freebsd-skq/sys/i386/ibcs2/ibcs2_misc.c
emaste 444301c25e Fix kernel memory disclosure in ibcs2_getdents
ibcs2_getdents() copies a dirent structure to userland.  The ibcs2
dirent structure contains a 2 byte pad element.  This element is never
initialized, but copied to userland none-the-less.

Note that ibcs2 has not built on HEAD since r302095.

Submitted by:	Domagoj Stolfa <ds815@cam.ac.uk>
Reported by:	Ilja Van Sprundel <ivansprundel@ioactive.com>
MFC after:	3 days
Security:	Kernel memory disclosure (803)
2018-03-21 23:26:42 +00:00

1199 lines
28 KiB
C

/*-
* SPDX-License-Identifier: BSD-4-Clause
*
* Copyright (c) 1995 Steven Wallace
* Copyright (c) 1994, 1995 Scott Bartram
* Copyright (c) 1992, 1993
* The Regents of the University of California. All rights reserved.
*
* This software was developed by the Computer Systems Engineering group
* at Lawrence Berkeley Laboratory under DARPA contract BG 91-66 and
* contributed to Berkeley.
*
* All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Lawrence Berkeley Laboratory.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* from: Header: sun_misc.c,v 1.16 93/04/07 02:46:27 torek Exp
*
* @(#)sun_misc.c 8.1 (Berkeley) 6/18/93
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
/*
* IBCS2 compatibility module.
*
* IBCS2 system calls that are implemented differently in BSD are
* handled here.
*/
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/capsicum.h>
#include <sys/dirent.h>
#include <sys/fcntl.h>
#include <sys/filedesc.h>
#include <sys/imgact.h>
#include <sys/kernel.h>
#include <sys/lock.h>
#include <sys/malloc.h>
#include <sys/file.h> /* Must come after sys/malloc.h */
#include <sys/mutex.h>
#include <sys/namei.h>
#include <sys/priv.h>
#include <sys/reboot.h>
#include <sys/resourcevar.h>
#include <sys/stat.h>
#include <sys/sysctl.h>
#include <sys/syscallsubr.h>
#include <sys/sysproto.h>
#include <sys/time.h>
#include <sys/times.h>
#include <sys/vnode.h>
#include <sys/wait.h>
#include <machine/cpu.h>
#include <i386/ibcs2/ibcs2_dirent.h>
#include <i386/ibcs2/ibcs2_signal.h>
#include <i386/ibcs2/ibcs2_proto.h>
#include <i386/ibcs2/ibcs2_unistd.h>
#include <i386/ibcs2/ibcs2_util.h>
#include <i386/ibcs2/ibcs2_utime.h>
#include <i386/ibcs2/ibcs2_xenix.h>
#include <security/mac/mac_framework.h>
int
ibcs2_ulimit(struct thread *td, struct ibcs2_ulimit_args *uap)
{
struct rlimit rl;
int error;
#define IBCS2_GETFSIZE 1
#define IBCS2_SETFSIZE 2
#define IBCS2_GETPSIZE 3
#define IBCS2_GETDTABLESIZE 4
switch (uap->cmd) {
case IBCS2_GETFSIZE:
td->td_retval[0] = lim_cur(td, RLIMIT_FSIZE);
if (td->td_retval[0] == -1)
td->td_retval[0] = 0x7fffffff;
return 0;
case IBCS2_SETFSIZE:
rl.rlim_max = lim_max(td, RLIMIT_FSIZE);
rl.rlim_cur = uap->newlimit;
error = kern_setrlimit(td, RLIMIT_FSIZE, &rl);
if (!error) {
td->td_retval[0] = lim_cur(td, RLIMIT_FSIZE);
} else {
DPRINTF(("failed "));
}
return error;
case IBCS2_GETPSIZE:
td->td_retval[0] = lim_cur(td, RLIMIT_RSS); /* XXX */
return 0;
case IBCS2_GETDTABLESIZE:
uap->cmd = IBCS2_SC_OPEN_MAX;
return ibcs2_sysconf(td, (struct ibcs2_sysconf_args *)uap);
default:
return ENOSYS;
}
}
#define IBCS2_WSTOPPED 0177
#define IBCS2_STOPCODE(sig) ((sig) << 8 | IBCS2_WSTOPPED)
int
ibcs2_wait(struct thread *td, struct ibcs2_wait_args *uap)
{
int error, options, status;
int *statusp;
pid_t pid;
struct trapframe *tf = td->td_frame;
if ((tf->tf_eflags & (PSL_Z|PSL_PF|PSL_N|PSL_V))
== (PSL_Z|PSL_PF|PSL_N|PSL_V)) {
/* waitpid */
pid = uap->a1;
statusp = (int *)uap->a2;
options = uap->a3;
} else {
/* wait */
pid = WAIT_ANY;
statusp = (int *)uap->a1;
options = 0;
}
error = kern_wait(td, pid, &status, options, NULL);
if (error)
return error;
if (statusp) {
/*
* Convert status/signal result.
