/* ARGSUSED */
int
sys_opipe(struct proc *p, void *v, register_t *retval)
{
struct filedesc *fdp = p->p_fd;
struct file *rf, *wf;
struct pipe *rpipe, *wpipe;
int fd, error;
fdplock(fdp);
rpipe = pool_get(&pipe_pool, PR_WAITOK);
error = pipe_create(rpipe);
if (error != 0)
goto free1;
wpipe = pool_get(&pipe_pool, PR_WAITOK);
error = pipe_create(wpipe);
if (error != 0)
goto free2;
error = falloc(p, &rf, &fd);
if (error != 0)
goto free2;
rf->f_flag = FREAD | FWRITE;
rf->f_type = DTYPE_PIPE;
rf->f_data = rpipe;
rf->f_ops = &pipeops;
retval[0] = fd;
error = falloc(p, &wf, &fd);
if (error != 0)
goto free3;
wf->f_flag = FREAD | FWRITE;
wf->f_type = DTYPE_PIPE;
wf->f_data = wpipe;
wf->f_ops = &pipeops;
retval[1] = fd;
rpipe->pipe_peer = wpipe;
wpipe->pipe_peer = rpipe;
FILE_SET_MATURE(rf);
FILE_SET_MATURE(wf);
fdpunlock(fdp);
return (0);
free3:
fdremove(fdp, retval[0]);
closef(rf, p);
rpipe = NULL;
free2:
(void)pipeclose(wpipe);
free1:
if (rpipe != NULL)
(void)pipeclose(rpipe);
fdpunlock(fdp);
return (error);
}
int
sys_socket(struct proc *p, void *v, register_t *retval)
{
struct sys_socket_args /* {
syscallarg(int) domain;
syscallarg(int) type;
syscallarg(int) protocol;
} */ *uap = v;
struct filedesc *fdp = p->p_fd;
struct socket *so;
struct file *fp;
int fd, error;
fdplock(fdp);
error = falloc(p, &fp, &fd);
fdpunlock(fdp);
if (error != 0)
goto out;
fp->f_flag = FREAD|FWRITE;
fp->f_type = DTYPE_SOCKET;
fp->f_ops = &socketops;
error = socreate(SCARG(uap, domain), &so, SCARG(uap, type),
SCARG(uap, protocol));
if (error) {
fdplock(fdp);
fdremove(fdp, fd);
closef(fp, p);
fdpunlock(fdp);
} else {
fp->f_data = so;
FILE_SET_MATURE(fp, p);
*retval = fd;
}
out:
return (error);
}
/* ARGSUSED */
int
sys_pipe(struct proc *p, void *v, register_t *retval)
{
struct sys_pipe_args /* {
syscallarg(int *) fdp;
} */ *uap = v;
struct filedesc *fdp = p->p_fd;
struct file *rf, *wf;
struct pipe *rpipe, *wpipe = NULL;
int fds[2], error;
rpipe = pool_get(&pipe_pool, PR_WAITOK);
error = pipe_create(rpipe);
if (error != 0)
goto free1;
wpipe = pool_get(&pipe_pool, PR_WAITOK);
error = pipe_create(wpipe);
if (error != 0)
goto free1;
fdplock(fdp);
error = falloc(p, &rf, &fds[0]);
if (error != 0)
goto free2;
rf->f_flag = FREAD | FWRITE;
rf->f_type = DTYPE_PIPE;
rf->f_data = rpipe;
rf->f_ops = &pipeops;
error = falloc(p, &wf, &fds[1]);
if (error != 0)
goto free3;
wf->f_flag = FREAD | FWRITE;
wf->f_type = DTYPE_PIPE;
wf->f_data = wpipe;
wf->f_ops = &pipeops;
rpipe->pipe_peer = wpipe;
wpipe->pipe_peer = rpipe;
FILE_SET_MATURE(rf, p);
FILE_SET_MATURE(wf, p);
error = copyout(fds, SCARG(uap, fdp), sizeof(fds));
if (error != 0) {
fdrelease(p, fds[0]);
fdrelease(p, fds[1]);
}
fdpunlock(fdp);
return (error);
free3:
fdremove(fdp, fds[0]);
closef(rf, p);
rpipe = NULL;
free2:
fdpunlock(fdp);
free1:
pipeclose(wpipe);
pipeclose(rpipe);
return (error);
}
int
dopipe(struct proc *p, int *ufds, int flags)
{
struct filedesc *fdp = p->p_fd;
struct file *rf, *wf;
struct pipe *rpipe, *wpipe = NULL;
int fds[2], error;
rpipe = pool_get(&pipe_pool, PR_WAITOK);
error = pipe_create(rpipe);
if (error != 0)
goto free1;
wpipe = pool_get(&pipe_pool, PR_WAITOK);
error = pipe_create(wpipe);
if (error != 0)
goto free1;
fdplock(fdp);
error = falloc(p, &rf, &fds[0]);
if (error != 0)
goto free2;
rf->f_flag = FREAD | FWRITE | (flags & FNONBLOCK);
rf->f_type = DTYPE_PIPE;
rf->f_data = rpipe;
rf->f_ops = &pipeops;
error = falloc(p, &wf, &fds[1]);
if (error != 0)
goto free3;
wf->f_flag = FREAD | FWRITE | (flags & FNONBLOCK);
wf->f_type = DTYPE_PIPE;
wf->f_data = wpipe;
wf->f_ops = &pipeops;
if (flags & O_CLOEXEC) {
fdp->fd_ofileflags[fds[0]] |= UF_EXCLOSE;
fdp->fd_ofileflags[fds[1]] |= UF_EXCLOSE;
}
rpipe->pipe_peer = wpipe;
wpipe->pipe_peer = rpipe;
FILE_SET_MATURE(rf, p);
FILE_SET_MATURE(wf, p);
error = copyout(fds, ufds, sizeof(fds));
if (error != 0) {
fdrelease(p, fds[0]);
fdrelease(p, fds[1]);
}
fdpunlock(fdp);
return (error);
free3:
fdremove(fdp, fds[0]);
closef(rf, p);
rpipe = NULL;
free2:
fdpunlock(fdp);
free1:
pipeclose(wpipe);
pipeclose(rpipe);
return (error);
}
int
ptmioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p)
{
dev_t newdev, error;
struct pt_softc * pti;
struct nameidata cnd, snd;
struct filedesc *fdp = p->p_fd;
struct file *cfp = NULL, *sfp = NULL;
int cindx, sindx;
uid_t uid;
gid_t gid;
struct vattr vattr;
struct ucred *cred;
struct ptmget *ptm = (struct ptmget *)data;
error = 0;
switch (cmd) {
case PTMGET:
fdplock(fdp);
/* Grab two filedescriptors. */
if ((error = falloc(p, &cfp, &cindx)) != 0) {
fdpunlock(fdp);
break;
}
if ((error = falloc(p, &sfp, &sindx)) != 0) {
fdremove(fdp, cindx);
closef(cfp, p);
fdpunlock(fdp);
break;
}
retry:
/* Find and open a free master pty. */
newdev = pty_getfree();
if ((error = check_pty(minor(newdev))))
goto bad;
pti = pt_softc[minor(newdev)];
NDINIT(&cnd, LOOKUP, NOFOLLOW|LOCKLEAF, UIO_SYSSPACE,
pti->pty_pn, p);
if ((error = ptm_vn_open(&cnd)) != 0) {
/*
* Check if the master open failed because we lost
* the race to grab it.
