Home | History | Annotate | Download | only in m_ume 
      1 
      2 /*--------------------------------------------------------------------*/
      3 /*--- User-mode execve(), and other stuff shared between stage1    ---*/
      4 /*--- and stage2.                                          m_ume.c ---*/
      5 /*--------------------------------------------------------------------*/
      6 
      7 /*
      8    This file is part of Valgrind, a dynamic binary instrumentation
      9    framework.
     10 
     11    Copyright (C) 2000-2010 Julian Seward
     12       jseward (at) acm.org
     13 
     14    This program is free software; you can redistribute it and/or
     15    modify it under the terms of the GNU General Public License as
     16    published by the Free Software Foundation; either version 2 of the
     17    License, or (at your option) any later version.
     18 
     19    This program is distributed in the hope that it will be useful, but
     20    WITHOUT ANY WARRANTY; without even the implied warranty of
     21    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     22    General Public License for more details.
     23 
     24    You should have received a copy of the GNU General Public License
     25    along with this program; if not, write to the Free Software
     26    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
     27    02111-1307, USA.
     28 
     29    The GNU General Public License is contained in the file COPYING.
     30 */
     31 
     32 
     33 #include "pub_core_basics.h"
     34 #include "pub_core_vki.h"
     35 
     36 #include "pub_core_libcbase.h"
     37 #include "pub_core_libcassert.h"    // VG_(exit), vg_assert
     38 #include "pub_core_libcfile.h"      // VG_(close) et al
     39 #include "pub_core_libcprint.h"     // VG_(message)
     40 #include "pub_core_mallocfree.h"    // VG_(strdup)
     41 #include "pub_core_syscall.h"       // VG_(mk_SysRes_Error)
     42 #include "pub_core_options.h"       // VG_(clo_xml)
     43 #include "pub_core_ume.h"           // self
     44 
     45 #include "priv_ume.h"
     46 
     47 
     48 typedef struct {
     49    Bool (*match_fn)(Char *hdr, Int len);
     50    Int  (*load_fn)(Int fd, const HChar *name, ExeInfo *info);
     51 } ExeHandler;
     52 
     53 static ExeHandler exe_handlers[] = {
     54    // Nb: AIX5 doesn't use m_ume, which is why it's not represented here.
     55 #if defined(VGO_linux)
     56    { VG_(match_ELF),    VG_(load_ELF) },
     57 #elif defined(VGO_darwin)
     58    { VG_(match_macho),  VG_(load_macho) },
     59 #else
     60 #  error "unknown OS"
     61 #endif
     62    { VG_(match_script), VG_(load_script) },
     63 };
     64 #define EXE_HANDLER_COUNT (sizeof(exe_handlers)/sizeof(exe_handlers[0]))
     65 
     66 
     67 // Check the file looks executable.
     68 SysRes
     69 VG_(pre_exec_check)(const HChar* exe_name, Int* out_fd, Bool allow_setuid)
     70 {
     71    Int fd, ret, i;
     72    SysRes res;
     73    Char  buf[4096];
     74    SizeT bufsz = 4096, fsz;
     75    Bool is_setuid = False;
     76 
     77    // Check it's readable
     78    res = VG_(open)(exe_name, VKI_O_RDONLY, 0);
     79    if (sr_isError(res)) {
     80       return res;
     81    }
     82    fd = sr_Res(res);
     83 
     84    // Check we have execute permissions
     85    ret = VG_(check_executable)(&is_setuid, (HChar*)exe_name, allow_setuid);
     86    if (0 != ret) {
     87       VG_(close)(fd);
     88       if (is_setuid && !VG_(clo_xml)) {
     89          VG_(message)(Vg_UserMsg, "\n");
     90          VG_(message)(Vg_UserMsg,
     91                       "Warning: Can't execute setuid/setgid executable: %s\n",
     92                       exe_name);
     93          VG_(message)(Vg_UserMsg, "Possible workaround: remove "
     94                       "--trace-children=yes, if in effect\n");
     95          VG_(message)(Vg_UserMsg, "\n");
     96       }
     97       return VG_(mk_SysRes_Error)(ret);
     98    }
     99 
    100    fsz = (SizeT)VG_(fsize)(fd);
    101    if (fsz < bufsz)
    102       bufsz = fsz;
    103 
    104    res = VG_(pread)(fd, buf, bufsz, 0);
    105    if (sr_isError(res) || sr_Res(res) != bufsz) {
    106       VG_(close)(fd);
    107       return VG_(mk_SysRes_Error)(VKI_EACCES);
    108    }
    109    bufsz = sr_Res(res);
    110 
    111    // Look for a matching executable format
    112    for (i = 0; i < EXE_HANDLER_COUNT; i++) {
    113       if ((*exe_handlers[i].match_fn)(buf, bufsz)) {
    114          res = VG_(mk_SysRes_Success)(i);
    115          break;
    116       }
    117    }
    118    if (i == EXE_HANDLER_COUNT) {
    119       // Rejected by all executable format handlers.
