#
fdafd315 |
|
24-Nov-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Automated cleanup of cdefs and other formatting Apply the following automated changes to try to eliminate no-longer-needed sys/cdefs.h includes as well as now-empty blank lines in a row. Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/ Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/ Remove /\n+#if.*\n#endif.*\n+/ Remove /^#if.*\n#endif.*\n/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/ Sponsored by: Netflix
|
#
685dc743 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Remove $FreeBSD$: one-line .c pattern Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
#
5eeb4f73 |
|
17-Nov-2022 |
Doug Rabson <dfr@FreeBSD.org> |
imgact_binmisc: Optionally pre-open the interpreter vnode This allows the use of chroot and/or jail environments which depend on interpreters registed with imgact_binmisc to use emulator binaries from the host to emulate programs inside the chroot. Reviewed by: imp MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D37432
|
#
8c28aa5e |
|
07-Nov-2020 |
Kyle Evans <kevans@FreeBSD.org> |
imgact_binmisc: limit the extent of match on incoming entries imgact_binmisc matches magic/mask from imgp->image_header, which is only a single page in size mapped from the first page of an image. One can specify an interpreter that matches on, e.g., --offset 4096 --size 256 to read up to 256 bytes past the mapped first page. The limitation is that we cannot specify a magic string that exceeds a single page, and we can't allow offset + size to exceed a single page either. A static assert has been added in case someone finds it useful to try and expand the size, but it does seem a little unlikely. While this looks kind of exploitable at a sideways squinty-glance, there are a couple of mitigating factors: 1.) imgact_binmisc is not enabled by default, 2.) entries may only be added by the superuser, 3.) trying to exploit this information to read what's mapped past the end would be worse than a root canal or some other relatably painful experience, and 4.) there's no way one could pull this off without it being completely obvious. The first page is mapped out of an sf_buf, the implementation of which (or lack thereof) depends on your platform. MFC after: 1 week
|
#
1024ef27 |
|
07-Nov-2020 |
Kyle Evans <kevans@FreeBSD.org> |
imgact_binmisc: move some calculations out of the exec path The offset we need to account for in the interpreter string comes in two variants: 1. Fixed - macros other than #a that will not vary from invocation to invocation 2. Variable - #a, which is substitued with the argv0 that we're replacing Note that we don't have a mechanism to modify an existing entry. By recording both of these offset requirements when the interpreter is added, we can avoid some unnecessary calculations in the exec path. Most importantly, we can know up-front whether we need to grab calculate/grab the the filename for this interpreter. We also get to avoid walking the string a first time looking for macros. For most invocations, it's a swift exit as they won't have any, but there's no point entering a loop and searching for the macro indicator if we already know there will not be one. While we're here, go ahead and only calculate the argv0 name length once per invocation. While it's unlikely that we'll have more than one #a, there's no reason to recalculate it every time we encounter an #a when it will not change. I have not bothered trying to benchmark this at all, because it's arguably a minor and straightforward/obvious improvement. MFC after: 1 week
|
#
ecb4fdf9 |
|
07-Nov-2020 |
Kyle Evans <kevans@FreeBSD.org> |
imgact_binmisc: reorder members of struct imgact_binmisc_entry (NFC) This doesn't change anything at the moment since the out-of-order elements were a pair of uint32_t, but future additions may have caused unnecessary padding by following the existing precedent. MFC after: 1 week
|
#
2192cd12 |
|
06-Nov-2020 |
Kyle Evans <kevans@FreeBSD.org> |
imgact_binmisc: abstract away the list lock (NFC) This module handles relatively few execs (initial qemu-user-static, then qemu-user-static handles exec'ing itself for binaries it's already running), but all execs pay the price of at least taking the relatively expensive sx/slock to check for a match when this module is loaded. Future work will almost certainly swap this out for another lock, perhaps an rmslock. The RLOCK/WLOCK phrasing was chosen based on what the callers are really wanting, rather than using the verbiage typically appropriate for an sx. MFC after: 1 week
|
#
7d3ed977 |
|
06-Nov-2020 |
Kyle Evans <kevans@FreeBSD.org> |
imgact_binmisc: validate flags coming from userland We may want to reserve bits in the future for kernel-only use, so start rejecting any that aren't the two that we're currently expecting from userland. MFC after: 1 week
|
#
80083216 |
|
06-Nov-2020 |
Kyle Evans <kevans@FreeBSD.org> |
imgact_binmisc: minor re-organization of imgact_binmisc_exec exits Notably, streamline error paths through the existing 'done' label, making it easier to quickly verify correct cleanup. Future work might add a kernel-only flag to indicate that a interpreter uses #a. Currently, all executions via imgact_binmisc pay the penalty of constructing sname/fname, even if they will not use it. qemu-user-static doesn't need it, the stock rc script for qemu-user-static certainly doesn't use it, and I suspect these are the vast majority of (if not the only) current users. MFC after: 1 week
|
#
df69035d |
|
04-Nov-2020 |
Kyle Evans <kevans@FreeBSD.org> |
imgact_binmisc: fix up some minor nits - Removed a bunch of redundant headers - Don't explicitly initialize to 0 - The !error check prior to setting imgp->interpreter_name is redundant, all error paths should and do return or go to 'done'. We have larger problems otherwise.
