]>
Commit | Line | Data |
---|---|---|
98e1c93a RM |
1 | /* Copyright (C) 1991,92,93,94,95,96,97,99,2001,02 |
2 | Free Software Foundation, Inc. | |
c84142e8 | 3 | This file is part of the GNU C Library. |
28f540f4 | 4 | |
c84142e8 | 5 | The GNU C Library is free software; you can redistribute it and/or |
41bdb6e2 AJ |
6 | modify it under the terms of the GNU Lesser General Public |
7 | License as published by the Free Software Foundation; either | |
8 | version 2.1 of the License, or (at your option) any later version. | |
28f540f4 | 9 | |
c84142e8 UD |
10 | The GNU C Library is distributed in the hope that it will be useful, |
11 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
41bdb6e2 | 13 | Lesser General Public License for more details. |
28f540f4 | 14 | |
41bdb6e2 AJ |
15 | You should have received a copy of the GNU Lesser General Public |
16 | License along with the GNU C Library; if not, write to the Free | |
17 | Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA | |
18 | 02111-1307 USA. */ | |
28f540f4 RM |
19 | |
20 | #include <errno.h> | |
21 | #include <unistd.h> | |
22 | #include <fcntl.h> | |
23 | #include <limits.h> | |
24 | #include <stdlib.h> | |
25 | #include <string.h> | |
26 | #include <hurd.h> | |
27 | #include <hurd/fd.h> | |
28 | #include <hurd/signal.h> | |
98e1c93a | 29 | #include <hurd/id.h> |
8f0c527e | 30 | #include <assert.h> |
75cd5204 | 31 | #include <argz.h> |
28f540f4 RM |
32 | |
33 | /* Overlay TASK, executing FILE with arguments ARGV and environment ENVP. | |
34 | If TASK == mach_task_self (), some ports are dealloc'd by the exec server. | |
35 | ARGV and ENVP are terminated by NULL pointers. */ | |
36 | error_t | |
75914335 | 37 | _hurd_exec (task_t task, file_t file, |
28f540f4 RM |
38 | char *const argv[], char *const envp[]) |
39 | { | |
40 | error_t err; | |
8f0c527e | 41 | char *args, *env; |
28f540f4 RM |
42 | size_t argslen, envlen; |
43 | int ints[INIT_INT_MAX]; | |
44 | mach_port_t ports[_hurd_nports]; | |
45 | struct hurd_userlink ulink_ports[_hurd_nports]; | |
98e1c93a RM |
46 | inline void free_port (unsigned int i) |
47 | { | |
48 | _hurd_port_free (&_hurd_ports[i], &ulink_ports[i], ports[i]); | |
49 | } | |
28f540f4 | 50 | file_t *dtable; |
1e9dc039 | 51 | unsigned int dtablesize, i; |
28f540f4 RM |
52 | struct hurd_port **dtable_cells; |
53 | struct hurd_userlink *ulink_dtable; | |
28f540f4 RM |
54 | struct hurd_sigstate *ss; |
55 | mach_port_t *please_dealloc, *pdp; | |
98e1c93a | 56 | int reauth = 0; |
28f540f4 | 57 | |
8f0c527e | 58 | /* XXX needs to be hurdmalloc XXX */ |
8c4b8cbc RM |
59 | if (argv == NULL) |
60 | args = NULL, argslen = 0; | |
61 | else if (err = __argz_create (argv, &args, &argslen)) | |
75cd5204 | 62 | return err; |
8c4b8cbc RM |
63 | if (envp == NULL) |
64 | env = NULL, envlen = 0; | |
1d88de3d | 65 | else if (err = __argz_create (envp, &env, &envlen)) |
75cd5204 | 66 | goto outargs; |
28f540f4 RM |
67 | |
68 | /* Load up the ports to give to the new program. */ | |
69 | for (i = 0; i < _hurd_nports; ++i) | |
70 | if (i == INIT_PORT_PROC && task != __mach_task_self ()) | |
71 | { | |
72 | /* This is another task, so we need to ask the proc server | |
