1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
|
/*-
* Copyright (c) 2004 Tim J. Robbins
* Copyright (c) 2002 Doug Rabson
* Copyright (c) 2000 Marcel Moolenaar
* Copyright (c) 1994-1995 Søren Schmidt
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer
* in this position and unchanged.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* $FreeBSD$
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/capsicum.h>
#include <sys/file.h>
#include <sys/imgact.h>
#include <sys/ktr.h>
#include <sys/mman.h>
#include <sys/proc.h>
#include <sys/resourcevar.h>
#include <sys/sysent.h>
#include <sys/sysproto.h>
#include <vm/pmap.h>
#include <vm/vm_map.h>
#include <compat/linux/linux_emul.h>
#include <compat/linux/linux_mmap.h>
#include <compat/linux/linux_persona.h>
#include <compat/linux/linux_util.h>
#define STACK_SIZE (2 * 1024 * 1024)
#define GUARD_SIZE (4 * PAGE_SIZE)
#if defined(__amd64__)
static void linux_fixup_prot(struct thread *td, int *prot);
#endif
int
linux_mmap_common(struct thread *td, uintptr_t addr, size_t len, int prot,
int flags, int fd, off_t pos)
{
struct proc *p = td->td_proc;
struct vmspace *vms = td->td_proc->p_vmspace;
struct mmap_args /* {
caddr_t addr;
size_t len;
int prot;
int flags;
int fd;
off_t pos;
} */ bsd_args;
int error;
struct file *fp;
cap_rights_t rights;
LINUX_CTR6(mmap2, "0x%lx, %ld, %ld, 0x%08lx, %ld, 0x%lx",
addr, len, prot, flags, fd, pos);
error = 0;
bsd_args.flags = 0;
fp = NULL;
/*
* Linux mmap(2):
* You must specify exactly one of MAP_SHARED and MAP_PRIVATE
*/
if (!((flags & LINUX_MAP_SHARED) ^ (flags & LINUX_MAP_PRIVATE)))
return (EINVAL);
if (flags & LINUX_MAP_SHARED)
bsd_args.flags |= MAP_SHARED;
if (flags & LINUX_MAP_PRIVATE)
bsd_args.flags |= MAP_PRIVATE;
if (flags & LINUX_MAP_FIXED)
bsd_args.flags |= MAP_FIXED;
if (flags & LINUX_MAP_ANON) {
/* Enforce pos to be on page boundary, then ignore. */
if ((pos & PAGE_MASK) != 0)
return (EINVAL);
pos = 0;
bsd_args.flags |= MAP_ANON;
} else
bsd_args.flags |= MAP_NOSYNC;
if (flags & LINUX_MAP_GROWSDOWN)
bsd_args.flags |= MAP_STACK;
/*
* PROT_READ, PROT_WRITE, or PROT_EXEC implies PROT_READ and PROT_EXEC
* on Linux/i386 if the binary requires executable stack.
* We do this only for IA32 emulation as on native i386 this is does not
* make sense without PAE.
*
* XXX. Linux checks that the file system is not mounted with noexec.
*/
bsd_args.prot = prot;
#if defined(__amd64__)
linux_fixup_prot(td, &bsd_args.prot);
#endif
/* Linux does not check file descriptor when MAP_ANONYMOUS is set. */
bsd_args.fd = (bsd_args.flags & MAP_ANON) ? -1 : fd;
if (bsd_args.fd != -1) {
/*
* Linux follows Solaris mmap(2) description:
* The file descriptor fildes is opened with
* read permission, regardless of the
* protection options specified.
*/
error = fget(td, bsd_args.fd,
cap_rights_init(&rights, CAP_MMAP), &fp);
if (error != 0)
return (error);
if (fp->f_type != DTYPE_VNODE) {
fdrop(fp, td);
return (EINVAL);
}
/* Linux mmap() just fails for O_WRONLY files */
if (!(fp->f_flag & FREAD)) {
fdrop(fp, td);
return (EACCES);
}
fdrop(fp, td);
}
if (flags & LINUX_MAP_GROWSDOWN) {
/*
* The Linux MAP_GROWSDOWN option does not limit auto
* growth of the region. Linux mmap with this option
* takes as addr the initial BOS, and as len, the initial
* region size. It can then grow down from addr without
* limit. However, Linux threads has an implicit internal
* limit to stack size of STACK_SIZE. Its just not
* enforced explicitly in Linux. But, here we impose
* a limit of (STACK_SIZE - GUARD_SIZE) on the stack
* region, since we can do this with our mmap.
*
* Our mmap with MAP_STACK takes addr as the maximum
* downsize limit on BOS, and as len the max size of
* the region. It then maps the top SGROWSIZ bytes,
* and auto grows the region down, up to the limit
* in addr.
*
* If we don't use the MAP_STACK option, the effect
* of this code is to allocate a stack region of a
* fixed size of (STACK_SIZE - GUARD_SIZE).
*/
if ((caddr_t)addr + len > vms->vm_maxsaddr) {
/*
* Some Linux apps will attempt to mmap
* thread stacks near the top of their
* address space. If their TOS is greater
* than vm_maxsaddr, vm_map_growstack()
* will confuse the thread stack with the
* process stack and deliver a SEGV if they
* attempt to grow the thread stack past their
* current stacksize rlimit. To avoid this,
* adjust vm_maxsaddr upwards to reflect
* the current stacksize rlimit rather
* than the maximum possible stacksize.
* It would be better to adjust the
* mmap'ed region, but some apps do not check
* mmap's return value.
*/
PROC_LOCK(p);
vms->vm_maxsaddr = (char *)p->p_sysent->sv_usrstack -
lim_cur(p, RLIMIT_STACK);
PROC_UNLOCK(p);
}
/*
* This gives us our maximum stack size and a new BOS.
* If we're using VM_STACK, then mmap will just map
* the top SGROWSIZ bytes, and let the stack grow down
* to the limit at BOS. If we're not using VM_STACK
* we map the full stack, since we don't have a way
* to autogrow it.
*/
if (len > STACK_SIZE - GUARD_SIZE) {
bsd_args.addr = (caddr_t)addr;
bsd_args.len = len;
} else {
bsd_args.addr = (caddr_t)addr -
(STACK_SIZE - GUARD_SIZE - len);
bsd_args.len = STACK_SIZE - GUARD_SIZE;
}
} else {
bsd_args.addr = (caddr_t)addr;
bsd_args.len = len;
}
bsd_args.pos = pos;
error = sys_mmap(td, &bsd_args);
LINUX_CTR2(mmap2, "return: %d (%p)", error, td->td_retval[0]);
return (error);
}
int
linux_mprotect_common(struct thread *td, uintptr_t addr, size_t len, int prot)
{
struct mprotect_args bsd_args;
bsd_args.addr = (void *)addr;
bsd_args.len = len;
bsd_args.prot = prot;
#if defined(__amd64__)
linux_fixup_prot(td, &bsd_args.prot);
#endif
return (sys_mprotect(td, &bsd_args));
}
#if defined(__amd64__)
static void
linux_fixup_prot(struct thread *td, int *prot)
{
struct linux_pemuldata *pem;
if (SV_PROC_FLAG(td->td_proc, SV_ILP32) && *prot & PROT_READ) {
pem = pem_find(td->td_proc);
if (pem->persona & LINUX_READ_IMPLIES_EXEC)
*prot |= PROT_EXEC;
}
}
#endif
|
