d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
90ea9c0dcd
freebsd-dev/sys/kern/imgact_aout.c

374 lines
10 KiB
C
Raw Normal View History

/* -> /*- for copyright notices, minor format tweaks as necessary
2005-01-06 23:35:40 +00:00
/*-
sys/kern: adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 2-Clause license, however the tool I was using misidentified many licenses so this was mostly a manual - error prone - task. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts.
2017-11-27 15:20:12 +00:00
* SPDX-License-Identifier: BSD-2-Clause-FreeBSD
*
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
* Copyright (c) 1993, David Greenman
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
Fix my copyright.
1995-09-08 13:24:33 +00:00
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
Use __FBSDID().
2003-06-11 00:56:59 +00:00
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
The big 4.4BSD Lite to FreeBSD 2.0.0 (Development) patch. Reviewed by: Rodney W. Grimes Submitted by: John Dyson and David Greenman
1994-05-25 09:21:21 +00:00
#include <sys/param.h>
#include <sys/exec.h>
#include <sys/imgact.h>
Shuffled macros and definitions around to facilitate architecture independance.
1994-09-24 21:37:01 +00:00
#include <sys/imgact_aout.h>
The big 4.4BSD Lite to FreeBSD 2.0.0 (Development) patch. Reviewed by: Rodney W. Grimes Submitted by: John Dyson and David Greenman
1994-05-25 09:21:21 +00:00
#include <sys/kernel.h>
Add support for executing the FreeBSD 1/i386 a.out binaries on amd64. In particular: - implement compat shims for old stat(2) variants and ogetdirentries(2); - implement delivery of signals with ancient stack frame layout and corresponding sigreturn(2); - implement old getpagesize(2); - provide a user-mode trampoline and LDT call gate for lcall $7,$0; - port a.out image activator and connect it to the build as a module on amd64. The changes are hidden under COMPAT_43. MFC after: 1 month
2011-04-01 11:16:29 +00:00
#include <sys/limits.h>
Undo part of the tangle of having sys/lock.h and sys/mutex.h included in other "system" header files. Also help the deprecation of lockmgr.h by making it a sub-include of sys/lock.h and removing sys/lockmgr.h form kernel .c files. Sort sys/*.h includes where possible in affected files. OK'ed by: bde (with reservations)
2001-05-01 08:13:21 +00:00
#include <sys/lock.h>
Include <sys/malloc.h> instead of depending on namespace pollution 2 layers deep in <sys/proc.h> or <sys/vnode.h>. Removed unused includes. Sorted includes.
2002-09-10 11:57:02 +00:00
#include <sys/malloc.h>
Undo part of the tangle of having sys/lock.h and sys/mutex.h included in other "system" header files. Also help the deprecation of lockmgr.h by making it a sub-include of sys/lock.h and removing sys/lockmgr.h form kernel .c files. Sort sys/*.h includes where possible in affected files. OK'ed by: bde (with reservations)
2001-05-01 08:13:21 +00:00
#include <sys/mutex.h>
Removed unnecessary #includes from <sys/imgact.h> so that it is self-sufficient and added explicit #includes where required.
1996-05-01 02:43:13 +00:00
#include <sys/proc.h>
Add accounting for most of the memory-related resources. Sponsored by: The FreeBSD Foundation Reviewed by: kib (earlier version)
2011-04-05 20:23:59 +00:00
#include <sys/racct.h>
Undo part of the tangle of having sys/lock.h and sys/mutex.h included in other "system" header files. Also help the deprecation of lockmgr.h by making it a sub-include of sys/lock.h and removing sys/lockmgr.h form kernel .c files. Sort sys/*.h includes where possible in affected files. OK'ed by: bde (with reservations)
2001-05-01 08:13:21 +00:00
#include <sys/resourcevar.h>
Add provisions for variant core dump file formats, depending on the object format of the executable being dumped. This is the first step toward producing ELF core dumps in the proper format. I will commit the code to generate the ELF core dumps Real Soon Now. In the meantime, ELF executables won't dump core at all. That is probably no less useful than dumping a.out-style core dumps as they have done until now. Submitted by: Alex <garbanzo@hooked.net> (with very minor changes by me)
1998-09-14 05:36:51 +00:00
#include <sys/signalvar.h>
#include <sys/syscall.h>
Include <sys/malloc.h> instead of depending on namespace pollution 2 layers deep in <sys/proc.h> or <sys/vnode.h>. Removed unused includes. Sorted includes.
2002-09-10 11:57:02 +00:00
#include <sys/sysent.h>
#include <sys/systm.h>
Removed unnecessary #includes from <sys/imgact.h> so that it is self-sufficient and added explicit #includes where required.
1996-05-01 02:43:13 +00:00
#include <sys/vnode.h>
Undo part of the tangle of having sys/lock.h and sys/mutex.h included in other "system" header files. Also help the deprecation of lockmgr.h by making it a sub-include of sys/lock.h and removing sys/lockmgr.h form kernel .c files. Sort sys/*.h includes where possible in affected files. OK'ed by: bde (with reservations)
2001-05-01 08:13:21 +00:00
Collect the a.out coredump code into the calling functions. XXX why does pecoff dump in a.out format?
2002-09-07 01:23:51 +00:00
#include <machine/frame.h>
Include <sys/malloc.h> instead of depending on namespace pollution 2 layers deep in <sys/proc.h> or <sys/vnode.h>. Removed unused includes. Sorted includes.
2002-09-10 11:57:02 +00:00
#include <machine/md_var.h>
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
The big 4.4BSD Lite to FreeBSD 2.0.0 (Development) patch. Reviewed by: Rodney W. Grimes Submitted by: John Dyson and David Greenman
1994-05-25 09:21:21 +00:00
#include <vm/vm.h>
Untangled the vm.h include file spaghetti.
1995-12-07 12:48:31 +00:00
#include <vm/pmap.h>
#include <vm/vm_map.h>
Implement the first page access for object type determination more VM clean. Also, use vm_map_insert instead of vm_mmap. Reviewed by: dg@freebsd.org
1998-01-11 21:35:38 +00:00
#include <vm/vm_object.h>
Include <sys/malloc.h> instead of depending on namespace pollution 2 layers deep in <sys/proc.h> or <sys/vnode.h>. Removed unused includes. Sorted includes.
2002-09-10 11:57:02 +00:00
#include <vm/vm_param.h>
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
Add support for executing the FreeBSD 1/i386 a.out binaries on amd64. In particular: - implement compat shims for old stat(2) variants and ogetdirentries(2); - implement delivery of signals with ancient stack frame layout and corresponding sigreturn(2); - implement old getpagesize(2); - provide a user-mode trampoline and LDT call gate for lcall $7,$0; - port a.out image activator and connect it to the build as a module on amd64. The changes are hidden under COMPAT_43. MFC after: 1 month
2011-04-01 11:16:29 +00:00
#ifdef __amd64__
#include <compat/freebsd32/freebsd32_signal.h>
#include <compat/freebsd32/freebsd32_util.h>
#include <compat/freebsd32/freebsd32_proto.h>
#include <compat/freebsd32/freebsd32_syscall.h>
#include <compat/ia32/ia32_signal.h>
#endif
Remove __P.
2002-03-19 21:25:46 +00:00
static int exec_aout_imgact(struct image_params *imgp);
Use uintptr_t instead of register_t * for the stack base. - Use ustringp for the location of the argv and environment strings and allow destp to travel further down the stack for the stackgap and auxv regions. - Update the Linux copyout_strings variants to move destp down the stack as was done for the native ABIs in r263349. - Stop allocating a space for a stack gap in the Linux ABIs. This used to hold translated system call arguments, but hasn't been used since r159992. Reviewed by: kib Tested on: md64 (amd64, i386, linux64), i386 (i386, linux) Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D22501
2019-12-03 23:17:54 +00:00
static int aout_fixup(uintptr_t *stack_base, struct image_params *imgp);
Staticized. Added prototypes.
