#
366281 |
|
30-Sep-2020 |
kib |
MFC r366085, r366113: Do not leak oldvmspace if image activation failed
|
#
337046 |
|
01-Aug-2018 |
jhb |
MFC 332782: Simplify the code to allocate stack for auxv, argv[], and environment vectors.
Remove auxarg_size as it was only used once right after a confusing assignment in each of the variants of exec_copyout_strings().
|
#
331722 |
|
29-Mar-2018 |
eadler |
Revert r330897:
This was intended to be a non-functional change. It wasn't. The commit message was thus wrong. In addition it broke arm, and merged crypto related code.
Revert with prejudice.
This revert skips files touched in r316370 since that commit was since MFCed. This revert also skips files that require $FreeBSD$ property changes.
Thank you to those who helped me get out of this mess including but not limited to gonzo, kevans, rgrimes.
Requested by: gjb (re)
|
#
330897 |
|
14-Mar-2018 |
eadler |
Partial merge of the SPDX changes
These changes are incomplete but are making it difficult to determine what other changes can/should be merged.
No objections from: pfg
|
#
320797 |
|
08-Jul-2017 |
markj |
MFC r311346, r311352, r313756: Add an allocator for KVA for execve arguments.
|
#
302408 |
|
07-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
300792 |
|
26-May-2016 |
bdrewery |
exec: Add credential change information into imgp for process_exec hook.
This allows an EVENTHANDLER(process_exec) hook to see if the new image will cause credentials to change whether due to setgid/setuid or because of POSIX saved-id semantics.
This adds 3 new fields into image_params: struct ucred *newcred Non-null if the credentials will change. bool credential_setid True if the new image is setuid or setgid.
This will pre-determine the new credentials before invoking the image activators, where the process_exec hook is called. The new credentials will be installed into the process in the same place as before, after image activators are done handling the image.
MFC after: 2 weeks Reviewed by: kib Sponsored by: EMC / Isilon Storage Division Differential Revision: https://reviews.freebsd.org/D6544
|
#
285622 |
|
16-Jul-2015 |
ed |
Implement CloudABI's exec() call.
Summary: In a runtime that is purely based on capability-based security, there is a strong emphasis on how programs start their execution. We need to make sure that we execute an new program with an exact set of file descriptors, ensuring that credentials are not leaked into the process accidentally.
Providing the right file descriptors is just half the problem. There also needs to be a framework in place that gives meaning to these file descriptors. How does a CloudABI mail server know which of the file descriptors corresponds to the socket that receives incoming emails? Furthermore, how will this mail server acquire its configuration parameters, as it cannot open a configuration file from a global path on disk?
CloudABI solves this problem by replacing traditional string command line arguments by tree-like data structure consisting of scalars, sequences and mappings (similar to YAML/JSON). In this structure, file descriptors are treated as a first-class citizen. When calling exec(), file descriptors are passed on to the new executable if and only if they are referenced from this tree structure. See the cloudabi-run(1) man page for more details and examples (sysutils/cloudabi-utils).
Fortunately, the kernel does not need to care about this tree structure at all. The C library is responsible for serializing and deserializing, but also for extracting the list of referenced file descriptors. The system call only receives a copy of the serialized data and a layout of what the new file descriptor table should look like:
int proc_exec(int execfd, const void *data, size_t datalen, const int *fds, size_t fdslen);
This change introduces a set of fd*_remapped() functions:
- fdcopy_remapped() pulls a copy of a file descriptor table, remapping all of the file descriptors according to the provided mapping table. - fdinstall_remapped() replaces the file descriptor table of the process by the copy created by fdcopy_remapped(). - fdescfree_remapped() frees the table in case we aborted before fdinstall_remapped().
We then add a function exec_copyin_data_fds() that builds on top these functions. It copies in the data and constructs a new remapped file descriptor. This is used by cloudabi_sys_proc_exec().
Test Plan: cloudabi-run(1) is capable of spawning processes successfully, providing it data and file descriptors. procstat -f seems to confirm all is good. Regular FreeBSD processes also work properly.