*/
if (WIFSTOPPED(status)) {
if (WSTOPSIG(status) <= 0 ||
WSTOPSIG(status) > IBCS2_SIGTBLSZ)
return (EINVAL);
status =
IBCS2_STOPCODE(bsd_to_ibcs2_sig[_SIG_IDX(WSTOPSIG(status))]);
} else if (WIFSIGNALED(status)) {
if (WTERMSIG(status) <= 0 ||
WTERMSIG(status) > IBCS2_SIGTBLSZ)
return (EINVAL);
status = bsd_to_ibcs2_sig[_SIG_IDX(WTERMSIG(status))];
}
/* else exit status -- identical */
/* record result/status */
td->td_retval[1] = status;
return copyout(&status, statusp, sizeof(status));
}
return 0;
}
int
ibcs2_execv(struct thread *td, struct ibcs2_execv_args *uap)
{
struct image_args eargs;
struct vmspace *oldvmspace;
char *path;
int error;
CHECKALTEXIST(td, uap->path, &path);
error = pre_execve(td, &oldvmspace);
if (error != 0) {
free(path, M_TEMP);
return (error);
}
error = exec_copyin_args(&eargs, path, UIO_SYSSPACE, uap->argp, NULL);
free(path, M_TEMP);
if (error == 0)
error = kern_execve(td, &eargs, NULL);
post_execve(td, error, oldvmspace);
return (error);
}
int
ibcs2_execve(struct thread *td, struct ibcs2_execve_args *uap)
{
struct image_args eargs;
struct vmspace *oldvmspace;
char *path;
int error;
CHECKALTEXIST(td, uap->path, &path);
error = pre_execve(td, &oldvmspace);
if (error != 0) {
free(path, M_TEMP);
return (error);
}
error = exec_copyin_args(&eargs, path, UIO_SYSSPACE, uap->argp,
uap->envp);
free(path, M_TEMP);
if (error == 0)
error = kern_execve(td, &eargs, NULL);
post_execve(td, error, oldvmspace);
return (error);
}
int
ibcs2_umount(struct thread *td, struct ibcs2_umount_args *uap)
{
struct unmount_args um;
um.path = uap->name;
um.flags = 0;
return sys_unmount(td, &um);
}
int
ibcs2_mount(struct thread *td, struct ibcs2_mount_args *uap)
{
#ifdef notyet
int oflags = uap->flags, nflags, error;
char fsname[MFSNAMELEN];
if (oflags & (IBCS2_MS_NOSUB | IBCS2_MS_SYS5))
return (EINVAL);
if ((oflags & IBCS2_MS_NEWTYPE) == 0)
return (EINVAL);
nflags = 0;
if (oflags & IBCS2_MS_RDONLY)
nflags |= MNT_RDONLY;
if (oflags & IBCS2_MS_NOSUID)
nflags |= MNT_NOSUID;
if (oflags & IBCS2_MS_REMOUNT)
nflags |= MNT_UPDATE;
uap->flags = nflags;
if (error = copyinstr((caddr_t)uap->type, fsname, sizeof fsname,
(u_int *)0))
return (error);
if (strcmp(fsname, "4.2") == 0) {
uap->type = (caddr_t)STACK_ALLOC();
if (error = copyout("ufs", uap->type, sizeof("ufs")))
return (error);
} else if (strcmp(fsname, "nfs") == 0) {
struct ibcs2_nfs_args sna;
struct sockaddr_in sain;
struct nfs_args na;
struct sockaddr sa;
if (error = copyin(uap->data, &sna, sizeof sna))
return (error);
if (error = copyin(sna.addr, &sain, sizeof sain))
return (error);
bcopy(&sain, &sa, sizeof sa);
sa.sa_len = sizeof(sain);
uap->data = (caddr_t)STACK_ALLOC();
na.addr = (struct sockaddr *)((int)uap->data + sizeof na);
na.sotype = SOCK_DGRAM;
na.proto = IPPROTO_UDP;
na.fh = (nfsv2fh_t *)sna.fh;
na.flags = sna.flags;
na.wsize = sna.wsize;
na.rsize = sna.rsize;
na.timeo = sna.timeo;
na.retrans = sna.retrans;
na.hostname = sna.hostname;
if (error = copyout(&sa, na.addr, sizeof sa))
return (error);
if (error = copyout(&na, uap->data, sizeof na))
return (error);
}
return (mount(td, uap));
#else
return EINVAL;
#endif
}
/*
* Read iBCS2-style directory entries. We suck them into kernel space so
* that they can be massaged before being copied out to user code. Like
* SunOS, we squish out `empty' entries.