1995-12-02 16:32:03 +00:00
i386 4/4G split. The change makes the user and kernel address spaces on i386 independent, giving each almost the full 4G of usable virtual addresses except for one PDE at top used for trampoline and per-CPU trampoline stacks, and system structures that must be always mapped, namely IDT, GDT, common TSS and LDT, and process-private TSS and LDT if allocated. By using 1:1 mapping for the kernel text and data, it appeared possible to eliminate assembler part of the locore.S which bootstraps initial page table and KPTmap. The code is rewritten in C and moved into the pmap_cold(). The comment in vmparam.h explains the KVA layout. There is no PCID mechanism available in protected mode, so each kernel/user switch forth and back completely flushes the TLB, except for the trampoline PTD region. The TLB invalidations for userspace becomes trivial, because IPI handlers switch page tables. On the other hand, context switches no longer need to reload %cr3. copyout(9) was rewritten to use vm_fault_quick_hold(). An issue for new copyout(9) is compatibility with wiring user buffers around sysctl handlers. This explains two kind of locks for copyout ptes and accounting of the vslock() calls. The vm_fault_quick_hold() AKA slow path, is only tried after the 'fast path' failed, which temporary changes mapping to the userspace and copies the data to/from small per-cpu buffer in the trampoline. If a page fault occurs during the copy, it is short-circuit by exception.s to not even reach C code. The change was motivated by the need to implement the Meltdown mitigation, but instead of KPTI the full split is done. The i386 architecture already shows the sizing problems, in particular, it is impossible to link clang and lld with debugging. I expect that the issues due to the virtual address space limits would only exaggerate and the split gives more liveness to the platform. Tested by: pho Discussed with: bde Sponsored by: The FreeBSD Foundation MFC after: 1 month Differential revision: https://reviews.freebsd.org/D14633
2018-04-13 20:30:49 +00:00
#define AOUT32_USRSTACK 0xbfc00000
Add support for executing the FreeBSD 1/i386 a.out binaries on amd64. In particular: - implement compat shims for old stat(2) variants and ogetdirentries(2); - implement delivery of signals with ancient stack frame layout and corresponding sigreturn(2); - implement old getpagesize(2); - provide a user-mode trampoline and LDT call gate for lcall $7,$0; - port a.out image activator and connect it to the build as a module on amd64. The changes are hidden under COMPAT_43. MFC after: 1 month
2011-04-01 11:16:29 +00:00
#if defined(__i386__)
i386 4/4G split. The change makes the user and kernel address spaces on i386 independent, giving each almost the full 4G of usable virtual addresses except for one PDE at top used for trampoline and per-CPU trampoline stacks, and system structures that must be always mapped, namely IDT, GDT, common TSS and LDT, and process-private TSS and LDT if allocated. By using 1:1 mapping for the kernel text and data, it appeared possible to eliminate assembler part of the locore.S which bootstraps initial page table and KPTmap. The code is rewritten in C and moved into the pmap_cold(). The comment in vmparam.h explains the KVA layout. There is no PCID mechanism available in protected mode, so each kernel/user switch forth and back completely flushes the TLB, except for the trampoline PTD region. The TLB invalidations for userspace becomes trivial, because IPI handlers switch page tables. On the other hand, context switches no longer need to reload %cr3. copyout(9) was rewritten to use vm_fault_quick_hold(). An issue for new copyout(9) is compatibility with wiring user buffers around sysctl handlers. This explains two kind of locks for copyout ptes and accounting of the vslock() calls. The vm_fault_quick_hold() AKA slow path, is only tried after the 'fast path' failed, which temporary changes mapping to the userspace and copies the data to/from small per-cpu buffer in the trampoline. If a page fault occurs during the copy, it is short-circuit by exception.s to not even reach C code. The change was motivated by the need to implement the Meltdown mitigation, but instead of KPTI the full split is done. The i386 architecture already shows the sizing problems, in particular, it is impossible to link clang and lld with debugging. I expect that the issues due to the virtual address space limits would only exaggerate and the split gives more liveness to the platform. Tested by: pho Discussed with: bde Sponsored by: The FreeBSD Foundation MFC after: 1 month Differential revision: https://reviews.freebsd.org/D14633
2018-04-13 20:30:49 +00:00
#define AOUT32_PS_STRINGS (AOUT32_USRSTACK - sizeof(struct ps_strings))
Add provisions for variant core dump file formats, depending on the object format of the executable being dumped. This is the first step toward producing ELF core dumps in the proper format. I will commit the code to generate the ELF core dumps Real Soon Now. In the meantime, ELF executables won't dump core at all. That is probably no less useful than dumping a.out-style core dumps as they have done until now. Submitted by: Alex <garbanzo@hooked.net> (with very minor changes by me)
1998-09-14 05:36:51 +00:00
struct sysentvec aout_sysvec = {
Change the static struct sysentvec and struct Elf_Brandinfo initializers to the C99 style. At least, it is easier to read sysent definitions that way, and search for the actual instances of sigcode etc. Explicitely initialize sysentvec.sv_maxssiz that was missed in most sysvecs. No objection from: jhb MFC after: 1 month
2008-09-24 10:14:37 +00:00
.sv_size = SYS_MAXSYSCALL,
.sv_table = sysent,
.sv_transtrap = NULL,
.sv_fixup = aout_fixup,
.sv_sendsig = sendsig,
.sv_sigcode = sigcode,
.sv_szsigcode = &szsigcode,
.sv_name = "FreeBSD a.out",
.sv_coredump = NULL,
.sv_imgact_try = NULL,
.sv_minsigstksz = MINSIGSTKSZ,
.sv_minuser = VM_MIN_ADDRESS,
i386 4/4G split. The change makes the user and kernel address spaces on i386 independent, giving each almost the full 4G of usable virtual addresses except for one PDE at top used for trampoline and per-CPU trampoline stacks, and system structures that must be always mapped, namely IDT, GDT, common TSS and LDT, and process-private TSS and LDT if allocated. By using 1:1 mapping for the kernel text and data, it appeared possible to eliminate assembler part of the locore.S which bootstraps initial page table and KPTmap. The code is rewritten in C and moved into the pmap_cold(). The comment in vmparam.h explains the KVA layout. There is no PCID mechanism available in protected mode, so each kernel/user switch forth and back completely flushes the TLB, except for the trampoline PTD region. The TLB invalidations for userspace becomes trivial, because IPI handlers switch page tables. On the other hand, context switches no longer need to reload %cr3. copyout(9) was rewritten to use vm_fault_quick_hold(). An issue for new copyout(9) is compatibility with wiring user buffers around sysctl handlers. This explains two kind of locks for copyout ptes and accounting of the vslock() calls. The vm_fault_quick_hold() AKA slow path, is only tried after the 'fast path' failed, which temporary changes mapping to the userspace and copies the data to/from small per-cpu buffer in the trampoline. If a page fault occurs during the copy, it is short-circuit by exception.s to not even reach C code. The change was motivated by the need to implement the Meltdown mitigation, but instead of KPTI the full split is done. The i386 architecture already shows the sizing problems, in particular, it is impossible to link clang and lld with debugging. I expect that the issues due to the virtual address space limits would only exaggerate and the split gives more liveness to the platform. Tested by: pho Discussed with: bde Sponsored by: The FreeBSD Foundation MFC after: 1 month Differential revision: https://reviews.freebsd.org/D14633
2018-04-13 20:30:49 +00:00
.sv_maxuser = AOUT32_USRSTACK,
.sv_usrstack = AOUT32_USRSTACK,
.sv_psstrings = AOUT32_PS_STRINGS,
sysent: Add a sv_psstringssz field to struct sysentvec The size of the ps_strings structure varies between ABIs, so this is useful for computing the address of the ps_strings structure relative to the top of the stack when stack address randomization is enabled. Reviewed by: kib MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33704
2022-01-17 16:42:07 +00:00
.sv_psstringssz = sizeof(struct ps_strings),
Change the static struct sysentvec and struct Elf_Brandinfo initializers to the C99 style. At least, it is easier to read sysent definitions that way, and search for the actual instances of sigcode etc. Explicitely initialize sysentvec.sv_maxssiz that was missed in most sysvecs. No objection from: jhb MFC after: 1 month
2008-09-24 10:14:37 +00:00
.sv_stackprot = VM_PROT_ALL,
.sv_copyout_strings = exec_copyout_strings,
.sv_setregs = exec_setregs,
.sv_fixlimit = NULL,
Add sv_flags field to struct sysentvec with intention to provide description of the ABI of the currently executing image. Change some places to test the flags instead of explicit comparing with address of known sysentvec structures to determine ABI features. Discussed with: dchagin, imp, jhb, peter
2008-11-22 12:36:15 +00:00
.sv_maxssiz = NULL,
Add support for executing the FreeBSD 1/i386 a.out binaries on amd64. In particular: - implement compat shims for old stat(2) variants and ogetdirentries(2); - implement delivery of signals with ancient stack frame layout and corresponding sigreturn(2); - implement old getpagesize(2); - provide a user-mode trampoline and LDT call gate for lcall $7,$0; - port a.out image activator and connect it to the build as a module on amd64. The changes are hidden under COMPAT_43. MFC after: 1 month
2011-04-01 11:16:29 +00:00
.sv_flags = SV_ABI_FREEBSD | SV_AOUT | SV_IA32 | SV_ILP32,
