PERFORCE change 169737 for review
Jonathan Anderson
jona at FreeBSD.org
Fri Oct 23 19:07:32 UTC 2009
http://p4web.freebsd.org/chv.cgi?CH=169737
Change 169737 by jona at jona-capsicum-kent on 2009/10/23 19:07:18
Add a _capstart() to crt.o which calls the [weak symbol] cap_main(); this fixes the problem where rtld on amd64 gets the stack wrong when entering cap_main()
Affected files ...
.. //depot/projects/trustedbsd/capabilities/TODO#14 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/csu/amd64/crt1.c#2 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/csu/common/crtbrand.c#2 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/csu/i386-elf/crt1.c#2 edit
.. //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf/rtld.c#29 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/TODO#14 (text+ko) ====
@@ -55,3 +55,7 @@
- Enable capability mode system calls in compat32. Add compat system call
parts for new system calls.
+
+- Add support (a.k.a. find test platforms) for arm, ia64, etc. in lib/csu
+
+- It would be nice if we didn't need -rdynamic; can we export just _capstart? Should we add more information (a capability entry point) to ELF?
==== //depot/projects/trustedbsd/capabilities/src/lib/csu/amd64/crt1.c#2 (text+ko) ====
@@ -43,7 +43,9 @@
extern void _fini(void);
extern void _init(void);
extern int main(int, char **, char **);
+extern int cap_main(int, char **, char **) __attribute__((weak));
extern void _start(char **, void (*)(void));
+extern void _capstart(char **, void (*)(void));
#ifdef GCRT
extern void _mcleanup(void);
@@ -92,4 +94,42 @@
exit( main(argc, argv, env) );
}
+
+/* The Capsicum entry function. */
+void
+_capstart(char **ap, void (*cleanup)(void))
+{
+ int argc;
+ char **argv;
+ char **env;
+ const char *s;
+
+ argc = *(long *)(void *)ap;
+ argv = ap + 1;
+ env = ap + 2 + argc;
+ environ = env;
+ if (argc > 0 && argv[0] != NULL) {
+ __progname = argv[0];
+ for (s = __progname; *s != '\0'; s++)
+ if (*s == '/')
+ __progname = s + 1;
+ }
+
+ if (&_DYNAMIC != NULL)
+ atexit(cleanup);
+ else
+ _init_tls();
+
+#ifdef GCRT
+ atexit(_mcleanup);
+#endif
+ atexit(_fini);
+#ifdef GCRT
+/* monstartup(&eprol, &etext);
+__asm__("eprol:");*/ /* XXX: does this interfere with profiling? */
+#endif
+ _init();
+ exit( cap_main(argc, argv, env) );
+}
+
__asm__(".ident\t\"$FreeBSD: src/lib/csu/amd64/crt1.c,v 1.15 2005/10/07 22:13:17 bde Exp $\"");
==== //depot/projects/trustedbsd/capabilities/src/lib/csu/common/crtbrand.c#2 (text+ko) ====
@@ -27,6 +27,7 @@
__FBSDID("$FreeBSD: src/lib/csu/common/crtbrand.c,v 1.6 2007/12/04 12:18:43 kib Exp $");
#include <sys/param.h>
+#include <unistd.h>
#define ABI_VENDOR "FreeBSD"
#define ABI_SECTION ".note.ABI-tag"
@@ -50,3 +51,12 @@
ABI_VENDOR,
__FreeBSD_version
};
+
+int cap_main(int argc, char **argv, char **env)
+{
+ const char warning[] =
+ "ERROR: attempting to run a regular binary in capability mode.\n\nIf you wish to run a binary in a sandbox, you must provide a cap_main() function which takes the same arguments as main().\n";
+
+ write(2, warning, sizeof(warning));
+}
+
==== //depot/projects/trustedbsd/capabilities/src/lib/csu/i386-elf/crt1.c#2 (text+ko) ====
@@ -43,7 +43,9 @@
extern void _fini(void);
extern void _init(void);
extern int main(int, char **, char **);
+extern int cap_main(int, char **, char **) __attribute__((weak));
extern void _start(char *, ...);
+extern void _capstart(char *, ...);
#ifdef GCRT
extern void _mcleanup(void);
@@ -110,4 +112,47 @@
exit( main(argc, argv, env) );
}
+
+/* The Capsicum entry function. */
+void
+_capstart(char *ap, ...)
