123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657 |
- /* -*- mode:c; c-file-style:"k&r"; c-basic-offset: 4; tab-width:4; indent-tabs-mode:nil; mode:auto-fill; fill-column:78; -*- */
- /* vim: set ts=4 sw=4 et tw=78 fo=cqt wm=0: */
- /* Copyright (C) 2014 OSCAR lab, Stony Brook University
- This file is part of Graphene Library OS.
- Graphene Library OS is free software: you can redistribute it and/or
- modify it under the terms of the GNU General Public License
- as published by the Free Software Foundation, either version 3 of the
- License, or (at your option) any later version.
- Graphene Library OS is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>. */
- /*
- * db_process.c
- *
- * This source file contains functions to create a child process and terminate
- * the running process. Child does not inherit any objects or memory from its
- * parent pricess. A Parent process may not modify the execution of its
- * children. It can wait for a child to exit using its handle. Also, parent and
- * child may communicate through I/O streams provided by the parent to the child
- * at creation.
- */
- #include "pal_defs.h"
- #include "pal_linux_defs.h"
- #include "pal.h"
- #include "pal_internal.h"
- #include "pal_linux.h"
- #include "pal_debug.h"
- #include "pal_error.h"
- #include "pal_security.h"
- #include "graphene.h"
- #include "graphene-ipc.h"
- #include "api.h"
- #include <linux/sched.h>
- #include <linux/types.h>
- typedef __kernel_pid_t pid_t;
- #include <asm/fcntl.h>
- #include <sys/socket.h>
- #include <asm-errno.h>
- #ifndef SEEK_SET
- # define SEEK_SET 0
- #endif
- int _DkProcessCreate (PAL_HANDLE * handle, const char * uri,
- int flags, const char ** args)
- {
- int ret, rete = 0;
- const char * manifest_uri = pal_config.manifest;
- PAL_HANDLE manifest = pal_config.manifest_handle;
- const char * exec_uri = NULL;
- PAL_HANDLE exec = NULL;
- bool noexec = false;
- if (uri) {
- exec_uri = uri;
- if ((ret = _DkStreamOpen(&exec, uri, PAL_ACCESS_RDONLY, 0, 0, 0)) < 0)
- return ret;
- if (check_elf_object(exec) < 0) {
- manifest = exec;
- manifest_uri = uri;
- exec = NULL;
- exec_uri = NULL;
- }
- } else {
- noexec = true;
- }
- int fds[6] = { -1, -1, -1, -1, -1, -1 };
- if (IS_ERR((ret = INLINE_SYSCALL(pipe2, 2, &fds[0], 0))) ||
- IS_ERR((ret = INLINE_SYSCALL(pipe2, 2, &fds[2], 0))) ||
- IS_ERR((ret = INLINE_SYSCALL(socketpair, 4, AF_UNIX, SOCK_STREAM,
- 0, &fds[4])))) {
- ret = -PAL_ERROR_DENIED;
- goto out;
- }
- int proc_fds[2][3] = {
- { fds[0], fds[3], fds[4] },
- { fds[2], fds[1], fds[5] },
- };
- int nargs = 0;
- if (args) {
- const char ** p = args;
- while (*p) {
- p++;
- nargs++;
- }
- }
- # define STRARG_SIZE 256
- const char ** new_args = __alloca(sizeof(const char *) * (nargs + 3));
- int bufsize = STRARG_SIZE;
- char * argbuf = __alloca(STRARG_SIZE);
- new_args[0] = PAL_LOADER;
- new_args[1] = argbuf;
- if (args)
- memcpy(new_args + 2, args, sizeof(const char *) * nargs);
- new_args[nargs + 2] = NULL;
- #define write_arg(...) \
- do { \
- int _len = snprintf(argbuf, bufsize, __VA_ARGS__); \
- argbuf += _len; \
- bufsize -= _len; \
- } while (0);
- write_arg(":domain=%08x;", pal_sec_info.domain_id);
- int manifest_fd = -1;
- if (manifest) {
