NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/49287: something wrong between exec_script and compat32

The following reply was made to PR kern/49287; it has been noted by GNATS.

From: Masao Uebayashi <uebayasi%gmail.com@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: kern/49287: something wrong between exec_script and compat32
Date: Sun, 14 Dec 2014 15:29:27 +0900

 The fix done in src/sys/kern/kern_exec.c Rev. 1.409 was slightly wrong.  The
 pointer sizes of the execve() caller and the execve() target may be different.
 The current code fails if a 32-bit binary calls a 64-bit fake-argument program.
 
 Index: sys/sys/exec.h
 ===================================================================
 RCS file: /cvsroot/src/sys/sys/exec.h,v
 retrieving revision 1.146
 diff -p -u -r1.146 exec.h
 --- sys/sys/exec.h	5 Sep 2014 05:42:50 -0000	1.146
 +++ sys/sys/exec.h	14 Dec 2014 06:21:46 -0000
 @@ -230,6 +230,7 @@ struct exec_package {
  #define	EXEC_32		0x0020		/* 32-bit binary emulation */
  #define	EXEC_FORCEAUX	0x0040		/* always use ELF AUX vector */
  #define	EXEC_TOPDOWN_VM	0x0080		/* may use top-down VM layout */
 +#define	EXEC_FROM32	0x0100		/* exec'ed from 32-bit binary */
  
  struct exec_vmcmd {
  	int	(*ev_proc)(struct lwp *, struct exec_vmcmd *);
 Index: sys/kern/kern_exec.c
 ===================================================================
 RCS file: /cvsroot/src/sys/kern/kern_exec.c,v
 retrieving revision 1.410
 diff -p -u -r1.410 kern_exec.c
 --- sys/kern/kern_exec.c	9 Nov 2014 17:50:01 -0000	1.410
 +++ sys/kern/kern_exec.c	14 Dec 2014 06:21:47 -0000
 @@ -673,7 +673,7 @@ execve_loadvm(struct lwp *l, const char 
  	epp->ep_emul_arg_free = NULL;
  	memset(&epp->ep_vmcmds, 0, sizeof(epp->ep_vmcmds));
  	epp->ep_vap = &data->ed_attr;
 -	epp->ep_flags = 0;
 +	epp->ep_flags = (p->p_flag & PK_32) ? EXEC_FROM32 : 0;
  	MD_TOPDOWN_INIT(epp);
  	epp->ep_emul_root = NULL;
  	epp->ep_interp = NULL;
 @@ -1335,9 +1335,15 @@ execve1(struct lwp *l, const char *path,
  }
  
  static size_t
 +fromptrsz(const struct exec_package *epp)
 +{
 +	return (epp->ep_flags & EXEC_FROM32) ? sizeof(int) : sizeof(char *);
 +}
 +
 +static size_t
  ptrsz(const struct exec_package *epp)
  {
 -	return (epp->ep_flags & EXEC_32) ?  sizeof(int) : sizeof(char *);
 +	return (epp->ep_flags & EXEC_32) ? sizeof(int) : sizeof(char *);
  }
  
  static size_t
 @@ -1508,7 +1514,7 @@ copyinargs(struct execve_data * restrict
  		return EINVAL;
  	}
  	if (epp->ep_flags & EXEC_SKIPARG)
 -		args = (const void *)((const char *)args + ptrsz(epp));
 +		args = (const void *)((const char *)args + fromptrsz(epp));
  	i = 0;
  	error = copyinargstrs(data, args, fetch_element, &dp, &i, ktr_execarg);
  	if (error != 0) {
Home | Main Index | Thread Index | Old Index