Reorganize syscall entry and leave handling. Extend struct sysvec with three new elements: sv_fetch_syscall_args - the method to fetch syscall arguments from usermode into struct syscall_args. The structure is machine-depended (this might be reconsidered after all architectures are converted). sv_set_syscall_retval - the method to set a return value for usermode from the syscall. It is a generalization of cpu_set_syscall_retval(9) to allow ABIs to override the way to set a return value. sv_syscallnames - the table of syscall names. Use sv_set_syscall_retval in kern_sigsuspend() instead of hardcoding the call to cpu_set_syscall_retval(). The new functions syscallenter(9) and syscallret(9) are provided that use sv_*syscall* pointers and contain the common repeated code from the syscall() implementations for the architecture-specific syscall trap handlers. Syscallenter() fetches arguments, calls syscall implementation from ABI sysent table, and set up return frame. The end of syscall bookkeeping is done by syscallret(). Take advantage of single place for MI syscall handling code and implement ptrace_lwpinfo pl_flags PL_FLAG_SCE, PL_FLAG_SCX and PL_FLAG_EXEC. The SCE and SCX flags notify the debugger that the thread is stopped at syscall entry or return point respectively. The EXEC flag augments SCX and notifies debugger that the process address space was changed by one of exec(2)-family syscalls. The i386, amd64, sparc64, sun4v, powerpc and ia64 syscall()s are changed to use syscallenter()/syscallret(). MIPS and arm are not converted and use the mostly unchanged syscall() implementation. Reviewed by: jhb, marcel, marius, nwhitehorn, stas Tested by: marcel (ia64), marius (sparc64), nwhitehorn (powerpc), stas (mips) MFC after: 1 month
2010-05-23 18:32:02 +00:00
.sv_set_syscall_retval = cpu_set_syscall_retval,
.sv_fetch_syscall_args = cpu_fetch_syscall_args,
.sv_syscallnames = syscallnames,
Extend struct sysvec with new method sv_schedtail, which is used for an explicit process at fork trampoline path instead of eventhadler(schedtail) invocation for each child process. Remove eventhandler(schedtail) code and change linux ABI to use newly added sysvec method. While here replace explicit comparing of module sysentvec structure with the newly created process sysentvec to detect the linux ABI. Discussed with: kib MFC after: 2 Week
2011-03-08 19:01:45 +00:00
.sv_schedtail = NULL,
In preparation for switching linuxulator to the use the native 1:1 threads add a hook for cleaning thread resources before the thread die. Differential Revision: https://reviews.freebsd.org/D1038
2015-05-24 14:51:29 +00:00
.sv_thread_detach = NULL,
Implement vsyscall hack. Prior to 2.13 glibc uses vsyscall instead of vdso. An upcoming linux_base-c6 needs it. Differential Revision: https://reviews.freebsd.org/D1090 Reviewed by: kib, trasz MFC after: 1 week
2016-01-09 20:18:53 +00:00
.sv_trap = NULL,
Do not call FreeBSD-ABI specific code for all ABIs Use sysentvec hooks to only call umtx_thread_exit/umtx_exec, which handle robust mutexes, for native FreeBSD ABI. Similarly, there is no sense in calling sigfastblock_clear() for non-native ABIs. Requested by: dchagin Reviewed by: dchagin, markj (previous version) Sponsored by: The FreeBSD Foundation MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D30987
2021-07-01 18:00:29 +00:00
.sv_onexec_old = exec_onexec_old,
.sv_onexit = exit_onexit,
fork: Allow ABI to specify fork return values for child. At least Linux x86 ABI's does not use carry bit and expects that the dx register is preserved. For this add a new sv_set_fork_retval hook and call it from cpu_fork(). Add a short comment about touching dx in x86_set_fork_retval(), for more details see phab comments from kib@ and imp@. Reviewed by: kib Differential revision: https://reviews.freebsd.org/D31472 MFC after: 2 weeks
2021-08-12 08:45:25 +00:00
.sv_set_fork_retval = x86_set_fork_retval,
Add provisions for variant core dump file formats, depending on the object format of the executable being dumped. This is the first step toward producing ELF core dumps in the proper format. I will commit the code to generate the ELF core dumps Real Soon Now. In the meantime, ELF executables won't dump core at all. That is probably no less useful than dumping a.out-style core dumps as they have done until now. Submitted by: Alex <garbanzo@hooked.net> (with very minor changes by me)
1998-09-14 05:36:51 +00:00
};
Add support for executing the FreeBSD 1/i386 a.out binaries on amd64. In particular: - implement compat shims for old stat(2) variants and ogetdirentries(2); - implement delivery of signals with ancient stack frame layout and corresponding sigreturn(2); - implement old getpagesize(2); - provide a user-mode trampoline and LDT call gate for lcall $7,$0; - port a.out image activator and connect it to the build as a module on amd64. The changes are hidden under COMPAT_43. MFC after: 1 month
2011-04-01 11:16:29 +00:00
#elif defined(__amd64__)
vdso for ia32 on amd64 Reviewed by: emaste Discussed with: jrtc27 Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 month Differential revision: https://reviews.freebsd.org/D32960
2021-11-14 00:26:55 +00:00
#include "vdso_ia32_offsets.h"
extern const char _binary_elf_vdso32_so_1_start[];
extern const char _binary_elf_vdso32_so_1_end[];
extern char _binary_elf_vdso32_so_1_size;
Add support for executing the FreeBSD 1/i386 a.out binaries on amd64. In particular: - implement compat shims for old stat(2) variants and ogetdirentries(2); - implement delivery of signals with ancient stack frame layout and corresponding sigreturn(2); - implement old getpagesize(2); - provide a user-mode trampoline and LDT call gate for lcall $7,$0; - port a.out image activator and connect it to the build as a module on amd64. The changes are hidden under COMPAT_43. MFC after: 1 month
2011-04-01 11:16:29 +00:00
#define AOUT32_PS_STRINGS \
(AOUT32_USRSTACK - sizeof(struct freebsd32_ps_strings))
i386 4/4G split. The change makes the user and kernel address spaces on i386 independent, giving each almost the full 4G of usable virtual addresses except for one PDE at top used for trampoline and per-CPU trampoline stacks, and system structures that must be always mapped, namely IDT, GDT, common TSS and LDT, and process-private TSS and LDT if allocated. By using 1:1 mapping for the kernel text and data, it appeared possible to eliminate assembler part of the locore.S which bootstraps initial page table and KPTmap. The code is rewritten in C and moved into the pmap_cold(). The comment in vmparam.h explains the KVA layout. There is no PCID mechanism available in protected mode, so each kernel/user switch forth and back completely flushes the TLB, except for the trampoline PTD region. The TLB invalidations for userspace becomes trivial, because IPI handlers switch page tables. On the other hand, context switches no longer need to reload %cr3. copyout(9) was rewritten to use vm_fault_quick_hold(). An issue for new copyout(9) is compatibility with wiring user buffers around sysctl handlers. This explains two kind of locks for copyout ptes and accounting of the vslock() calls. The vm_fault_quick_hold() AKA slow path, is only tried after the 'fast path' failed, which temporary changes mapping to the userspace and copies the data to/from small per-cpu buffer in the trampoline. If a page fault occurs during the copy, it is short-circuit by exception.s to not even reach C code. The change was motivated by the need to implement the Meltdown mitigation, but instead of KPTI the full split is done. The i386 architecture already shows the sizing problems, in particular, it is impossible to link clang and lld with debugging. I expect that the issues due to the virtual address space limits would only exaggerate and the split gives more liveness to the platform. Tested by: pho Discussed with: bde Sponsored by: The FreeBSD Foundation MFC after: 1 month Differential revision: https://reviews.freebsd.org/D14633
2018-04-13 20:30:49 +00:00
#define AOUT32_MINUSER FREEBSD32_MINUSER
Add support for executing the FreeBSD 1/i386 a.out binaries on amd64. In particular: - implement compat shims for old stat(2) variants and ogetdirentries(2); - implement delivery of signals with ancient stack frame layout and corresponding sigreturn(2); - implement old getpagesize(2); - provide a user-mode trampoline and LDT call gate for lcall $7,$0; - port a.out image activator and connect it to the build as a module on amd64. The changes are hidden under COMPAT_43. MFC after: 1 month
2011-04-01 11:16:29 +00:00
extern const char *freebsd32_syscallnames[];
extern u_long ia32_maxssiz;
vdso for ia32 on amd64 Reviewed by: emaste Discussed with: jrtc27 Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 month Differential revision: https://reviews.freebsd.org/D32960
2021-11-14 00:26:55 +00:00
static int aout_szsigcode;
Add support for executing the FreeBSD 1/i386 a.out binaries on amd64. In particular: - implement compat shims for old stat(2) variants and ogetdirentries(2); - implement delivery of signals with ancient stack frame layout and corresponding sigreturn(2); - implement old getpagesize(2); - provide a user-mode trampoline and LDT call gate for lcall $7,$0; - port a.out image activator and connect it to the build as a module on amd64. The changes are hidden under COMPAT_43. MFC after: 1 month
2011-04-01 11:16:29 +00:00
struct sysentvec aout_sysvec = {
.sv_size = FREEBSD32_SYS_MAXSYSCALL,
.sv_table = freebsd32_sysent,
.sv_transtrap = NULL,
.sv_fixup = aout_fixup,
.sv_sendsig = ia32_sendsig,
vdso for ia32 on amd64 Reviewed by: emaste Discussed with: jrtc27 Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 month Differential revision: https://reviews.freebsd.org/D32960
2021-11-14 00:26:55 +00:00
.sv_sigcode = _binary_elf_vdso32_so_1_start,
.sv_szsigcode = &aout_szsigcode,