*
* This is quite ugly, but what do you expect from compatibility code?
*/
int
ibcs2_getdents(struct thread *td, struct ibcs2_getdents_args *uap)
{
struct vnode *vp;
caddr_t inp, buf; /* BSD-format */
int len, reclen; /* BSD-format */
caddr_t outp; /* iBCS2-format */
int resid; /* iBCS2-format */
cap_rights_t rights;
struct file *fp;
struct uio auio;
struct iovec aiov;
struct ibcs2_dirent idb;
off_t off; /* true file offset */
int buflen, error, eofflag;
u_long *cookies = NULL, *cookiep;
int ncookies;
#define BSD_DIRENT(cp) ((struct dirent *)(cp))
#define IBCS2_RECLEN(reclen) (reclen + sizeof(u_short))
memset(&idb, 0, sizeof(idb));
error = getvnode(td, uap->fd, cap_rights_init(&rights, CAP_READ), &fp);
if (error != 0)
return (error);
if ((fp->f_flag & FREAD) == 0) {
fdrop(fp, td);
return (EBADF);
}
vp = fp->f_vnode;
if (vp->v_type != VDIR) { /* XXX vnode readdir op should do this */
fdrop(fp, td);
return (EINVAL);
}
off = fp->f_offset;
#define DIRBLKSIZ 512 /* XXX we used to use ufs's DIRBLKSIZ */
buflen = max(DIRBLKSIZ, uap->nbytes);
buflen = min(buflen, MAXBSIZE);
buf = malloc(buflen, M_TEMP, M_WAITOK);
vn_lock(vp, LK_SHARED | LK_RETRY);
again:
aiov.iov_base = buf;
aiov.iov_len = buflen;
auio.uio_iov = &aiov;
auio.uio_iovcnt = 1;
auio.uio_rw = UIO_READ;
auio.uio_segflg = UIO_SYSSPACE;
auio.uio_td = td;
auio.uio_resid = buflen;
auio.uio_offset = off;
if (cookies) {
free(cookies, M_TEMP);
cookies = NULL;
}
#ifdef MAC
error = mac_vnode_check_readdir(td->td_ucred, vp);
if (error)
goto out;
#endif
/*
* First we read into the malloc'ed buffer, then
* we massage it into user space, one record at a time.
*/
if ((error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, &ncookies, &cookies)) != 0)
goto out;
inp = buf;
outp = uap->buf;
resid = uap->nbytes;
if ((len = buflen - auio.uio_resid) <= 0)
goto eof;
cookiep = cookies;
if (cookies) {
/*
* When using cookies, the vfs has the option of reading from
* a different offset than that supplied (UFS truncates the
* offset to a block boundary to make sure that it never reads
* partway through a directory entry, even if the directory
* has been compacted).
*/
while (len > 0 && ncookies > 0 && *cookiep <= off) {
len -= BSD_DIRENT(inp)->d_reclen;
inp += BSD_DIRENT(inp)->d_reclen;
cookiep++;
ncookies--;
}
}
for (; len > 0; len -= reclen) {
if (cookiep && ncookies == 0)
break;
reclen = BSD_DIRENT(inp)->d_reclen;
if (reclen & 3) {
printf("ibcs2_getdents: reclen=%d\n", reclen);
error = EFAULT;
goto out;
}
if (BSD_DIRENT(inp)->d_fileno == 0) {
inp += reclen; /* it is a hole; squish it out */
if (cookiep) {
off = *cookiep++;
ncookies--;
} else
off += reclen;
continue;
}
if (reclen > len || resid < IBCS2_RECLEN(reclen)) {
/* entry too big for buffer, so just stop */
outp++;
break;
}
/*
* Massage in place to make an iBCS2-shaped dirent (otherwise
* we have to worry about touching user memory outside of
* the copyout() call).