|
#
7029da5c |
|
26-Feb-2020 |
Pawel Biernacki <kaktus@FreeBSD.org> |
Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) r357614 added CTLFLAG_NEEDGIANT to make it easier to find nodes that are still not MPSAFE (or already are but aren’t properly marked). Use it in preparation for a general review of all nodes. This is non-functional change that adds annotations to SYSCTL_NODE and SYSCTL_PROC nodes using one of the soon-to-be-required flags. Mark all obvious cases as MPSAFE. All entries that haven't been marked as MPSAFE before are by default marked as NEEDGIANT Approved by: kib (mentor, blanket) Commented by: kib, gallatin, melifaro Differential Revision: https://reviews.freebsd.org/D23718
|
#
3ff65f71 |
|
30-Jan-2020 |
Mateusz Guzik <mjg@FreeBSD.org> |
Remove duplicated empty lines from kern/*.c No functional changes.
|
#
f373437a |
|
29-Nov-2018 |
Brooks Davis <brooks@FreeBSD.org> |
Add helper functions to copy strings into struct image_args. Given a zeroed struct image_args with an allocated buf member, exec_args_add_fname() must be called to install a file name (or NULL). Then zero or more calls to exec_args_add_env() followed by zero or more calls to exec_args_add_env(). exec_args_adjust_args() may be called after args and/or env to allow an interpreter to be prepended to the argument list. To allow code reuse when adding arg and env variables, begin_envv should be accessed with the accessor exec_args_get_begin_envv() which handles the case when no environment entries have been added. Use these functions to simplify exec_copyin_args() and freebsd32_exec_copyin_args(). Reviewed by: kib Obtained from: CheriBSD Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D15468
|
#
891cf3ed |
|
18-May-2018 |
Ed Maste <emaste@FreeBSD.org> |
Use NULL for SYSINIT's last arg, which is a pointer type Sponsored by: The FreeBSD Foundation
|
#
b7feabf9 |
|
13-Mar-2018 |
Ed Maste <emaste@FreeBSD.org> |
Use C99 designated initializers for struct execsw It it makes use slightly more clear and facilitates grepping.
|
#
26af6115 |
|
21-Mar-2017 |
Ed Maste <emaste@FreeBSD.org> |
tighten buffer bounds in imgact_binmisc_populate_interp We must ensure there's space for the terminating null in the temporary buffer in imgact_binmisc_populate_interp(). Note that there's no buffer overflow here because xbe->xbe_interpreter's length and null termination is checked in imgact_binmisc_add_entry() before imgact_binmisc_populate_interp() is called. However, the latter should correctly enforce its own bounds. Reviewed by: sbruno MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D10042
|
#
e3043798 |
|
29-Apr-2016 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
sys/kern: spelling fixes in comments. No functional change.
