A General or Miscellaneous Binary Image Activator

Stacey Son sson at FreeBSD.org
Fri May 3 03:16:09 UTC 2013 

On May 2, 2013, at 10:38 AM, John Baldwin wrote:

> On Wednesday, May 01, 2013 7:02:49 pm Stacey Son wrote:
>> Of course, comments, questions, concerns, etc. are welcome.
> 
> Certainly the ability to cross-build ports in this way is a huge win.  I just 
> have a few comments on the kern.binmisc sysctl:
> 
> It seems to be a bit overloaded and not used like a typical sysctl.  A better 
> match would seem to be a /dev/binmisc that you perform ioctl's on.  A sysctl 
> might still make better sense for enumerating the interperter entries, but the 
> more typical way to do that would either be to have kern.binmisc.<n> be a 
> sysctl that returns item <n> in the list, or to have the kern.binmisc sysctl 
> that just returns an array of xbe entries (rather than having separate 
> list/lookup operations) similar to how the kern.proc sysctls work.  If you 
> were to do this, I would probably prefer the second approach (one sysctl that 
> returns a consistent snapshot).


I changed the code so userland gets a snapshot of the interpreter table much like kern.proc.  See:

	http://people.freebsd.org/~sson/imgact_binmisc/imgact_binmisc.c
	http://people.freebsd.org/~sson/imgact_binmisc/imgact_binmisc.h

Now the sysctl() interface as follows:

#include <sys/imgact_binmisc.h>

#define LLVM_MAGIC  "BC\xc0\xde"

#define MIPS64_ELF_MAGIC  \
"\x7f\x45\x4c\x46\x02\x02\x01\x00\x00\x00"\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08"
#define MIPS64_ELF_MASK   \
"\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff"

ximgact_binmisc_entry_t xbe, *xbep;
size_t size = 0, osize;
int error, i;

// Add image activator for LLVM byte code 
bzero(&xbe, sizeof(xbe));
xbe.xbe_version = IBE_VERSION;
xbe.xbe_flags = IBF_ENABLED;
strlcpy(xbe.xbe_name, "llvm_bc", IBE_NAME_MAX);
strlcpy(xbe.xbe_interpreter, "/usr/bin/lli", MAXPATHLEN);
xbe.xbe_moffset = 0;
xbe.xbe_msize = sizeof(LLVM_MAGIC) - 1;
memcpy(xbe.xbe_magic, LLVM_MAGIC, xbe.xbe_msize);
error = sysctlbyname("kern.binmisc.add", NULL, NULL, &xbe, sizeof(xbe));

// Add image activator for mips64 ELF binaries to use qemu user mode
bzero(&xbe, sizeof(xbe));
xbe.xbe_version = IBE_VERSION;
xbe.xbe_flags = IBF_ENABLED | IBF_USE_MASK;
strlcpy(xbe.xbe_name, "mips64elf", IBE_NAME_MAX);
strlcpy(xbe.xbe_interpreter, "/usr/local/bin/qemu-mips64", MAXPATHLEN);
xbe.xbe_moffset = 0;
xbe.xbe_msize = sizeof(MIPS64_ELF_MAGIC) - 1;
memcpy(xbe.xbe_magic, MIPS64_ELF_MAGIC, xbe.xbe_msize);
memcpy(xbe.xbe_mask, MIPS64_ELF_MASK, xbe.xbe_msize);
sysctlbyname("kern.binmisc.add", NULL, NULL, &xbe, sizeof(xbe));

// Disable (OR Enable OR Delete) image activator for LLVM byte code
bzero(&xbe, sizeof(xbe));
xbe.xbe_version = IBE_VERSION;
strlcpy(xbe.xbe_name, "llvm_bc", IBE_NAME_MAX);
error = sysctlbyname("kern.binmisc.disable", NULL, NULL, &xbe, sizeof(xbe));
// OR sysctlbyname("kern.binmisc.enable", NULL, NULL, &xbe, sizeof(xbe));
// OR sysctlbyname("kern.binmisc.delete", NULL, NULL, &xbe, sizeof(xbe));

// Get all the currently configured image activators and report
error = sysctlbyname("kern.binmisc.getall", 0, &size, NULL, 0);
if (0 == error && size > 0) {
	xbep = malloc(size);
	while(1) {
	    osize = size;
	    error = sysctlbyname("kern.binmisc.getall", xbep, &size, NULL, 0);
	    if (-1 == error && ENOMEM == errno && size == osize) {
		// The buffer too small and needs to grow
		size += sizeof(xbe); 
		xbep = realloc(xbep, size);
	    } else
		break;
	}
}
for(i = 0; i < (size / sizeof(xbe)); i++, xbep++)
	printf("name: %s interpreter: %s flags: %s%s\n", xbep->xbe_name,
	    xbep->xbe_interpreter, (xbep->xbe_flags & IBF_ENABLED) ? 
	    "ENABLED" : "", (xbep->xbe_flags & IBF_ENABLED) ? " USE_MASK" : "");

The sysctlbyname() calls above may return the following errors:

[EINVAL]     Invalid argment in the input ximgact_binmisc_entry_t structure.
[EEXIST]     Interpreter entry for given name already exist in kernel list. 
[ENOMEM]  Allocating memory in the kernel failed or, in the case of
                 kern.binmisc.getall, the user buffer is too small.
[ENOENT]   Interpreter entry for given name is not found.
[ENOSPC]   Attempted to exceed maximum number of entries (IBE_MAX_ENTRIES).

On May 1, 2013, at 6:02 PM, Stacey Son wrote:

> Of course, image activators have been a source for security issues.  If this or something like this is include in the kernel then I would recommend it be optional.

Or, better yet, just simply build as a kernel module like I have done in the following diff:   

	http://people.freebsd.org/~sson/imgact_binmisc/imgact_binmisc.diff

-stacey.
sson@

More information about the freebsd-arch mailing list