*/
idb.d_ino = (ibcs2_ino_t)BSD_DIRENT(inp)->d_fileno;
idb.d_off = (ibcs2_off_t)off;
idb.d_reclen = (u_short)IBCS2_RECLEN(reclen);
if ((error = copyout((caddr_t)&idb, outp, 10)) != 0 ||
(error = copyout(BSD_DIRENT(inp)->d_name, outp + 10,
BSD_DIRENT(inp)->d_namlen + 1)) != 0)
goto out;
/* advance past this real entry */
if (cookiep) {
off = *cookiep++;
ncookies--;
} else
off += reclen;
inp += reclen;
/* advance output past iBCS2-shaped entry */
outp += IBCS2_RECLEN(reclen);
resid -= IBCS2_RECLEN(reclen);
}
/* if we squished out the whole block, try again */
if (outp == uap->buf)
goto again;
fp->f_offset = off; /* update the vnode offset */
eof:
td->td_retval[0] = uap->nbytes - resid;
out:
VOP_UNLOCK(vp, 0);
fdrop(fp, td);
if (cookies)
free(cookies, M_TEMP);
free(buf, M_TEMP);
return (error);
}
int
ibcs2_read(struct thread *td, struct ibcs2_read_args *uap)
{
struct vnode *vp;
caddr_t inp, buf; /* BSD-format */
int len, reclen; /* BSD-format */
caddr_t outp; /* iBCS2-format */
int resid; /* iBCS2-format */
cap_rights_t rights;
struct file *fp;
struct uio auio;
struct iovec aiov;
struct ibcs2_direct {
ibcs2_ino_t ino;
char name[14];
} idb;
off_t off; /* true file offset */
int buflen, error, eofflag, size;
u_long *cookies = NULL, *cookiep;
int ncookies;
error = getvnode(td, uap->fd, cap_rights_init(&rights, CAP_READ), &fp);
if (error != 0) {
if (error == EINVAL)
return sys_read(td, (struct read_args *)uap);
else
return error;
}
if ((fp->f_flag & FREAD) == 0) {
fdrop(fp, td);
return (EBADF);
}
vp = fp->f_vnode;
if (vp->v_type != VDIR) {
fdrop(fp, td);
return sys_read(td, (struct read_args *)uap);
}
off = fp->f_offset;
DPRINTF(("ibcs2_read: read directory\n"));
buflen = max(DIRBLKSIZ, uap->nbytes);
buflen = min(buflen, MAXBSIZE);
buf = malloc(buflen, M_TEMP, M_WAITOK);
vn_lock(vp, LK_SHARED | LK_RETRY);
again:
aiov.iov_base = buf;
aiov.iov_len = buflen;
auio.uio_iov = &aiov;
auio.uio_iovcnt = 1;
auio.uio_rw = UIO_READ;
auio.uio_segflg = UIO_SYSSPACE;
auio.uio_td = td;
auio.uio_resid = buflen;
auio.uio_offset = off;
if (cookies) {
free(cookies, M_TEMP);
cookies = NULL;
}
#ifdef MAC
error = mac_vnode_check_readdir(td->td_ucred, vp);
if (error)
goto out;
#endif
/*
* First we read into the malloc'ed buffer, then
* we massage it into user space, one record at a time.
*/
if ((error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, &ncookies, &cookies)) != 0) {
DPRINTF(("VOP_READDIR failed: %d\n", error));
goto out;
}
inp = buf;
outp = uap->buf;
resid = uap->nbytes;
if ((len = buflen - auio.uio_resid) <= 0)
goto eof;
cookiep = cookies;
if (cookies) {
/*
* When using cookies, the vfs has the option of reading from
* a different offset than that supplied (UFS truncates the
* offset to a block boundary to make sure that it never reads
* partway through a directory entry, even if the directory
* has been compacted).
