1 // Copyright 2016 The Fuchsia Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #pragma once 6 7 #include <zircon/compiler.h> 8 #include <zircon/types.h> 9 10 #include <stdbool.h> 11 #include <stddef.h> 12 #include <stdint.h> 13 14 __BEGIN_CDECLS 15 16 // Opaque type representing launchpad state. 17 // Use of this object is not thread-safe. 18 typedef struct launchpad launchpad_t; 19 20 // API OVERVIEW 21 // ------------------------------------------------------------- 22 // 23 // Launchpad is designed to be used like this: 24 // launchpad_t* lp; 25 // launchpad_create(job, "processname", &lp); 26 // launchpad_load_from_file(lp, argv[0]); 27 // launchpad_set_args(lp, argc, argv); 28 // launchpad_set_environ(lp, env); 29 // << other launchpad_*() calls to setup initial fds, handles, etc >> 30 // zx_handle_t proc; 31 // const char* errmsg; 32 // zx_status_t status = launchpad_go(lp, &proc, &errmsg); 33 // if (status < 0) 34 // printf("launchpad failed: %s: %d\n", errmsg, status); 35 // 36 // If any of the calls leading up to launchpad_go(), including 37 // launchpad_create() itself fail, launchpad_go() will return 38 // an error, and (if errmsg is non-NULL) provide a human-readable 39 // descriptive string. 40 // If proc is NULL, the process handle is closed for you. 41 // 42 // There are alternative versions of launchpad_create_*() which 43 // provide more options, various simple and complex alternatives to 44 // launchpad_load_*(), and a variety of functions to configure fds, 45 // handles, etc, which are passed to the new process. They are 46 // described in detail below. 47 48 49 // CREATION: one launchpad_create*() below must be called to create 50 // a launchpad before any other operations may be one with it. 51 // ---------------------------------------------------------------- 52 53 // Create a new process and a launchpad that will set it up. 54 // The job handle is used for creation of the process, but is not 55 // taken ownership of or closed. 56 // 57 // If the job handle is 0 (ZX_HANDLE_INVALID), the default job for 58 // the running process is used, if it exists (zx_job_default()). 59 // 60 // Unless the new process is provided with a job handle, at time 61 // of launch or later, it will not be able to create any more 62 // processes. 63 zx_status_t launchpad_create(zx_handle_t job, const char* name, 64 launchpad_t** lp); 65 66 // Create a new process and a launchpad that will set it up. 67 // The creation_job handle is used to create the process but is 68 // not taken ownership of or closed. 69 // 70 // The transferred_job handle is optional. If non-zero, it is 71 // consumed by the launchpad and will be passed to the new process 72 // on successful launch or closed on failure. 73 zx_status_t launchpad_create_with_jobs(zx_handle_t creation_job, 74 zx_handle_t transferred_job, 75 const char* name, 76 launchpad_t** result); 77 78 // Create a new launchpad for a given existing process handle and 79 // its root VMAR handle. On success, the launchpad takes ownership 80 // of both handles. 81 zx_status_t launchpad_create_with_process(zx_handle_t proc, 82 zx_handle_t vmar, 83 launchpad_t** result); 84 85 86 // LAUNCHING or ABORTING: 87 // ---------------------------------------------------------------- 88 89 // If none of the launchpad_*() calls against this launchpad have failed, 90 // and launchpad_abort() has not been called, this will attempt to complete 91 // the launch of the process. 92 // 93 // If proc is NULL, the process handle is closed instead of returned. 94 // If errmsg is non-NULL, the human readable status string is returned. 95 // 96 // The launchpad is destroyed (via launchpad_destroy()) before this returns, 97 // all resources are reclaimed, handles are closed, and may not be accessed 98 // again. 99 zx_status_t launchpad_go(launchpad_t* lp, zx_handle_t* proc, const char** errmsg); 100 101 // Out parameters for |launchpad_ready_set|. 102 // 103 // This structure matches fuchsia.process.StartData. Once launchpad is no longer 104 // exported in the SDK, we can switch to using that struct directly. 105 // 106 // When using |launchpad_ready_set|, complete the process launch by passing 107 // these parameters to |zx_process_start|. 108 typedef struct launchpad_start_data { 109 // The process that was created. 110 zx_handle_t process; 111 112 // The vmar object that was created when the process was created. 113 zx_handle_t root_vmar; 114 115 // The initial thread for the process. 116 zx_handle_t thread; 117 118 // The address of the initial entry point in the process. 119 zx_vaddr_t entry; 120 121 // The stack pointer value for the initial thread of the process. 122 zx_vaddr_t sp; 123 124 // The bootstrap channel to pass to the process on startup. 