- manifest_fd = manifest->file.fd;
- INLINE_SYSCALL(fcntl, 3, manifest_fd, F_SETFD, 0);
- write_arg("manifest=%d,%s;", manifest_fd, manifest_uri ? : "");
- if (manifest != pal_config.manifest_handle)
- manifest_fd = -1;
- }
- write_arg("proc=%d,%d,%d,%d;",
- proc_fds[0][0], proc_fds[0][1], proc_fds[0][2],
- pal_linux_config.pid);
- if (exec) {
- int exec_fd = exec->file.fd;
- INLINE_SYSCALL(fcntl, 3, exec_fd, F_SETFD, 0);
- write_arg("exec=%d,%s;", exec_fd, exec_uri ? : "");
- } else if (noexec) {
- write_arg("noexec;");
- }
- if (pal_sec_info.pipe_prefix)
- write_arg("pipe=%s;", pal_sec_info.pipe_prefix);
- if (pal_config.heap_base)
- write_arg("heap=%lx;", pal_config.heap_base);
- if (pal_sec_info.rand_gen)
- write_arg("rand=%d;", pal_sec_info.rand_gen);
- if (pal_sec_info.mcast_port)
- write_arg("mcast=%u;", pal_sec_info.mcast_port);
- ret = ARCH_VFORK();
- if (IS_ERR(ret)) {
- ret = -PAL_ERROR_DENIED;
- goto out;
- }
- if (!ret) {
- for (int i = 0 ; i < 3 ; i++)
- INLINE_SYSCALL(close, 1, proc_fds[1][i]);
- if (manifest_fd >= 0)
- INLINE_SYSCALL(fcntl, 3, manifest_fd, F_SETFD, 0);
- rete = INLINE_SYSCALL(execve, 3, PAL_LOADER, new_args,
- pal_config.environments);
- /* shouldn't get to here */
- printf("unexpected failure of new process\n");
- asm("hlt");
- return 0;
- }
- if (IS_ERR(rete)) {
- ret = -PAL_ERROR_DENIED;
- goto out;
- }
- for (int i = 0 ; i < 3 ; i++)
- INLINE_SYSCALL(close, 1, proc_fds[0][i]);
- for (int i = 0 ; i < 3 ; i++)
- INLINE_SYSCALL(fcntl, 3, proc_fds[1][i], F_SETFD, FD_CLOEXEC);
- int pid = ret;
- PAL_HANDLE hdl = malloc(HANDLE_SIZE(process));
- SET_HANDLE_TYPE(hdl, process);
- hdl->__in.flags |= RFD(0)|WFD(1)|RFD(2)|WFD(2)|WRITEABLE(1)|WRITEABLE(2);
- hdl->process.stream_in = proc_fds[1][0];
- hdl->process.stream_out = proc_fds[1][1];
- hdl->process.cargo = proc_fds[1][2];
- hdl->process.pid = pid;
- hdl->process.nonblocking = PAL_FALSE;
- *handle = hdl;
- ret = 0;
- out:
- if (ret < 0) {
- for (int i = 0 ; i < 6 ; i++)
- if (fds[i] >= 0)
- INLINE_SYSCALL(close, 1, fds[i]);
- }
- return ret;
- }
- static void read_child_args (const char * val, int vlen,
- void * arg1, bool isnum1,
- void * arg2, bool isnum2,
- void * arg3, bool isnum3,
- void * arg4, bool isnum4)
- {
- const char * v1 = val, * v2 = v1, * end = val + vlen;
- void * arg[4] = { arg1, arg2, arg3, arg4 };
- bool isnum[4] = { isnum1, isnum2, isnum3, isnum4 };
- for (int i = 0 ; i < 4 ; i++) {
- if (!arg[i])
- return;
- while (v2 < end && *v2 != ',')
- v2++;
- if (v1 >= end || v2 <= v1) {
- if (isnum[i])
- *(int *) arg[i] = 0;
- else
- ((char *) arg[i])[0] = 0;
- continue;
- }
- if (isnum[i]) {
- *(int *) arg[i] = atoi(v1);
- } else {
- memcpy((char *) arg[i], v1, v2 - v1);
- ((char *) arg[i])[v2 - v1] = 0;
- }
- v2 = v1 = v2 + 1;
- }
- }
- static inline bool set_fd_cloexec (int fd)
- {
- return !(IS_ERR(INLINE_SYSCALL(fcntl, 3, fd, F_SETFD, FD_CLOEXEC)));
- }
- #define STRARG_SIZE 256
- static void read_child_handle (const char * val, int vlen,
- PAL_HANDLE * handle, const char ** uri)
- {
- int fd;
- char buf[STRARG_SIZE];
- read_child_args(val, vlen, &fd, true, buf, false,
- NULL, false, NULL, false);
- if (!fd || !set_fd_cloexec(fd)) {
- *handle = NULL;
- *uri = NULL;
- return;