73 | for the right proc server port for it. */ | |
74 | if (err = __USEPORT (PROC, __proc_task2proc (port, task, &ports[i]))) | |
75 | { | |
76 | while (--i > 0) | |
98e1c93a | 77 | free_port (i); |
75cd5204 | 78 | goto outenv; |
28f540f4 RM |
79 | } |
80 | } | |
81 | else | |
82 | ports[i] = _hurd_port_get (&_hurd_ports[i], &ulink_ports[i]); | |
83 | ||
84 | ||
85 | /* Load up the ints to give the new program. */ | |
86 | for (i = 0; i < INIT_INT_MAX; ++i) | |
87 | switch (i) | |
88 | { | |
89 | case INIT_UMASK: | |
90 | ints[i] = _hurd_umask; | |
91 | break; | |
92 | ||
93 | case INIT_SIGMASK: | |
94 | case INIT_SIGIGN: | |
95 | case INIT_SIGPENDING: | |
96 | /* We will set these all below. */ | |
97 | break; | |
98 | ||
fe4d0ab7 MB |
99 | case INIT_TRACEMASK: |
100 | ints[i] = _hurdsig_traced; | |
101 | break; | |
102 | ||
28f540f4 RM |
103 | default: |
104 | ints[i] = 0; | |
105 | } | |
106 | ||
107 | ss = _hurd_self_sigstate (); | |
8f0c527e RM |
108 | |
109 | assert (! __spin_lock_locked (&ss->critical_section_lock)); | |
110 | __spin_lock (&ss->critical_section_lock); | |
111 | ||
28f540f4 RM |
112 | __spin_lock (&ss->lock); |
113 | ints[INIT_SIGMASK] = ss->blocked; | |
114 | ints[INIT_SIGPENDING] = ss->pending; | |
115 | ints[INIT_SIGIGN] = 0; | |
116 | for (i = 1; i < NSIG; ++i) | |
117 | if (ss->actions[i].sa_handler == SIG_IGN) | |
118 | ints[INIT_SIGIGN] |= __sigmask (i); | |
119 | ||
120 | /* We hold the sigstate lock until the exec has failed so that no signal | |
121 | can arrive between when we pack the blocked and ignored signals, and | |
122 | when the exec actually happens. A signal handler could change what | |
123 | signals are blocked and ignored. Either the change will be reflected | |
124 | in the exec, or the signal will never be delivered. Setting the | |
125 | critical section flag avoids anything we call trying to acquire the | |
126 | sigstate lock. */ | |
75914335 | 127 | |
28f540f4 RM |
128 | __spin_unlock (&ss->lock); |
129 | ||
130 | /* Pack up the descriptor table to give the new program. */ | |
131 | __mutex_lock (&_hurd_dtable_lock); | |
132 | ||
133 | dtablesize = _hurd_dtable ? _hurd_dtablesize : _hurd_init_dtablesize; | |
134 | ||
135 | if (task == __mach_task_self ()) | |
136 | /* Request the exec server to deallocate some ports from us if the exec | |
137 | succeeds. The init ports and descriptor ports will arrive in the | |
138 | new program's exec_startup message. If we failed to deallocate | |
139 | them, the new program would have duplicate user references for them. | |
140 | But we cannot deallocate them ourselves, because we must still have | |
141 | them after a failed exec call. */ | |
98e1c93a | 142 | please_dealloc = __alloca ((_hurd_nports + 3 + (3 * dtablesize)) |
28f540f4 RM |
143 | * sizeof (mach_port_t)); |
144 | else | |
145 | please_dealloc = NULL; | |
146 | pdp = please_dealloc; | |
147 | ||
148 | if (_hurd_dtable != NULL) | |
149 | { | |
150 | dtable = __alloca (dtablesize * sizeof (dtable[0])); | |
151 | ulink_dtable = __alloca (dtablesize * sizeof (ulink_dtable[0])); | |
152 | dtable_cells = __alloca (dtablesize * sizeof (dtable_cells[0])); | |
153 | for (i = 0; i < dtablesize; ++i) | |