125 zx_handle_t bootstrap; 126 127 // The base address of the vDSO to pass to the process on startup. 128 zx_vaddr_t vdso_base; 129 130 // The base load address of the the ELF file loaded. 131 zx_vaddr_t base; 132 } launchpad_start_data_t; 133 134 // If none of the launchpad_*() calls against this launchpad have failed, 135 // and launchpad_abort() has not been called, this will attempt to prepare 136 // the process to be started. 137 // 138 // Upon success, you can complete the process launch by calling 139 // |zx_process_start| with the data returned via |launchpad_start_data_t|. 140 // 141 // |data_out| must not be NULL. 142 // |errmsg_out| may be NULL. 143 // 144 // If the call succeeds, the caller owns all the handles returned via 145 // |launchpad_start_data_t|. 146 // 147 // The launchpad is destroyed (via launchpad_destroy()) before this returns, 148 // all resources are reclaimed, handles are closed, and may not be accessed 149 // again. 150 zx_status_t launchpad_ready_set(launchpad_t* lp, 151 launchpad_start_data_t* data_out, 152 const char** errmsg_out); 153 154 // Clean up a launchpad_t, freeing all resources stored therein. 155 // TODO(mcgrathr): Currently this closes the process handle but does 156 // not kill a process that hasn't been started yet. 157 void launchpad_destroy(launchpad_t* lp); 158 159 // This ensures that the launchpad will not be launchable and 160 // any calls to launchpad_go() will fail. 161 // If it is not already in an error state, the error state is 162 // set to status, and errmsg is set to msg. 163 // If status is non-negative, it is interpreted as ZX_ERR_INTERNAL. 164 void launchpad_abort(launchpad_t* lp, zx_status_t status, const char* msg); 165 166 // If any launchpad_*() call against this lp has failed, this returns 167 // a human-readable detailed message describing the failure that may 168 // assist in debugging. 169 const char* launchpad_error_message(launchpad_t* lp); 170 zx_status_t launchpad_get_status(launchpad_t* lp); 171 172 173 // SIMPLIFIED BINARY LOADING 174 // These functions are convenience wrappers around the more powerful 175 // Advanced Binary Loading functions described below. They cover the 176 // most common use cases. 177 // ------------------------------------------------------------------- 178 179 // Load an ELF PIE binary from path 180 zx_status_t launchpad_load_from_file(launchpad_t* lp, const char* path); 181 182 // Load an ELF PIE binary from fd 183 zx_status_t launchpad_load_from_fd(launchpad_t* lp, int fd); 184 185 // Load an ELF PIE binary from vmo 186 zx_status_t launchpad_load_from_vmo(launchpad_t* lp, zx_handle_t vmo); 187 188 189 // ADDING ARGUMENTS, ENVIRONMENT, AND HANDLES 190 // These functions setup arguments, environment, or handles to be 191 // passed to the new process via the processargs protocol. 192 // --------------------------------------------------------------------- 193 194 // Set the arguments, environment, or nametable to be passed in the 195 // bootstrap message. All the strings are copied into the launchpad 196 // by this call, with no pointers to these argument strings retained. 197 // Successive calls replace the previous values. 198 zx_status_t launchpad_set_args(launchpad_t* lp, 199 int argc, const char* const* argv); 200 zx_status_t launchpad_set_environ(launchpad_t* lp, const char* const* envp); 201 zx_status_t launchpad_set_nametable(launchpad_t* lp, 202 size_t count, const char* const* names); 203 204 205 // Add one or more handles to be passed in the bootstrap message. 206 // The launchpad takes ownership of the handles; they will be closed 207 // by launchpad_destroy or transferred by launchpad_go. 208 // Successive calls append more handles. The list of handles to 209 // send is cleared only by a successful launchpad_go call. 210 // It is an error to add a handle of 0 (ZX_HANDLE_INVALID) 211 zx_status_t launchpad_add_handle(launchpad_t* lp, zx_handle_t h, uint32_t id); 212 zx_status_t launchpad_add_handles(launchpad_t* lp, size_t n, 213 const zx_handle_t h[], const uint32_t id[]); 214 215 // ADDING FDIO FILE DESCRIPTORS 216 // These functions configure the initial file descriptors, root directory, 217 // and current working directory for processes which use libfdio for the 218 // posix-style io api (open/close/read/write/...) 219 // -------------------------------------------------------------------- 220 221 222 // This function allows some or all of the environment of the 223 // running process to be shared with the process being launched. 224 // The items shared are as of the call to launchpad_clone(). 225 // 226 // CLONE_FDIO_NAMESPACE shares the filestem namespace 227 // CLONE_FDIO_STDIO shares file descriptors 0, 1, and 2 228 // CLONE_ENVIRON shares the environment 229 // CLONE_JOB shares the default job (if one exists) 230 // 231 // It is *not* an error if any of the above requested items don't 232 // exist (eg, fd0 is closed) 233 // 234 // launchpad_clone_fd() and launchpad_transfer_fd() may be used to 235 // add additional file descriptors to the launched process. 