A General or Miscellaneous Binary Image Activator
Stacey Son
sson at FreeBSD.org
Fri May 3 03:16:09 UTC 2013
On May 2, 2013, at 10:38 AM, John Baldwin wrote:
> On Wednesday, May 01, 2013 7:02:49 pm Stacey Son wrote:
>> Of course, comments, questions, concerns, etc. are welcome.
>
> Certainly the ability to cross-build ports in this way is a huge win. I just
> have a few comments on the kern.binmisc sysctl:
>
> It seems to be a bit overloaded and not used like a typical sysctl. A better
> match would seem to be a /dev/binmisc that you perform ioctl's on. A sysctl
> might still make better sense for enumerating the interperter entries, but the
> more typical way to do that would either be to have kern.binmisc.<n> be a
> sysctl that returns item <n> in the list, or to have the kern.binmisc sysctl
> that just returns an array of xbe entries (rather than having separate
> list/lookup operations) similar to how the kern.proc sysctls work. If you
> were to do this, I would probably prefer the second approach (one sysctl that
> returns a consistent snapshot).
I changed the code so userland gets a snapshot of the interpreter table much like kern.proc. See:
http://people.freebsd.org/~sson/imgact_binmisc/imgact_binmisc.c
http://people.freebsd.org/~sson/imgact_binmisc/imgact_binmisc.h
Now the sysctl() interface as follows:
#include <sys/imgact_binmisc.h>
#define LLVM_MAGIC "BC\xc0\xde"
#define MIPS64_ELF_MAGIC \
"\x7f\x45\x4c\x46\x02\x02\x01\x00\x00\x00"\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08"
#define MIPS64_ELF_MASK \
"\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff"
ximgact_binmisc_entry_t xbe, *xbep;
size_t size = 0, osize;
int error, i;
// Add image activator for LLVM byte code
bzero(&xbe, sizeof(xbe));
xbe.xbe_version = IBE_VERSION;
xbe.xbe_flags = IBF_ENABLED;
strlcpy(xbe.xbe_name, "llvm_bc", IBE_NAME_MAX);
strlcpy(xbe.xbe_interpreter, "/usr/bin/lli", MAXPATHLEN);
xbe.xbe_moffset = 0;
xbe.xbe_msize = sizeof(LLVM_MAGIC) - 1;
memcpy(xbe.xbe_magic, LLVM_MAGIC, xbe.xbe_msize);
error = sysctlbyname("kern.binmisc.add", NULL, NULL, &xbe, sizeof(xbe));
// Add image activator for mips64 ELF binaries to use qemu user mode
bzero(&xbe, sizeof(xbe));
xbe.xbe_version = IBE_VERSION;
xbe.xbe_flags = IBF_ENABLED | IBF_USE_MASK;
strlcpy(xbe.xbe_name, "mips64elf", IBE_NAME_MAX);
strlcpy(xbe.xbe_interpreter, "/usr/local/bin/qemu-mips64", MAXPATHLEN);
xbe.xbe_moffset = 0;
xbe.xbe_msize = sizeof(MIPS64_ELF_MAGIC) - 1;
memcpy(xbe.xbe_magic, MIPS64_ELF_MAGIC, xbe.xbe_msize);
memcpy(xbe.xbe_mask, MIPS64_ELF_MASK, xbe.xbe_msize);
sysctlbyname("kern.binmisc.add", NULL, NULL, &xbe, sizeof(xbe));
// Disable (OR Enable OR Delete) image activator for LLVM byte code
bzero(&xbe, sizeof(xbe));
xbe.xbe_version = IBE_VERSION;
strlcpy(xbe.xbe_name, "llvm_bc", IBE_NAME_MAX);
error = sysctlbyname("kern.binmisc.disable", NULL, NULL, &xbe, sizeof(xbe));
// OR sysctlbyname("kern.binmisc.enable", NULL, NULL, &xbe, sizeof(xbe));
// OR sysctlbyname("kern.binmisc.delete", NULL, NULL, &xbe, sizeof(xbe));
// Get all the currently configured image activators and report
error = sysctlbyname("kern.binmisc.getall", 0, &size, NULL, 0);
if (0 == error && size > 0) {
xbep = malloc(size);
while(1) {
osize = size;
error = sysctlbyname("kern.binmisc.getall", xbep, &size, NULL, 0);
if (-1 == error && ENOMEM == errno && size == osize) {
// The buffer too small and needs to grow
size += sizeof(xbe);
xbep = realloc(xbep, size);
} else
break;
}
}
for(i = 0; i < (size / sizeof(xbe)); i++, xbep++)
printf("name: %s interpreter: %s flags: %s%s\n", xbep->xbe_name,
xbep->xbe_interpreter, (xbep->xbe_flags & IBF_ENABLED) ?
"ENABLED" : "", (xbep->xbe_flags & IBF_ENABLED) ? " USE_MASK" : "");
The sysctlbyname() calls above may return the following errors:
[EINVAL] Invalid argment in the input ximgact_binmisc_entry_t structure.
[EEXIST] Interpreter entry for given name already exist in kernel list.
[ENOMEM] Allocating memory in the kernel failed or, in the case of
kern.binmisc.getall, the user buffer is too small.
[ENOENT] Interpreter entry for given name is not found.
[ENOSPC] Attempted to exceed maximum number of entries (IBE_MAX_ENTRIES).
On May 1, 2013, at 6:02 PM, Stacey Son wrote:
> Of course, image activators have been a source for security issues. If this or something like this is include in the kernel then I would recommend it be optional.
Or, better yet, just simply build as a kernel module like I have done in the following diff:
http://people.freebsd.org/~sson/imgact_binmisc/imgact_binmisc.diff
-stacey.
sson@
More information about the freebsd-arch
mailing list