154 | { | |
155 | struct hurd_fd *const d = _hurd_dtable[i]; | |
156 | if (d == NULL) | |
157 | { | |
158 | dtable[i] = MACH_PORT_NULL; | |
159 | continue; | |
160 | } | |
161 | __spin_lock (&d->port.lock); | |
162 | if (d->flags & FD_CLOEXEC) | |
163 | { | |
164 | /* This descriptor is marked to be closed on exec. | |
165 | So don't pass it to the new program. */ | |
166 | dtable[i] = MACH_PORT_NULL; | |
167 | if (pdp && d->port.port != MACH_PORT_NULL) | |
168 | { | |
169 | /* We still need to deallocate the ports. */ | |
170 | *pdp++ = d->port.port; | |
171 | if (d->ctty.port != MACH_PORT_NULL) | |
172 | *pdp++ = d->ctty.port; | |
173 | } | |
174 | __spin_unlock (&d->port.lock); | |
175 | } | |
176 | else | |
177 | { | |
178 | if (pdp && d->ctty.port != MACH_PORT_NULL) | |
179 | /* All the elements of DTABLE are added to PLEASE_DEALLOC | |
180 | below, so we needn't add the port itself. | |
181 | But we must deallocate the ctty port as well as | |
182 | the normal port that got installed in DTABLE[I]. */ | |
183 | *pdp++ = d->ctty.port; | |
184 | dtable[i] = _hurd_port_locked_get (&d->port, &ulink_dtable[i]); | |
185 | dtable_cells[i] = &d->port; | |
186 | } | |
187 | } | |
188 | } | |
189 | else | |
190 | { | |
191 | dtable = _hurd_init_dtable; | |
192 | ulink_dtable = NULL; | |
193 | dtable_cells = NULL; | |
194 | } | |
195 | ||
57d58860 | 196 | /* Prune trailing null ports from the descriptor table. */ |
21bc421f | 197 | while (dtablesize > 0 && dtable[dtablesize - 1] == MACH_PORT_NULL) |
57d58860 RM |
198 | --dtablesize; |
199 | ||
98e1c93a RM |
200 | /* See if we need to diddle the auth port of the new program. |
201 | The purpose of this is to get the effect setting the saved-set UID and | |
202 | GID to the respective effective IDs after the exec, as POSIX.1 requires. | |
203 | Note that we don't reauthenticate with the proc server; that would be a | |
204 | no-op since it only keeps track of the effective UIDs, and if it did | |
205 | keep track of the available IDs we would have the problem that we'd be | |
206 | changing the IDs before the exec and have to change them back after a | |
207 | failure. Arguably we could skip all the reauthentications because the | |
208 | available IDs have no bearing on any filesystem. But the conservative | |
209 | approach is to reauthenticate all the io ports so that no state anywhere | |
210 | reflects that our whole ID set differs from what we've set it to. */ | |
211 | __mutex_lock (&_hurd_id.lock); | |
212 | err = _hurd_check_ids (); | |
213 | if (err == 0 && ((_hurd_id.aux.nuids >= 2 && _hurd_id.gen.nuids >= 1 | |
214 | && _hurd_id.aux.uids[1] != _hurd_id.gen.uids[0]) | |
215 | || (_hurd_id.aux.ngids >= 2 && _hurd_id.gen.ngids >= 1 | |
216 | && _hurd_id.aux.gids[1] != _hurd_id.gen.gids[0]))) | |
217 | { | |
218 | /* We have euid != svuid or egid != svgid. POSIX.1 says that exec | |
219 | sets svuid = euid and svgid = egid. So we must get a new auth | |
220 | port and reauthenticate everything with it. We'll pass the new | |
221 | ports in file_exec instead of our own ports. */ | |
28f540f4 | 222 | |
98e1c93a | 223 | auth_t newauth; |
20d13812 | 224 | |
98e1c93a RM |