*/
while (len > 0 && ncookies > 0 && *cookiep <= off) {
len -= BSD_DIRENT(inp)->d_reclen;
inp += BSD_DIRENT(inp)->d_reclen;
cookiep++;
ncookies--;
}
}
for (; len > 0 && resid > 0; len -= reclen) {
if (cookiep && ncookies == 0)
break;
reclen = BSD_DIRENT(inp)->d_reclen;
if (reclen & 3) {
printf("ibcs2_read: reclen=%d\n", reclen);
error = EFAULT;
goto out;
}
if (BSD_DIRENT(inp)->d_fileno == 0) {
inp += reclen; /* it is a hole; squish it out */
if (cookiep) {
off = *cookiep++;
ncookies--;
} else
off += reclen;
continue;
}
if (reclen > len || resid < sizeof(struct ibcs2_direct)) {
/* entry too big for buffer, so just stop */
outp++;
break;
}
/*
* Massage in place to make an iBCS2-shaped dirent (otherwise
* we have to worry about touching user memory outside of
* the copyout() call).
*
* TODO: if length(filename) > 14, then break filename into
* multiple entries and set inode = 0xffff except last
*/
idb.ino = (BSD_DIRENT(inp)->d_fileno > 0xfffe) ? 0xfffe :
BSD_DIRENT(inp)->d_fileno;
(void)copystr(BSD_DIRENT(inp)->d_name, idb.name, 14, &size);
bzero(idb.name + size, 14 - size);
if ((error = copyout(&idb, outp, sizeof(struct ibcs2_direct))) != 0)
goto out;
/* advance past this real entry */
if (cookiep) {
off = *cookiep++;
ncookies--;
} else
off += reclen;
inp += reclen;
/* advance output past iBCS2-shaped entry */
outp += sizeof(struct ibcs2_direct);
resid -= sizeof(struct ibcs2_direct);
}
/* if we squished out the whole block, try again */
if (outp == uap->buf)
goto again;
fp->f_offset = off; /* update the vnode offset */
eof:
td->td_retval[0] = uap->nbytes - resid;
out:
VOP_UNLOCK(vp, 0);
fdrop(fp, td);
if (cookies)
free(cookies, M_TEMP);
free(buf, M_TEMP);
return (error);
}
int
ibcs2_mknod(struct thread *td, struct ibcs2_mknod_args *uap)
{
char *path;
int error;
CHECKALTCREAT(td, uap->path, &path);
if (S_ISFIFO(uap->mode)) {
error = kern_mkfifoat(td, AT_FDCWD, path,
UIO_SYSSPACE, uap->mode);
} else {
error = kern_mknodat(td, AT_FDCWD, path, UIO_SYSSPACE,
uap->mode, uap->dev);
}
free(path, M_TEMP);
return (error);
}
int
ibcs2_getgroups(struct thread *td, struct ibcs2_getgroups_args *uap)
{
struct ucred *cred;
ibcs2_gid_t *iset;
u_int i, ngrp;
int error;
cred = td->td_ucred;
ngrp = cred->cr_ngroups;
if (uap->gidsetsize == 0) {
error = 0;
goto out;
}
if (uap->gidsetsize < ngrp)
return (EINVAL);
iset = malloc(ngrp * sizeof(*iset), M_TEMP, M_WAITOK);
for (i = 0; i < ngrp; i++)
iset[i] = (ibcs2_gid_t)cred->cr_groups[i];
error = copyout(iset, uap->gidset, ngrp * sizeof(ibcs2_gid_t));
free(iset, M_TEMP);
out:
td->td_retval[0] = ngrp;
return (error);
}
int
ibcs2_setgroups(struct thread *td, struct ibcs2_setgroups_args *uap)
{
ibcs2_gid_t *iset;
gid_t *gp;
int error, i;
if (uap->gidsetsize < 0 || uap->gidsetsize > ngroups_max + 1)
return (EINVAL);
if (uap->gidsetsize && uap->gidset == NULL)
return (EINVAL);
gp = malloc(uap->gidsetsize * sizeof(*gp), M_TEMP, M_WAITOK);
if (uap->gidsetsize) {
iset = malloc(uap->gidsetsize * sizeof(*iset), M_TEMP, M_WAITOK);
error = copyin(uap->gidset, iset, sizeof(ibcs2_gid_t) *
uap->gidsetsize);
if (error) {