Add support for executing the FreeBSD 1/i386 a.out binaries on amd64. In particular: - implement compat shims for old stat(2) variants and ogetdirentries(2); - implement delivery of signals with ancient stack frame layout and corresponding sigreturn(2); - implement old getpagesize(2); - provide a user-mode trampoline and LDT call gate for lcall $7,$0; - port a.out image activator and connect it to the build as a module on amd64. The changes are hidden under COMPAT_43. MFC after: 1 month
2011-04-01 11:16:29 +00:00
.sv_name = "FreeBSD a.out",
.sv_coredump = NULL,
.sv_imgact_try = NULL,
.sv_minsigstksz = MINSIGSTKSZ,
Cosmetics: define FREEBSD32_MINUSER and AOUT32_MINUSER for struct sysentvec .sv_minuser. Also improve style. Submitted by: Oliver Pinter <oliver.pinter@gmail.com> MFC after: 1 week
2012-07-22 13:41:45 +00:00
.sv_minuser = AOUT32_MINUSER,
Add support for executing the FreeBSD 1/i386 a.out binaries on amd64. In particular: - implement compat shims for old stat(2) variants and ogetdirentries(2); - implement delivery of signals with ancient stack frame layout and corresponding sigreturn(2); - implement old getpagesize(2); - provide a user-mode trampoline and LDT call gate for lcall $7,$0; - port a.out image activator and connect it to the build as a module on amd64. The changes are hidden under COMPAT_43. MFC after: 1 month
2011-04-01 11:16:29 +00:00
.sv_maxuser = AOUT32_USRSTACK,
.sv_usrstack = AOUT32_USRSTACK,
.sv_psstrings = AOUT32_PS_STRINGS,
sysent: Add a sv_psstringssz field to struct sysentvec The size of the ps_strings structure varies between ABIs, so this is useful for computing the address of the ps_strings structure relative to the top of the stack when stack address randomization is enabled. Reviewed by: kib MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33704
2022-01-17 16:42:07 +00:00
.sv_psstringssz = sizeof(struct freebsd32_ps_strings),
Add support for executing the FreeBSD 1/i386 a.out binaries on amd64. In particular: - implement compat shims for old stat(2) variants and ogetdirentries(2); - implement delivery of signals with ancient stack frame layout and corresponding sigreturn(2); - implement old getpagesize(2); - provide a user-mode trampoline and LDT call gate for lcall $7,$0; - port a.out image activator and connect it to the build as a module on amd64. The changes are hidden under COMPAT_43. MFC after: 1 month
2011-04-01 11:16:29 +00:00
.sv_stackprot = VM_PROT_ALL,
.sv_copyout_strings = freebsd32_copyout_strings,
.sv_setregs = ia32_setregs,
.sv_fixlimit = ia32_fixlimit,
.sv_maxssiz = &ia32_maxssiz,
.sv_flags = SV_ABI_FREEBSD | SV_AOUT | SV_IA32 | SV_ILP32,
.sv_set_syscall_retval = ia32_set_syscall_retval,
.sv_fetch_syscall_args = ia32_fetch_syscall_args,
.sv_syscallnames = freebsd32_syscallnames,
Do not call FreeBSD-ABI specific code for all ABIs Use sysentvec hooks to only call umtx_thread_exit/umtx_exec, which handle robust mutexes, for native FreeBSD ABI. Similarly, there is no sense in calling sigfastblock_clear() for non-native ABIs. Requested by: dchagin Reviewed by: dchagin, markj (previous version) Sponsored by: The FreeBSD Foundation MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D30987
2021-07-01 18:00:29 +00:00
.sv_onexec_old = exec_onexec_old,
.sv_onexit = exit_onexit,
fork: Allow ABI to specify fork return values for child. At least Linux x86 ABI's does not use carry bit and expects that the dx register is preserved. For this add a new sv_set_fork_retval hook and call it from cpu_fork(). Add a short comment about touching dx in x86_set_fork_retval(), for more details see phab comments from kib@ and imp@. Reviewed by: kib Differential revision: https://reviews.freebsd.org/D31472 MFC after: 2 weeks
2021-08-12 08:45:25 +00:00
.sv_set_fork_retval = x86_set_fork_retval,
Add support for executing the FreeBSD 1/i386 a.out binaries on amd64. In particular: - implement compat shims for old stat(2) variants and ogetdirentries(2); - implement delivery of signals with ancient stack frame layout and corresponding sigreturn(2); - implement old getpagesize(2); - provide a user-mode trampoline and LDT call gate for lcall $7,$0; - port a.out image activator and connect it to the build as a module on amd64. The changes are hidden under COMPAT_43. MFC after: 1 month
2011-04-01 11:16:29 +00:00
};
vdso for ia32 on amd64 Reviewed by: emaste Discussed with: jrtc27 Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 month Differential revision: https://reviews.freebsd.org/D32960
2021-11-14 00:26:55 +00:00
static void
aout_sysent(void *arg __unused)
{
aout_szsigcode = (int)(uintptr_t)&_binary_elf_vdso32_so_1_size;
}
SYSINIT(aout_sysent, SI_SUB_EXEC, SI_ORDER_ANY, aout_sysent, NULL);
Add support for executing the FreeBSD 1/i386 a.out binaries on amd64. In particular: - implement compat shims for old stat(2) variants and ogetdirentries(2); - implement delivery of signals with ancient stack frame layout and corresponding sigreturn(2); - implement old getpagesize(2); - provide a user-mode trampoline and LDT call gate for lcall $7,$0; - port a.out image activator and connect it to the build as a module on amd64. The changes are hidden under COMPAT_43. MFC after: 1 month
2011-04-01 11:16:29 +00:00
#else
imgact_aout.c: We do not expect the aout support to be ported Specify that the only supported architecture for a.out is ia32 (either i386 or amd64 host kernel). Requested by: emaste Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D32960
2021-12-04 04:14:38 +00:00
#error "Only ia32 arch is supported"
Add support for executing the FreeBSD 1/i386 a.out binaries on amd64. In particular: - implement compat shims for old stat(2) variants and ogetdirentries(2); - implement delivery of signals with ancient stack frame layout and corresponding sigreturn(2); - implement old getpagesize(2); - provide a user-mode trampoline and LDT call gate for lcall $7,$0; - port a.out image activator and connect it to the build as a module on amd64. The changes are hidden under COMPAT_43. MFC after: 1 month
2011-04-01 11:16:29 +00:00
#endif
Added fields for VM_MIN_ADDRESS, PS_STRINGS and stack protections to sysentvec. Initialized all fields of all sysentvecs, which will allow them to be used instead of constants in more places. Provided stack fixup routines for emulations that previously used the default.
2002-09-01 21:41:24 +00:00
static int
Use uintptr_t instead of register_t * for the stack base. - Use ustringp for the location of the argv and environment strings and allow destp to travel further down the stack for the stackgap and auxv regions. - Update the Linux copyout_strings variants to move destp down the stack as was done for the native ABIs in r263349. - Stop allocating a space for a stack gap in the Linux ABIs. This used to hold translated system call arguments, but hasn't been used since r159992. Reviewed by: kib Tested on: md64 (amd64, i386, linux64), i386 (i386, linux) Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D22501
2019-12-03 23:17:54 +00:00
aout_fixup(uintptr_t *stack_base, struct image_params *imgp)
Added fields for VM_MIN_ADDRESS, PS_STRINGS and stack protections to sysentvec. Initialized all fields of all sysentvecs, which will allow them to be used instead of constants in more places. Provided stack fixup routines for emulations that previously used the default.
2002-09-01 21:41:24 +00:00
{
Use uintptr_t instead of register_t * for the stack base. - Use ustringp for the location of the argv and environment strings and allow destp to travel further down the stack for the stackgap and auxv regions. - Update the Linux copyout_strings variants to move destp down the stack as was done for the native ABIs in r263349. - Stop allocating a space for a stack gap in the Linux ABIs. This used to hold translated system call arguments, but hasn't been used since r159992. Reviewed by: kib Tested on: md64 (amd64, i386, linux64), i386 (i386, linux) Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D22501
2019-12-03 23:17:54 +00:00
*stack_base -= sizeof(uint32_t);
if (suword32((void *)*stack_base, imgp->args->argc) != 0)
return (EFAULT);
return (0);
Added fields for VM_MIN_ADDRESS, PS_STRINGS and stack protections to sysentvec. Initialized all fields of all sysentvecs, which will allow them to be used instead of constants in more places. Provided stack fixup routines for emulations that previously used the default.
2002-09-01 21:41:24 +00:00
}
Fixed style regressions in previous commit.
1999-09-04 13:30:18 +00:00
static int
Add support for executing the FreeBSD 1/i386 a.out binaries on amd64. In particular: - implement compat shims for old stat(2) variants and ogetdirentries(2); - implement delivery of signals with ancient stack frame layout and corresponding sigreturn(2); - implement old getpagesize(2); - provide a user-mode trampoline and LDT call gate for lcall $7,$0; - port a.out image activator and connect it to the build as a module on amd64. The changes are hidden under COMPAT_43. MFC after: 1 month
2011-04-01 11:16:29 +00:00
exec_aout_imgact(struct image_params *imgp)
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
{
imgact_aout.c: some style Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D32960
2021-12-03 10:32:35 +00:00
const struct exec *a_out;
Fully implement vfork. Vfork is now much much faster than even our fork. (On my machine, fork is about 240usecs, vfork is 78usecs.) Implement rfork(!RFPROC !RFMEM), which allows a thread to divorce its memory from the other threads of a group. Implement rfork(!RFPROC RFCFDG), which closes all file descriptors, eliminating possible existing shares with other threads/processes. Implement rfork(!RFPROC RFFDG), which divorces the file descriptors for a thread from the rest of the group. Fix the case where a thread does an exec. It is almost nonsense for a thread to modify the other threads address space by an exec, so we now automatically divorce the address space before modifying it.
