2021-04-30 00:34:08 +00:00
|
|
|
/*
|
|
|
|
* Load BSD executables.
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
2008-10-26 20:33:16 +00:00
|
|
|
|
2016-01-29 17:49:53 +00:00
|
|
|
#include "qemu/osdep.h"
|
2008-10-26 20:33:16 +00:00
|
|
|
|
|
|
|
#include "qemu.h"
|
|
|
|
|
|
|
|
/* ??? This should really be somewhere else. */
|
|
|
|
abi_long memcpy_to_target(abi_ulong dest, const void *src,
|
|
|
|
unsigned long len)
|
|
|
|
{
|
|
|
|
void *host_ptr;
|
|
|
|
|
|
|
|
host_ptr = lock_user(VERIFY_WRITE, dest, len, 0);
|
2021-04-23 22:23:53 +00:00
|
|
|
if (!host_ptr) {
|
2008-10-26 20:33:16 +00:00
|
|
|
return -TARGET_EFAULT;
|
2021-04-23 22:23:53 +00:00
|
|
|
}
|
2008-10-26 20:33:16 +00:00
|
|
|
memcpy(host_ptr, src, len);
|
|
|
|
unlock_user(host_ptr, dest, 1);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2021-04-23 15:05:14 +00:00
|
|
|
static int count(char **vec)
|
2008-10-26 20:33:16 +00:00
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
2021-04-23 15:05:14 +00:00
|
|
|
for (i = 0; *vec; i++) {
|
2008-10-26 20:33:16 +00:00
|
|
|
vec++;
|
|
|
|
}
|
|
|
|
|
2021-04-23 22:22:19 +00:00
|
|
|
return i;
|
2008-10-26 20:33:16 +00:00
|
|
|
}
|
|
|
|
|
2021-04-29 16:04:28 +00:00
|
|
|
static int prepare_binprm(struct bsd_binprm *bprm)
|
2008-10-26 20:33:16 +00:00
|
|
|
{
|
|
|
|
struct stat st;
|
|
|
|
int mode;
|
2017-07-18 16:26:33 +00:00
|
|
|
int retval;
|
2008-10-26 20:33:16 +00:00
|
|
|
|
2021-04-23 15:05:14 +00:00
|
|
|
if (fstat(bprm->fd, &st) < 0) {
|
2021-04-23 22:22:19 +00:00
|
|
|
return -errno;
|
2008-10-26 20:33:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
mode = st.st_mode;
|
2021-04-23 15:05:14 +00:00
|
|
|
if (!S_ISREG(mode)) { /* Must be regular file */
|
2021-04-23 22:22:19 +00:00
|
|
|
return -EACCES;
|
2008-10-26 20:33:16 +00:00
|
|
|
}
|
2021-04-23 15:05:14 +00:00
|
|
|
if (!(mode & 0111)) { /* Must have at least one execute bit set */
|
2021-04-23 22:22:19 +00:00
|
|
|
return -EACCES;
|
2008-10-26 20:33:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
bprm->e_uid = geteuid();
|
|
|
|
bprm->e_gid = getegid();
|
|
|
|
|
|
|
|
/* Set-uid? */
|
2021-04-23 15:05:14 +00:00
|
|
|
if (mode & S_ISUID) {
|
2008-10-26 20:33:16 +00:00
|
|
|
bprm->e_uid = st.st_uid;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Set-gid? */
|
|
|
|
/*
|
|
|
|
* If setgid is set but no group execute bit then this
|
|
|
|
* is a candidate for mandatory locking, not a setgid
|
|
|
|
* executable.
|
|
|
|
*/
|
|
|
|
if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
|
|
|
|
bprm->e_gid = st.st_gid;
|
|
|
|
}
|
|
|
|
|
|
|
|
memset(bprm->buf, 0, sizeof(bprm->buf));
|
|
|
|
retval = lseek(bprm->fd, 0L, SEEK_SET);
|
2021-04-23 15:05:14 +00:00
|
|
|
if (retval >= 0) {
|
2008-10-26 20:33:16 +00:00
|
|
|
retval = read(bprm->fd, bprm->buf, 128);
|
|
|
|
}
|
2021-04-23 15:05:14 +00:00
|
|
|
if (retval < 0) {
|
2008-10-26 20:33:16 +00:00
|
|
|
perror("prepare_binprm");
|
|
|
|
exit(-1);
|
2021-04-23 22:23:53 +00:00
|
|
|
} else {
|
2021-04-23 22:22:19 +00:00
|
|
|
return retval;
|
2008-10-26 20:33:16 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Construct the envp and argv tables on the target stack. */
|
|
|
|
abi_ulong loader_build_argptr(int envc, int argc, abi_ulong sp,
|
2021-04-30 14:17:23 +00:00
|
|
|
abi_ulong stringp)
|
2008-10-26 20:33:16 +00:00
|
|
|
{
|
|
|
|
int n = sizeof(abi_ulong);
|
|
|
|
abi_ulong envp;
|
|
|
|
abi_ulong argv;
|
|
|
|
|
|
|
|
sp -= (envc + 1) * n;
|
|
|
|
envp = sp;
|
|
|
|
sp -= (argc + 1) * n;
|
|
|
|
argv = sp;
|
|
|
|
sp -= n;
|
|
|
|
/* FIXME - handle put_user() failures */
|
|
|
|
put_user_ual(argc, sp);
|
|
|
|
|
|
|
|
while (argc-- > 0) {
|
|
|
|
/* FIXME - handle put_user() failures */