Reviewers: kib, mjg
Reviewed By: mjg
Subscribers: imp
Differential Revision: https://reviews.freebsd.org/D3079
|
#
282708 |
|
10-May-2015 |
kib |
On exec, single-threading must be enforced before arguments space is allocated from exec_map. If many threads try to perform execve(2) in parallel, the exec map is exhausted and some threads sleep uninterruptible waiting for the map space. Then, the thread which won the race for the space allocation, cannot single-thread the process, causing deadlock.
Reported and tested by: pho (previous version) Sponsored by: The FreeBSD Foundation MFC after: 2 weeks
|
#
281548 |
|
15-Apr-2015 |
kib |
Implement support for binary to requesting specific stack size for the initial thread. It is read by the ELF image activator as the virtual size of the PT_GNU_STACK program header entry, and can be specified by the linker option -z stack-size in newer binutils.
The soft RLIMIT_STACK is auto-increased if possible, to satisfy the binary' request.
Sponsored by: The FreeBSD Foundation MFC after: 1 week
|
#
271141 |
|
04-Sep-2014 |
sbruno |
Allow multiple image activators to run on the same execution by changing imgp->interpreted to a bitmask instead of, functionally, a bool. Each imgactivator now requires its own flag in interpreted to indicate whether or not it has already examined argv[0].
Change imgp->interpreted to an unsigned char to add one extra bit for future use.
With this change, one can execute a shell script from a 64bit host native make and still get the binmisc image activator to fire for the script interpreter. Prior to this, execution would fail.
Phabric: https://reviews.freebsd.org/D696 Reviewed by: jhb@ MFC after: 4 weeks
|
#
217151 |
|
08-Jan-2011 |
kib |
Create shared (readonly) page. Each ABI may specify the use of page by setting SV_SHP flag and providing pointer to the vm object and mapping address. Provide simple allocator to carve space in the page, tailored to put the code with alignment restrictions.
Enable shared page use for amd64, both native and 32bit FreeBSD binaries. Page is private mapped at the top of the user address space, moving a start of the stack one page down. Move signal trampoline code from the top of the stack to the shared page.
Reviewed by: alc
|
#
211412 |
|
17-Aug-2010 |
kib |
Supply some useful information to the started image using ELF aux vectors. In particular, provide pagesize and pagesizes array, the canary value for SSP use, number of host CPUs and osreldate.
Tested by: marius (sparc64) MFC after: 1 month
|
#
210555 |
|
28-Jul-2010 |
alc |
The interpreter name should no longer be treated as a buffer that can be overwritten. (This change should have been included in r210545.)
Submitted by: kib
|
#
210545 |
|
27-Jul-2010 |
alc |
Introduce exec_alloc_args(). The objective being to encapsulate the details of the string buffer allocation in one place.
Eliminate the portion of the string buffer that was dedicated to storing the interpreter name. The pointer to the interpreter name can simply be made to point to the appropriate argument string.
Reviewed by: kib
|
#
210498 |
|
26-Jul-2010 |
kib |
Revert r210451, and the similar part of the r210431. The forward-declaration for the enum tag when enum definition is not complete is not allowed by C99, and is gcc extension.
Requested by: stefanf MFC after: 28 days
|
#
210451 |
|
24-Jul-2010 |
kib |
Use forward declartion for enum uio_seg in imgact.h. This allows to remove inclusion of sys/uio.h from the header.
Proposed by: alc MFC after: 1 week
|
#
210429 |
|
23-Jul-2010 |
alc |
Eliminate a little bit of duplicated code.
|
#
205643 |
|
25-Mar-2010 |
nwhitehorn |
Add the ELF relocation base to struct image_params. This will be required to correctly relocate the executable entry point's function descriptor on powerpc64.
|
#
205642 |
|
25-Mar-2010 |
nwhitehorn |
Change the arguments of exec_setregs() so that it receives a pointer to the image_params struct instead of several members of that struct individually. This makes it easier to expand its arguments in the future without touching all platforms.