*/
if (error == EIO && !pty_isfree(minor(newdev)))
goto retry;
goto bad;
}
cfp->f_flag = FREAD|FWRITE;
cfp->f_type = DTYPE_VNODE;
cfp->f_ops = &vnops;
cfp->f_data = (caddr_t) cnd.ni_vp;
VOP_UNLOCK(cnd.ni_vp, 0, p);
/*
* Open the slave.
* namei -> setattr -> unlock -> revoke -> vrele ->
* namei -> open -> unlock
* Three stage rocket:
* 1. Change the owner and permissions on the slave.
* 2. Revoke all the users of the slave.
* 3. open the slave.
*/
NDINIT(&snd, LOOKUP, NOFOLLOW|LOCKLEAF, UIO_SYSSPACE,
pti->pty_sn, p);
if ((error = namei(&snd)) != 0)
goto bad;
if ((snd.ni_vp->v_mount->mnt_flag & MNT_RDONLY) == 0) {
gid = tty_gid;
/* get real uid */
uid = p->p_cred->p_ruid;
VATTR_NULL(&vattr);
vattr.va_uid = uid;
vattr.va_gid = gid;
vattr.va_mode = (S_IRUSR|S_IWUSR|S_IWGRP) & ALLPERMS;
/* Get a fake cred to pretend we're root. */
cred = crget();
error = VOP_SETATTR(snd.ni_vp, &vattr, cred, p);
crfree(cred);
if (error) {
vput(snd.ni_vp);
goto bad;
}
}
VOP_UNLOCK(snd.ni_vp, 0, p);
if (snd.ni_vp->v_usecount > 1 ||
(snd.ni_vp->v_flag & (VALIASED)))
VOP_REVOKE(snd.ni_vp, REVOKEALL);
/*
* The vnode is useless after the revoke, we need to
* namei again.
*/
vrele(snd.ni_vp);
NDINIT(&snd, LOOKUP, NOFOLLOW|LOCKLEAF, UIO_SYSSPACE,
pti->pty_sn, p);
/* now open it */
if ((error = ptm_vn_open(&snd)) != 0)
goto bad;
sfp->f_flag = FREAD|FWRITE;
sfp->f_type = DTYPE_VNODE;
sfp->f_ops = &vnops;
sfp->f_data = (caddr_t) snd.ni_vp;
VOP_UNLOCK(snd.ni_vp, 0, p);
/* now, put the indexen and names into struct ptmget */
ptm->cfd = cindx;
ptm->sfd = sindx;
memcpy(ptm->cn, pti->pty_pn, sizeof(pti->pty_pn));
memcpy(ptm->sn, pti->pty_sn, sizeof(pti->pty_sn));
/* mark the files mature now that we've passed all errors */
FILE_SET_MATURE(cfp);
FILE_SET_MATURE(sfp);
fdpunlock(fdp);
break;
default:
error = EINVAL;
break;
}
return (error);
bad:
fdremove(fdp, cindx);
closef(cfp, p);
fdremove(fdp, sindx);
closef(sfp, p);
fdpunlock(fdp);
return (error);
}
/* ARGSUSED */
int
sys_execve(struct proc *p, void *v, register_t *retval)
{
struct sys_execve_args /* {
syscallarg(const char *) path;
syscallarg(char *const *) argp;
syscallarg(char *const *) envp;
} */ *uap = v;
int error;
struct exec_package pack;
struct nameidata nid;
struct vattr attr;
struct ucred *cred = p->p_ucred;
char *argp;
char * const *cpp, *dp, *sp;
#ifdef KTRACE
char *env_start;
#endif
struct process *pr = p->p_p;
long argc, envc;
size_t len, sgap;
#ifdef MACHINE_STACK_GROWS_UP
size_t slen;
#endif
char *stack;
struct ps_strings arginfo;
struct vmspace *vm = pr->ps_vmspace;
char **tmpfap;
extern struct emul emul_native;
#if NSYSTRACE > 0
int wassugid = ISSET(pr->ps_flags, PS_SUGID | PS_SUGIDEXEC);
size_t pathbuflen;
#endif
char *pathbuf = NULL;
struct vnode *otvp;
/* get other threads to stop */
if ((error = single_thread_set(p, SINGLE_UNWIND, 1)))
return (error);
/*
* Cheap solution to complicated problems.
