-
Notifications
You must be signed in to change notification settings - Fork 71
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: David Gageot <david.gageot@docker.com>
- Loading branch information
Showing
16 changed files
with
1,211 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
92 changes: 92 additions & 0 deletions
92
...ildkit-direct-execve-v8.2/0001-linux-user-have-execve-call-qemu-via-proc-self-exe-t.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
From 43aea3054fcbae1bfbfbb90edf1e3b56f439066f Mon Sep 17 00:00:00 2001 | ||
From: CrazyMax <crazy-max@users.noreply.github.com> | ||
Date: Fri, 8 Sep 2023 10:47:29 +0200 | ||
Subject: [PATCH] linux-user: have execve call qemu via /proc/self/exe to not | ||
rely on binfmt_misc | ||
|
||
It is assumed that when a guest program calls execve syscall it wants to | ||
execute a program on the same guest architecture and not the host architecture. | ||
|
||
Previously, such a guest program would have execve syscall error out with: | ||
"exec format error". | ||
|
||
A common solution is to register the qemu binary in binfmt_misc but that is not a | ||
userland-friendly solution, requiring to modify kernel state. | ||
|
||
This patch injects /proc/self/exe as the first parameter and the qemu program name | ||
as argv[0] to execve. | ||
|
||
Signed-off-by: Tibor Vass <tibor@docker.com> | ||
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> | ||
--- | ||
linux-user/syscall.c | 44 +++++++++++++++++++++++++++++++------------- | ||
1 file changed, 31 insertions(+), 13 deletions(-) | ||
|
||
diff --git a/linux-user/syscall.c b/linux-user/syscall.c | ||
index 9ee124c583..6ed502eb6c 100644 | ||
--- a/linux-user/syscall.c | ||
+++ b/linux-user/syscall.c | ||
@@ -8442,10 +8442,37 @@ static int do_execv(CPUArchState *cpu_env, int dirfd, | ||
envc++; | ||
} | ||
|
||
- argp = g_new0(char *, argc + 1); | ||
+ argp = g_new0(char *, argc + 4); | ||
envp = g_new0(char *, envc + 1); | ||
|
||
- for (gp = guest_argp, q = argp; gp; gp += sizeof(abi_ulong), q++) { | ||
+ if (!(p = lock_user_string(pathname))) | ||
+ goto execve_efault; | ||
+ | ||
+ /* if pathname is /proc/self/exe then retrieve the path passed to qemu via command line */ | ||
+ if (is_proc_myself(p, "exe")) { | ||
+ CPUState *cpu = env_cpu((CPUArchState *)cpu_env); | ||
+ TaskState *ts = cpu->opaque; | ||
+ p = ts->bprm->filename; | ||
+ } | ||
+ | ||
+ /* retrieve guest argv0 */ | ||
+ if (get_user_ual(addr, guest_argp)) | ||
+ goto execve_efault; | ||
+ | ||
+ /* | ||
+ * From the guest, the call | ||
+ * execve(pathname, [argv0, argv1], envp) | ||
+ * on the host, becomes: | ||
+ * execve("/proc/self/exe", [qemu_progname, "-0", argv0, pathname, argv1], envp) | ||
+ * where qemu_progname is the error message prefix for qemu | ||
+ */ | ||
+ argp[0] = (char*)error_get_progname(); | ||
+ argp[1] = (char*)"-0"; | ||
+ argp[2] = (char*)lock_user_string(addr); | ||
+ argp[3] = p; | ||
+ | ||
+ /* copy guest argv1 onwards to host argv4 onwards */ | ||
+ for (gp = guest_argp + 1*sizeof(abi_ulong), q = argp + 4; gp; gp += sizeof(abi_ulong), q++) { | ||
if (get_user_ual(addr, gp)) { | ||
goto execve_efault; | ||
} | ||
@@ -8484,18 +8511,9 @@ static int do_execv(CPUArchState *cpu_env, int dirfd, | ||
* before the execve completes and makes it the other | ||
* program's problem. | ||
*/ | ||
- p = lock_user_string(pathname); | ||
- if (!p) { | ||
- goto execve_efault; | ||
- } | ||
- | ||
- const char *exe = p; | ||
- if (is_proc_myself(p, "exe")) { | ||
- exe = exec_path; | ||
- } | ||
ret = is_execveat | ||
- ? safe_execveat(dirfd, exe, argp, envp, flags) | ||