free(iset, M_TEMP);
goto out;
}
for (i = 0; i < uap->gidsetsize; i++)
gp[i] = (gid_t)iset[i];
}
error = kern_setgroups(td, uap->gidsetsize, gp);
out:
free(gp, M_TEMP);
return (error);
}
int
ibcs2_setuid(struct thread *td, struct ibcs2_setuid_args *uap)
{
struct setuid_args sa;
sa.uid = (uid_t)uap->uid;
return sys_setuid(td, &sa);
}
int
ibcs2_setgid(struct thread *td, struct ibcs2_setgid_args *uap)
{
struct setgid_args sa;
sa.gid = (gid_t)uap->gid;
return sys_setgid(td, &sa);
}
int
ibcs2_time(struct thread *td, struct ibcs2_time_args *uap)
{
struct timeval tv;
microtime(&tv);
td->td_retval[0] = tv.tv_sec;
if (uap->tp)
return copyout((caddr_t)&tv.tv_sec, (caddr_t)uap->tp,
sizeof(ibcs2_time_t));
else
return 0;
}
int
ibcs2_pathconf(struct thread *td, struct ibcs2_pathconf_args *uap)
{
char *path;
long value;
int error;
CHECKALTEXIST(td, uap->path, &path);
uap->name++; /* iBCS2 _PC_* defines are offset by one */
error = kern_pathconf(td, path, UIO_SYSSPACE, uap->name, FOLLOW,
&value);
free(path, M_TEMP);
if (error == 0)
td->td_retval[0] = value;
return (error);
}
int
ibcs2_fpathconf(struct thread *td, struct ibcs2_fpathconf_args *uap)
{
uap->name++; /* iBCS2 _PC_* defines are offset by one */
return sys_fpathconf(td, (struct fpathconf_args *)uap);
}
int
ibcs2_sysconf(struct thread *td, struct ibcs2_sysconf_args *uap)
{
int mib[2], value, len, error;
switch(uap->name) {
case IBCS2_SC_ARG_MAX:
mib[1] = KERN_ARGMAX;
break;
case IBCS2_SC_CHILD_MAX:
td->td_retval[0] = lim_cur(td, RLIMIT_NPROC);
return 0;
case IBCS2_SC_CLK_TCK:
td->td_retval[0] = hz;
return 0;
case IBCS2_SC_NGROUPS_MAX:
mib[1] = KERN_NGROUPS;
break;
case IBCS2_SC_OPEN_MAX:
td->td_retval[0] = lim_cur(td, RLIMIT_NOFILE);
return 0;
case IBCS2_SC_JOB_CONTROL:
mib[1] = KERN_JOB_CONTROL;
break;
case IBCS2_SC_SAVED_IDS:
mib[1] = KERN_SAVED_IDS;
break;
case IBCS2_SC_VERSION:
mib[1] = KERN_POSIX1;
break;
case IBCS2_SC_PASS_MAX:
td->td_retval[0] = 128; /* XXX - should we create PASS_MAX ? */
return 0;
case IBCS2_SC_XOPEN_VERSION:
td->td_retval[0] = 2; /* XXX: What should that be? */
return 0;
default:
return EINVAL;
}
mib[0] = CTL_KERN;
len = sizeof(value);
error = kernel_sysctl(td, mib, 2, &value, &len, NULL, 0, NULL, 0);
if (error)
return error;
td->td_retval[0] = value;
return 0;
}
int
ibcs2_alarm(struct thread *td, struct ibcs2_alarm_args *uap)
{
struct itimerval itv, oitv;
int error;
timevalclear(&itv.it_interval);
itv.it_value.tv_sec = uap->sec;
itv.it_value.tv_usec = 0;
error = kern_setitimer(td, ITIMER_REAL, &itv, &oitv);
if (error)
return (error);
if (oitv.it_value.tv_usec != 0)
oitv.it_value.tv_sec++;
td->td_retval[0] = oitv.it_value.tv_sec;
return (0);
}
int
ibcs2_times(struct thread *td, struct ibcs2_times_args *uap)
{
struct rusage ru;
struct timeval t;
struct tms tms;
int error;
#define CONVTCK(r) (r.tv_sec * hz + r.tv_usec / (1000000 / hz))
error = kern_getrusage(td, RUSAGE_SELF, &ru);
if (error)
return (error);
tms.tms_utime = CONVTCK(ru.ru_utime);
tms.tms_stime = CONVTCK(ru.ru_stime);
error = kern_getrusage(td, RUSAGE_CHILDREN, &ru);
if (error)
return (error);