* Mark this process as "leave me alone, I'm execing".
*/
atomic_setbits_int(&pr->ps_flags, PS_INEXEC);
#if NSYSTRACE > 0
if (ISSET(p->p_flag, P_SYSTRACE)) {
systrace_execve0(p);
pathbuf = pool_get(&namei_pool, PR_WAITOK);
error = copyinstr(SCARG(uap, path), pathbuf, MAXPATHLEN,
&pathbuflen);
if (error != 0)
goto clrflag;
}
#endif
if (pathbuf != NULL) {
NDINIT(&nid, LOOKUP, NOFOLLOW, UIO_SYSSPACE, pathbuf, p);
} else {
NDINIT(&nid, LOOKUP, NOFOLLOW, UIO_USERSPACE,
SCARG(uap, path), p);
}
/*
* initialize the fields of the exec package.
*/
if (pathbuf != NULL)
pack.ep_name = pathbuf;
else
pack.ep_name = (char *)SCARG(uap, path);
pack.ep_hdr = malloc(exec_maxhdrsz, M_EXEC, M_WAITOK);
pack.ep_hdrlen = exec_maxhdrsz;
pack.ep_hdrvalid = 0;
pack.ep_ndp = &nid;
pack.ep_interp = NULL;
pack.ep_emul_arg = NULL;
VMCMDSET_INIT(&pack.ep_vmcmds);
pack.ep_vap = &attr;
pack.ep_emul = &emul_native;
pack.ep_flags = 0;
/* see if we can run it. */
if ((error = check_exec(p, &pack)) != 0) {
goto freehdr;
}
/* XXX -- THE FOLLOWING SECTION NEEDS MAJOR CLEANUP */
/* allocate an argument buffer */
argp = km_alloc(NCARGS, &kv_exec, &kp_pageable, &kd_waitok);
#ifdef DIAGNOSTIC
if (argp == NULL)
panic("execve: argp == NULL");
#endif
dp = argp;
argc = 0;
/* copy the fake args list, if there's one, freeing it as we go */
if (pack.ep_flags & EXEC_HASARGL) {
tmpfap = pack.ep_fa;
while (*tmpfap != NULL) {
char *cp;
cp = *tmpfap;
while (*cp)
*dp++ = *cp++;
*dp++ = '\0';
free(*tmpfap, M_EXEC, 0);
tmpfap++; argc++;
}
free(pack.ep_fa, M_EXEC, 0);
pack.ep_flags &= ~EXEC_HASARGL;
}
/* Now get argv & environment */
if (!(cpp = SCARG(uap, argp))) {
error = EFAULT;
goto bad;
}
if (pack.ep_flags & EXEC_SKIPARG)
cpp++;
while (1) {
len = argp + ARG_MAX - dp;
if ((error = copyin(cpp, &sp, sizeof(sp))) != 0)
goto bad;
if (!sp)
break;
if ((error = copyinstr(sp, dp, len, &len)) != 0) {
if (error == ENAMETOOLONG)
error = E2BIG;
goto bad;
}
dp += len;
cpp++;
argc++;
}
/* must have at least one argument */
if (argc == 0) {
error = EINVAL;
goto bad;
}
#ifdef KTRACE
if (KTRPOINT(p, KTR_EXECARGS))
ktrexec(p, KTR_EXECARGS, argp, dp - argp);
#endif
envc = 0;
/* environment does not need to be there */
if ((cpp = SCARG(uap, envp)) != NULL ) {
#ifdef KTRACE
env_start = dp;
#endif
while (1) {
len = argp + ARG_MAX - dp;
if ((error = copyin(cpp, &sp, sizeof(sp))) != 0)
goto bad;
if (!sp)
break;
if ((error = copyinstr(sp, dp, len, &len)) != 0) {
if (error == ENAMETOOLONG)
error = E2BIG;
goto bad;
}
dp += len;
cpp++;
envc++;
}
#ifdef KTRACE
if (KTRPOINT(p, KTR_EXECENV))
ktrexec(p, KTR_EXECENV, env_start, dp - env_start);
#endif
}
dp = (char *)(((long)dp + _STACKALIGNBYTES) & ~_STACKALIGNBYTES);
sgap = STACKGAPLEN;
/*
* If we have enabled random stackgap, the stack itself has already
* been moved from a random location, but is still aligned to a page
* boundary. Provide the lower bits of random placement now.
*/
if (stackgap_random != 0) {
sgap += arc4random() & PAGE_MASK;
sgap = (sgap + _STACKALIGNBYTES) & ~_STACKALIGNBYTES;
}
/* Now check if args & environ fit into new stack */
len = ((argc + envc + 2 + pack.ep_emul->e_arglen) * sizeof(char *) +
sizeof(long) + dp + sgap + sizeof(struct ps_strings)) - argp;
len = (len + _STACKALIGNBYTES) &~ _STACKALIGNBYTES;
if (len > pack.ep_ssize) { /* in effect, compare to initial limit */
error = ENOMEM;
goto bad;
}
/* adjust "active stack depth" for process VSZ */
pack.ep_ssize = len; /* maybe should go elsewhere, but... */
/*
* we're committed: any further errors will kill the process, so
* kill the other threads now.
*/
single_thread_set(p, SINGLE_EXIT, 0);
/*
* Prepare vmspace for remapping. Note that uvmspace_exec can replace
* pr_vmspace!