1997-04-13 01:48:35 +00:00
struct vmspace *vmspace;
exec_aout_imgact should lock the vm_map before calling vm_map_insert. Reviewed by: Matthew Dillon <dillon@apollo.backplane.com>, "John S. Dyson" <dyson@iquest.net>, and David Greenman <dg@root.com>
1999-03-04 18:04:40 +00:00
vm_map_t map;
Implement the first page access for object type determination more VM clean. Also, use vm_map_insert instead of vm_mmap. Reviewed by: dg@freebsd.org
1998-01-11 21:35:38 +00:00
vm_object_t object;
vm_offset_t text_end, data_end;
Fixed unsigned longs that should have been vm_offset_t. vm_offset_t is currently unsigned long but should probably be plain unsigned for i386's to match the choice of minimal types to represent for fixed-width types in Lite2. Anyway, it shouldn't be assumed to be unsigned long. I only fixed the type mismatches that were detected when I changed vm_offset_t to unsigned. Only pointer type mismatches were detected.
1996-03-19 15:03:00 +00:00
unsigned long virtual_offset;
Changes to support 1Tb filesizes. Pages are now named by an (object,index) pair instead of (object,offset) pair.
1995-12-11 04:58:34 +00:00
unsigned long file_offset;
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
unsigned long bss_size;
While in the real world, I had a bad case of being swapped out for a lot of cycles. While waiting there I added a lot of the extra ()'s I have, (I have never used LISP to any extent). So I compiled the kernel with -Wall and shut up a lot of "suggest you add ()'s", removed a bunch of unused var's and added a couple of declarations here and there. Having a lap-top is highly recommended. My kernel still runs, yell at me if you kernel breaks.
1994-09-25 19:34:02 +00:00
int error;
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
imgact_aout.c: some style Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D32960
2021-12-03 10:32:35 +00:00
a_out = (const struct exec *)imgp->image_header;
First attempt to run linux binaries. This is only the changes needed to the generic kernel. The actual emulator is a separate LKM. (not finished yet, sorry). Submitted by: sos@freebsd.org & sef@kithrup.com
1995-02-14 19:23:22 +00:00
/*
* Linux and *BSD binaries look very much alike,
Remove trailing whitespace.
1995-05-30 08:16:23 +00:00
* only the machine id is different:
Merge RELENG_2_0_5 into HEAD
1995-06-11 19:33:05 +00:00
* 0x64 for Linux, 0x86 for *BSD, 0x00 for BSDI.
Deal with NetBSD byte-swapped a.out magic when checking the MID to exclude linux binaries from the *BSD a.out loader. This is a hack, but lets me run static NetBSD binaries. Dynamic binaries are a much bigger problem because the shared libraries would conflict with our native libraries, so a /compat/netbsd alternate namespace and translation would be needed.
1996-03-03 20:06:53 +00:00
* NetBSD is in network byte order.. ugh.
First attempt to run linux binaries. This is only the changes needed to the generic kernel. The actual emulator is a separate LKM. (not finished yet, sorry). Submitted by: sos@freebsd.org & sef@kithrup.com
1995-02-14 19:23:22 +00:00
*/
Remove an old hack I noticed years ago, but never committed.
2012-06-28 07:33:43 +00:00
if (((a_out->a_midmag >> 16) & 0xff) != 0x86 &&
((a_out->a_midmag >> 16) & 0xff) != 0 &&
((((int)ntohl(a_out->a_midmag)) >> 16) & 0xff) != 0x86)
imgact_aout.c: some style Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D32960
2021-12-03 10:32:35 +00:00
return (-1);
First attempt to run linux binaries. This is only the changes needed to the generic kernel. The actual emulator is a separate LKM. (not finished yet, sorry). Submitted by: sos@freebsd.org & sef@kithrup.com
1995-02-14 19:23:22 +00:00
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
/*
* Set file/virtual offset based on a.out variant.
* We do two cases: host byte order and network byte order
* (for NetBSD compatibility)
*/
Remove an old hack I noticed years ago, but never committed.
2012-06-28 07:33:43 +00:00
switch ((int)(a_out->a_midmag & 0xffff)) {
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
case ZMAGIC:
virtual_offset = 0;
if (a_out->a_text) {
First pass at cleaning up macros relating to pages, clusters and all that.
1996-05-02 10:43:17 +00:00
file_offset = PAGE_SIZE;
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
} else {
/* Bill's "screwball mode" */
file_offset = 0;
}
break;
case QMAGIC:
First pass at cleaning up macros relating to pages, clusters and all that.
1996-05-02 10:43:17 +00:00
virtual_offset = PAGE_SIZE;
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
file_offset = 0;
Restore support for executing BSD/OS binaries on the i386 by passing the address of the ps_strings structure to the process via %ebx. For other kinds of binaries, %ebx is still zeroed as before. Submitted by: Thomas Stephens <tas@stephens.org> Reviewed by: jdp
1999-04-03 22:20:03 +00:00
/* Pass PS_STRINGS for BSD/OS binaries only. */
if (N_GETMID(*a_out) == MID_ZERO)
Make ps_strings in struct image_params into a pointer. This is a prepratory commit for D24407. Reviewed by: kib Obtained from: CheriBSD Sponsored by: DARPA
2020-04-15 20:21:30 +00:00
imgp->ps_strings = (void *)aout_sysvec.sv_psstrings;
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
break;
default:
/* NetBSD compatibility */
Remove an old hack I noticed years ago, but never committed.
2012-06-28 07:33:43 +00:00
switch ((int)(ntohl(a_out->a_midmag) & 0xffff)) {
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
case ZMAGIC:
case QMAGIC:
First pass at cleaning up macros relating to pages, clusters and all that.
1996-05-02 10:43:17 +00:00
virtual_offset = PAGE_SIZE;
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
file_offset = 0;
break;
default:
return (-1);
}
}
First pass at cleaning up macros relating to pages, clusters and all that.
1996-05-02 10:43:17 +00:00
bss_size = roundup(a_out->a_bss, PAGE_SIZE);
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
/*
* Check various fields in header for validity/bounds.
*/
if (/* entry point must lay with text region */
a_out->a_entry < virtual_offset ||
a_out->a_entry >= virtual_offset + a_out->a_text ||
/* text and data size must each be page rounded */
Add support for executing the FreeBSD 1/i386 a.out binaries on amd64. In particular: - implement compat shims for old stat(2) variants and ogetdirentries(2); - implement delivery of signals with ancient stack frame layout and corresponding sigreturn(2); - implement old getpagesize(2); - provide a user-mode trampoline and LDT call gate for lcall $7,$0; - port a.out image activator and connect it to the build as a module on amd64. The changes are hidden under COMPAT_43. MFC after: 1 month
2011-04-01 11:16:29 +00:00
a_out->a_text & PAGE_MASK || a_out->a_data & PAGE_MASK
#ifdef __amd64__
||
/* overflows */
virtual_offset + a_out->a_text + a_out->a_data + bss_size > UINT_MAX
#endif
)
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
return (-1);
/* text + data can't exceed file size */
All: Changed vnodep -> vp for consistency with the rest of the kernel, and changed iparams -> imgp for brevity. kern_exec.c: Explicitly initialized some additional parts of the image_params struct to avoid bzeroing it. Rewrote the set-id code to reduce the number of logical tests. The rewrite exposed a mostly benign bug in the algorithm: traced set-id images would get ktracing disabled even if the set-id didn't happen for other reasons.
1995-11-06 12:52:37 +00:00
if (a_out->a_data + a_out->a_text > imgp->attr->va_size)
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
return (EFAULT);
/*
* text/data/bss must not exceed limits
*/
Locking for the per-process resource limits structure. - struct plimit includes a mutex to protect a reference count. The plimit structure is treated similarly to struct ucred in that is is always copy on write, so having a reference to a structure is sufficient to read from it without needing a further lock. - The proc lock protects the p_limit pointer and must be held while reading limits from a process to keep the limit structure from changing out from under you while reading from it. - Various global limits that are ints are not protected by a lock since int writes are atomic on all the archs we support and thus a lock wouldn't buy us anything. - All accesses to individual resource limits from a process are abstracted behind a simple lim_rlimit(), lim_max(), and lim_cur() API that return either an rlimit, or the current or max individual limit of the specified resource from a process. - dosetrlimit() was renamed to kern_setrlimit() to match existing style of other similar syscall helper functions. - The alpha OSF/1 compat layer no longer calls getrlimit() and setrlimit() (it didn't used the stackgap when it should have) but uses lim_rlimit() and kern_setrlimit() instead. - The svr4 compat no longer uses the stackgap for resource limits calls, but uses lim_rlimit() and kern_setrlimit() instead. - The ibcs2 compat no longer uses the stackgap for resource limits. It also no longer uses the stackgap for accessing sysctl's for the ibcs2_sysconf() syscall but uses kernel_sysctl() instead. As a result, ibcs2_sysconf() no longer needs Giant. - The p_rlimit macro no longer exists. Submitted by: mtm (mostly, I only did a few cleanups and catchups) Tested on: i386 Compiled on: alpha, amd64
2004-02-04 21:52:57 +00:00
PROC_LOCK(imgp->proc);
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
if (/* text can't exceed maximum text size */
Make MAXTSIZ, DFLDSIZ, MAXDSIZ, DFLSSIZ, MAXSSIZ, SGROWSIZ loader tunable. Reviewed by: peter MFC after: 2 weeks
2001-10-10 23:06:54 +00:00
a_out->a_text > maxtsiz ||
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
/* data + bss can't exceed rlimit */
Implement lockless resource limits. Use the same scheme implemented to manage credentials. Code needing to look at process's credentials (as opposed to thred's) is provided with *_proc variants of relevant functions. Places which possibly had to take the proc lock anyway still use the proc pointer to access limits.