225 | _hurd_id.aux.uids[1] = _hurd_id.gen.uids[0]; |
226 | _hurd_id.aux.gids[1] = _hurd_id.gen.gids[0]; | |
227 | _hurd_id.valid = 0; | |
228 | if (_hurd_id.rid_auth != MACH_PORT_NULL) | |
229 | { | |
230 | __mach_port_deallocate (__mach_task_self (), _hurd_id.rid_auth); | |
231 | _hurd_id.rid_auth = MACH_PORT_NULL; | |
232 | } | |
233 | ||
234 | err = __auth_makeauth (ports[INIT_PORT_AUTH], | |
235 | NULL, MACH_MSG_TYPE_COPY_SEND, 0, | |
236 | _hurd_id.gen.uids, _hurd_id.gen.nuids, | |
237 | _hurd_id.aux.uids, _hurd_id.aux.nuids, | |
238 | _hurd_id.gen.gids, _hurd_id.gen.ngids, | |
239 | _hurd_id.aux.gids, _hurd_id.aux.ngids, | |
240 | &newauth); | |
241 | if (err == 0) | |
242 | { | |
243 | /* Now we have to reauthenticate the ports with this new ID. | |
244 | */ | |
245 | ||
246 | inline error_t reauth_io (io_t port, io_t *newport) | |
247 | { | |
248 | mach_port_t ref = __mach_reply_port (); | |
249 | *newport = MACH_PORT_NULL; | |
250 | error_t err = __io_reauthenticate (port, | |
251 | ref, MACH_MSG_TYPE_MAKE_SEND); | |
252 | if (!err) | |
253 | err = __auth_user_authenticate (newauth, | |
254 | ref, MACH_MSG_TYPE_MAKE_SEND, | |
255 | newport); | |
256 | __mach_port_destroy (__mach_task_self (), ref); | |
257 | return err; | |
258 | } | |
259 | inline void reauth_port (unsigned int idx) | |
260 | { | |
261 | io_t newport; | |
262 | err = reauth_io (ports[idx], &newport) ?: err; | |
263 | if (pdp) | |
264 | *pdp++ = ports[idx]; /* XXX presumed still in _hurd_ports */ | |
265 | free_port (idx); | |
266 | ports[idx] = newport; | |
267 | } | |
268 | ||
269 | if (pdp) | |
270 | *pdp++ = ports[INIT_PORT_AUTH]; | |
271 | free_port (INIT_PORT_AUTH); | |
272 | ports[INIT_PORT_AUTH] = newauth; | |
273 | ||
274 | reauth_port (INIT_PORT_CRDIR); | |
275 | reauth_port (INIT_PORT_CWDIR); | |
276 | ||
277 | if (!err) | |
278 | { | |
279 | /* Now we'll reauthenticate each file descriptor. */ | |
280 | if (ulink_dtable == NULL) | |
281 | { | |
282 | assert (dtable == _hurd_init_dtable); | |
283 | dtable = __alloca (dtablesize * sizeof (dtable[0])); | |
284 | for (i = 0; i < dtablesize; ++i) | |
285 | if (_hurd_init_dtable[i] != MACH_PORT_NULL) | |
286 | { | |
287 | if (pdp) | |
288 | *pdp++ = _hurd_init_dtable[i]; | |
289 | err = reauth_io (_hurd_init_dtable[i], &dtable[i]); | |
290 | if (err) | |
291 | { | |
292 | while (++i < dtablesize) | |
293 | dtable[i] = MACH_PORT_NULL; | |
294 | break; | |
295 | } | |
296 | } | |
297 | else | |
298 | dtable[i] = MACH_PORT_NULL; | |
299 | } | |
300 | else | |
301 | { | |
302 | if (pdp) | |
303 | { | |
304 | /* Ask to deallocate all the old fd ports, | |
305 | since we will have new ones in DTABLE. */ | |
306 | memcpy (pdp, dtable, dtablesize * sizeof pdp[0]); | |
307 | pdp += dtablesize; | |
308 | } | |
309 | for (i = 0; i < dtablesize; ++i) | |
310 | if (dtable[i] != MACH_PORT_NULL) | |
311 | { | |
312 | io_t newport; | |
313 | err = reauth_io (dtable[i], &newport); | |
314 | _hurd_port_free (dtable_cells[i], &ulink_dtable[i], | |
315 | dtable[i]); | |
316 | dtable[i] = newport; | |
317 | if (err) | |
318 | { | |
319 | while (++i < dtablesize) | |
320 | _hurd_port_free (dtable_cells[i], | |
321 | &ulink_dtable[i], dtable[i]); | |