*/
uvmspace_exec(p, VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS);
vm = pr->ps_vmspace;
/* Now map address space */
vm->vm_taddr = (char *)trunc_page(pack.ep_taddr);
vm->vm_tsize = atop(round_page(pack.ep_taddr + pack.ep_tsize) -
trunc_page(pack.ep_taddr));
vm->vm_daddr = (char *)trunc_page(pack.ep_daddr);
vm->vm_dsize = atop(round_page(pack.ep_daddr + pack.ep_dsize) -
trunc_page(pack.ep_daddr));
vm->vm_dused = 0;
vm->vm_ssize = atop(round_page(pack.ep_ssize));
vm->vm_maxsaddr = (char *)pack.ep_maxsaddr;
vm->vm_minsaddr = (char *)pack.ep_minsaddr;
/* create the new process's VM space by running the vmcmds */
#ifdef DIAGNOSTIC
if (pack.ep_vmcmds.evs_used == 0)
panic("execve: no vmcmds");
#endif
error = exec_process_vmcmds(p, &pack);
/* if an error happened, deallocate and punt */
if (error)
goto exec_abort;
/* old "stackgap" is gone now */
pr->ps_stackgap = 0;
#ifdef MACHINE_STACK_GROWS_UP
pr->ps_strings = (vaddr_t)vm->vm_maxsaddr + sgap;
if (uvm_map_protect(&vm->vm_map, (vaddr_t)vm->vm_maxsaddr,
trunc_page(pr->ps_strings), PROT_NONE, TRUE))
goto exec_abort;
#else
pr->ps_strings = (vaddr_t)vm->vm_minsaddr - sizeof(arginfo) - sgap;
if (uvm_map_protect(&vm->vm_map,
round_page(pr->ps_strings + sizeof(arginfo)),
(vaddr_t)vm->vm_minsaddr, PROT_NONE, TRUE))
goto exec_abort;
#endif
/* remember information about the process */
arginfo.ps_nargvstr = argc;
arginfo.ps_nenvstr = envc;
#ifdef MACHINE_STACK_GROWS_UP
stack = (char *)vm->vm_maxsaddr + sizeof(arginfo) + sgap;
slen = len - sizeof(arginfo) - sgap;
#else
stack = (char *)(vm->vm_minsaddr - len);
#endif
/* Now copy argc, args & environ to new stack */
if (!(*pack.ep_emul->e_copyargs)(&pack, &arginfo, stack, argp))
goto exec_abort;
/* copy out the process's ps_strings structure */
if (copyout(&arginfo, (char *)pr->ps_strings, sizeof(arginfo)))
goto exec_abort;
stopprofclock(pr); /* stop profiling */
fdcloseexec(p); /* handle close on exec */
execsigs(p); /* reset caught signals */
TCB_SET(p, NULL); /* reset the TCB address */
pr->ps_kbind_addr = 0; /* reset the kbind bits */
pr->ps_kbind_cookie = 0;
/* set command name & other accounting info */
memset(p->p_comm, 0, sizeof(p->p_comm));
len = min(nid.ni_cnd.cn_namelen, MAXCOMLEN);
memcpy(p->p_comm, nid.ni_cnd.cn_nameptr, len);
pr->ps_acflag &= ~AFORK;
/* record proc's vnode, for use by sysctl */
otvp = pr->ps_textvp;
vref(pack.ep_vp);
pr->ps_textvp = pack.ep_vp;
if (otvp)
vrele(otvp);
atomic_setbits_int(&pr->ps_flags, PS_EXEC);
if (pr->ps_flags & PS_PPWAIT) {
atomic_clearbits_int(&pr->ps_flags, PS_PPWAIT);
atomic_clearbits_int(&pr->ps_pptr->ps_flags, PS_ISPWAIT);
wakeup(pr->ps_pptr);
}
/*
* If process does execve() while it has a mismatched real,
* effective, or saved uid/gid, we set PS_SUGIDEXEC.
*/
if (cred->cr_uid != cred->cr_ruid ||
cred->cr_uid != cred->cr_svuid ||
cred->cr_gid != cred->cr_rgid ||
cred->cr_gid != cred->cr_svgid)
atomic_setbits_int(&pr->ps_flags, PS_SUGIDEXEC);
else
atomic_clearbits_int(&pr->ps_flags, PS_SUGIDEXEC);
atomic_clearbits_int(&pr->ps_flags, PS_TAMED);
tame_dropwpaths(pr);
/*
* deal with set[ug]id.
* MNT_NOEXEC has already been used to disable s[ug]id.
*/
if ((attr.va_mode & (VSUID | VSGID)) && proc_cansugid(p)) {
int i;
atomic_setbits_int(&pr->ps_flags, PS_SUGID|PS_SUGIDEXEC);
#ifdef KTRACE
/*
* If process is being ktraced, turn off - unless
* root set it.
*/
if (pr->ps_tracevp && !(pr->ps_traceflag & KTRFAC_ROOT))
ktrcleartrace(pr);
#endif
p->p_ucred = cred = crcopy(cred);
if (attr.va_mode & VSUID)
cred->cr_uid = attr.va_uid;
if (attr.va_mode & VSGID)
cred->cr_gid = attr.va_gid;
/*
* For set[ug]id processes, a few caveats apply to
* stdin, stdout, and stderr.
*/
error = 0;
fdplock(p->p_fd);
for (i = 0; i < 3; i++) {
struct file *fp = NULL;
/*
* NOTE - This will never return NULL because of
* immature fds. The file descriptor table is not
* shared because we're suid.
*/
fp = fd_getfile(p->p_fd, i);
/*
* Ensure that stdin, stdout, and stderr are already
* allocated. We do not want userland to accidentally
* allocate descriptors in this range which has implied
* meaning to libc.