Reviewed by: jhb
|
#
204552 |
|
02-Mar-2010 |
alfred |
Merge projects/enhanced_coredumps (r204346) into HEAD:
Enhanced process coredump routines.
This brings in the following features: 1) Limit number of cores per process via the %I coredump formatter. Example: if corefilename is set to %N.%I.core AND num_cores = 3, then if a process "rpd" cores, then the corefile will be named "rpd.0.core", however if it cores again, then the kernel will generate "rpd.1.core" until we hit the limit of "num_cores".
this is useful to get several corefiles, but also prevent filling the machine with corefiles.
2) Encode machine hostname in core dump name via %H.
3) Compress coredumps, useful for embedded platforms with limited space. A sysctl kern.compress_user_cores is made available if turned on.
To enable compressed coredumps, the following config options need to be set: options COMPRESS_USER_CORES device zlib # brings in the zlib requirements. device gzio # brings in the kernel vnode gzip output module.
4) Eventhandlers are fired to indicate coredumps in progress.
5) The imgact sv_coredump routine has grown a flag to pass in more state, currently this is used only for passing a flag down to compress the coredump or not.
Note that the gzio facility can be used for generic output of gzip'd streams via vnodes.
Obtained from: Juniper Networks Reviewed by: kan
|
#
189927 |
|
17-Mar-2009 |
kib |
Supply AT_EXECPATH auxinfo entry to the interpreter, both for native and compat32 binaries.
Tested by: pho Reviewed by: kan
|
#
180570 |
|
17-Jul-2008 |
kib |
Pair the VOP_OPEN call from do_execve() with the reciprocal VOP_CLOSE. This was unnoticed because local filesystems usually do nothing non-trivial in the close vop.
Reported and tested by: Rick Macklem MFC after: 2 weeks
|
#
177787 |
|
31-Mar-2008 |
kib |
Implement the fexecve(2) syscall.
Based on the submission by rdivacky, sponsored by Google Summer of Code 2007 Reviewed by: rwatson, rdivacky Tested by: pho
|
#
161302 |
|
15-Aug-2006 |
netchild |
- Change process_exec function handlers prototype to include struct image_params arg. - Change struct image_params to include struct sysentvec pointer and initialize it. - Change all consumers of process_exit/process_exec eventhandlers to new prototypes (includes splitting up into distinct exec/exit functions). - Add eventhandler to userret.
Sponsored by: Google SoC 2006 Submitted by: rdivacky Parts suggested by: jhb (on hackers@)
|
#
155402 |
|
06-Feb-2006 |
jhb |
- Always call exec_free_args() in kern_execve() instead of doing it in all the callers if the exec either succeeds or fails early. - Move the code to call exit1() if the exec fails after the vmspace is gone to the bottom of kern_execve() to cut down on some code duplication.
|
#
142453 |
|
25-Feb-2005 |
sobomax |
Welcome to the 21st century: increase MAXSHELLCMDLEN from 128 bytes to PAGE_SIZE.
Unlike originator of the PR suggests retain MAXSHELLCMDLEN definition (he has been proposing to replace it with PAGE_SIZE everywhere), not only this reduced the diff significantly, but prevents code obfuscation and also allows to increase/decrease this parameter easily if needed.
PR: kern/64196 Submitted by: Magnus Bäckström <b@etek.chalmers.se>
|
#
140992 |
|
29-Jan-2005 |
sobomax |
o Split out kernel part of execve(2) syscall into two parts: one that copies arguments into the kernel space and one that operates completely in the kernel space;
o use kernel-only version of execve(2) to kill another stackgap in linuxlator/i386.
