. If the kernel fails to launch the
new process, it does not restore the PaX flag of the calling process,
leaving it in an inconsistent state.

Actually, simply restoring it would be horrible as well, since in the
meantime another thread may have used the flag.

The solution is therefore: modify all the functions used by PaX so that
they take as argument the exec package instead of the lwp, and set the PaX
flag in the process *right before* launching the new process - it cannot
fail in the meantime.
 2015-09-26 16:12:24 +00:00
christos
32627ea0ec gcc does not detect initialization correctly on all platforms (hpcsh) 2015-09-12 18:30:46 +00:00
christos
e56eaf6411 - preserve the error number returned from copyin. 
- preserve the original pathname in ep_kname, because this is what gets passed
  to userland in exec_script.c
 2015-09-12 17:04:57 +00:00
christos
c8bd35c1f3 On non absolute exec pathnames, prepend the working directory if 
possible so that we can provide in most situations the absolute
pathname in the AUX vector so that $ORIGIN works. The following
are implementation issues:
    1. deep path execs still don't work (can't provide path to the AUX vector)
    2. the returned path is not normalized (cosmetic)
 2015-09-11 01:23:37 +00:00
maxv
cbb6f393d8 Small changes: 
- rename pax_aslr_init() to pax_aslr_init_vm()
 - remove the PAX_ flags (unused)
 - fix a comment in pax.h
 2015-07-31 07:37:17 +00:00
chs
669ef94683 remove ep_name, change the last reference to use ep_kname instead. 2014-12-14 23:49:28 +00:00
christos
a24ecb0e5b PR/49287: Masao Uebayashi: Handle exec_script argument vector from the 32 -> 
64 bit case. When execing a 64 bit shell from a 32 bit binary the argument
vector was still incorrect.

XXX: Pullup 7
 2014-12-14 21:35:24 +00:00
maxv
eda7c7bbe4 Do not uselessly include <sys/malloc.h>. 2014-11-09 17:48:07 +00:00
christos
f9128b659c PR/49287: David Holland: Skip the right number of bytes to go over the first 
argument in the argv vector. Fixes netbsd32 script execution, where you lost
the first argument because it skipped 8 bytes instead of 4.
 2014-10-24 21:13:30 +00:00
maxv
f1911357ef A KASSERT() is better. 2014-06-22 17:23:34 +00:00
riastradh
2191ea5a51 Correct type of i in execve_dovmcmds. Fixes DEBUG_EXEC build. 2014-04-25 18:04:45 +00:00
uebayasi
82d46164cd execve_runproc: Isolate emul specific code into a function. 2014-04-20 00:20:01 +00:00
uebayasi
f207cc4217 copyinargs: Shorten a local var name. 2014-04-19 23:00:27 +00:00
uebayasi
ea85945d7a copyinargs: Plug theoretical memory leak when fakearg is too long. 
Pointed out & reviewed by Maxime Villard.
 2014-04-19 22:59:08 +00:00
maxv
dc8c3423b2 'error' is not set on failure. This is a true bug: everything is freed 
and unlocked while zero is returned. Since there's no error, execve_runproc()
will get called and will try to use those freed things.

PS: This bug was here before uebayasi@'s changes
 2014-04-18 11:44:31 +00:00
uebayasi
a969a4cf8a calcargs: Correct the size of "argc" in the stack size calculation. 
(The old code has worked because it is compensated by wrong size calculation
of "auxinfo" (multiplied by sizeof(void *)).)
 2014-04-18 06:59:32 +00:00
uebayasi
c3b49b4f57 execve_runproc: Isolate vmcmd execution code into a function. 2014-04-16 02:22:38 +00:00
uebayasi
acaa1e700b execve_runproc: Isolate path / commandname (proc:p_comm) related code into a function. 2014-04-16 01:30:33 +00:00
uebayasi
532bc286ec execve_runproc: Isolate new stack arg filling code into a function. 2014-04-15 17:06:21 +00:00
uebayasi
e4f9e005a5 execve_runproc: Isolate ps_strings filling code into a function. 2014-04-15 16:44:57 +00:00
uebayasi
0244fbfc39 execve_runproc: Simplify &argc address calc. The set of (argc, argv, ...) 
is located just "behind" the initial SP.  SHRINK, then ALLOC, and you get
&argc.
 2014-04-15 16:13:04 +00:00
uebayasi
9605f3cc61 exec_loadvm: Isolate stack size calc logic into separate functions. 2014-04-15 15:50:16 +00:00
uebayasi
3d725db397 copyinargs: Redo previous; if given fakearg is longer than arg buf (which is 
very unlikely to happen), there's no point to continue with truncated arg.
Just give up and return E2BIG.
 2014-04-14 13:14:38 +00:00
uebayasi
dd3e806542 copyinargs: Replace a hand-written string copy loop with strlcpy(3). Carefully 
reuse return value of strlcpy(3) to iterate.
 2014-04-14 05:39:19 +00:00
uebayasi
4adfcd2c94 Revert braces. 2014-04-13 12:11:01 +00:00
uebayasi
eecddf1604 copyinargs: Refactor. Share code. 2014-04-13 09:19:42 +00:00
uebayasi
35b479ac55 execve_loadvm: Move long code block reading passed arguments() into a function. 
This needs further clean up.  (See the XXX comment.)  No functional changes.
 2014-04-13 06:03:49 +00:00
uebayasi
04729d8900 execve_runproc: Correct thinko in Rev. 1.386; the new SP always points to 
after (higher adderss) argc/argv/env/aux/strings regardless of stack growing
direction .  Machines with grow-up stack will detect the top of
argc/argv/env/aux/strings by the address of *argv[] via ps_strings:ps_argvstr.