322 | break; | |
323 | } | |
324 | } | |
325 | ulink_dtable = NULL; | |
326 | dtable_cells = NULL; | |
327 | } | |
328 | } | |
329 | } | |
330 | ||
331 | reauth = 1; | |
332 | } | |
333 | __mutex_unlock (&_hurd_id.lock); | |
334 | ||
335 | /* The information is all set up now. Try to exec the file. */ | |
336 | if (!err) | |
337 | { | |
338 | int flags; | |
28f540f4 | 339 | |
98e1c93a RM |
340 | if (pdp) |
341 | { | |
342 | /* Request the exec server to deallocate some ports from us if | |
343 | the exec succeeds. The init ports and descriptor ports will | |
344 | arrive in the new program's exec_startup message. If we | |
345 | failed to deallocate them, the new program would have | |
346 | duplicate user references for them. But we cannot deallocate | |
347 | them ourselves, because we must still have them after a failed | |
348 | exec call. */ | |
349 | ||
350 | for (i = 0; i < _hurd_nports; ++i) | |
351 | *pdp++ = ports[i]; | |
352 | for (i = 0; i < dtablesize; ++i) | |
353 | *pdp++ = dtable[i]; | |
354 | } | |
355 | ||
356 | flags = 0; | |
20d13812 | 357 | #ifdef EXEC_SIGTRAP |
98e1c93a RM |
358 | /* PTRACE_TRACEME sets all bits in _hurdsig_traced, which is |
359 | propagated through exec by INIT_TRACEMASK, so this checks if | |
360 | PTRACE_TRACEME has been called in this process in any of its | |
361 | current or prior lives. */ | |
362 | if (__sigismember (&_hurdsig_traced, SIGKILL)) | |
363 | flags |= EXEC_SIGTRAP; | |
20d13812 | 364 | #endif |
98e1c93a RM |
365 | err = __file_exec (file, task, flags, |
366 | args, argslen, env, envlen, | |
367 | dtable, MACH_MSG_TYPE_COPY_SEND, dtablesize, | |
368 | ports, MACH_MSG_TYPE_COPY_SEND, _hurd_nports, | |
369 | ints, INIT_INT_MAX, | |
370 | please_dealloc, pdp - please_dealloc, | |
371 | &_hurd_msgport, task == __mach_task_self () ? 1 : 0); | |
372 | } | |
28f540f4 RM |
373 | |
374 | /* Release references to the standard ports. */ | |
375 | for (i = 0; i < _hurd_nports; ++i) | |
98e1c93a RM |
376 | if ((i == INIT_PORT_PROC && task != __mach_task_self ()) |
377 | || (reauth && (i == INIT_PORT_AUTH | |
378 | || i == INIT_PORT_CRDIR || i == INIT_PORT_CWDIR))) | |
28f540f4 RM |
379 | __mach_port_deallocate (__mach_task_self (), ports[i]); |
380 | else | |
98e1c93a | 381 | free_port (i); |
28f540f4 | 382 | |
98e1c93a | 383 | /* Release references to the file descriptor ports. */ |
28f540f4 | 384 | if (ulink_dtable != NULL) |
98e1c93a RM |
385 | { |
386 | for (i = 0; i < dtablesize; ++i) | |
387 | if (dtable[i] != MACH_PORT_NULL) | |
388 | _hurd_port_free (dtable_cells[i], &ulink_dtable[i], dtable[i]); | |
389 | } | |
390 | else if (dtable && dtable != _hurd_init_dtable) | |
28f540f4 | 391 | for (i = 0; i < dtablesize; ++i) |
98e1c93a | 392 | __mach_port_deallocate (__mach_task_self (), dtable[i]); |
28f540f4 RM |
393 | |
394 | /* Release lock on the file descriptor table. */ | |
395 | __mutex_unlock (&_hurd_dtable_lock); | |
396 | ||
397 | /* Safe to let signals happen now. */ | |
8f0c527e | 398 | _hurd_critical_section_unlock (ss); |
28f540f4 | 399 | |
75cd5204 RM |
400 | outargs: |
401 | free (args); | |
402 | outenv: | |
403 | free (env); | |
28f540f4 RM |
404 | return err; |
405 | } |