    120       res = VG_(mk_SysRes_Error)(VKI_ENOEXEC);
    121    }
    122 
    123    // Write the 'out_fd' param if necessary, or close the file.
    124    if (!sr_isError(res) && out_fd) {
    125       *out_fd = fd;
    126    } else {
    127       VG_(close)(fd);
    128    }
    129 
    130    return res;
    131 }
    132 
    133 // returns: 0 = success, non-0 is failure
    134 //
    135 // We can execute only binaries (ELF, etc) or scripts that begin with "#!".
    136 // (Not, for example, scripts that don't begin with "#!";  see the
    137 // VG_(do_exec)() invocation from m_main.c for how that's handled.)
    138 Int VG_(do_exec_inner)(const HChar* exe, ExeInfo* info)
    139 {
    140    SysRes res;
    141    Int fd;
    142    Int ret;
    143 
    144    res = VG_(pre_exec_check)(exe, &fd, False/*allow_setuid*/);
    145    if (sr_isError(res))
    146       return sr_Err(res);
    147 
    148    vg_assert2(sr_Res(res) >= 0 && sr_Res(res) < EXE_HANDLER_COUNT,
    149               "invalid VG_(pre_exec_check) result");
    150 
    151    ret = (*exe_handlers[sr_Res(res)].load_fn)(fd, exe, info);
    152 
    153    VG_(close)(fd);
    154 
    155    return ret;
    156 }
    157 
    158 
    159 static Bool is_hash_bang_file(Char* f)
    160 {
    161    SysRes res = VG_(open)(f, VKI_O_RDONLY, 0);
    162    if (!sr_isError(res)) {
    163       Char buf[3] = {0,0,0};
    164       Int fd = sr_Res(res);
    165       Int n  = VG_(read)(fd, buf, 2);
    166       if (n == 2 && VG_STREQ("#!", buf))
    167          return True;
    168    }
    169    return False;
    170 }
    171 
    172 // Look at the first 80 chars, and if any are greater than 127, it's binary.
    173 // This is crude, but should be good enough.  Note that it fails on a
    174 // zero-length file, as we want.
    175 static Bool is_binary_file(Char* f)
    176 {
    177    SysRes res = VG_(open)(f, VKI_O_RDONLY, 0);
    178    if (!sr_isError(res)) {
    179       UChar buf[80];
    180       Int fd = sr_Res(res);
    181       Int n  = VG_(read)(fd, buf, 80);
    182       Int i;
    183       for (i = 0; i < n; i++) {
    184          if (buf[i] > 127)
    185             return True;      // binary char found
    186       }
    187       return False;
    188    } else {
    189       // Something went wrong.  This will only happen if we earlier
    190       // succeeded in opening the file but fail here (eg. the file was
    191       // deleted between then and now).