2015-06-10 10:48:12 +00:00
a_out->a_data + bss_size > lim_cur_proc(imgp->proc, RLIMIT_DATA) ||
Add accounting for most of the memory-related resources. Sponsored by: The FreeBSD Foundation Reviewed by: kib (earlier version)
2011-04-05 20:23:59 +00:00
racct_set(imgp->proc, RACCT_DATA, a_out->a_data + bss_size) != 0) {
Switch to use shared vnode locks for text files during image activation. kern_execve() locks text vnode exclusive to be able to set and clear VV_TEXT flag. VV_TEXT is mutually exclusive with the v_writecount > 0 condition. The change removes VV_TEXT, replacing it with the condition v_writecount <= -1, and puts v_writecount under the vnode interlock. Each text reference decrements v_writecount. To clear the text reference when the segment is unmapped, it is recorded in the vm_map_entry backed by the text file as MAP_ENTRY_VN_TEXT flag, and v_writecount is incremented on the map entry removal The operations like VOP_ADD_WRITECOUNT() and VOP_SET_TEXT() check that v_writecount does not contradict the desired change. vn_writecheck() is now racy and its use was eliminated everywhere except access. Atomic check for writeability and increment of v_writecount is performed by the VOP. vn_truncate() now increments v_writecount around VOP_SETATTR() call, lack of which is arguably a bug on its own. nullfs bypasses v_writecount to the lower vnode always, so nullfs vnode has its own v_writecount correct, and lower vnode gets all references, since object->handle is always lower vnode. On the text vnode' vm object dealloc, the v_writecount value is reset to zero, and deadfs vop_unset_text short-circuit the operation. Reclamation of lowervp always reclaims all nullfs vnodes referencing lowervp first, so no stray references are left. Reviewed by: markj, trasz Tested by: mjg, pho Sponsored by: The FreeBSD Foundation MFC after: 1 month Differential revision: https://reviews.freebsd.org/D19923
2019-05-05 11:20:43 +00:00
PROC_UNLOCK(imgp->proc);
return (ENOMEM);
Locking for the per-process resource limits structure. - struct plimit includes a mutex to protect a reference count. The plimit structure is treated similarly to struct ucred in that is is always copy on write, so having a reference to a structure is sufficient to read from it without needing a further lock. - The proc lock protects the p_limit pointer and must be held while reading limits from a process to keep the limit structure from changing out from under you while reading from it. - Various global limits that are ints are not protected by a lock since int writes are atomic on all the archs we support and thus a lock wouldn't buy us anything. - All accesses to individual resource limits from a process are abstracted behind a simple lim_rlimit(), lim_max(), and lim_cur() API that return either an rlimit, or the current or max individual limit of the specified resource from a process. - dosetrlimit() was renamed to kern_setrlimit() to match existing style of other similar syscall helper functions. - The alpha OSF/1 compat layer no longer calls getrlimit() and setrlimit() (it didn't used the stackgap when it should have) but uses lim_rlimit() and kern_setrlimit() instead. - The svr4 compat no longer uses the stackgap for resource limits calls, but uses lim_rlimit() and kern_setrlimit() instead. - The ibcs2 compat no longer uses the stackgap for resource limits. It also no longer uses the stackgap for accessing sysctl's for the ibcs2_sysconf() syscall but uses kernel_sysctl() instead. As a result, ibcs2_sysconf() no longer needs Giant. - The p_rlimit macro no longer exists. Submitted by: mtm (mostly, I only did a few cleanups and catchups) Tested on: i386 Compiled on: alpha, amd64
2004-02-04 21:52:57 +00:00
}
PROC_UNLOCK(imgp->proc);
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
Maintain the lock on the vnode for most of exec_elfN_imgact(). Specifically, it is required for the I/O that may be performed by elfN_load_section(). Avoid an obscure deadlock in the a.out, elf, and gzip image activators. Add a comment describing why the deadlock does not occur in the common case and how it might occur in less usual circumstances. Eliminate an unused variable from exec_aout_imgact(). In collaboration with: tegge
2005-12-24 04:57:50 +00:00
/*
* Avoid a possible deadlock if the current address space is destroyed
* and that address space maps the locked vnode. In the common case,
* the locked vnode's v_usecount is decremented but remains greater
* than zero. Consequently, the vnode lock is not needed by vrele().
* However, in cases where the vnode lock is external, such as nullfs,
* v_usecount may become zero.
*/
vfs: drop the mostly unused flags argument from VOP_UNLOCK Filesystems which want to use it in limited capacity can employ the VOP_UNLOCK_FLAGS macro. Reviewed by: kib (previous version) Differential Revision: https://reviews.freebsd.org/D21427
2020-01-03 22:29:58 +00:00
VOP_UNLOCK(imgp->vp);
Maintain the lock on the vnode for most of exec_elfN_imgact(). Specifically, it is required for the I/O that may be performed by elfN_load_section(). Avoid an obscure deadlock in the a.out, elf, and gzip image activators. Add a comment describing why the deadlock does not occur in the common case and how it might occur in less usual circumstances. Eliminate an unused variable from exec_aout_imgact(). In collaboration with: tegge
2005-12-24 04:57:50 +00:00
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
/*
* Destroy old process VM and create a new one (with a new stack)
*/
Fix for the panic("vm_thread_new: kstack allocation failed") and silent NULL pointer dereference in the i386 and sparc64 pmap_pinit() when the kmem_alloc_nofault() failed to allocate address space. Both functions now return error instead of panicing or dereferencing NULL. As consequence, vmspace_exec() and vmspace_unshare() returns the errno int. struct vmspace arg was added to vm_forkproc() to avoid dealing with failed allocation when most of the fork1() job is already done. The kernel stack for the thread is now set up in the thread_alloc(), that itself may return NULL. Also, allocation of the first process thread is performed in the fork1() to properly deal with stack allocation failure. proc_linkup() is separated into proc_linkup() called from fork1(), and proc_linkup0(), that is used to set up the kernel process (was known as swapper). In collaboration with: Peter Holm Reviewed by: jhb
2007-11-05 11:36:16 +00:00
error = exec_new_vmspace(imgp, &aout_sysvec);
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
Switch to use shared vnode locks for text files during image activation. kern_execve() locks text vnode exclusive to be able to set and clear VV_TEXT flag. VV_TEXT is mutually exclusive with the v_writecount > 0 condition. The change removes VV_TEXT, replacing it with the condition v_writecount <= -1, and puts v_writecount under the vnode interlock. Each text reference decrements v_writecount. To clear the text reference when the segment is unmapped, it is recorded in the vm_map_entry backed by the text file as MAP_ENTRY_VN_TEXT flag, and v_writecount is incremented on the map entry removal The operations like VOP_ADD_WRITECOUNT() and VOP_SET_TEXT() check that v_writecount does not contradict the desired change. vn_writecheck() is now racy and its use was eliminated everywhere except access. Atomic check for writeability and increment of v_writecount is performed by the VOP. vn_truncate() now increments v_writecount around VOP_SETATTR() call, lack of which is arguably a bug on its own. nullfs bypasses v_writecount to the lower vnode always, so nullfs vnode has its own v_writecount correct, and lower vnode gets all references, since object->handle is always lower vnode. On the text vnode' vm object dealloc, the v_writecount value is reset to zero, and deadfs vop_unset_text short-circuit the operation. Reclamation of lowervp always reclaims all nullfs vnodes referencing lowervp first, so no stray references are left. Reviewed by: markj, trasz Tested by: mjg, pho Sponsored by: The FreeBSD Foundation MFC after: 1 month Differential revision: https://reviews.freebsd.org/D19923
2019-05-05 11:20:43 +00:00
vn_lock(imgp->vp, LK_SHARED | LK_RETRY);
Fix for the panic("vm_thread_new: kstack allocation failed") and silent NULL pointer dereference in the i386 and sparc64 pmap_pinit() when the kmem_alloc_nofault() failed to allocate address space. Both functions now return error instead of panicing or dereferencing NULL. As consequence, vmspace_exec() and vmspace_unshare() returns the errno int. struct vmspace arg was added to vm_forkproc() to avoid dealing with failed allocation when most of the fork1() job is already done. The kernel stack for the thread is now set up in the thread_alloc(), that itself may return NULL. Also, allocation of the first process thread is performed in the fork1() to properly deal with stack allocation failure. proc_linkup() is separated into proc_linkup() called from fork1(), and proc_linkup0(), that is used to set up the kernel process (was known as swapper). In collaboration with: Peter Holm Reviewed by: jhb
2007-11-05 11:36:16 +00:00
if (error)
return (error);
Maintain the lock on the vnode for most of exec_elfN_imgact(). Specifically, it is required for the I/O that may be performed by elfN_load_section(). Avoid an obscure deadlock in the a.out, elf, and gzip image activators. Add a comment describing why the deadlock does not occur in the common case and how it might occur in less usual circumstances. Eliminate an unused variable from exec_aout_imgact(). In collaboration with: tegge
2005-12-24 04:57:50 +00:00
Fully implement vfork. Vfork is now much much faster than even our fork. (On my machine, fork is about 240usecs, vfork is 78usecs.) Implement rfork(!RFPROC !RFMEM), which allows a thread to divorce its memory from the other threads of a group. Implement rfork(!RFPROC RFCFDG), which closes all file descriptors, eliminating possible existing shares with other threads/processes. Implement rfork(!RFPROC RFFDG), which divorces the file descriptors for a thread from the rest of the group. Fix the case where a thread does an exec. It is almost nonsense for a thread to modify the other threads address space by an exec, so we now automatically divorce the address space before modifying it.
