From owner-freebsd-arch@FreeBSD.ORG Fri May 3 03:16:09 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 45B16DAD; Fri, 3 May 2013 03:16:09 +0000 (UTC) (envelope-from sson@FreeBSD.org) Received: from ns1.son.org (son.org [65.48.68.179]) by mx1.freebsd.org (Postfix) with ESMTP id 0F53912FB; Fri, 3 May 2013 03:16:08 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by ns1.son.org (Postfix) with ESMTP id D9DE71EC942B; Thu, 2 May 2013 22:16:14 -0500 (CDT) Received: from ns1.son.org ([127.0.0.1]) by localhost (ns1.dev-random.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17iYfY77C5cW; Thu, 2 May 2013 22:16:12 -0500 (CDT) Received: from [192.168.0.12] (cpe-76-187-137-252.tx.res.rr.com [76.187.137.252]) by ns1.son.org (Postfix) with ESMTP id 1630D1EC9423; Thu, 2 May 2013 22:16:11 -0500 (CDT) Subject: Re: A General or Miscellaneous Binary Image Activator Mime-Version: 1.0 (Apple Message framework v1283) Content-Type: text/plain; charset=iso-8859-1 From: Stacey Son In-Reply-To: <201305021138.36554.jhb@freebsd.org> Date: Thu, 2 May 2013 22:15:58 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: <136ADFC2-D68F-4AE3-8186-4DF680C55E3E@FreeBSD.org> References: <71BF89C0-13F9-41CA-9F7E-A3FDE11C2346@FreeBSD.org> <201305021138.36554.jhb@freebsd.org> To: John Baldwin X-Mailer: Apple Mail (2.1283) Cc: freebsd-arch@freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 May 2013 03:16:09 -0000 On May 2, 2013, at 10:38 AM, John Baldwin wrote: > On Wednesday, May 01, 2013 7:02:49 pm Stacey Son wrote: >> Of course, comments, questions, concerns, etc. are welcome. >=20 > Certainly the ability to cross-build ports in this way is a huge win. = I just=20 > have a few comments on the kern.binmisc sysctl: >=20 > It seems to be a bit overloaded and not used like a typical sysctl. A = better=20 > match would seem to be a /dev/binmisc that you perform ioctl's on. A = sysctl=20 > might still make better sense for enumerating the interperter entries, = but the=20 > more typical way to do that would either be to have kern.binmisc. = be a=20 > sysctl that returns item in the list, or to have the kern.binmisc = sysctl=20 > that just returns an array of xbe entries (rather than having separate=20= > list/lookup operations) similar to how the kern.proc sysctls work. If = you=20 > were to do this, I would probably prefer the second approach (one = sysctl that=20 > returns a consistent snapshot). I changed the code so userland gets a snapshot of the interpreter table = much like kern.proc. See: http://people.freebsd.org/~sson/imgact_binmisc/imgact_binmisc.c http://people.freebsd.org/~sson/imgact_binmisc/imgact_binmisc.h Now the sysctl() interface as follows: #include #define LLVM_MAGIC "BC\xc0\xde" #define MIPS64_ELF_MAGIC \ = "\x7f\x45\x4c\x46\x02\x02\x01\x00\x00\x00"\x00\x00\x00\x00\x00\x00\x00\x02= \x00\x08" #define MIPS64_ELF_MASK \ = "\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\= xff\xff" ximgact_binmisc_entry_t xbe, *xbep; size_t size =3D 0, osize; int error, i; // Add image activator for LLVM byte code=20 bzero(&xbe, sizeof(xbe)); xbe.xbe_version =3D IBE_VERSION; xbe.xbe_flags =3D IBF_ENABLED; strlcpy(xbe.xbe_name, "llvm_bc", IBE_NAME_MAX); strlcpy(xbe.xbe_interpreter, "/usr/bin/lli", MAXPATHLEN); xbe.xbe_moffset =3D 0; xbe.xbe_msize =3D sizeof(LLVM_MAGIC) - 1; memcpy(xbe.xbe_magic, LLVM_MAGIC, xbe.xbe_msize); error =3D sysctlbyname("kern.binmisc.add", NULL, NULL, &xbe, = sizeof(xbe)); // Add image activator for mips64 ELF binaries to use qemu user mode bzero(&xbe, sizeof(xbe)); xbe.xbe_version =3D IBE_VERSION; xbe.xbe_flags =3D IBF_ENABLED | IBF_USE_MASK; strlcpy(xbe.xbe_name, "mips64elf", IBE_NAME_MAX); strlcpy(xbe.xbe_interpreter, "/usr/local/bin/qemu-mips64", MAXPATHLEN); xbe.xbe_moffset =3D 0; xbe.xbe_msize =3D sizeof(MIPS64_ELF_MAGIC) - 1; memcpy(xbe.xbe_magic, MIPS64_ELF_MAGIC, xbe.xbe_msize); memcpy(xbe.xbe_mask, MIPS64_ELF_MASK, xbe.xbe_msize); sysctlbyname("kern.binmisc.add", NULL, NULL, &xbe, sizeof(xbe)); // Disable (OR Enable OR Delete) image activator for LLVM byte code bzero(&xbe, sizeof(xbe)); xbe.xbe_version =3D IBE_VERSION; strlcpy(xbe.xbe_name, "llvm_bc", IBE_NAME_MAX); error =3D sysctlbyname("kern.binmisc.disable", NULL, NULL, &xbe, = sizeof(xbe)); // OR sysctlbyname("kern.binmisc.enable", NULL, NULL, &xbe, = sizeof(xbe)); // OR sysctlbyname("kern.binmisc.delete", NULL, NULL, &xbe, = sizeof(xbe)); // Get all the currently configured image activators and report error =3D sysctlbyname("kern.binmisc.getall", 0, &size, NULL, 0); if (0 =3D=3D error && size > 0) { xbep =3D malloc(size); while(1) { osize =3D size; error =3D sysctlbyname("kern.binmisc.getall", xbep, &size, = NULL, 0); if (-1 =3D=3D error && ENOMEM =3D=3D errno && size =3D=3D = osize) { // The buffer too small and needs to grow size +=3D sizeof(xbe);=20 xbep =3D realloc(xbep, size); } else break; } } for(i =3D 0; i < (size / sizeof(xbe)); i++, xbep++) printf("name: %s interpreter: %s flags: %s%s\n", xbep->xbe_name, xbep->xbe_interpreter, (xbep->xbe_flags & IBF_ENABLED) ?=20 "ENABLED" : "", (xbep->xbe_flags & IBF_ENABLED) ? " = USE_MASK" : ""); The sysctlbyname() calls above may return the following errors: [EINVAL] Invalid argment in the input ximgact_binmisc_entry_t = structure. [EEXIST] Interpreter entry for given name already exist in kernel = list.=20 [ENOMEM] Allocating memory in the kernel failed or, in the case of kern.binmisc.getall, the user buffer is too small. [ENOENT] Interpreter entry for given name is not found. [ENOSPC] Attempted to exceed maximum number of entries = (IBE_MAX_ENTRIES). On May 1, 2013, at 6:02 PM, Stacey Son wrote: > Of course, image activators have been a source for security issues. = If this or something like this is include in the kernel then I would = recommend it be optional. Or, better yet, just simply build as a kernel module like I have done in = the following diff: =20 = http://people.freebsd.org/~sson/imgact_binmisc/imgact_binmisc.diff -stacey. sson@