|
|
|
|
put_user_ual(stringp, argv);
|
|
|
|
argv += n;
|
|
|
|
stringp += target_strlen(stringp) + 1;
|
|
|
|
}
|
|
|
|
/* FIXME - handle put_user() failures */
|
|
|
|
put_user_ual(0, argv);
|
|
|
|
while (envc-- > 0) {
|
|
|
|
/* FIXME - handle put_user() failures */
|
|
|
|
put_user_ual(stringp, envp);
|
|
|
|
envp += n;
|
|
|
|
stringp += target_strlen(stringp) + 1;
|
|
|
|
}
|
|
|
|
/* FIXME - handle put_user() failures */
|
|
|
|
put_user_ual(0, envp);
|
|
|
|
|
|
|
|
return sp;
|
|
|
|
}
|
|
|
|
|
2021-04-30 01:34:34 +00:00
|
|
|
static bool is_there(const char *candidate)
|
|
|
|
{
|
|
|
|
struct stat fin;
|
|
|
|
|
|
|
|
/* XXX work around access(2) false positives for superuser */
|
|
|
|
if (access(candidate, X_OK) == 0 && stat(candidate, &fin) == 0 &&
|
|
|
|
S_ISREG(fin.st_mode) && (getuid() != 0 ||
|
|
|
|
(fin.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) != 0)) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2021-04-23 15:05:14 +00:00
|
|
|
int loader_exec(const char *filename, char **argv, char **envp,
|
2021-04-30 00:45:13 +00:00
|
|
|
struct target_pt_regs *regs, struct image_info *infop,
|
|
|
|
struct bsd_binprm *bprm)
|
2008-10-26 20:33:16 +00:00
|
|
|
{
|
2021-04-30 01:34:34 +00:00
|
|
|
char *path, fullpath[PATH_MAX];
|
2021-04-30 00:47:51 +00:00
|
|
|
int retval, i;
|
2008-10-26 20:33:16 +00:00
|
|
|
|
2021-04-30 00:47:51 +00:00
|
|
|
bprm->p = TARGET_PAGE_SIZE * MAX_ARG_PAGES;
|
2021-04-30 00:45:13 +00:00
|
|
|
for (i = 0; i < MAX_ARG_PAGES; i++) { /* clear page-table */
|
|
|
|
bprm->page[i] = NULL;
|
2021-04-23 22:23:53 +00:00
|
|
|
}
|
2021-04-30 01:34:34 +00:00
|
|
|
|
|
|
|
if (strchr(filename, '/') != NULL) {
|
|
|
|
path = realpath(filename, fullpath);
|
|
|
|
if (path == NULL) {
|
|
|
|
/* Failed to resolve. */
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if (!is_there(path)) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
path = g_find_program_in_path(filename);
|
|
|
|
if (path == NULL) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
retval = open(path, O_RDONLY);
|
2021-04-23 22:23:53 +00:00
|
|
|
if (retval < 0) {
|
2021-04-30 01:34:34 +00:00
|
|
|
g_free(path);
|
2008-10-26 20:33:16 +00:00
|
|
|
return retval;
|
2021-04-23 22:23:53 +00:00
|
|
|
}
|
2008-10-26 20:33:16 +00:00
|
|
|
|
2021-04-30 01:34:34 +00:00
|
|
|
bprm->fullpath = path;
|
2021-04-30 00:45:13 +00:00
|
|
|
bprm->fd = retval;
|
|
|
|
bprm->filename = (char *)filename;
|
|
|
|
bprm->argc = count(argv);
|
|
|
|
bprm->argv = argv;
|
|
|
|
bprm->envc = count(envp);
|
|
|
|
bprm->envp = envp;
|
|
|
|
|
|
|
|
retval = prepare_binprm(bprm);
|
2008-10-26 20:33:16 +00:00
|
|
|
|
2021-04-23 15:05:14 +00:00
|
|
|
if (retval >= 0) {
|
2021-04-30 00:45:13 +00:00
|
|
|
if (bprm->buf[0] == 0x7f
|
|
|
|
&& bprm->buf[1] == 'E'
|
|
|
|
&& bprm->buf[2] == 'L'
|
|
|
|
&& bprm->buf[3] == 'F') {
|
|
|
|
retval = load_elf_binary(bprm, regs, infop);
|
2008-10-26 20:33:16 +00:00
|
|
|
} else {
|
2014-06-02 12:24:37 +00:00
|
|
|
fprintf(stderr, "Unknown binary format\n");
|
2008-10-26 20:33:16 +00:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-04-23 15:05:14 +00:00
|
|
|
if (retval >= 0) {
|
2008-10-26 20:33:16 +00:00
|
|
|
/* success. Initialize important registers */
|
|
|
|
do_init_thread(regs, infop);
|
|
|
|
return retval;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Something went wrong, return the inode and free the argument pages*/
|
2021-04-23 15:05:14 +00:00
|
|
|
for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
|
2021-04-30 00:45:13 +00:00
|
|
|
g_free(bprm->page[i]);
|
2008-10-26 20:33:16 +00:00
|
|
|
}
|
2021-04-23 22:22:19 +00:00
|
|
|
return retval;
|
2008-10-26 20:33:16 +00:00
|
|
|
}
|