//! Linux auxv support. //! //! # Safety //! //! This uses raw pointers to locate and read the kernel-provided auxv array. #![allow(unsafe_code)] use crate::backend::c; use crate::fd::OwnedFd; #[cfg(feature = "param")] use crate::ffi::CStr; use crate::fs::{Mode, OFlags}; use crate::utils::{as_ptr, check_raw_pointer}; #[cfg(feature = "alloc")] use alloc::vec::Vec; use core::mem::size_of; use core::ptr::{null_mut, read_unaligned, NonNull}; #[cfg(feature = "runtime")] use core::sync::atomic::AtomicU8; use core::sync::atomic::Ordering::Relaxed; use core::sync::atomic::{AtomicPtr, AtomicUsize}; use linux_raw_sys::elf::*; use linux_raw_sys::general::{ AT_BASE, AT_CLKTCK, AT_EXECFN, AT_HWCAP, AT_HWCAP2, AT_NULL, AT_PAGESZ, AT_SYSINFO_EHDR, }; #[cfg(feature = "runtime")] use linux_raw_sys::general::{ AT_EGID, AT_ENTRY, AT_EUID, AT_GID, AT_PHDR, AT_PHENT, AT_PHNUM, AT_RANDOM, AT_SECURE, AT_UID, }; #[cfg(feature = "param")] #[inline] pub(crate) fn page_size() -> usize { let mut page_size = PAGE_SIZE.load(Relaxed); if page_size == 0 { init_auxv(); page_size = PAGE_SIZE.load(Relaxed); } page_size } #[cfg(feature = "param")] #[inline] pub(crate) fn clock_ticks_per_second() -> u64 { let mut ticks = CLOCK_TICKS_PER_SECOND.load(Relaxed); if ticks == 0 { init_auxv(); ticks = CLOCK_TICKS_PER_SECOND.load(Relaxed); } ticks as u64 } #[cfg(feature = "param")] #[inline] pub(crate) fn linux_hwcap() -> (usize, usize) { let mut hwcap = HWCAP.load(Relaxed); let mut hwcap2 = HWCAP2.load(Relaxed); if hwcap == 0 || hwcap2 == 0 { init_auxv(); hwcap = HWCAP.load(Relaxed); hwcap2 = HWCAP2.load(Relaxed); } (hwcap, hwcap2) } #[cfg(feature = "param")] #[inline] pub(crate) fn linux_execfn() -> &'static CStr { let mut execfn = EXECFN.load(Relaxed); if execfn.is_null() { init_auxv(); execfn = EXECFN.load(Relaxed); } // SAFETY: We assume the `AT_EXECFN` value provided by the kernel is a // valid pointer to a valid NUL-terminated array of bytes. unsafe { CStr::from_ptr(execfn.cast()) } } #[cfg(feature = "runtime")] #[inline] pub(crate) fn linux_secure() -> bool { let mut secure = SECURE.load(Relaxed); // 0 means not initialized yet. if secure == 0 { init_auxv(); secure = SECURE.load(Relaxed); } // 0 means not present. Libc `getauxval(AT_SECURE)` would return 0. // 1 means not in secure mode. // 2 means in secure mode. secure > 1 } #[cfg(feature = "runtime")] #[inline] pub(crate) fn exe_phdrs() -> (*const c::c_void, usize, usize) { let mut phdr = PHDR.load(Relaxed); let mut phent = PHENT.load(Relaxed); let mut phnum = PHNUM.load(Relaxed); if phdr.is_null() || phnum == 0 { init_auxv(); phdr = PHDR.load(Relaxed); phent = PHENT.load(Relaxed); phnum = PHNUM.load(Relaxed); } (phdr.cast(), phent, phnum) } /// `AT_SYSINFO_EHDR` isn't present on all platforms in all configurations, so /// if we don't see it, this function returns a null pointer. #[inline] pub(in super::super) fn sysinfo_ehdr() -> *const Elf_Ehdr { let mut ehdr = SYSINFO_EHDR.load(Relaxed); if ehdr.is_null() { init_auxv(); ehdr = SYSINFO_EHDR.load(Relaxed); } ehdr } #[cfg(feature = "runtime")] #[inline] pub(crate) fn entry() -> usize { let mut entry = ENTRY.load(Relaxed); if entry == 0 { init_auxv(); entry = ENTRY.load(Relaxed); } entry } #[cfg(feature = "runtime")] #[inline] pub(crate) fn random() -> *const [u8; 16] { let mut random = RANDOM.load(Relaxed); if random.is_null() { init_auxv(); random = RANDOM.load(Relaxed); } random } static PAGE_SIZE: AtomicUsize = AtomicUsize::new(0); static CLOCK_TICKS_PER_SECOND: AtomicUsize = AtomicUsize::new(0); static HWCAP: AtomicUsize = AtomicUsize::new(0); static HWCAP2: AtomicUsize = AtomicUsize::new(0); static EXECFN: AtomicPtr = AtomicPtr::new(null_mut()); static SYSINFO_EHDR: AtomicPtr = AtomicPtr::new(null_mut()); #[cfg(feature = "runtime")] static SECURE: AtomicU8 = AtomicU8::new(0); #[cfg(feature = "runtime")] static PHDR: AtomicPtr = AtomicPtr::new(null_mut()); #[cfg(feature = "runtime")] static PHENT: AtomicUsize = AtomicUsize::new(0); #[cfg(feature = "runtime")] static PHNUM: AtomicUsize = AtomicUsize::new(0); #[cfg(feature = "runtime")] static ENTRY: AtomicUsize = AtomicUsize::new(0); #[cfg(feature = "runtime")] static RANDOM: AtomicPtr<[u8; 16]> = AtomicPtr::new(null_mut()); #[cfg(feature = "alloc")] fn pr_get_auxv() -> crate::io::Result> { use super::super::conv::{c_int, pass_usize, ret_usize}; const PR_GET_AUXV: c::c_int = 0x4155_5856; let mut buffer = alloc::vec![0u8; 512]; let len = unsafe { ret_usize(syscall_always_asm!( __NR_prctl, c_int(PR_GET_AUXV), buffer.as_ptr(), pass_usize(buffer.len()), pass_usize(0), pass_usize(0) ))? }; if len <= buffer.len() { buffer.truncate(len); return Ok(buffer); } buffer.resize(len, 0); let len = unsafe { ret_usize(syscall_always_asm!( __NR_prctl, c_int(PR_GET_AUXV), buffer.as_ptr(), pass_usize(buffer.len()), pass_usize(0), pass_usize(0) ))? }; assert_eq!(len, buffer.len()); return Ok(buffer); } /// If we don't have "use-explicitly-provided-auxv" or "use-libc-auxv", we /// read the aux vector via the `prctl` `PR_GET_AUXV`, with a fallback to /// /proc/self/auxv for kernels that don't support `PR_GET_AUXV`. #[cold] fn init_auxv() { #[cfg(feature = "alloc")] { match pr_get_auxv() { Ok(buffer) => { // SAFETY: We assume the kernel returns a valid auxv. unsafe { init_from_aux_iter(AuxPointer(buffer.as_ptr().cast())).unwrap(); } return; } Err(_) => { // Fall back to /proc/self/auxv on error. } } } // Open "/proc/self/auxv", either because we trust "/proc", or because // we're running inside QEMU and `proc_self_auxv`'s extra checking foils // QEMU's emulation so we need to do a plain open to get the right // auxv records. let file = crate::fs::open("/proc/self/auxv", OFlags::RDONLY, Mode::empty()).unwrap(); #[cfg(feature = "alloc")] init_from_auxv_file(file).unwrap(); #[cfg(not(feature = "alloc"))] unsafe { init_from_aux_iter(AuxFile(file)).unwrap(); } } /// Process auxv entries from the open file `auxv`. #[cfg(feature = "alloc")] #[cold] #[must_use] fn init_from_auxv_file(auxv: OwnedFd) -> Option<()> { let mut buffer = Vec::::with_capacity(512); loop { let cur = buffer.len(); // Request one extra byte; `Vec` will often allocate more. buffer.reserve(1); // Use all the space it allocated. buffer.resize(buffer.capacity(), 0); // Read up to that many bytes. let n = match crate::io::read(&auxv, &mut buffer[cur..]) { Err(crate::io::Errno::INTR) => 0, Err(_err) => panic!