This means that old comments about RTLD_GAP are all obsolete.

With help from Nick Hudson.
 2014-04-12 15:08:56 +00:00
uebayasi
c1047adce3 Don't #define DEBUG_EXEC. 2014-04-12 07:38:32 +00:00
uebayasi
d01b6ecafe execve_runproc: Refactor debug code. 2014-04-12 07:33:51 +00:00
uebayasi
93fb83ebaa execve_runproc: Move a long code block handling credential into a separate 
function.  No functional changes.
 2014-04-12 06:31:27 +00:00
uebayasi
763d7b32d6 execve_runproc: Unbreak __MACHINE_STACK_GROWS_UP machines. Clarify the stack 
address allocation code.  Summarize an awful big comment about the _rtld()
"gap".

(The log message in Rev. 1.384 was wrong; the new stack address is passed
not via the 3rd register argument, but via the SP.  The 3rd is for ps_strings.)
 2014-04-12 05:25:23 +00:00
uebayasi
7dd91721cc Reorder a new lines. Comments. 2014-04-11 18:02:33 +00:00
uebayasi
4282002059 execve_runproc: The stack address passed to the newly execve()'ed process, 
via the 3rd register argument, always points to the stack base address (==
minsaddr (min stack address) + ssize (stack size)).  Clarify that.
 2014-04-11 17:28:24 +00:00
uebayasi
8ab74c3b1b execve_runproc: Reorder a few local vars. Avoid reuse. No functional changes. 2014-04-11 17:06:02 +00:00
uebayasi
6770193e9c Clarify stack size calculation in copyargs(). Comments. 2014-04-11 11:49:38 +00:00
uebayasi
8f07d0cf93 Clean up assertions. 2014-04-11 11:32:14 +00:00
uebayasi
5dcee2c64e Protect not only proc::p_flag but also lwp::l_ctxlink and proc::p_acflag with 
proc:p_lock.
 2014-04-11 11:21:29 +00:00
uebayasi
5ddf7749cf Try to decrypt stack size calculation code in execve_loadvm(). 
No functional changes.  Two potential miscalculations remain.
 2014-04-11 11:11:06 +00:00
uebayasi
11c21c773e Cache struct exec_package * for readability. No functional changes. 2014-04-11 02:27:20 +00:00
maxv
c22b5e2a12 We need VMCMDs for a binary and its interpreter, so make sure we have 
at least one VMCMD. This also prevents the kernel from using an
uninitialized pointer as entry point for the execution.

From me and Christos

ok christos@
 2014-02-19 15:23:20 +00:00
maxv
113995d235 Cosmetic; just replace whitespaces by tabs 2014-02-17 19:29:46 +00:00
christos
df9581b1ee explain why the innocent sigaction1 call now works. 2014-02-14 16:35:40 +00:00
martin
65095476e3 Cosmetics: return is an operator, not a function: remove (). 2014-02-02 14:50:46 +00:00
martin
2934fa70dc Limit the amount of kernel memory a posix_spawn syscall can use (for handling 
the file action list) by limiting the maximum number of file actions to
twice the current file descriptor limit.
Fix a few bugs in the support functions and document the new limit.
From Maxime Villard.
 2014-02-02 14:48:57 +00:00
dogcow
437b1ce30d Delete duplicate symbol definition introduced in 1.371. Now builds again. 2014-02-02 08:25:23 +00:00
manu
70aead41ff Add EMUL_NATIVEROOT so that native binaries can be told to search an 
"emulation" directory before the real root. This makes easier to test
an amd64 kernel on the top of an i386 root filesystem prior a full
migration.
 2014-02-02 04:28:42 +00:00
christos
840bc63029 __USING_TOPDOWN_VM is no more, __USE_TOPDOWN_VM... 2014-01-25 19:44:11 +00:00
christos
87fb4a985c Simplify error path and fix typos. From Maxime Villard and me. 2014-01-03 15:49:49 +00:00
christos
54a8b0e862 replace strcpy with copystr and remove useless strcpy (Maxime Villard) 2013-12-24 14:47:04 +00:00