- }
- INLINE_SYSCALL(lseek, 3, fd, 0, SEEK_SET);
- int len = strlen(buf);
- PAL_HANDLE hdl = malloc(HANDLE_SIZE(file) + (len > 4 ? len - 4 : 0));
- SET_HANDLE_TYPE(hdl, file);
- hdl->__in.flags |= RFD(0)|WFD(0)|WRITEABLE(0);
- hdl->file.fd = fd;
- if (len > 4) {
- char * path = (void *) hdl + HANDLE_SIZE(file);
- memcpy(path, buf + 5, len - 4);
- hdl->file.realpath = path;
- } else {
- hdl->file.realpath = NULL;
- }
- *handle = hdl;
- *uri = len ? remalloc(buf, len + 1) : NULL;
- }
- int init_child_process (const char * proc_args)
- {
- const char * c = proc_args;
- while (*c) {
- const char * key = c, * val;
- int klen, vlen;
- while (*c && *c != '=' && *c != ';')
- c++;
- klen = c - key;
- if (klen == 6 && !memcmp(key, "noexec", 6))
- /* format: noexec */
- pal_linux_config.noexec = true;
- if (!*c)
- break;
- if (*c == ';') {
- c++;
- continue;
- }
- val = (++c);
- while (*c && *c != ';')
- c++;
- vlen = c - val;
- if (*c == ';')
- c++;
- if (klen == 4) {
- if (!memcmp(key, "exec", 4)) {
- /* format: exec=fd,uri */
- read_child_handle(val, vlen, &pal_config.exec_handle,
- &pal_config.exec);
- } else if (!memcmp(key, "proc", 4)) {
- /* format: proc=fd,pid */
- int fds[3], pid;
- read_child_args(val, vlen,
- &fds[0], true, &fds[1], true, &fds[2], true,
- &pid, true);
- for (int i = 0 ; i < 3 ; i++)
- if (!set_fd_cloexec(fds[i]))
- fds[i] = PAL_IDX_POISON;
- PAL_HANDLE proc = malloc(HANDLE_SIZE(process));
- SET_HANDLE_TYPE(proc, process);
- proc->__in.flags |= RFD(0)|WFD(1)|RFD(2)|WFD(2)|WRITEABLE(1)|WRITEABLE(2);
- proc->process.stream_in = fds[0];
- proc->process.stream_out = fds[1];
- proc->process.cargo = fds[2];
- proc->process.pid = pid;
- __pal_control.parent_process = proc;
- } else if (!memcmp(key, "pipe", 4)) {
- /* format: pipe=prefix */
- char * prefix = remalloc(val, vlen + 1);
- prefix[vlen] = 0;
- pal_sec_info.pipe_prefix = prefix;
- } else if (!memcmp(key, "rand", 4)) {
- /* format: rand=fd */
- pal_sec_info.rand_gen = atoi(val);
- } else if (!memcmp(key, "heap", 4)) {
- /* format: heap=addr (hex) */
- pal_config.heap_base = (void *) strtol(val, NULL, 16);
- }
- } else if (klen == 5) {
- if (!memcmp(key, "mcast", 5)) {
- /* format: mcast=port */
- pal_sec_info.mcast_port = atoi(val);
- }
- } else if (klen == 6) {
- if (!memcmp(key, "domain", 6)) {
- /* format: domain=id */
- pal_sec_info.domain_id = strtol(val, NULL, 16);
- }
- } else if (klen == 8) {
- if (!memcmp(key, "manifest", 8)) {
- /* format: manifest=fd,uri */
- read_child_handle(val, vlen, &pal_config.manifest_handle,
- &pal_config.manifest);
- }
- }
- }
- return 0;
- }
- void _DkProcessExit (int exitcode)
- {
- if (__pal_control.parent_process)
- _DkObjectClose(__pal_control.parent_process);
- if (__pal_control.manifest_handle)
- _DkObjectClose(__pal_control.manifest_handle);
- INLINE_SYSCALL(exit_group, 1, exitcode);
- }
- int ioctl_set_graphene (struct config_store * config, int ndefault,
- const struct graphene_user_policy * default_policies);
- static int set_graphene_task (const char * uri, int flags)
- {
- PAL_HANDLE handle = NULL;
- int ret;
- if ((ret = _DkStreamOpen(&handle, uri, PAL_ACCESS_RDONLY, 0, 0, 0)) < 0)
- return ret;
- PAL_STREAM_ATTR attr;
- if ((ret = _DkStreamAttributesQuerybyHandle(handle, &attr)) < 0)