1997-04-13 01:48:35 +00:00
/*
* The vm space can be changed by exec_new_vmspace
*/
vmspace = imgp->proc->p_vmspace;
Clean up execve locking: - Grab the vnode object early in exec when we still have the vnode lock. - Cache the object in the image_params. - Make use of the cached object in imgact_*.c
2002-07-06 07:00:01 +00:00
object = imgp->object;
exec_aout_imgact should lock the vm_map before calling vm_map_insert. Reviewed by: Matthew Dillon <dillon@apollo.backplane.com>, "John S. Dyson" <dyson@iquest.net>, and David Greenman <dg@root.com>
1999-03-04 18:04:40 +00:00
map = &vmspace->vm_map;
vm_map_lock(map);
Implement the first page access for object type determination more VM clean. Also, use vm_map_insert instead of vm_mmap. Reviewed by: dg@freebsd.org
1998-01-11 21:35:38 +00:00
vm_object_reference(object);
text_end = virtual_offset + a_out->a_text;
For clarity, use the "map" variable introduced by the last commit throughout exec_aout_imgact.
1999-03-10 07:07:42 +00:00
error = vm_map_insert(map, object,
Implement the first page access for object type determination more VM clean. Also, use vm_map_insert instead of vm_mmap. Reviewed by: dg@freebsd.org
1998-01-11 21:35:38 +00:00
file_offset,
virtual_offset, text_end,
VM_PROT_READ | VM_PROT_EXECUTE, VM_PROT_ALL,
Switch to use shared vnode locks for text files during image activation. kern_execve() locks text vnode exclusive to be able to set and clear VV_TEXT flag. VV_TEXT is mutually exclusive with the v_writecount > 0 condition. The change removes VV_TEXT, replacing it with the condition v_writecount <= -1, and puts v_writecount under the vnode interlock. Each text reference decrements v_writecount. To clear the text reference when the segment is unmapped, it is recorded in the vm_map_entry backed by the text file as MAP_ENTRY_VN_TEXT flag, and v_writecount is incremented on the map entry removal The operations like VOP_ADD_WRITECOUNT() and VOP_SET_TEXT() check that v_writecount does not contradict the desired change. vn_writecheck() is now racy and its use was eliminated everywhere except access. Atomic check for writeability and increment of v_writecount is performed by the VOP. vn_truncate() now increments v_writecount around VOP_SETATTR() call, lack of which is arguably a bug on its own. nullfs bypasses v_writecount to the lower vnode always, so nullfs vnode has its own v_writecount correct, and lower vnode gets all references, since object->handle is always lower vnode. On the text vnode' vm object dealloc, the v_writecount value is reset to zero, and deadfs vop_unset_text short-circuit the operation. Reclamation of lowervp always reclaims all nullfs vnodes referencing lowervp first, so no stray references are left. Reviewed by: markj, trasz Tested by: mjg, pho Sponsored by: The FreeBSD Foundation MFC after: 1 month Differential revision: https://reviews.freebsd.org/D19923
2019-05-05 11:20:43 +00:00
MAP_COPY_ON_WRITE | MAP_PREFAULT | MAP_VN_EXEC);
exec_aout_imgact should lock the vm_map before calling vm_map_insert. Reviewed by: Matthew Dillon <dillon@apollo.backplane.com>, "John S. Dyson" <dyson@iquest.net>, and David Greenman <dg@root.com>
1999-03-04 18:04:40 +00:00
if (error) {
vm_map_unlock(map);
Correct two vm object reference leaks in error cases. Submitted by: davidxu
2006-03-16 08:51:59 +00:00
vm_object_deallocate(object);
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
return (error);
exec_aout_imgact should lock the vm_map before calling vm_map_insert. Reviewed by: Matthew Dillon <dillon@apollo.backplane.com>, "John S. Dyson" <dyson@iquest.net>, and David Greenman <dg@root.com>
1999-03-04 18:04:40 +00:00
}
Switch to use shared vnode locks for text files during image activation. kern_execve() locks text vnode exclusive to be able to set and clear VV_TEXT flag. VV_TEXT is mutually exclusive with the v_writecount > 0 condition. The change removes VV_TEXT, replacing it with the condition v_writecount <= -1, and puts v_writecount under the vnode interlock. Each text reference decrements v_writecount. To clear the text reference when the segment is unmapped, it is recorded in the vm_map_entry backed by the text file as MAP_ENTRY_VN_TEXT flag, and v_writecount is incremented on the map entry removal The operations like VOP_ADD_WRITECOUNT() and VOP_SET_TEXT() check that v_writecount does not contradict the desired change. vn_writecheck() is now racy and its use was eliminated everywhere except access. Atomic check for writeability and increment of v_writecount is performed by the VOP. vn_truncate() now increments v_writecount around VOP_SETATTR() call, lack of which is arguably a bug on its own. nullfs bypasses v_writecount to the lower vnode always, so nullfs vnode has its own v_writecount correct, and lower vnode gets all references, since object->handle is always lower vnode. On the text vnode' vm object dealloc, the v_writecount value is reset to zero, and deadfs vop_unset_text short-circuit the operation. Reclamation of lowervp always reclaims all nullfs vnodes referencing lowervp first, so no stray references are left. Reviewed by: markj, trasz Tested by: mjg, pho Sponsored by: The FreeBSD Foundation MFC after: 1 month Differential revision: https://reviews.freebsd.org/D19923
2019-05-05 11:20:43 +00:00
VOP_SET_TEXT_CHECKED(imgp->vp);
Implement the first page access for object type determination more VM clean. Also, use vm_map_insert instead of vm_mmap. Reviewed by: dg@freebsd.org
1998-01-11 21:35:38 +00:00
data_end = text_end + a_out->a_data;
if (a_out->a_data) {
vm_object_reference(object);
For clarity, use the "map" variable introduced by the last commit throughout exec_aout_imgact.
1999-03-10 07:07:42 +00:00
error = vm_map_insert(map, object,
Implement the first page access for object type determination more VM clean. Also, use vm_map_insert instead of vm_mmap. Reviewed by: dg@freebsd.org
1998-01-11 21:35:38 +00:00
file_offset + a_out->a_text,
text_end, data_end,
VM_PROT_ALL, VM_PROT_ALL,
Switch to use shared vnode locks for text files during image activation. kern_execve() locks text vnode exclusive to be able to set and clear VV_TEXT flag. VV_TEXT is mutually exclusive with the v_writecount > 0 condition. The change removes VV_TEXT, replacing it with the condition v_writecount <= -1, and puts v_writecount under the vnode interlock. Each text reference decrements v_writecount. To clear the text reference when the segment is unmapped, it is recorded in the vm_map_entry backed by the text file as MAP_ENTRY_VN_TEXT flag, and v_writecount is incremented on the map entry removal The operations like VOP_ADD_WRITECOUNT() and VOP_SET_TEXT() check that v_writecount does not contradict the desired change. vn_writecheck() is now racy and its use was eliminated everywhere except access. Atomic check for writeability and increment of v_writecount is performed by the VOP. vn_truncate() now increments v_writecount around VOP_SETATTR() call, lack of which is arguably a bug on its own. nullfs bypasses v_writecount to the lower vnode always, so nullfs vnode has its own v_writecount correct, and lower vnode gets all references, since object->handle is always lower vnode. On the text vnode' vm object dealloc, the v_writecount value is reset to zero, and deadfs vop_unset_text short-circuit the operation. Reclamation of lowervp always reclaims all nullfs vnodes referencing lowervp first, so no stray references are left. Reviewed by: markj, trasz Tested by: mjg, pho Sponsored by: The FreeBSD Foundation MFC after: 1 month Differential revision: https://reviews.freebsd.org/D19923
2019-05-05 11:20:43 +00:00
MAP_COPY_ON_WRITE | MAP_PREFAULT | MAP_VN_EXEC);
exec_aout_imgact should lock the vm_map before calling vm_map_insert. Reviewed by: Matthew Dillon <dillon@apollo.backplane.com>, "John S. Dyson" <dyson@iquest.net>, and David Greenman <dg@root.com>
1999-03-04 18:04:40 +00:00
if (error) {
vm_map_unlock(map);
Correct two vm object reference leaks in error cases. Submitted by: davidxu
2006-03-16 08:51:59 +00:00
vm_object_deallocate(object);
Use of vm_allocate() and vm_deallocate() has been deprecated.