+{
+ fptr cleanup;
+ int argc;
+ char **argv;
+ char **env;
+ const char *s;
+
+#ifdef __GNUC__
+ __asm__("and $0xfffffff0,%esp");
+#endif
+ cleanup = get_rtld_cleanup();
+ argv = ≈
+ argc = *(long *)(void *)(argv - 1);
+ env = argv + argc + 1;
+ environ = env;
+ if (argc > 0 && argv[0] != NULL) {
+ __progname = argv[0];
+ for (s = __progname; *s != '\0'; s++)
+ if (*s == '/')
+ __progname = s + 1;
+ }
+
+ if (&_DYNAMIC != NULL)
+ atexit(cleanup);
+ else
+ _init_tls();
+
+#ifdef GCRT
+ atexit(_mcleanup);
+#endif
+ atexit(_fini);
+#ifdef GCRT
+/* monstartup(&eprol, &etext);
+__asm__("eprol:");*/ /* XXX: does this interfere with profiling? */
+#endif
+ _init();
+ exit( cap_main(argc, argv, env) );
+}
+
__asm__(".ident\t\"$FreeBSD: src/lib/csu/i386-elf/crt1.c,v 1.15 2005/10/07 22:13:17 bde Exp $\"");
==== //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf/rtld.c#29 (text+ko) ====
@@ -106,7 +106,7 @@
static void errmsg_restore(char *);
static char *errmsg_save(void);
#ifdef IN_RTLD_CAP
-static void *find_cap_main(const Obj_Entry *);
+static void *find_capstart(const Obj_Entry *);
#else
static void *fill_search_info(const char *, size_t, void *);
static char *find_library(const char *, const Obj_Entry *);
@@ -348,7 +348,7 @@
#ifdef IN_RTLD_CAP
struct stat sb;
Elf_Auxinfo aux_execfd;
- void *cap_main_ptr;
+ void *capstart_ptr;
#endif
Elf_Auxinfo *aux_info[AT_COUNT];
int i;
@@ -650,12 +650,12 @@
* point, prefer that to the ELF default entry point. Otherwise, use the
* ELF default.
*/
- cap_main_ptr = find_cap_main(obj_main);
- if (cap_main_ptr == NULL) {
- _rtld_error("cap_main not found");
+ capstart_ptr = find_capstart(obj_main);
+ if (capstart_ptr == NULL) {
+ _rtld_error("_capstart not found; has the binary been compiled with -rdynamic?");
die();
}
- return (func_ptr_type) cap_main_ptr;
+ return (func_ptr_type) capstart_ptr;
#else
return (func_ptr_type) obj_main->entry;
#endif
@@ -827,15 +827,15 @@
#ifdef IN_RTLD_CAP
static void *
-find_cap_main(const Obj_Entry *obj)
+find_capstart(const Obj_Entry *obj)
{
- const char *cap_main_str = "cap_main";
+ const char *capstart_str = "_capstart";
const Elf_Sym *def;
const Obj_Entry *defobj;
unsigned long hash;
- hash = elf_hash(cap_main_str);
- def = symlook_default(cap_main_str, hash, obj, &defobj, NULL,
+ hash = elf_hash(capstart_str);
+ def = symlook_default(capstart_str, hash, obj, &defobj, NULL,
SYMLOOK_IN_PLT);
if (def == NULL)
return (NULL);
More information about the p4-projects
mailing list