*/
if (fp == NULL) {
short flags = FREAD | (i == 0 ? 0 : FWRITE);
struct vnode *vp;
int indx;
if ((error = falloc(p, &fp, &indx)) != 0)
break;
#ifdef DIAGNOSTIC
if (indx != i)
panic("sys_execve: falloc indx != i");
#endif
if ((error = cdevvp(getnulldev(), &vp)) != 0) {
fdremove(p->p_fd, indx);
closef(fp, p);
break;
}
if ((error = VOP_OPEN(vp, flags, cred, p)) != 0) {
fdremove(p->p_fd, indx);
closef(fp, p);
vrele(vp);
break;
}
if (flags & FWRITE)
vp->v_writecount++;
fp->f_flag = flags;
fp->f_type = DTYPE_VNODE;
fp->f_ops = &vnops;
fp->f_data = (caddr_t)vp;
FILE_SET_MATURE(fp, p);
}
}
fdpunlock(p->p_fd);
if (error)
goto exec_abort;
} else
atomic_clearbits_int(&pr->ps_flags, PS_SUGID);
/*
* Reset the saved ugids and update the process's copy of the
* creds if the creds have been changed
*/
if (cred->cr_uid != cred->cr_svuid ||
cred->cr_gid != cred->cr_svgid) {
/* make sure we have unshared ucreds */
p->p_ucred = cred = crcopy(cred);
cred->cr_svuid = cred->cr_uid;
cred->cr_svgid = cred->cr_gid;
}
if (pr->ps_ucred != cred) {
struct ucred *ocred;
ocred = pr->ps_ucred;
crhold(cred);
pr->ps_ucred = cred;
crfree(ocred);
}
if (pr->ps_flags & PS_SUGIDEXEC) {
int i, s = splclock();
timeout_del(&pr->ps_realit_to);
for (i = 0; i < nitems(pr->ps_timer); i++) {
timerclear(&pr->ps_timer[i].it_interval);
timerclear(&pr->ps_timer[i].it_value);
}
splx(s);
}
/* reset CPU time usage for the thread, but not the process */
timespecclear(&p->p_tu.tu_runtime);
p->p_tu.tu_uticks = p->p_tu.tu_sticks = p->p_tu.tu_iticks = 0;
km_free(argp, NCARGS, &kv_exec, &kp_pageable);
pool_put(&namei_pool, nid.ni_cnd.cn_pnbuf);
vn_close(pack.ep_vp, FREAD, cred, p);
/*
* notify others that we exec'd
*/
KNOTE(&pr->ps_klist, NOTE_EXEC);
/* setup new registers and do misc. setup. */
if (pack.ep_emul->e_fixup != NULL) {
if ((*pack.ep_emul->e_fixup)(p, &pack) != 0)
goto free_pack_abort;
}
#ifdef MACHINE_STACK_GROWS_UP
(*pack.ep_emul->e_setregs)(p, &pack, (u_long)stack + slen, retval);
#else
(*pack.ep_emul->e_setregs)(p, &pack, (u_long)stack, retval);
#endif
/* map the process's signal trampoline code */
if (exec_sigcode_map(pr, pack.ep_emul))
goto free_pack_abort;
#ifdef __HAVE_EXEC_MD_MAP
/* perform md specific mappings that process might need */
if (exec_md_map(p, &pack))
goto free_pack_abort;
#endif
if (pr->ps_flags & PS_TRACED)
psignal(p, SIGTRAP);
free(pack.ep_hdr, M_EXEC, pack.ep_hdrlen);
/*
* Call emulation specific exec hook. This can setup per-process
* p->p_emuldata or do any other per-process stuff an emulation needs.
*
* If we are executing process of different emulation than the
* original forked process, call e_proc_exit() of the old emulation
* first, then e_proc_exec() of new emulation. If the emulation is
* same, the exec hook code should deallocate any old emulation
* resources held previously by this process.
*/
if (pr->ps_emul && pr->ps_emul->e_proc_exit &&
pr->ps_emul != pack.ep_emul)
(*pr->ps_emul->e_proc_exit)(p);
p->p_descfd = 255;
if ((pack.ep_flags & EXEC_HASFD) && pack.ep_fd < 255)
p->p_descfd = pack.ep_fd;
/*
* Call exec hook. Emulation code may NOT store reference to anything
* from &pack.
*/
if (pack.ep_emul->e_proc_exec)
(*pack.ep_emul->e_proc_exec)(p, &pack);
#if defined(KTRACE) && defined(COMPAT_LINUX)
/* update ps_emul, but don't ktrace it if native-execing-native */
if (pr->ps_emul != pack.ep_emul || pack.ep_emul != &emul_native) {
pr->ps_emul = pack.ep_emul;
if (KTRPOINT(p, KTR_EMUL))
ktremul(p);
}
#else
/* update ps_emul, the old value is no longer needed */
pr->ps_emul = pack.ep_emul;
#endif
atomic_clearbits_int(&pr->ps_flags, PS_INEXEC);
single_thread_clear(p, P_SUSPSIG);
#if NSYSTRACE > 0
if (ISSET(p->p_flag, P_SYSTRACE) &&
wassugid && !ISSET(pr->ps_flags, PS_SUGID | PS_SUGIDEXEC))
systrace_execve1(pathbuf, p);
#endif
if (pathbuf != NULL)
pool_put(&namei_pool, pathbuf);
return (0);
bad:
/* free the vmspace-creation commands, and release their references */
kill_vmcmds(&pack.ep_vmcmds);
/* kill any opened file descriptor, if necessary */
if (pack.ep_flags & EXEC_HASFD) {
pack.ep_flags &= ~EXEC_HASFD;
fdplock(p->p_fd);
(void) fdrelease(p, pack.ep_fd);
fdpunlock(p->p_fd);
}
if (pack.ep_interp != NULL)
pool_put(&namei_pool, pack.ep_interp);
if (pack.ep_emul_arg != NULL)
free(pack.ep_emul_arg, M_TEMP, pack.ep_emul_argsize);
/* close and put the exec'd file */
vn_close(pack.ep_vp, FREAD, cred, p);
pool_put(&namei_pool, nid.ni_cnd.cn_pnbuf);
km_free(argp, NCARGS, &kv_exec, &kp_pageable);
freehdr:
free(pack.ep_hdr, M_EXEC, pack.ep_hdrlen);
#if NSYSTRACE > 0
clrflag:
#endif
atomic_clearbits_int(&pr->ps_flags, PS_INEXEC);
single_thread_clear(p, P_SUSPSIG);
if (pathbuf != NULL)
pool_put(&namei_pool, pathbuf);
return (error);
exec_abort:
/*
* the old process doesn't exist anymore. exit gracefully.
