diff options
Diffstat (limited to 'vendor/rustix/src/backend/linux_raw/param/auxv.rs')
| -rw-r--r-- | vendor/rustix/src/backend/linux_raw/param/auxv.rs | 507 |
1 files changed, 507 insertions, 0 deletions
diff --git a/vendor/rustix/src/backend/linux_raw/param/auxv.rs b/vendor/rustix/src/backend/linux_raw/param/auxv.rs new file mode 100644 index 0000000..b9ac27e --- /dev/null +++ b/vendor/rustix/src/backend/linux_raw/param/auxv.rs @@ -0,0 +1,507 @@ +//! Linux auxv support. +//! +//! # Safety +//! +//! This uses raw pointers to locate and read the kernel-provided auxv array. +#![allow(unsafe_code)] + +use crate::backend::c; +use crate::fd::OwnedFd; +#[cfg(feature = "param")] +use crate::ffi::CStr; +use crate::fs::{Mode, OFlags}; +use crate::utils::{as_ptr, check_raw_pointer}; +#[cfg(feature = "alloc")] +use alloc::vec::Vec; +use core::mem::size_of; +use core::ptr::{null_mut, read_unaligned, NonNull}; +#[cfg(feature = "runtime")] +use core::sync::atomic::AtomicU8; +use core::sync::atomic::Ordering::Relaxed; +use core::sync::atomic::{AtomicPtr, AtomicUsize}; +use linux_raw_sys::elf::*; +use linux_raw_sys::general::{ + AT_BASE, AT_CLKTCK, AT_EXECFN, AT_HWCAP, AT_HWCAP2, AT_NULL, AT_PAGESZ, AT_SYSINFO_EHDR, +}; +#[cfg(feature = "runtime")] +use linux_raw_sys::general::{ + AT_EGID, AT_ENTRY, AT_EUID, AT_GID, AT_PHDR, AT_PHENT, AT_PHNUM, AT_RANDOM, AT_SECURE, AT_UID, +}; + +#[cfg(feature = "param")] +#[inline] +pub(crate) fn page_size() -> usize { + let mut page_size = PAGE_SIZE.load(Relaxed); + + if page_size == 0 { + init_auxv(); + page_size = PAGE_SIZE.load(Relaxed); + } + + page_size +} + +#[cfg(feature = "param")] +#[inline] +pub(crate) fn clock_ticks_per_second() -> u64 { + let mut ticks = CLOCK_TICKS_PER_SECOND.load(Relaxed); + + if ticks == 0 { + init_auxv(); + ticks = CLOCK_TICKS_PER_SECOND.load(Relaxed); + } + + ticks as u64 +} + +#[cfg(feature = "param")] +#[inline] +pub(crate) fn linux_hwcap() -> (usize, usize) { + let mut hwcap = HWCAP.load(Relaxed); + let mut hwcap2 = HWCAP2.load(Relaxed); + + if hwcap == 0 || hwcap2 == 0 { + init_auxv(); + hwcap = HWCAP.load(Relaxed); + hwcap2 = HWCAP2.load(Relaxed); + } + + (hwcap, hwcap2) +} + +#[cfg(feature = "param")] +#[inline] +pub(crate) fn linux_execfn() -> &'static CStr { + let mut execfn = EXECFN.load(Relaxed); + + if execfn.is_null() { + init_auxv(); + execfn = EXECFN.load(Relaxed); + } + + // SAFETY: We assume the `AT_EXECFN` value provided by the kernel is a + // valid pointer to a valid NUL-terminated array of bytes. + unsafe { CStr::from_ptr(execfn.cast()) } +} + +#[cfg(feature = "runtime")] +#[inline] +pub(crate) fn linux_secure() -> bool { + let mut secure = SECURE.load(Relaxed); + + // 0 means not initialized yet. + if secure == 0 { + init_auxv(); + secure = SECURE.load(Relaxed); + } + + // 0 means not present. Libc `getauxval(AT_SECURE)` would return 0. + // 1 means not in secure mode. + // 2 means in secure mode. + secure > 1 +} + +#[cfg(feature = "runtime")] +#[inline] +pub(crate) fn exe_phdrs() -> (*const c::c_void, usize, usize) { + let mut phdr = PHDR.load(Relaxed); + let mut phent = PHENT.load(Relaxed); + let mut phnum = PHNUM.load(Relaxed); + + if phdr.is_null() || phnum == 0 { + init_auxv(); + phdr = PHDR.load(Relaxed); + phent = PHENT.load(Relaxed); + phnum = PHNUM.load(Relaxed); + } + + (phdr.cast(), phent, phnum) +} + +/// `AT_SYSINFO_EHDR` isn't present on all platforms in all configurations, so +/// if we don't see it, this function returns a null pointer. +#[inline] +pub(in super::super) fn sysinfo_ehdr() -> *const Elf_Ehdr { + let mut ehdr = SYSINFO_EHDR.load(Relaxed); + + if ehdr.is_null() { + init_auxv(); + ehdr = SYSINFO_EHDR.load(Relaxed); + } + + ehdr +} + +#[cfg(feature = "runtime")] +#[inline] +pub(crate) fn entry() -> usize { + let mut entry = ENTRY.load(Relaxed); + + if entry == 0 { + init_auxv(); + entry = ENTRY.load(Relaxed); + } + + entry +} + +#[cfg(feature = "runtime")] +#[inline] +pub(crate) fn random() -> *const [u8; 16] { + let mut random = RANDOM.load(Relaxed); + + if random.is_null() { + init_auxv(); + random = RANDOM.load(Relaxed); + } + + random +} + +static PAGE_SIZE: AtomicUsize = AtomicUsize::new(0); +static CLOCK_TICKS_PER_SECOND: AtomicUsize = AtomicUsize::new(0); +static HWCAP: AtomicUsize = AtomicUsize::new(0); +static HWCAP2: AtomicUsize = AtomicUsize::new(0); +static EXECFN: AtomicPtr<c::c_char> = AtomicPtr::new(null_mut()); +static SYSINFO_EHDR: AtomicPtr<Elf_Ehdr> = AtomicPtr::new(null_mut()); +#[cfg(feature = "runtime")] +static SECURE: AtomicU8 = AtomicU8::new(0); +#[cfg(feature = "runtime")] +static PHDR: AtomicPtr<Elf_Phdr> = AtomicPtr::new(null_mut()); +#[cfg(feature = "runtime")] +static PHENT: AtomicUsize = AtomicUsize::new(0); +#[cfg(feature = "runtime")] +static PHNUM: AtomicUsize = AtomicUsize::new(0); +#[cfg(feature = "runtime")] +static ENTRY: AtomicUsize = AtomicUsize::new(0); +#[cfg(feature = "runtime")] +static RANDOM: AtomicPtr<[u8; 16]> = AtomicPtr::new(null_mut()); + +#[cfg(feature = "alloc")] +fn pr_get_auxv() -> crate::io::Result<Vec<u8>> { + use super::super::conv::{c_int, pass_usize, ret_usize}; + const PR_GET_AUXV: c::c_int = 0x4155_5856; + let mut buffer = alloc::vec![0u8; 512]; + let len = unsafe { + ret_usize(syscall_always_asm!( + __NR_prctl, + c_int(PR_GET_AUXV), + buffer.as_ptr(), + pass_usize(buffer.len()), + pass_usize(0), + pass_usize(0) + ))? + }; + if len <= buffer.len() { + buffer.truncate(len); + return Ok(buffer); + } + buffer.resize(len, 0); + let len = unsafe { + ret_usize(syscall_always_asm!( + __NR_prctl, + c_int(PR_GET_AUXV), + buffer.as_ptr(), + pass_usize(buffer.len()), + pass_usize(0), + pass_usize(0) + ))? + }; + assert_eq!(len, buffer.len()); + return Ok(buffer); +} + +/// If we don't have "use-explicitly-provided-auxv" or "use-libc-auxv", we +/// read the aux vector via the `prctl` `PR_GET_AUXV`, with a fallback to +/// /proc/self/auxv for kernels that don't support `PR_GET_AUXV`. +#[cold] +fn init_auxv() { + #[cfg(feature = "alloc")] + { + match pr_get_auxv() { + Ok(buffer) => { + // SAFETY: We assume the kernel returns a valid auxv. + unsafe { + init_from_aux_iter(AuxPointer(buffer.as_ptr().cast())).unwrap(); + } + return; + } + Err(_) => { + // Fall back to /proc/self/auxv on error. + } + } + } + + // Open "/proc/self/auxv", either because we trust "/proc", or because + // we're running inside QEMU and `proc_self_auxv`'s extra checking foils + // QEMU's emulation so we need to do a plain open to get the right + // auxv records. + let file = crate::fs::open("/proc/self/auxv", OFlags::RDONLY, Mode::empty()).unwrap(); + + #[cfg(feature = "alloc")] + init_from_auxv_file(file).unwrap(); + + #[cfg(not(feature = "alloc"))] + unsafe { + init_from_aux_iter(AuxFile(file)).unwrap(); + } +} + +/// Process auxv entries from the open file `auxv`. +#[cfg(feature = "alloc")] +#[cold] +#[must_use] +fn init_from_auxv_file(auxv: OwnedFd) -> Option<()> { + let mut buffer = Vec::<u8>::with_capacity(512); + loop { + let cur = buffer.len(); + + // Request one extra byte; `Vec` will often allocate more. + buffer.reserve(1); + + // Use all the space it allocated. + buffer.resize(buffer.capacity(), 0); + + // Read up to that many bytes. + let n = match crate::io::read(&auxv, &mut buffer[cur..]) { + Err(crate::io::Errno::INTR) => 0, + Err(_err) => panic!