- : safe_execve(exe, argp, envp); | ||
+ ? safe_execveat(dirfd, "/proc/self/exe", argp, envp, flags) | ||
+ : safe_execve("/proc/self/exe", argp, envp); | ||
ret = get_errno(ret); | ||
|
||
unlock_user(p, pathname, 0); | ||
-- | ||
2.34.0 | ||
|
76 changes: 76 additions & 0 deletions
76
patches/buildkit-direct-execve-v8.2/0002-linux-user-lookup-user-program-in-PATH.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
From d83023eb7a0574cad224c7d88ac8dcf9d745afa3 Mon Sep 17 00:00:00 2001 | ||
From: Tibor Vass <tibor@docker.com> | ||
Date: Tue, 2 Jun 2020 10:39:48 +0000 | ||
Subject: [PATCH] linux-user: lookup user program in PATH | ||
|
||
Signed-off-by: Tibor Vass <tibor@docker.com> | ||
--- | ||
linux-user/main.c | 45 ++++++++++++++++++++++++++++++++++++++++++++- | ||
1 file changed, 44 insertions(+), 1 deletion(-) | ||
|
||
diff --git a/linux-user/main.c b/linux-user/main.c | ||
index fbc9bcfd5f..30f163de81 100644 | ||
--- a/linux-user/main.c | ||
+++ b/linux-user/main.c | ||
@@ -558,6 +558,45 @@ static void usage(int exitcode) | ||
exit(exitcode); | ||
} | ||
|
||
+/* | ||
+ * path_lookup searches for an executable filename in the directories named by the PATH environment variable. | ||
+ * Returns a copy of filename if it is an absolute path or could not find a match. | ||
+ * Caller is responsible to free returned string. | ||
+ * Adapted from musl's execvp implementation. | ||
+ */ | ||
+static char *path_lookup(char *filename) { | ||
+ const char *p, *z, *path = getenv("PATH"); | ||
+ size_t l, k; | ||
+ struct stat buf; | ||
+ | ||
+ /* if PATH is not set or filename is absolute path return filename */ | ||
+ if (!path || !filename || filename[0] == '/') | ||
+ return strndup(filename, NAME_MAX+1); | ||
+ | ||
+ k = strnlen(filename, NAME_MAX+1); | ||
+ if (k > NAME_MAX) { | ||
+ errno = ENAMETOOLONG; | ||
+ return NULL; | ||
+ } | ||
+ l = strnlen(path, PATH_MAX-1)+1; | ||
+ | ||
+ for (p = path; ; p = z) { | ||
+ char *b = calloc(l+k+1, sizeof(char)); | ||
+ z = strchrnul(p, ':'); | ||
+ if (z-p >= l) { | ||
+ if (!*z++) break; | ||
+ continue; | ||
+ } | ||
+ memcpy(b, p, z-p); | ||
+ b[z-p] = '/'; | ||
+ memcpy(b+(z-p)+(z>p), filename, k+1); | ||
+ if (!stat(b, &buf) && !(buf.st_mode & S_IFDIR) && (buf.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH))) | ||
+ return b; | ||
+ if (!*z++) break; | ||
+ } | ||
+ return strndup(filename, NAME_MAX+1); | ||
+} | ||
+ | ||
static int parse_args(int argc, char **argv) | ||
{ | ||
const char *r; | ||
@@ -623,7 +662,11 @@ static int parse_args(int argc, char **argv) | ||
exit(EXIT_FAILURE); | ||
} | ||
|
||
- exec_path = argv[optind]; | ||
+ /* not freeing exec_path as it is needed for the lifetime of the process */ | ||
+ if (!(exec_path = path_lookup(argv[optind]))) { | ||
+ (void) fprintf(stderr, "qemu: could not find user program %s: %s\n", exec_path, strerror(errno)); | ||
+ exit(EXIT_FAILURE); | ||
+ } | ||
|
||
return optind; | ||
} | ||
-- | ||
2.34.0 | ||
|
103 changes: 103 additions & 0 deletions
103
...ildkit-direct-execve-v8.2/0003-linux-user-path-in-execve-should-be-relative-to-work.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,103 @@ | ||
From 8fd15aa673a7241f8aeeb64fff5633b973913ae3 Mon Sep 17 00:00:00 2001 | ||
From: CrazyMax <crazy-max@users.noreply.github.com> | ||
Date: Wed, 3 May 2023 20:54:37 +0200 | ||
Subject: [PATCH] linux-user: path in execve should be relative to working dir | ||
|
||
Fixes regression introduced in parent commit where PATH handling was introduced. | ||
|
||
When guest calls execve(filename, argp, envp) filename can be relative in which | ||