* get rid of the (new) address space we have created, if any, get rid
* of our namei data and vnode, and exit noting failure
*/
uvm_deallocate(&vm->vm_map, VM_MIN_ADDRESS,
VM_MAXUSER_ADDRESS - VM_MIN_ADDRESS);
if (pack.ep_interp != NULL)
pool_put(&namei_pool, pack.ep_interp);
if (pack.ep_emul_arg != NULL)
free(pack.ep_emul_arg, M_TEMP, pack.ep_emul_argsize);
pool_put(&namei_pool, nid.ni_cnd.cn_pnbuf);
vn_close(pack.ep_vp, FREAD, cred, p);
km_free(argp, NCARGS, &kv_exec, &kp_pageable);
free_pack_abort:
free(pack.ep_hdr, M_EXEC, pack.ep_hdrlen);
if (pathbuf != NULL)
pool_put(&namei_pool, pathbuf);
exit1(p, W_EXITCODE(0, SIGABRT), EXIT_NORMAL);
/* NOTREACHED */
atomic_clearbits_int(&pr->ps_flags, PS_INEXEC);
return (0);
}
/*
* exec_script_makecmds(): Check if it's an executable shell script.
*
* Given a proc pointer and an exec package pointer, see if the referent
* of the epp is in shell script. If it is, then set things up so that
* the script can be run. This involves preparing the address space
* and arguments for the shell which will run the script.
*
* This function is ultimately responsible for creating a set of vmcmds
* which can be used to build the process's vm space and inserting them
* into the exec package.
*/
int
exec_script_makecmds(struct proc *p, struct exec_package *epp)
{
int error, hdrlinelen, shellnamelen, shellarglen;
char *hdrstr = epp->ep_hdr;
char *cp, *shellname, *shellarg, *oldpnbuf;
char **shellargp = NULL, **tmpsap;
struct vnode *scriptvp;
uid_t script_uid = -1;
gid_t script_gid = -1;
u_short script_sbits;
/*
* remember the old vp and pnbuf for later, so we can restore
* them if check_exec() fails.
*/
scriptvp = epp->ep_vp;
oldpnbuf = epp->ep_ndp->ni_cnd.cn_pnbuf;
/*
* if the magic isn't that of a shell script, or we've already
* done shell script processing for this exec, punt on it.
*/
if ((epp->ep_flags & EXEC_INDIR) != 0 ||
epp->ep_hdrvalid < EXEC_SCRIPT_MAGICLEN ||
strncmp(hdrstr, EXEC_SCRIPT_MAGIC, EXEC_SCRIPT_MAGICLEN))
return ENOEXEC;
/*
* check that the shell spec is terminated by a newline,
* and that it isn't too large. Don't modify the
* buffer unless we're ready to commit to handling it.
* (The latter requirement means that we have to check
* for both spaces and tabs later on.)
*/
hdrlinelen = min(epp->ep_hdrvalid, MAXINTERP);
for (cp = hdrstr + EXEC_SCRIPT_MAGICLEN; cp < hdrstr + hdrlinelen;
cp++) {
if (*cp == '\n') {
*cp = '\0';
break;
}
}
if (cp >= hdrstr + hdrlinelen)
return ENOEXEC;
shellname = NULL;
shellarg = NULL;
shellarglen = 0;
/* strip spaces before the shell name */
for (cp = hdrstr + EXEC_SCRIPT_MAGICLEN; *cp == ' ' || *cp == '\t';
cp++)
;
/* collect the shell name; remember its length for later */
shellname = cp;
shellnamelen = 0;
if (*cp == '\0')
goto check_shell;
for ( /* cp = cp */ ; *cp != '\0' && *cp != ' ' && *cp != '\t'; cp++)
shellnamelen++;
if (*cp == '\0')
goto check_shell;
*cp++ = '\0';
/* skip spaces before any argument */
for ( /* cp = cp */ ; *cp == ' ' || *cp == '\t'; cp++)
;
if (*cp == '\0')
goto check_shell;
/*
* collect the shell argument. everything after the shell name
* is passed as ONE argument; that's the correct (historical)
* behaviour.
*/
shellarg = cp;
for ( /* cp = cp */ ; *cp != '\0'; cp++)
shellarglen++;
*cp++ = '\0';
check_shell:
/*
* MNT_NOSUID and STRC are already taken care of by check_exec,
* so we don't need to worry about them now or later.
*/
script_sbits = epp->ep_vap->va_mode & (VSUID | VSGID);
if (script_sbits != 0) {
script_uid = epp->ep_vap->va_uid;
script_gid = epp->ep_vap->va_gid;
}
/*
* if the script isn't readable, or it's set-id, then we've
* gotta supply a "/dev/fd/..." for the shell to read.
* Note that stupid shells (csh) do the wrong thing, and
* close all open fd's when they start. That kills this
* method of implementing "safe" set-id and x-only scripts.