tms.tms_cutime = CONVTCK(ru.ru_utime);
tms.tms_cstime = CONVTCK(ru.ru_stime);
microtime(&t);
td->td_retval[0] = CONVTCK(t);
return (copyout(&tms, uap->tp, sizeof(struct tms)));
}
int
ibcs2_stime(struct thread *td, struct ibcs2_stime_args *uap)
{
struct timeval tv;
long secs;
int error;
error = copyin(uap->timep, &secs, sizeof(long));
if (error)
return (error);
tv.tv_sec = secs;
tv.tv_usec = 0;
error = kern_settimeofday(td, &tv, NULL);
if (error)
error = EPERM;
return (error);
}
int
ibcs2_utime(struct thread *td, struct ibcs2_utime_args *uap)
{
struct ibcs2_utimbuf ubuf;
struct timeval tbuf[2], *tp;
char *path;
int error;
if (uap->buf) {
error = copyin(uap->buf, &ubuf, sizeof(ubuf));
if (error)
return (error);
tbuf[0].tv_sec = ubuf.actime;
tbuf[0].tv_usec = 0;
tbuf[1].tv_sec = ubuf.modtime;
tbuf[1].tv_usec = 0;
tp = tbuf;
} else
tp = NULL;
CHECKALTEXIST(td, uap->path, &path);
error = kern_utimesat(td, AT_FDCWD, path, UIO_SYSSPACE,
tp, UIO_SYSSPACE);
free(path, M_TEMP);
return (error);
}
int
ibcs2_nice(struct thread *td, struct ibcs2_nice_args *uap)
{
int error;
struct setpriority_args sa;
sa.which = PRIO_PROCESS;
sa.who = 0;
sa.prio = td->td_proc->p_nice + uap->incr;
if ((error = sys_setpriority(td, &sa)) != 0)
return EPERM;
td->td_retval[0] = td->td_proc->p_nice;
return 0;
}
/*
* iBCS2 getpgrp, setpgrp, setsid, and setpgid
*/
int
ibcs2_pgrpsys(struct thread *td, struct ibcs2_pgrpsys_args *uap)
{
struct proc *p = td->td_proc;
switch (uap->type) {
case 0: /* getpgrp */
PROC_LOCK(p);
td->td_retval[0] = p->p_pgrp->pg_id;
PROC_UNLOCK(p);
return 0;
case 1: /* setpgrp */
{
struct setpgid_args sa;
sa.pid = 0;
sa.pgid = 0;
sys_setpgid(td, &sa);
PROC_LOCK(p);
td->td_retval[0] = p->p_pgrp->pg_id;
PROC_UNLOCK(p);
return 0;
}
case 2: /* setpgid */
{
struct setpgid_args sa;
sa.pid = uap->pid;
sa.pgid = uap->pgid;
return sys_setpgid(td, &sa);
}
case 3: /* setsid */
return sys_setsid(td, NULL);
default:
return EINVAL;
}
}
/*
* XXX - need to check for nested calls
*/
int
ibcs2_plock(struct thread *td, struct ibcs2_plock_args *uap)
{
int error;
#define IBCS2_UNLOCK 0
#define IBCS2_PROCLOCK 1
#define IBCS2_TEXTLOCK 2
#define IBCS2_DATALOCK 4
switch(uap->cmd) {
case IBCS2_UNLOCK:
error = priv_check(td, PRIV_VM_MUNLOCK);
if (error)
return (error);
/* XXX - TODO */
return (0);
case IBCS2_PROCLOCK:
case IBCS2_TEXTLOCK:
case IBCS2_DATALOCK:
error = priv_check(td, PRIV_VM_MLOCK);
if (error)
return (error);
/* XXX - TODO */
return 0;
}
return EINVAL;
}
int
ibcs2_uadmin(struct thread *td, struct ibcs2_uadmin_args *uap)
{
#define SCO_A_REBOOT 1
#define SCO_A_SHUTDOWN 2
#define SCO_A_REMOUNT 4
#define SCO_A_CLOCK 8
#define SCO_A_SETCONFIG 128
#define SCO_A_GETDEV 130
#define SCO_AD_HALT 0
#define SCO_AD_BOOT 1
#define SCO_AD_IBOOT 2
#define SCO_AD_PWRDOWN 3
#define SCO_AD_PWRNAP 4
#define SCO_AD_PANICBOOT 1
#define SCO_AD_GETBMAJ 0
#define SCO_AD_GETCMAJ 1
switch(uap->cmd) {
case SCO_A_REBOOT:
case SCO_A_SHUTDOWN:
switch(uap->func) {
struct reboot_args r;
case SCO_AD_HALT:
case SCO_AD_PWRDOWN:
case SCO_AD_PWRNAP:
r.opt = RB_HALT;
return (sys_reboot(td, &r));