1995-02-20 22:23:31 +00:00
return (error);
exec_aout_imgact should lock the vm_map before calling vm_map_insert. Reviewed by: Matthew Dillon <dillon@apollo.backplane.com>, "John S. Dyson" <dyson@iquest.net>, and David Greenman <dg@root.com>
1999-03-04 18:04:40 +00:00
}
Switch to use shared vnode locks for text files during image activation. kern_execve() locks text vnode exclusive to be able to set and clear VV_TEXT flag. VV_TEXT is mutually exclusive with the v_writecount > 0 condition. The change removes VV_TEXT, replacing it with the condition v_writecount <= -1, and puts v_writecount under the vnode interlock. Each text reference decrements v_writecount. To clear the text reference when the segment is unmapped, it is recorded in the vm_map_entry backed by the text file as MAP_ENTRY_VN_TEXT flag, and v_writecount is incremented on the map entry removal The operations like VOP_ADD_WRITECOUNT() and VOP_SET_TEXT() check that v_writecount does not contradict the desired change. vn_writecheck() is now racy and its use was eliminated everywhere except access. Atomic check for writeability and increment of v_writecount is performed by the VOP. vn_truncate() now increments v_writecount around VOP_SETATTR() call, lack of which is arguably a bug on its own. nullfs bypasses v_writecount to the lower vnode always, so nullfs vnode has its own v_writecount correct, and lower vnode gets all references, since object->handle is always lower vnode. On the text vnode' vm object dealloc, the v_writecount value is reset to zero, and deadfs vop_unset_text short-circuit the operation. Reclamation of lowervp always reclaims all nullfs vnodes referencing lowervp first, so no stray references are left. Reviewed by: markj, trasz Tested by: mjg, pho Sponsored by: The FreeBSD Foundation MFC after: 1 month Differential revision: https://reviews.freebsd.org/D19923
2019-05-05 11:20:43 +00:00
VOP_SET_TEXT_CHECKED(imgp->vp);
Use of vm_allocate() and vm_deallocate() has been deprecated.
1995-02-20 22:23:31 +00:00
}
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
Implement the first page access for object type determination more VM clean. Also, use vm_map_insert instead of vm_mmap. Reviewed by: dg@freebsd.org
1998-01-11 21:35:38 +00:00
if (bss_size) {
For clarity, use the "map" variable introduced by the last commit throughout exec_aout_imgact.
1999-03-10 07:07:42 +00:00
error = vm_map_insert(map, NULL, 0,
Implement the first page access for object type determination more VM clean. Also, use vm_map_insert instead of vm_mmap. Reviewed by: dg@freebsd.org
1998-01-11 21:35:38 +00:00
data_end, data_end + bss_size,
VM_PROT_ALL, VM_PROT_ALL, 0);
exec_aout_imgact should lock the vm_map before calling vm_map_insert. Reviewed by: Matthew Dillon <dillon@apollo.backplane.com>, "John S. Dyson" <dyson@iquest.net>, and David Greenman <dg@root.com>
1999-03-04 18:04:40 +00:00
if (error) {
vm_map_unlock(map);
Implement the first page access for object type determination more VM clean. Also, use vm_map_insert instead of vm_mmap. Reviewed by: dg@freebsd.org
1998-01-11 21:35:38 +00:00
return (error);
exec_aout_imgact should lock the vm_map before calling vm_map_insert. Reviewed by: Matthew Dillon <dillon@apollo.backplane.com>, "John S. Dyson" <dyson@iquest.net>, and David Greenman <dg@root.com>
1999-03-04 18:04:40 +00:00
}
Implement the first page access for object type determination more VM clean. Also, use vm_map_insert instead of vm_mmap. Reviewed by: dg@freebsd.org
1998-01-11 21:35:38 +00:00
}
exec_aout_imgact should lock the vm_map before calling vm_map_insert. Reviewed by: Matthew Dillon <dillon@apollo.backplane.com>, "John S. Dyson" <dyson@iquest.net>, and David Greenman <dg@root.com>
1999-03-04 18:04:40 +00:00
vm_map_unlock(map);
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
/* Fill in process VM information */
vmspace->vm_tsize = a_out->a_text >> PAGE_SHIFT;
vmspace->vm_dsize = (a_out->a_data + bss_size) >> PAGE_SHIFT;
Cast u_longs to uintptr_t before casting them to pointers. Don't attempt to even partially support systems with function pointers larger than object pointers.
1998-07-15 05:00:26 +00:00
vmspace->vm_taddr = (caddr_t) (uintptr_t) virtual_offset;
vmspace->vm_daddr = (caddr_t) (uintptr_t)
(virtual_offset + a_out->a_text);
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
exec: Reimplement stack address randomization The approach taken by the stack gap implementation was to insert a random gap between the top of the fixed stack mapping and the true top of the main process stack. This approach was chosen so as to avoid randomizing the previously fixed address of certain process metadata stored at the top of the stack, but had some shortcomings. In particular, mlockall(2) calls would wire the gap, bloating the process' memory usage, and RLIMIT_STACK included the size of the gap so small (< several MB) limits could not be used. There is little value in storing each process' ps_strings at a fixed location, as only very old programs hard-code this address; consumers were converted decades ago to use a sysctl-based interface for this purpose. Thus, this change re-implements stack address randomization by simply breaking the convention of storing ps_strings at a fixed location, and randomizing the location of the entire stack mapping. This implementation is simpler and avoids the problems mentioned above, while being unlikely to break compatibility anywhere the default ASLR settings are used. The kern.elfN.aslr.stack_gap sysctl is renamed to kern.elfN.aslr.stack, and is re-enabled by default. PR: 260303 Reviewed by: kib Discussed with: emaste, mw MFC after: 1 month Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33704
2022-01-17 16:42:56 +00:00
error = exec_map_stack(imgp);
if (error != 0)
return (error);
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
/* Fill in image_params */
All: Changed vnodep -> vp for consistency with the rest of the kernel, and changed iparams -> imgp for brevity. kern_exec.c: Explicitly initialized some additional parts of the image_params struct to avoid bzeroing it. Rewrote the set-id code to reduce the number of logical tests. The rewrite exposed a mostly benign bug in the algorithm: traced set-id images would get ktracing disabled even if the set-id didn't happen for other reasons.
1995-11-06 12:52:37 +00:00
imgp->interpreted = 0;
imgp->entry_addr = a_out->a_entry;
Remove trailing whitespace.
1995-05-30 08:16:23 +00:00
All: Changed vnodep -> vp for consistency with the rest of the kernel, and changed iparams -> imgp for brevity. kern_exec.c: Explicitly initialized some additional parts of the image_params struct to avoid bzeroing it. Rewrote the set-id code to reduce the number of logical tests. The rewrite exposed a mostly benign bug in the algorithm: traced set-id images would get ktracing disabled even if the set-id didn't happen for other reasons.
1995-11-06 12:52:37 +00:00
imgp->proc->p_sysent = &aout_sysvec;
Moved setting of VTEXT flag into the appropriate image activators. This fixes a bug where linux binaries would get the flag set inappropriately.
1995-08-24 10:32:37 +00:00
Rename aout_imgact.c and shell_imgact.c to imgact_* for consistency.
1993-12-20 16:16:46 +00:00
return (0);
}
Let the linker keep track of pseudo-devices needing initialization and image activators, rather than listing them inline in the code.
1993-12-20 19:31:41 +00:00
/*
* Tell kern_execve.c about it, with a little help from the linker.
*/
Use C99 designated initializers for struct execsw It it makes use slightly more clear and facilitates grepping.
2018-03-13 13:09:10 +00:00
static struct execsw aout_execsw = {
.ex_imgact = exec_aout_imgact,
.ex_name = "a.out"
};
*gulp*. Jordan specifically OK'ed this.. This is the bulk of the support for doing kld modules. Two linker_sets were replaced by SYSINIT()'s. VFS's and exec handlers are self registered. kld is now a superset of lkm. I have converted most of them, they will follow as a seperate commit as samples. This all still works as a static a.out kernel using LKM's.
1998-10-16 03:55:01 +00:00
EXEC_SET(aout, aout_execsw);
Reference in New Issue Copy Permalink