*/
vn_lock(scriptvp, LK_EXCLUSIVE|LK_RETRY, p);
error = VOP_ACCESS(scriptvp, VREAD, p->p_ucred, p);
VOP_UNLOCK(scriptvp, p);
if (error == EACCES || script_sbits) {
struct file *fp;
#ifdef DIAGNOSTIC
if (epp->ep_flags & EXEC_HASFD)
panic("exec_script_makecmds: epp already has a fd");
#endif
fdplock(p->p_fd);
error = falloc(p, &fp, &epp->ep_fd);
fdpunlock(p->p_fd);
if (error)
goto fail;
epp->ep_flags |= EXEC_HASFD;
fp->f_type = DTYPE_VNODE;
fp->f_ops = &vnops;
fp->f_data = (caddr_t) scriptvp;
fp->f_flag = FREAD;
FILE_SET_MATURE(fp, p);
}
/* set up the parameters for the recursive check_exec() call */
epp->ep_ndp->ni_dirfd = AT_FDCWD;
epp->ep_ndp->ni_dirp = shellname;
epp->ep_ndp->ni_segflg = UIO_SYSSPACE;
epp->ep_flags |= EXEC_INDIR;
/* and set up the fake args list, for later */
shellargp = mallocarray(4, sizeof(char *), M_EXEC, M_WAITOK);
tmpsap = shellargp;
*tmpsap = malloc(shellnamelen + 1, M_EXEC, M_WAITOK);
strlcpy(*tmpsap++, shellname, shellnamelen + 1);
if (shellarg != NULL) {
*tmpsap = malloc(shellarglen + 1, M_EXEC, M_WAITOK);
strlcpy(*tmpsap++, shellarg, shellarglen + 1);
}
*tmpsap = malloc(MAXPATHLEN, M_EXEC, M_WAITOK);
if ((epp->ep_flags & EXEC_HASFD) == 0) {
error = copyinstr(epp->ep_name, *tmpsap, MAXPATHLEN,
NULL);
if (error != 0) {
*(tmpsap + 1) = NULL;
goto fail;
}
} else
snprintf(*tmpsap, MAXPATHLEN, "/dev/fd/%d", epp->ep_fd);
tmpsap++;
*tmpsap = NULL;
/*
* mark the header we have as invalid; check_exec will read
* the header from the new executable
*/
epp->ep_hdrvalid = 0;
if ((error = check_exec(p, epp)) == 0) {
/* note that we've clobbered the header */
epp->ep_flags |= EXEC_DESTR;
/*
* It succeeded. Unlock the script and
* close it if we aren't using it any more.
* Also, set things up so that the fake args
* list will be used.
*/
if ((epp->ep_flags & EXEC_HASFD) == 0)
vn_close(scriptvp, FREAD, p->p_ucred, p);
/* free the old pathname buffer */
pool_put(&namei_pool, oldpnbuf);
epp->ep_flags |= (EXEC_HASARGL | EXEC_SKIPARG);
epp->ep_fa = shellargp;
/*
* set things up so that set-id scripts will be
* handled appropriately
*/
epp->ep_vap->va_mode |= script_sbits;
if (script_sbits & VSUID)
epp->ep_vap->va_uid = script_uid;
if (script_sbits & VSGID)
epp->ep_vap->va_gid = script_gid;
return (0);
}
/* XXX oldpnbuf not set for "goto fail" path */
epp->ep_ndp->ni_cnd.cn_pnbuf = oldpnbuf;
fail:
/* note that we've clobbered the header */
epp->ep_flags |= EXEC_DESTR;
/* kill the opened file descriptor, else close the file */
if (epp->ep_flags & EXEC_HASFD) {
epp->ep_flags &= ~EXEC_HASFD;
fdplock(p->p_fd);
(void) fdrelease(p, epp->ep_fd);
fdpunlock(p->p_fd);
} else
vn_close(scriptvp, FREAD, p->p_ucred, p);
pool_put(&namei_pool, epp->ep_ndp->ni_cnd.cn_pnbuf);
/* free the fake arg list, because we're not returning it */
if ((tmpsap = shellargp) != NULL) {
while (*tmpsap != NULL) {
free(*tmpsap, M_EXEC, 0);
tmpsap++;
}
free(shellargp, M_EXEC, 4 * sizeof(char *));
}
/*
* free any vmspace-creation commands,
* and release their references
*/
kill_vmcmds(&epp->ep_vmcmds);
return error;
}
int
sys_socketpair(struct proc *p, void *v, register_t *retval)
{
struct sys_socketpair_args /* {
syscallarg(int) domain;
syscallarg(int) type;
syscallarg(int) protocol;
syscallarg(int *) rsv;
} */ *uap = v;
struct filedesc *fdp = p->p_fd;
struct file *fp1, *fp2;
struct socket *so1, *so2;
int fd, error, sv[2];
error = socreate(SCARG(uap, domain), &so1, SCARG(uap, type),
SCARG(uap, protocol));
if (error)
return (error);
error = socreate(SCARG(uap, domain), &so2, SCARG(uap, type),
SCARG(uap, protocol));
if (error)
goto free1;
fdplock(fdp);
if ((error = falloc(p, &fp1, &fd)) != 0)
goto free2;
sv[0] = fd;
fp1->f_flag = FREAD|FWRITE;
fp1->f_type = DTYPE_SOCKET;
fp1->f_ops = &socketops;
fp1->f_data = so1;
if ((error = falloc(p, &fp2, &fd)) != 0)
goto free3;
fp2->f_flag = FREAD|FWRITE;
fp2->f_type = DTYPE_SOCKET;
fp2->f_ops = &socketops;
fp2->f_data = so2;
sv[1] = fd;
if ((error = soconnect2(so1, so2)) != 0)
goto free4;
if (SCARG(uap, type) == SOCK_DGRAM) {
/*
* Datagram socket connection is asymmetric.