|
#
910938f0 |
|
01-Apr-2016 |
Sean Bruno <sbruno@FreeBSD.org> |
Repair a overflow condition where a user could submit a string that was not getting a proper bounds check. Thanks to CTurt for pointing at this with a big red blinking neon sign. PR: 206761 Submitted by: sson Reviewed by: cturt@hardenedbsd.org MFC after: 3 days
|
#
4e83b32a |
|
24-Jun-2015 |
Sean Bruno <sbruno@FreeBSD.org> |
At the suggestion of jhb, replace atomic_set/clear calls with use of exclusive locks in the enable/disable interpreter path. Tested with WITNESS/INVARIANTS on and off. Reviewed by: sson davide
|
#
945afa7c |
|
22-Jun-2015 |
Sean Bruno <sbruno@FreeBSD.org> |
Make imgact_binmisc_exec() static. Submitted by: kib Reviewed by: sson
|
#
602ec835 |
|
19-Jun-2015 |
Sean Bruno <sbruno@FreeBSD.org> |
Remove uneeded NULL check since malloc the malloc is now M_WAITOK Submitted by: mjg
|
#
e0ae213f |
|
19-Jun-2015 |
Sean Bruno <sbruno@FreeBSD.org> |
Must have one of either M_WAITOK or M_NOWAIT, read the man page bruno. Submitted by: mjg
|
#
a7647ec4 |
|
19-Jun-2015 |
Sean Bruno <sbruno@FreeBSD.org> |
Feedback from commit r284535 davide: imgact_binmisc_clear_entry() needs to use atomic ops to remove the enable bit. kib: M_NOWAIT is not warranted and comment is invalid.
|
#
5f98711d |
|
17-Jun-2015 |
Sean Bruno <sbruno@FreeBSD.org> |
This change replaces the mutex with a sx lock for the interpreter list to avoid the problem of holding a non-sleep lock during a page fault as reported by witness. It also uses atomics where possible to avoid having to acquire the exclusive lock. In addition, it consistently uses memset()/memcpy() instead of bzero()/bcopy(). Differential Revision: https://reviews.freebsd.org/D1971 Submitted by: sson Reviewed by: jhb
|
#
280b7169 |
|
05-Jun-2015 |
Sean Bruno <sbruno@FreeBSD.org> |
Revert 284029, update imgact_binmisctl.c change mtx to reader count, at the request of the submitter. Will attempt to use an sx_lock for this fix to WITNESS crashes in a later revision. Submitted by: sson
|
#
8c8613a1 |
|
05-Jun-2015 |
Sean Bruno <sbruno@FreeBSD.org> |
This change uses a reader count instead of holding the mutex for the interpreter list to avoid the problem of holding a non-sleep lock during a page fault as reported by witness. In addition, it consistently uses memset()/memcpy() instead of bzero()/bcopy() except in the case where bcopy() is required (i.e. overlapping copy). Differential Revision: https://reviews.freebsd.org/D2123 Submitted by: sson MFC after: 2 weeks Relnotes: Yes
|
#
65f20a89 |
|
04-Sep-2014 |
Sean Bruno <sbruno@FreeBSD.org> |
Allow multiple image activators to run on the same execution by changing imgp->interpreted to a bitmask instead of, functionally, a bool. Each imgactivator now requires its own flag in interpreted to indicate whether or not it has already examined argv[0]. Change imgp->interpreted to an unsigned char to add one extra bit for future use. With this change, one can execute a shell script from a 64bit host native make and still get the binmisc image activator to fire for the script interpreter. Prior to this, execution would fail. Phabric: https://reviews.freebsd.org/D696 Reviewed by: jhb@ MFC after: 4 weeks
|
#
b888dae4 |
|
08-Apr-2014 |
Sean Bruno <sbruno@FreeBSD.org> |
sys/kern/imgact_binmisc.c -- free the right pointer mask vs magic sys/sys/imagact_binmisc.h -- cleanup white space tabs vs spaces -- remove stray " in comment Submitted by: jmallett@
|
#
6d756449 |
|
08-Apr-2014 |
Sean Bruno <sbruno@FreeBSD.org> |
Add Stacey Son's binary activation patches that allow remapping of execution to a emumation program via parsing of ELF header information. With this kernel module and userland tool, poudriere is able to build ports packages via the QEMU userland tools (or another emulator program) in a different architecture chroot, e.g. TARGET=mips TARGET_ARCH=mips I'm not connecting this to GENERIC for obvious reasons, but this should allow the kernel module to be built by default and enable the building of the userland tool (which automatically loads the kernel module). Submitted by: sson@ Reviewed by: jhb@
|