    192       VG_(fmsg)("%s: unknown error\n", f);
    193       VG_(exit)(126);      // 126 == NOEXEC
    194    }
    195 }
    196 
    197 // If the do_exec fails we try to emulate what the shell does (I used
    198 // bash as a guide).  It's worth noting that the shell can execute some
    199 // things that VG_(do_exec)() (which subsitutes for the kernel's exec())
    200 // will refuse to (eg. scripts lacking a "#!" prefix).
    201 static Int do_exec_shell_followup(Int ret, HChar* exe_name, ExeInfo* info)
    202 {
    203    Char*  default_interp_name = "/bin/sh";
    204    SysRes res;
    205    struct vg_stat st;
    206 
    207    if (VKI_ENOEXEC == ret) {
    208       // It was an executable file, but in an unacceptable format.  Probably
    209       // is a shell script lacking the "#!" prefix;  try to execute it so.
    210 
    211       // Is it a binary file?
    212       if (is_binary_file(exe_name)) {
    213          VG_(fmsg)("%s: cannot execute binary file\n", exe_name);
    214          VG_(exit)(126);      // 126 == NOEXEC
    215       }
    216 
    217       // Looks like a script.  Run it with /bin/sh.  This includes
    218       // zero-length files.
    219 
    220       info->interp_name = VG_(strdup)("ume.desf.1", default_interp_name);
    221       info->interp_args = NULL;
    222       if (info->argv && info->argv[0] != NULL)
    223          info->argv[0] = (char *)exe_name;
    224 
    225       ret = VG_(do_exec_inner)(info->interp_name, info);
    226 
    227       if (0 != ret) {
    228          // Something went wrong with executing the default interpreter
    229          VG_(fmsg)("%s: bad interpreter (%s): %s\n",
    230                      exe_name, info->interp_name, VG_(strerror)(ret));
    231          VG_(exit)(126);      // 126 == NOEXEC
    232       }
    233 
    234    } else if (0 != ret) {
    235       // Something else went wrong.  Try to make the error more specific,
    236       // and then print a message and abort.
    237 
    238       // Was it a directory?
    239       res = VG_(stat)(exe_name, &st);
    240       if (!sr_isError(res) && VKI_S_ISDIR(st.mode)) {
    241          VG_(fmsg)("%s: is a directory\n", exe_name);
    242 
    243       // Was it not executable?
    244       } else if (0 != VG_(check_executable)(NULL, exe_name,
    245                                             False/*allow_setuid*/)) {
    246          VG_(fmsg)("%s: %s\n", exe_name, VG_(strerror)(ret));
    247 
    248       // Did it start with "#!"?  If so, it must have been a bad interpreter.
    249       } else if (is_hash_bang_file(exe_name)) {
    250          VG_(fmsg)("%s: bad interpreter: %s\n", exe_name, VG_(strerror)(ret));
    251 
    252       // Otherwise it was something else.
    253       } else {
    254          VG_(fmsg)("%s: %s\n", exe_name, VG_(strerror)(ret));
    255       }
    256       // 126 means NOEXEC;  I think this is Posix, and that in some cases we
    257       // should be returning 127, meaning NOTFOUND.  Oh well.
    258       VG_(exit)(126);
    259    }
    260    return ret;
    261 }
    262 
    263 
    264 // This emulates the kernel's exec().  If it fails, it then emulates the
    265 // shell's handling of the situation.
    266 // See ume.h for an indication of which entries of 'info' are inputs, which
    267 // are outputs, and which are both.
    268 /* returns: 0 = success, non-0 is failure */
    269 Int VG_(do_exec)(const HChar* exe_name, ExeInfo* info)
    270 {
    271    Int ret;
    272 
    273    info->interp_name = NULL;
    274    info->interp_args = NULL;
    275 
    276    ret = VG_(do_exec_inner)(exe_name, info);
    277 
    278    if (0 != ret) {
    279       Char* exe_name_casted = (Char*)exe_name;
    280       ret = do_exec_shell_followup(ret, exe_name_casted, info);
    281    }
    282    return ret;
    283 }
    284 
    285 /*--------------------------------------------------------------------*/
    286 /*--- end                                                          ---*/
    287 /*--------------------------------------------------------------------*/
    288