Obtained from: DragonFlyBSD (partially) MFC after: 2 weeks
|
#
128599 |
|
24-Apr-2004 |
bde |
Fixed some style bugs (useless forward declarations of structs and misplaced forward declarations of structs). This also reduces namespace pollution (the misplaced declarations were declared in the !_KERNEL case when they are not used).
|
#
128568 |
|
23-Apr-2004 |
alc |
Utilize sf_buf_alloc() rather than pmap_qenter() (and sometimes kmem_alloc_wait()) for mapping the image header. On all machines with a direct virtual-to-physical mapping and SMP/HTT i386s, this is a clear win.
|
#
127976 |
|
07-Apr-2004 |
imp |
Remove advertising clause from University of California Regent's license, per letter dated July 22, 1999.
Approved by: core
|
#
106468 |
|
05-Nov-2002 |
rwatson |
Bring in two sets of changes:
(1) Permit userland applications to request a change of label atomic with an execve() via mac_execve(). This is required for the SEBSD port of SELinux/FLASK. Attempts to invoke this without MAC compiled in result in ENOSYS, as with all other MAC system calls. Complexity, if desired, is present in policy modules, rather than the framework.
(2) Permit policies to have access to both the label of the vnode being executed as well as the interpreter if it's a shell script or related UNIX nonsense. Because we can't hold both vnode locks at the same time, cache the interpreter label. SEBSD relies on this because it supports secure transitioning via shell script executables. Other policies might want to take both labels into account during an integrity or confidentiality decision at execve()-time.
Approved by: re Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
#
106437 |
|
04-Nov-2002 |
rwatson |
Remove reference to struct execve_args from struct imgact, which describes an image activation instance. Instead, make use of the existing fname structure entry, and introduce two new entries, userspace_argv, and userspace_envv. With the addition of mac_execve(), this divorces the image structure from the specifics of the execve() system call, removes a redundant pointer, etc. No semantic change from current behavior, but it means that the structure doesn't depend on syscalls.master-generated includes.
There seems to be some redundant initialization of imgact entries, which I have maintained, but which could probably use some cleaning up at some point.
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
#
103767 |
|
21-Sep-2002 |
jake |
Use the fields in the sysentvec and in the vm map header in place of the constants VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS, USRSTACK and PS_STRINGS. This is mainly so that they can be variable even for the native abi, based on different machine types. Get stack protections from the sysentvec too. This makes it trivial to map the stack non-executable for certain abis, on machines that support it.
|
#
102808 |
|
01-Sep-2002 |
jake |
Added fields for VM_MIN_ADDRESS, PS_STRINGS and stack protections to sysentvec. Initialized all fields of all sysentvecs, which will allow them to be used instead of constants in more places. Provided stack fixup routines for emulations that previously used the default.
|
#
102561 |
|
29-Aug-2002 |
jake |
Renamed poorly named setregs to exec_setregs. Moved its prototype to imgact.h with the other exec support functions.
|
#
100384 |
|
20-Jul-2002 |
peter |
Infrastructure tweaks to allow having both an Elf32 and an Elf64 executable handler in the kernel at the same time. Also, allow for the exec_new_vmspace() code to build a different sized vmspace depending on the executable environment. This is a big help for execing i386 binaries on ia64. The ELF exec code grows the ability to map partial pages when there is a page size difference, eg: emulating 4K pages on 8K or 16K hardware pages.
Flesh out the i386 emulation support for ia64. At this point, the only binary that I know of that fails is cvsup, because the cvsup runtime tries to execute code in pages not marked executable.
Obtained from: dfr (mostly, many tweaks from me).
|
#
99487 |
|
06-Jul-2002 |
jeff |
Clean up execve locking:
- Grab the vnode object early in exec when we still have the vnode lock. - Cache the object in the image_params. - Make use of the cached object in imgact_*.c
|
#
92719 |
|
19-Mar-2002 |
alfred |
Remove __P
|
#
87025 |
|
28-Nov-2001 |
jwd |
Return a more meaningful errno when the length of the interpreter exceeds MAXSHELLCMDLEN to avoid secondary /bin/sh execution.
Update execve man page to reflect change.
Increase MAXSHELLCMDLEN to a slightly more meaningful value.