- goto out;
- void * addr = NULL;
- size_t size = attr.size;
- if ((ret = _DkStreamMap(handle, &addr, PAL_PROT_READ, 0,
- ALLOC_ALIGNUP(size))) < 0)
- goto out;
- struct config_store cfg;
- cfg.raw_data = addr;
- cfg.raw_size = size;
- cfg.malloc = malloc;
- cfg.free = free;
- if ((ret = read_config(&cfg, NULL, NULL)) < 0)
- goto out_mem;
- const char * manifest = uri;
- struct graphene_user_policy manifest_policy;
- if (!memcmp(manifest, "file:", 5)) {
- manifest_policy.type = GRAPHENE_FS_PATH | GRAPHENE_FS_READ;
- manifest_policy.value = manifest + 5;
- } else {
- manifest_policy.type = 0;
- }
- if (flags & PAL_SANDBOX_PIPE) {
- do {
- getrand(&pal_sec_info.mcast_port, sizeof(unsigned short));
- } while (pal_sec_info.mcast_port < 1024);
- }
- struct graphene_net_policy mcast_rules[2];
- memset(mcast_rules, 0, sizeof(struct graphene_net_policy) * 2);
- mcast_rules[0].family = AF_INET;
- mcast_rules[0].local.port_begin = pal_sec_info.mcast_port;
- mcast_rules[0].local.port_end = pal_sec_info.mcast_port;
- mcast_rules[0].peer.port_begin = 0;
- mcast_rules[0].peer.port_end = 65535;
- mcast_rules[1].family = AF_INET;
- mcast_rules[1].local.port_begin = 0;
- mcast_rules[1].local.port_end = 65535;
- inet_pton(AF_INET, MCAST_GROUP, &mcast_rules[1].peer.addr);
- mcast_rules[1].peer.port_begin = pal_sec_info.mcast_port;
- mcast_rules[1].peer.port_end = pal_sec_info.mcast_port;
- if (flags & PAL_SANDBOX_PIPE) {
- char pipe_root[GRAPHENE_PIPEDIR_LEN + 20];
- char pipe_prefix[9];
- int sandboxid;
- snprintf(pipe_root,
- GRAPHENE_PIPEDIR_LEN + 20, GRAPHENE_PIPEDIR "/%08x",
- pal_sec_info.domain_id);
- getrand(&sandboxid, sizeof(int));
- snprintf(pipe_prefix, 9, "%08x", sandboxid);
- struct graphene_user_policy default_policies[] = {
- { .type = GRAPHENE_UNIX_ROOT, .value = pipe_root, },
- { .type = GRAPHENE_UNIX_PREFIX, .value = pipe_prefix, },
- { .type = GRAPHENE_NET_RULE, .value = &mcast_rules[0], },
- { .type = GRAPHENE_NET_RULE, .value = &mcast_rules[1], },
- manifest_policy,
- };
- ret = ioctl_set_graphene(&cfg, manifest_policy.type ? 5 : 4,
- default_policies);
- if (ret < 0)
- goto out_mem;
- pal_sec_info.pipe_prefix = remalloc(pipe_prefix, 9);
- } else {
- const struct graphene_user_policy default_policies[] = {
- { .type = GRAPHENE_NET_RULE, .value = &mcast_rules[0], },
- { .type = GRAPHENE_NET_RULE, .value = &mcast_rules[1], },
- manifest_policy,
- };
- ret = ioctl_set_graphene(&cfg, manifest_policy.type ? 3 : 2,
- default_policies);
- if (ret < 0)
- goto out_mem;
- }
- pal_config.manifest = manifest;
- _DkObjectClose(pal_config.manifest_handle);
- pal_config.manifest_handle = handle;
- free_config(&cfg);
- out_mem:
- _DkStreamUnmap(cfg.raw_data, ALLOC_ALIGNUP(cfg.raw_size));
- out:
- DkObjectClose(handle);
- return ret;
- }
- int _DkProcessSandboxCreate (const char * manifest, int flags)
- {
- return set_graphene_task(manifest, flags);
- }
- static int proc_read (PAL_HANDLE handle, int offset, int count,
- void * buffer)
- {
- int bytes = INLINE_SYSCALL(read, 3, handle->process.stream_in, buffer,
- count);
- if (IS_ERR(bytes))
- switch(ERRNO(bytes)) {
- case EWOULDBLOCK:
- return-PAL_ERROR_TRYAGAIN;
- case EINTR:
- return -PAL_ERROR_INTERRUPTED;