case Linux makes it relative to the working directory. | ||
|
||
However, since execve is now handled by exec-ing qemu process again, filename | ||
would first get looked up in PATH in main() before calling host's execve. | ||
|
||
With this change, if filename is relative and exists in working directory as | ||
well as in PATH, working directory will get precedence over PATH if guest is | ||
doing an execve syscall, but not if relative filename comes from qemu's argv. | ||
|
||
Signed-off-by: Tibor Vass <tibor@docker.com> | ||
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> | ||
--- | ||
include/qemu/path.h | 1 + | ||
linux-user/syscall.c | 9 +++++++-- | ||
util/path.c | 32 ++++++++++++++++++++++++++++++++ | ||
3 files changed, 40 insertions(+), 2 deletions(-) | ||
|
||
diff --git a/include/qemu/path.h b/include/qemu/path.h | ||
index c6292a9709..a81fb51e1f 100644 | ||
--- a/include/qemu/path.h | ||
+++ b/include/qemu/path.h | ||
@@ -3,5 +3,6 @@ | ||
|
||
void init_paths(const char *prefix); | ||
const char *path(const char *pathname); | ||
+const char *prepend_workdir_if_relative(const char *path); | ||
|
||
#endif | ||
diff --git a/linux-user/syscall.c b/linux-user/syscall.c | ||
index 947af70611..0ce9f207be 100644 | ||
--- a/linux-user/syscall.c | ||
+++ b/linux-user/syscall.c | ||
@@ -8444,12 +8444,17 @@ static int do_execveat(CPUArchState *cpu_env, int dirfd, | ||
* execve(pathname, [argv0, argv1], envp) | ||
* on the host, becomes: | ||
* execve("/proc/self/exe", [qemu_progname, "-0", argv0, pathname, argv1], envp) | ||
- * where qemu_progname is the error message prefix for qemu | ||
+ * where qemu_progname is the error message prefix for qemu. | ||
+ * Note: if pathname is relative, it will be prepended with the current working directory. | ||
*/ | ||
argp[0] = (char*)error_get_progname(); | ||
argp[1] = (char*)"-0"; | ||
argp[2] = (char*)lock_user_string(addr); | ||
- argp[3] = p; | ||
+ argp[3] = (char*)prepend_workdir_if_relative(p); | ||
+ if (!argp[3]) { | ||
+ ret = -host_to_target_errno(errno); | ||
+ goto execve_end; | ||
+ } | ||
|
||
/* copy guest argv1 onwards to host argv4 onwards */ | ||
for (gp = guest_argp + 1*sizeof(abi_ulong), q = argp + 4; gp; gp += sizeof(abi_ulong), q++) { | ||
diff --git a/util/path.c b/util/path.c | ||
index 8e174eb436..06fe2663b8 100644 | ||
--- a/util/path.c | ||
+++ b/util/path.c | ||
@@ -68,3 +68,35 @@ const char *path(const char *name) | ||
qemu_mutex_unlock(&lock); | ||
return ret; | ||
} | ||
+ | ||
+/* Prepends working directory if path is relative. | ||
+ * If path is absolute, it is returned as-is without any allocation. | ||
+ * Otherwise, caller is responsible to free returned path. | ||
+ * Returns NULL and sets errno upon error. | ||
+ * Note: realpath is not called to let the kernel do the rest of the resolution. | ||
+ */ | ||
+const char *prepend_workdir_if_relative(const char *path) | ||
+{ | ||
+ char buf[PATH_MAX]; | ||
+ char *p; | ||
+ int i, j, k; | ||
+ | ||
+ if (!path || path[0] == '/') return path; | ||
+ | ||
+ if (!getcwd(buf, PATH_MAX)) return NULL; | ||
+ i = strlen(buf); | ||
+ j = strlen(path); | ||
+ k = i + 1 + j + 1; /* workdir + '/' + path + '\0' */ | ||
+ if (i + j > PATH_MAX) { | ||
+ errno = ERANGE; | ||
+ return NULL; | ||
+ } | ||
+ if (!(p = malloc(k * sizeof(char*)))) return NULL; | ||
+ | ||
+ p[0] = '\0'; | ||
+ | ||
+ if (!strncat(p, buf, i)) return NULL; | ||
+ if (!strncat(p, "/", 1)) return NULL; | ||
+ if (!strncat(p, path, j)) return NULL; | ||
+ return p; | ||
+} | ||
-- | ||
2.34.0 | ||
|
Oops, something went wrong.