*/
if ((error = soconnect2(so2, so1)) != 0)
goto free4;
}
error = copyout(sv, SCARG(uap, rsv), 2 * sizeof (int));
if (error == 0) {
FILE_SET_MATURE(fp1, p);
FILE_SET_MATURE(fp2, p);
fdpunlock(fdp);
return (0);
}
free4:
fdremove(fdp, sv[1]);
closef(fp2, p);
so2 = NULL;
free3:
fdremove(fdp, sv[0]);
closef(fp1, p);
so1 = NULL;
free2:
if (so2 != NULL)
(void)soclose(so2);
fdpunlock(fdp);
free1:
if (so1 != NULL)
(void)soclose(so1);
return (error);
}
int
sys_accept(struct proc *p, void *v, register_t *retval)
{
struct sys_accept_args /* {
syscallarg(int) s;
syscallarg(struct sockaddr *) name;
syscallarg(socklen_t *) anamelen;
} */ *uap = v;
struct file *fp, *headfp;
struct mbuf *nam;
socklen_t namelen;
int error, s, tmpfd;
struct socket *head, *so;
int nflag;
if (SCARG(uap, name) && (error = copyin(SCARG(uap, anamelen),
&namelen, sizeof (namelen))))
return (error);
if ((error = getsock(p->p_fd, SCARG(uap, s), &fp)) != 0)
return (error);
headfp = fp;
s = splsoftnet();
head = fp->f_data;
redo:
if ((head->so_options & SO_ACCEPTCONN) == 0) {
error = EINVAL;
goto bad;
}
if ((head->so_state & SS_NBIO) && head->so_qlen == 0) {
if (head->so_state & SS_CANTRCVMORE)
error = ECONNABORTED;
else
error = EWOULDBLOCK;
goto bad;
}
while (head->so_qlen == 0 && head->so_error == 0) {
if (head->so_state & SS_CANTRCVMORE) {
head->so_error = ECONNABORTED;
break;
}
error = tsleep(&head->so_timeo, PSOCK | PCATCH, "netcon", 0);
if (error) {
goto bad;
}
}
if (head->so_error) {
error = head->so_error;
head->so_error = 0;
goto bad;
}
/* Take note if socket was non-blocking. */
nflag = (headfp->f_flag & FNONBLOCK);
fdplock(p->p_fd);
error = falloc(p, &fp, &tmpfd);
fdpunlock(p->p_fd);
if (error != 0) {
/*
* Probably ran out of file descriptors. Wakeup
* so some other process might have a chance at it.
*/
wakeup_one(&head->so_timeo);
goto bad;
}
nam = m_get(M_WAIT, MT_SONAME);
/*
* Check whether the queue emptied while we slept: falloc() or
* m_get() may have blocked, allowing the connection to be reset
* or another thread or process to accept it. If so, start over.
*/
if (head->so_qlen == 0) {
m_freem(nam);
fdplock(p->p_fd);
fdremove(p->p_fd, tmpfd);
closef(fp, p);
fdpunlock(p->p_fd);
goto redo;
}
/*
* Do not sleep after we have taken the socket out of the queue.
*/
so = TAILQ_FIRST(&head->so_q);
if (soqremque(so, 1) == 0)
panic("accept");
/* connection has been removed from the listen queue */
KNOTE(&head->so_rcv.sb_sel.si_note, 0);
fp->f_type = DTYPE_SOCKET;
fp->f_flag = FREAD | FWRITE | nflag;
fp->f_ops = &socketops;
fp->f_data = so;
error = soaccept(so, nam);
if (!error && SCARG(uap, name)) {
error = copyaddrout(p, nam, SCARG(uap, name), namelen,
SCARG(uap, anamelen));
}
if (error) {
/* if an error occurred, free the file descriptor */
fdplock(p->p_fd);
fdremove(p->p_fd, tmpfd);
closef(fp, p);
fdpunlock(p->p_fd);
} else {
FILE_SET_MATURE(fp, p);
*retval = tmpfd;
}
m_freem(nam);
bad:
splx(s);
FRELE(headfp, p);
return (error);
}
int
diskmapioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct proc *p)
{
struct dk_diskmap *dm;
struct nameidata ndp;
struct filedesc *fdp;
struct file *fp = NULL;
struct vnode *vp = NULL, *ovp;
char *devname;
int fd, error = EINVAL;
if (cmd != DIOCMAP)
return EINVAL;
/*
* Map a request for a disk to the correct device. We should be
* supplied with either a diskname or a disklabel UID.
*/
dm = (struct dk_diskmap *)addr;
fd = dm->fd;
devname = malloc(PATH_MAX, M_DEVBUF, M_WAITOK);
if (copyinstr(dm->device, devname, PATH_MAX, NULL))
goto invalid;
if (disk_map(devname, devname, PATH_MAX, dm->flags) == 0)
if (copyoutstr(devname, dm->device, PATH_MAX, NULL))
goto invalid;
/* Attempt to open actual device. */
fdp = p->p_fd;
fdplock(fdp);
if ((error = getvnode(fdp, fd, &fp)) != 0)
goto bad;
ndp.ni_segflg = UIO_SYSSPACE;
ndp.ni_dirfd = AT_FDCWD;
ndp.ni_dirp = devname;
ndp.ni_cnd.cn_proc = p;
if ((error = vn_open(&ndp, fp->f_flag, 0)) != 0)
goto bad;
vp = ndp.ni_vp;
/* Close the original vnode. */
ovp = (struct vnode *)fp->f_data;
if (fp->f_flag & FWRITE)
ovp->v_writecount--;
if (ovp->v_writecount == 0) {
vn_lock(ovp, LK_EXCLUSIVE | LK_RETRY, p);
VOP_CLOSE(ovp, fp->f_flag, p->p_ucred);
vput(ovp);
}
fp->f_type = DTYPE_VNODE;
fp->f_ops = &vnops;
fp->f_data = (caddr_t)vp;
fp->f_offset = 0;
fp->f_rxfer = 0;
fp->f_wxfer = 0;
fp->f_seek = 0;
fp->f_rbytes = 0;
fp->f_wbytes = 0;
VOP_UNLOCK(vp, 0);
FRELE(fp, p);
fdpunlock(fdp);
free(devname, M_DEVBUF, 0);
return 0;
bad:
if (vp)
vput(vp);
if (fp)
FRELE(fp, p);
fdpunlock(fdp);
invalid:
free(devname, M_DEVBUF, 0);
return (error);
}