(), Ok(0) => break, Ok(n) => n, }; // Account for the number of bytes actually read. buffer.resize(cur + n, 0_u8); } // SAFETY: We loaded from an auxv file into the buffer. unsafe { init_from_aux_iter(AuxPointer(buffer.as_ptr().cast())) } } /// Process auxv entries from the auxv array pointed to by `auxp`. /// /// # Safety /// /// This must be passed a pointer to an auxv array. /// /// The buffer contains `Elf_aux_t` elements, though it need not be aligned; /// function uses `read_unaligned` to read from it. #[cold] #[must_use] unsafe fn init_from_aux_iter(aux_iter: impl Iterator) -> Option<()> { let mut pagesz = 0; let mut clktck = 0; let mut hwcap = 0; let mut hwcap2 = 0; let mut execfn = null_mut(); let mut sysinfo_ehdr = null_mut(); #[cfg(feature = "runtime")] let mut secure = 0; #[cfg(feature = "runtime")] let mut phdr = null_mut(); #[cfg(feature = "runtime")] let mut phnum = 0; #[cfg(feature = "runtime")] let mut phent = 0; #[cfg(feature = "runtime")] let mut entry = 0; #[cfg(feature = "runtime")] let mut uid = None; #[cfg(feature = "runtime")] let mut euid = None; #[cfg(feature = "runtime")] let mut gid = None; #[cfg(feature = "runtime")] let mut egid = None; #[cfg(feature = "runtime")] let mut random = null_mut(); for Elf_auxv_t { a_type, a_val } in aux_iter { match a_type as _ { AT_PAGESZ => pagesz = a_val as usize, AT_CLKTCK => clktck = a_val as usize, AT_HWCAP => hwcap = a_val as usize, AT_HWCAP2 => hwcap2 = a_val as usize, AT_EXECFN => execfn = check_raw_pointer::(a_val as *mut _)?.as_ptr(), AT_SYSINFO_EHDR => sysinfo_ehdr = check_elf_base(a_val as *mut _)?.as_ptr(), AT_BASE => { // The `AT_BASE` value can be NULL in a static executable that // doesn't use a dynamic linker. If so, ignore it. if !a_val.is_null() { let _ = check_elf_base(a_val.cast())?; } } #[cfg(feature = "runtime")] AT_SECURE => secure = (a_val as usize != 0) as u8 + 1, #[cfg(feature = "runtime")] AT_UID => uid = Some(a_val), #[cfg(feature = "runtime")] AT_EUID => euid = Some(a_val), #[cfg(feature = "runtime")] AT_GID => gid = Some(a_val), #[cfg(feature = "runtime")] AT_EGID => egid = Some(a_val), #[cfg(feature = "runtime")] AT_PHDR => phdr = check_raw_pointer::(a_val as *mut _)?.as_ptr(), #[cfg(feature = "runtime")] AT_PHNUM => phnum = a_val as usize, #[cfg(feature = "runtime")] AT_PHENT => phent = a_val as usize, #[cfg(feature = "runtime")] AT_ENTRY => entry = a_val as usize, #[cfg(feature = "runtime")] AT_RANDOM => random = check_raw_pointer::<[u8; 16]>(a_val as *mut _)?.as_ptr(), AT_NULL => break, _ => (), } } #[cfg(feature = "runtime")] assert_eq!(phent, size_of::()); // If we're running set-uid or set-gid, enable “secure execution” mode, // which doesn't do much, but users may be depending on the things that // it does do. #[cfg(feature = "runtime")] if uid != euid || gid != egid { secure = 2; } // The base and sysinfo_ehdr (if present) matches our platform. Accept the // aux values. PAGE_SIZE.store(pagesz, Relaxed); CLOCK_TICKS_PER_SECOND.store(clktck, Relaxed); HWCAP.store(hwcap, Relaxed); HWCAP2.store(hwcap2, Relaxed); EXECFN.store(execfn, Relaxed); SYSINFO_EHDR.store(sysinfo_ehdr, Relaxed); #[cfg(feature = "runtime")] SECURE.store(secure, Relaxed); #[cfg(feature = "runtime")] PHDR.store(phdr, Relaxed); #[cfg(feature = "runtime")] PHNUM.store(phnum, Relaxed); #[cfg(feature = "runtime")] ENTRY.store(entry, Relaxed); #[cfg(feature = "runtime")] RANDOM.store(random, Relaxed); Some(()) } /// Check that `base` is a valid pointer to the kernel-provided vDSO. /// /// `base` is some value we got from a `AT_SYSINFO_EHDR` aux record somewhere, /// which hopefully holds the value of the kernel-provided vDSO in memory. Do a /// series of checks to be as sure as we can that it's safe to use. #[cold] #[must_use] unsafe fn check_elf_base(base: *const Elf_Ehdr) -> Option> { // If we're reading a 64-bit auxv on a 32-bit platform, we'll see a zero // `a_val` because `AT_*` values are never greater than `u32::MAX`. Zero is // used by libc's `getauxval` to indicate errors, so it should never be a // valid value. if base.is_null() { return None; } let hdr = match check_raw_pointer::(base as *mut _) { Some(hdr) => hdr, None => return None, }; let hdr = hdr.as_ref(); if hdr.e_ident[..SELFMAG] != ELFMAG { return None; // Wrong ELF magic } if !matches!(hdr.e_ident[EI_OSABI], ELFOSABI_SYSV | ELFOSABI_LINUX) { return None; // Unrecognized ELF OS ABI } if hdr.e_ident[EI_ABIVERSION] != ELFABIVERSION { return None; // Unrecognized ELF ABI version } if hdr.e_type != ET_DYN { return None; // Wrong ELF type } // If ELF is extended, we'll need to adjust. if hdr.e_ident[EI_VERSION] != EV_CURRENT || hdr.e_ehsize as usize != size_of::() || hdr.e_phentsize as usize != size_of::() { return None; } // We don't currently support extra-large numbers of segments. if hdr.e_phnum == PN_XNUM { return None; } // If `e_phoff` is zero, it's more likely that we're looking at memory that // has been zeroed than that the kernel has somehow aliased the `Ehdr` and // the `Phdr`. if hdr.e_phoff < size_of::() { return None; } // Verify that the `EI_CLASS`/`EI_DATA`/`e_machine` fields match the // architecture we're running as. This helps catch cases where we're // running under QEMU. if hdr.e_ident[EI_CLASS] != ELFCLASS { return None; // Wrong ELF class } if hdr.e_ident[EI_DATA] != ELFDATA { return None; // Wrong ELF data } if hdr.e_machine != EM_CURRENT { return None; // Wrong machine type } Some(NonNull::new_unchecked(as_ptr(hdr) as *mut _)) } // Aux reading utilities // Read auxv records from an array in memory. struct AuxPointer(*const Elf_auxv_t); impl Iterator for AuxPointer { type Item = Elf_auxv_t; #[cold] fn next(&mut self) -> Option { unsafe { let value = read_unaligned(self.0); self.0 = self.0.add(1); Some(value) } } } // Read auxv records from a file. #[cfg(not(feature = "alloc"))] struct AuxFile(OwnedFd); #[cfg(not(feature = "alloc"))] impl Iterator for AuxFile { type Item = Elf_auxv_t; // This implementation does lots of `read`s and it isn't amazing, but // hopefully we won't use it often. #[cold] fn next(&mut self) -> Option { let mut buf = [0_u8; size_of::()]; let mut slice = &mut buf[..]; while !slice.is_empty() { match crate::io::read(&self.0, slice) { Ok(0) => panic!("unexpected end of auxv file"), Ok(n) => slice = &mut slice[n..], Err(crate::io::Errno::INTR) => continue, Err(err) => panic!("{:?}", err), } } Some(unsafe { read_unaligned(buf.as_ptr().cast()) }) } }