- default:
- return -PAL_ERROR_DENIED;
- }
- return bytes;
- }
- static int proc_write (PAL_HANDLE handle, int offset, int count,
- const void * buffer)
- {
- int bytes = INLINE_SYSCALL(write, 3, handle->process.stream_out, buffer,
- count);
- if (IS_ERR(bytes))
- switch(ERRNO(bytes)) {
- case EWOULDBLOCK:
- handle->__in.flags &= ~WRITEABLE(1);
- return-PAL_ERROR_TRYAGAIN;
- case EINTR:
- return -PAL_ERROR_INTERRUPTED;
- default:
- return -PAL_ERROR_DENIED;
- }
- if (bytes == count)
- handle->__in.flags |= WRITEABLE(1);
- else
- handle->__in.flags &= ~WRITEABLE(1);
- return bytes;
- }
- static int proc_close (PAL_HANDLE handle)
- {
- if (handle->process.stream_in != PAL_IDX_POISON) {
- INLINE_SYSCALL(close, 1, handle->process.stream_in);
- handle->process.stream_in = PAL_IDX_POISON;
- }
- if (handle->process.stream_out != PAL_IDX_POISON) {
- INLINE_SYSCALL(close, 1, handle->process.stream_out);
- handle->process.stream_out = PAL_IDX_POISON;
- }
- if (handle->process.cargo != PAL_IDX_POISON) {
- INLINE_SYSCALL(close, 1, handle->process.cargo);
- handle->process.cargo = PAL_IDX_POISON;
- }
- return 0;
- }
- static int proc_delete (PAL_HANDLE handle, int access)
- {
- int shutdown;
- switch (access) {
- case 0:
- shutdown = SHUT_RDWR;
- break;
- case PAL_DELETE_RD:
- shutdown = SHUT_RD;
- break;
- case PAL_DELETE_WR:
- shutdown = SHUT_WR;
- break;
- default:
- return -PAL_ERROR_INVAL;
- }
- if (access != PAL_DELETE_WR &&
- handle->process.stream_in != PAL_IDX_POISON) {
- INLINE_SYSCALL(close, 1, handle->process.stream_in);
- handle->process.stream_in = PAL_IDX_POISON;
- }
- if (access != PAL_DELETE_RD &&
- handle->process.stream_out != PAL_IDX_POISON) {
- INLINE_SYSCALL(close, 1, handle->process.stream_out);
- handle->process.stream_out = PAL_IDX_POISON;
- }
- if (handle->process.cargo != PAL_IDX_POISON)
- INLINE_SYSCALL(shutdown, 2, handle->process.cargo, shutdown);
- return 0;
- }
- #ifndef FIONREAD
- # define FIONREAD 0x541B
- #endif
- static int proc_attrquerybyhdl (PAL_HANDLE handle, PAL_STREAM_ATTR * attr)
- {
- int ret, val;
- if (handle->process.stream_in == PAL_IDX_POISON)
- return -PAL_ERROR_BADHANDLE;
- memset(attr, 0, sizeof(PAL_STREAM_ATTR));
- ret = INLINE_SYSCALL(ioctl, 3, handle->process.stream_in, FIONREAD, &val);
- if (!IS_ERR(ret))
- attr->size = val;
- attr->disconnected = handle->__in.flags & (ERROR(0)|ERROR(1));
- attr->readable = (attr->size > 0);
- attr->writeable = handle->__in.flags & WRITEABLE(1);
- attr->nonblocking = handle->process.nonblocking;
- return 0;
- }
- static int proc_attrsetbyhdl (PAL_HANDLE handle, PAL_STREAM_ATTR * attr)
- {
- if (handle->process.stream_in == PAL_IDX_POISON)
- return -PAL_ERROR_BADHANDLE;
- int ret;
- if (attr->nonblocking != handle->process.nonblocking) {
- ret = INLINE_SYSCALL(fcntl, 3, handle->process.stream_in, F_SETFL,
- handle->process.nonblocking ? O_NONBLOCK : 0);
- if (IS_ERR(ret))
- return unix_to_pal_error(ERRNO(ret));
- handle->process.nonblocking = attr->nonblocking;
- }
- return 0;
- }
- struct handle_ops proc_ops = {
- .read = &proc_read,
- .write = &proc_write,
- .close = &proc_close,
- .delete = &proc_delete,
- .attrquerybyhdl = &proc_attrquerybyhdl,
- .attrsetbyhdl = &proc_attrsetbyhdl,
- };
|