case SCO_AD_BOOT:
case SCO_AD_IBOOT:
r.opt = RB_AUTOBOOT;
return (sys_reboot(td, &r));
}
return EINVAL;
case SCO_A_REMOUNT:
case SCO_A_CLOCK:
case SCO_A_SETCONFIG:
return 0;
case SCO_A_GETDEV:
return EINVAL; /* XXX - TODO */
}
return EINVAL;
}
int
ibcs2_sysfs(struct thread *td, struct ibcs2_sysfs_args *uap)
{
#define IBCS2_GETFSIND 1
#define IBCS2_GETFSTYP 2
#define IBCS2_GETNFSTYP 3
switch(uap->cmd) {
case IBCS2_GETFSIND:
case IBCS2_GETFSTYP:
case IBCS2_GETNFSTYP:
break;
}
return EINVAL; /* XXX - TODO */
}
int
ibcs2_unlink(struct thread *td, struct ibcs2_unlink_args *uap)
{
char *path;
int error;
CHECKALTEXIST(td, uap->path, &path);
error = kern_unlinkat(td, AT_FDCWD, path, UIO_SYSSPACE, 0);
free(path, M_TEMP);
return (error);
}
int
ibcs2_chdir(struct thread *td, struct ibcs2_chdir_args *uap)
{
char *path;
int error;
CHECKALTEXIST(td, uap->path, &path);
error = kern_chdir(td, path, UIO_SYSSPACE);
free(path, M_TEMP);
return (error);
}
int
ibcs2_chmod(struct thread *td, struct ibcs2_chmod_args *uap)
{
char *path;
int error;
CHECKALTEXIST(td, uap->path, &path);
error = kern_fchmodat(td, AT_FDCWD, path, UIO_SYSSPACE, uap->mode, 0);
free(path, M_TEMP);
return (error);
}
int
ibcs2_chown(struct thread *td, struct ibcs2_chown_args *uap)
{
char *path;
int error;
CHECKALTEXIST(td, uap->path, &path);
error = kern_fchownat(td, AT_FDCWD, path, UIO_SYSSPACE, uap->uid,
uap->gid, 0);
free(path, M_TEMP);
return (error);
}
int
ibcs2_rmdir(struct thread *td, struct ibcs2_rmdir_args *uap)
{
char *path;
int error;
CHECKALTEXIST(td, uap->path, &path);
error = kern_rmdirat(td, AT_FDCWD, path, UIO_SYSSPACE);
free(path, M_TEMP);
return (error);
}
int
ibcs2_mkdir(struct thread *td, struct ibcs2_mkdir_args *uap)
{
char *path;
int error;
CHECKALTEXIST(td, uap->path, &path);
error = kern_mkdirat(td, AT_FDCWD, path, UIO_SYSSPACE, uap->mode);
free(path, M_TEMP);
return (error);
}
int
ibcs2_symlink(struct thread *td, struct ibcs2_symlink_args *uap)
{
char *path, *link;
int error;
CHECKALTEXIST(td, uap->path, &path);
/*
* Have to expand CHECKALTCREAT() so that 'path' can be freed on
* errors.
*/
error = ibcs2_emul_find(td, uap->link, UIO_USERSPACE, &link, 1);
if (link == NULL) {
free(path, M_TEMP);
return (error);
}
error = kern_symlinkat(td, path, AT_FDCWD, link, UIO_SYSSPACE);
free(path, M_TEMP);
free(link, M_TEMP);
return (error);
}
int
ibcs2_rename(struct thread *td, struct ibcs2_rename_args *uap)
{
char *from, *to;
int error;
CHECKALTEXIST(td, uap->from, &from);
/*
* Have to expand CHECKALTCREAT() so that 'from' can be freed on
* errors.
*/
error = ibcs2_emul_find(td, uap->to, UIO_USERSPACE, &to, 1);
if (to == NULL) {
free(from, M_TEMP);
return (error);
}
error = kern_renameat(td, AT_FDCWD, from, AT_FDCWD, to, UIO_SYSSPACE);
free(from, M_TEMP);
free(to, M_TEMP);
return (error);
}
int
ibcs2_readlink(struct thread *td, struct ibcs2_readlink_args *uap)
{
char *path;
int error;
CHECKALTEXIST(td, uap->path, &path);
error = kern_readlinkat(td, AT_FDCWD, path, UIO_SYSSPACE,
uap->buf, UIO_USERSPACE, uap->count);
free(path, M_TEMP);
return (error);
}