PR: kern/32106 Submitted by: b@etek.chalmers.se Reviewed by: bsd MFC after: 2 weeks
|
#
66379 |
|
26-Sep-2000 |
takawata |
Make size of dynamic loader argument variable to support various executable file format.
Reviewed by: peter
|
#
59663 |
|
26-Apr-2000 |
dillon |
Fix #! script exec under linux emulation. If a script is exec'd from a program running under linux emulation, the script binary is checked for in /compat/linux first. Without this patch the wrong script binary (i.e. the FreeBSD binary) will be run instead of the linux binary. For example, #!/bin/sh, thus breaking out of linux compatibility mode.
This solves a number of problems people have had installing linux software on FreeBSD boxes.
|
#
55205 |
|
29-Dec-1999 |
peter |
Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL" is an application space macro and the applications are supposed to be free to use it as they please (but cannot). This is consistant with the other BSD's who made this change quite some time ago. More commits to come.
|
#
53239 |
|
16-Nov-1999 |
phk |
Introduce commandline caching in the kernel.
This fixes some nasty procfs problems for SMP, makes ps(1) run much faster, and makes ps(1) even less dependent on /proc which will aid chroot and jails alike.
To disable this facility and revert to previous behaviour: sysctl -w kern.ps_arg_cache_limit=0
For full details see the current@FreeBSD.org mail-archives.
|
#
50477 |
|
27-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
#
45270 |
|
03-Apr-1999 |
jdp |
Restore support for executing BSD/OS binaries on the i386 by passing the address of the ps_strings structure to the process via %ebx. For other kinds of binaries, %ebx is still zeroed as before.
Submitted by: Thomas Stephens <tas@stephens.org> Reviewed by: jdp
|
#
42175 |
|
30-Dec-1998 |
dfr |
Various changes to support OSF1 emulation:
* Move the user stack from VM_MAXUSER_ADDRESS to a place below the 32bit boundary (needed to support 32bit OSF programs). This should also save one pagetable per process. * Add cvtqlsv to the set of instructions handled by the floating point software completion code. * Disable all floating point exceptions by default. * A minor change to execve to allow the OSF1 image activator to support dynamic loading.
|
#
33983 |
|
02-Mar-1998 |
peter |
Update the ELF image activator to use some of the exec resources rather than rolling it's own. This means that it now uses the "safe" exec_map_first_page() to get the ld.so headers rather than risking a panic on a page fault failure (eg: NFS server goes down). Since all the ELF tools go to a lot of trouble to make sure everything lives in the first page for executables, this is a win. I have not seen any ELF executable on any system where all the headers didn't fit in the first page with lots of room to spare. I have been running variations of this code for some time on my pure ELF systems.
|
#
32446 |
|
11-Jan-1998 |
dyson |
Implement the first page access for object type determination more VM clean. Also, use vm_map_insert instead of vm_mmap. Reviewed by: dg@freebsd.org
|
#
25114 |
|
23-Apr-1997 |
ache |
Add argv0 field for imgact structure - for replacing argv0 in shell image activator Submitted by: Tor Egge <Tor.Egge@idi.ntnu.no>
|
#
22975 |
|
22-Feb-1997 |
peter |
Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not ready for it yet.
|
#
21673 |
|
14-Jan-1997 |
jkh |
Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
|
#
15494 |
|
01-May-1996 |
bde |
Removed unnecessary #includes from <sys/imgact.h> so that it is self-sufficient and added explicit #includes where required.
|
#
14456 |
|
10-Mar-1996 |
sos |
First attempt at FreeBSD & Linux ELF support.
Compile and link a new kernel, that will give native ELF support, and provide the hooks for other ELF interpreters as well.
To make native ELF binaries use John Polstras elf-kit-1.0.1.. For the time being also use his ld-elf.so.1 and put it in /usr/libexec.