(), + Ok(0) => break, + Ok(n) => n, + }; + + // Account for the number of bytes actually read. + buffer.resize(cur + n, 0_u8); + } + + // SAFETY: We loaded from an auxv file into the buffer. + unsafe { init_from_aux_iter(AuxPointer(buffer.as_ptr().cast())) } +} + +/// Process auxv entries from the auxv array pointed to by `auxp`. +/// +/// # Safety +/// +/// This must be passed a pointer to an auxv array. +/// +/// The buffer contains `Elf_aux_t` elements, though it need not be aligned; +/// function uses `read_unaligned` to read from it. +#[cold] +#[must_use] +unsafe fn init_from_aux_iter(aux_iter: impl Iterator<Item = Elf_auxv_t>) -> Option<()> { + let mut pagesz = 0; + let mut clktck = 0; + let mut hwcap = 0; + let mut hwcap2 = 0; + let mut execfn = null_mut(); + let mut sysinfo_ehdr = null_mut(); + #[cfg(feature = "runtime")] + let mut secure = 0; + #[cfg(feature = "runtime")] + let mut phdr = null_mut(); + #[cfg(feature = "runtime")] + let mut phnum = 0; + #[cfg(feature = "runtime")] + let mut phent = 0; + #[cfg(feature = "runtime")] + let mut entry = 0; + #[cfg(feature = "runtime")] + let mut uid = None; + #[cfg(feature = "runtime")] + let mut euid = None; + #[cfg(feature = "runtime")] + let mut gid = None; + #[cfg(feature = "runtime")] + let mut egid = None; + #[cfg(feature = "runtime")] + let mut random = null_mut(); + + for Elf_auxv_t { a_type, a_val } in aux_iter { + match a_type as _ { + AT_PAGESZ => pagesz = a_val as usize, + AT_CLKTCK => clktck = a_val as usize, + AT_HWCAP => hwcap = a_val as usize, + AT_HWCAP2 => hwcap2 = a_val as usize, + AT_EXECFN => execfn = check_raw_pointer::<c::c_char>(a_val as *mut _)?.as_ptr(), + AT_SYSINFO_EHDR => sysinfo_ehdr = check_elf_base(a_val as *mut _)?.as_ptr(), + + AT_BASE => { + // The `AT_BASE` value can be NULL in a static executable that + // doesn't use a dynamic linker. If so, ignore it. + if !a_val.is_null() { + let _ = check_elf_base(a_val.cast())?; + } + } + + #[cfg(feature = "runtime")] + AT_SECURE => secure = (a_val as usize != 0) as u8 + 1, + #[cfg(feature = "runtime")] + AT_UID => uid = Some(a_val), + #[cfg(feature = "runtime")] + AT_EUID => euid = Some(a_val), + #[cfg(feature = "runtime")] + AT_GID => gid = Some(a_val), + #[cfg(feature = "runtime")] + AT_EGID => egid = Some(a_val), + #[cfg(feature = "runtime")] + AT_PHDR => phdr = check_raw_pointer::<Elf_Phdr>(a_val as *mut _)?.as_ptr(), + #[cfg(feature = "runtime")] + AT_PHNUM => phnum = a_val as usize, + #[cfg(feature = "runtime")] + AT_PHENT => phent = a_val as usize, + #[cfg(feature = "runtime")] + AT_ENTRY => entry = a_val as usize, + #[cfg(feature = "runtime")] + AT_RANDOM => random = check_raw_pointer::<[u8; 16]>(a_val as *mut _)?.as_ptr(), + + AT_NULL => break, + _ => (), + } + } + + #[cfg(feature = "runtime")] + assert_eq!(phent, size_of::<Elf_Phdr>()); + + // If we're running set-uid or set-gid, enable “secure execution” mode, + // which doesn't do much, but users may be depending on the things that + // it does do. + #[cfg(feature = "runtime")] + if uid != euid || gid != egid { + secure = 2; + } + + // The base and sysinfo_ehdr (if present) matches our platform. Accept the + // aux values. + PAGE_SIZE.store(pagesz, Relaxed); + CLOCK_TICKS_PER_SECOND.store(clktck, Relaxed); + HWCAP.store(hwcap, Relaxed); + HWCAP2.store(hwcap2, Relaxed); + EXECFN.store(execfn, Relaxed); + SYSINFO_EHDR.store(sysinfo_ehdr, Relaxed); + #[cfg(feature = "runtime")] + SECURE.store(secure, Relaxed); + #[cfg(feature = "runtime")] + PHDR.store(phdr, Relaxed); + #[cfg(feature = "runtime")] + PHNUM.store(phnum, Relaxed); + #[cfg(feature = "runtime")] + ENTRY.store(entry, Relaxed); + #[cfg(feature = "runtime")] + RANDOM.store(random, Relaxed); + + Some(()) +} + +/// Check that `base` is a valid pointer to the kernel-provided vDSO. +/// +/// `base` is some value we got from a `AT_SYSINFO_EHDR` aux record somewhere, +/// which hopefully holds the value of the kernel-provided vDSO in memory. Do a +/// series of checks to be as sure as we can that it's safe to use. +#[cold] +#[must_use] +unsafe fn check_elf_base(base: *const Elf_Ehdr) -> Option<NonNull<Elf_Ehdr>> { + // If we're reading a 64-bit auxv on a 32-bit platform, we'll see a zero + // `a_val` because `AT_*` values are never greater than `u32::MAX`. Zero is + // used by libc's `getauxval` to indicate errors, so it should never be a + // valid value. + if base.is_null() { + return None; + } + + let hdr = match check_raw_pointer::<Elf_Ehdr>(base as *mut _) { + Some(hdr) => hdr, + None => return None, + }; + + let hdr = hdr.as_ref(); + if hdr.e_ident[..SELFMAG] != ELFMAG { + return None; // Wrong ELF magic + } + if !matches!(hdr.e_ident[EI_OSABI], ELFOSABI_SYSV | ELFOSABI_LINUX) { + return None; // Unrecognized ELF OS ABI + } + if hdr.e_ident[EI_ABIVERSION] != ELFABIVERSION { + return None; // Unrecognized ELF ABI version + } + if hdr.e_type != ET_DYN { + return None; // Wrong ELF type + } + + // If ELF is extended, we'll need to adjust. + if hdr.e_ident[EI_VERSION] != EV_CURRENT + || hdr.e_ehsize as usize != size_of::<Elf_Ehdr>() + || hdr.e_phentsize as usize != size_of::<Elf_Phdr>() + { + return None; + } + // We don't currently support extra-large numbers of segments. + if hdr.e_phnum == PN_XNUM { + return None; + } + + // If `e_phoff` is zero, it's more likely that we're looking at memory that + // has been zeroed than that the kernel has somehow aliased the `Ehdr` and + // the `Phdr`. + if hdr.e_phoff < size_of::<Elf_Ehdr>() { + return None; + } + + // Verify that the `EI_CLASS`/`EI_DATA`/`e_machine` fields match the + // architecture we're running as. This helps catch cases where we're + // running under QEMU. + if hdr.e_ident[EI_CLASS] != ELFCLASS { + return None; // Wrong ELF class + } + if hdr.e_ident[EI_DATA] != ELFDATA { + return None; // Wrong ELF data + } + if hdr.e_machine != EM_CURRENT { + return None; // Wrong machine type + } + + Some(NonNull::new_unchecked(as_ptr(hdr) as *mut _)) +} + +// Aux reading utilities + +// Read auxv records from an array in memory. +struct AuxPointer(*const Elf_auxv_t); + +impl Iterator for AuxPointer { + type Item = Elf_auxv_t; + + #[cold] + fn next(&mut self) -> Option<Self::Item> { + unsafe { + let value = read_unaligned(self.0); + self.0 = self.0.add(1); + Some(value) + } + } +} + +// Read auxv records from a file. +#[cfg(not(feature = "alloc"))] +struct AuxFile(OwnedFd); + +#[cfg(not(feature = "alloc"))] +impl Iterator for AuxFile { + type Item = Elf_auxv_t; + + // This implementation does lots of `read`s and it isn't amazing, but + // hopefully we won't use it often. + #[cold] + fn next(&mut self) -> Option<Self::Item> { + let mut buf = [0_u8; size_of::<Self::Item>()]; + let mut slice = &mut buf[..]; + while !slice.is_empty() { + match crate::io::read(&self.0, slice) { + Ok(0) => panic!("unexpected end of auxv file"), + Ok(n) => slice = &mut slice[n..], + Err(crate::io::Errno::INTR) => continue, + Err(err) => panic!("{:?}", err), + } + } + Some(unsafe { read_unaligned(buf.as_ptr().cast()) }) + } +} |