The Linux emulator has been enhanced to also run ELF binaries, it is however in its very first incarnation. Just get some Linux ELF libs (Slackware-3.0) and put them in the prober place (/compat/linux/...). I've ben able to run all the Slackware-3.0 binaries I've tried so far. (No it won't run quake yet :)
|
#
12130 |
|
06-Nov-1995 |
dg |
All: Changed vnodep -> vp for consistency with the rest of the kernel, and changed iparams -> imgp for brevity.
kern_exec.c: Explicitly initialized some additional parts of the image_params struct to avoid bzeroing it. Rewrote the set-id code to reduce the number of logical tests. The rewrite exposed a mostly benign bug in the algorithm: traced set-id images would get ktracing disabled even if the set-id didn't happen for other reasons.
|
#
8876 |
|
30-May-1995 |
rgrimes |
Remove trailing whitespace.
|
#
3304 |
|
02-Oct-1994 |
phk |
Prototypes, prototypes and even more prototypes. Not quite done yet, but getting closer all the time.
|
#
2165 |
|
21-Aug-1994 |
paul |
Made them all idempotent. Reviewed by: Submitted by:
|
#
2124 |
|
19-Aug-1994 |
dg |
Terry Lambert's loadable kernel module support w/improvements from the NetBSD group.
|
#
2112 |
|
18-Aug-1994 |
wollman |
Fix up some sloppy coding practices:
- Delete redundant declarations. - Add -Wredundant-declarations to Makefile.i386 so they don't come back. - Delete sloppy COMMON-style declarations of uninitialized data in header files. - Add a few prototypes. - Clean up warnings resulting from the above.
NB: ioconf.c will still generate a redundant-declaration warning, which is unavoidable unless somebody volunteers to make `config' smarter.
|
#
2056 |
|
13-Aug-1994 |
wollman |
Change all #includes to follow the current Berkeley style. Some of these ``changes'' are actually not changes at all, but CVS sometimes has trouble telling the difference.
This also includes support for second-directory compiles. This is not quite complete yet, as `config' doesn't yet do the right thing. You can still make it work trivially, however, by doing the following:
rm /sys/compile mkdir /usr/obj/sys/compile ln -s M-. /sys/compile cd /sys/i386/conf config MYKERNEL cd ../../compile/MYKERNEL ln -s /sys @ rm machine ln -s @/i386/include machine make depend make
|
#
1549 |
|
25-May-1994 |
rgrimes |
The big 4.4BSD Lite to FreeBSD 2.0.0 (Development) patch.
Reviewed by: Rodney W. Grimes Submitted by: John Dyson and David Greenman
|
#
886 |
|
20-Dec-1993 |
wollman |
Let the linker keep track of pseudo-devices needing initialization and image activators, rather than listing them inline in the code.
|
#
850 |
|
12-Dec-1993 |
dg |
1) Added proc file system from Paul Kranenburg with changes from John Dyson to make it reliably work under FreeBSD. 2) Added and enabled PROCFS in the GENERICxx and LINT kernels. 3) New execve() from me. Still work to be done here, but this version works well and is needed before other changes can be made. For a description of the design behind this, see freebsd-arch or ask me. 4) Rewrote stack fault code; made user stack VM grow as needed rather than all up front; improves performance a little and reduces process memory requirements. 5) Incorporated fix from Gene Stark to fault/wire a user page table page to fix a problem in copyout. This is a temporary fix and is not appropriate for pageable page tables. For a description of the problem, see Gene's post to the freebsd-hackers mailing list. 6) Tighten up vm_page struct to reduce memory requirements for it. ifdef pager page lock code as it's not being used currently. 7) Introduced new element to vmspace struct - vm_minsaddr; initial (minimum) stack address. Compliment to vm_maxsaddr. 8) Added a panic if the allocation for process u-pages fails. 9) Improve performance and accuracy of kernel profiling by putting in a little inline assembly instead of spl(). 10) Made serial console with sio driver work. Still has problems with serial input, but is almost useable. 11) Added -Bstatic to SYSTEM_LD in Makefile.i386 so that kernels will build properly with the new ld.
|