236 #define LP_CLONE_FDIO_NAMESPACE (0x0001u) 237 #define LP_CLONE_FDIO_STDIO (0x0004u) 238 #define LP_CLONE_FDIO_ALL (0x00FFu) 239 #define LP_CLONE_ENVIRON (0x0100u) 240 #define LP_CLONE_DEFAULT_JOB (0x0200u) 241 #define LP_CLONE_ALL (0xFFFFu) 242 243 zx_status_t launchpad_clone(launchpad_t* lp, uint32_t what); 244 245 246 // Attempt to duplicate local descriptor fd into target_fd in the 247 // new process. Returns ZX_ERR_BAD_HANDLE if fd is not a valid fd, or 248 // ZX_ERR_NOT_SUPPORTED if it's not possible to transfer this fd. 249 zx_status_t launchpad_clone_fd(launchpad_t* lp, int fd, int target_fd); 250 251 // Attempt to transfer local descriptor fd into target_fd in the 252 // new process. Returns ZX_ERR_BAD_HANDLE if fd is not a valid fd, 253 // ERR_UNAVILABLE if fd has been duplicated or is in use in an 254 // io operation, or ZX_ERR_NOT_SUPPORTED if it's not possible to transfer 255 // this fd. 256 // Upon success, from the point of view of the calling process, the fd 257 // will appear to have been closed. The underlying "file" will continue 258 // to exist until launch succeeds (and it is transferred) or fails (and 259 // it is destroyed). 260 zx_status_t launchpad_transfer_fd(launchpad_t* lp, int fd, int target_fd); 261 262 // Attempt to create a pipe and install one end of that pipe as 263 // target_fd in the new process and return the other end (if 264 // successful) via the fd_out parameter. 265 zx_status_t launchpad_add_pipe(launchpad_t* lp, int* fd_out, int target_fd); 266 267 268 // ACCESSORS for internal state 269 // -------------------------------------------------------------------- 270 271 // Fetch the process handle. The launchpad still owns this handle 272 // and callers must not close it or transfer it away. 273 zx_handle_t launchpad_get_process_handle(launchpad_t* lp); 274 275 // Fetch the process's root VMAR handle. The launchpad still owns this handle 276 // and callers must not close it or transfer it away. 277 zx_handle_t launchpad_get_root_vmar_handle(launchpad_t* lp); 278 279 280 // ADVANCED BINARY LOADING 281 // These functions provide advanced control over binary loading. 282 // ------------------------------------------------------------------- 283 284 // Map in the PT_LOAD segments of the ELF file image found in a VM 285 // object. If the file has a PT_GNU_STACK program header with a 286 // nonzero p_memsz field, this calls launchpad_set_stack_size with 287 // that value. This does not check the file for a PT_INTERP program 288 // header. This consumes the VM object. 289 // If the 'vmo' argument is a negative error code rather 290 // than a handle, that result is just returned immediately; so this 291 // can be passed the result of <launchpad/vmo.h> functions without 292 // separate error checking. 293 zx_status_t launchpad_elf_load_basic(launchpad_t* lp, zx_handle_t vmo); 294 295 // Do general loading of the ELF file image found in a VM object. 296 // The interface follows the same rules as launchpad_elf_load_basic. 297 // If the file has no PT_INTERP program header, this behaves the 298 // same as launchpad_elf_load_basic. If the file has a PT_INTERP 299 // string, that string is looked up via the loader service and the 300 // resulting VM object is loaded instead of the handle passed here, 301 // which is instead transferred to the dynamic linker in the 302 // bootstrap message. 303 zx_status_t launchpad_elf_load(launchpad_t* lp, zx_handle_t vmo); 304 305 // Load an extra ELF file image into the process. This is similar 306 // to launchpad_elf_load_basic, but it does not consume the VM 307 // object handle, does affect the state of the launchpad's 308 // send_loader_message flag, and does not set the entrypoint 309 // returned by launchpad_get_entry_address and used by 310 // launchpad_go. Instead, if base is not NULL, it's filled with 311 // the address at which the image was loaded; if entry is not NULL, 312 // it's filled with the image's entrypoint address. 313 zx_status_t launchpad_elf_load_extra(launchpad_t* lp, zx_handle_t vmo, 314 zx_vaddr_t* base, zx_vaddr_t* entry); 315 316 // Load an executable file into memory. If the file is an ELF file, it 317 // will be loaded as per launchpad_elf_load. If it is a script (the 318 // first two characters are "#!"), the next sequence of non-whitespace 319 // characters in the file specify the name of an interpreter that will 320 // be loaded instead, using the loader service RPC. Any text that 321 // follows the interpreter specification on the first line will be passed 322 // as the first argument to the interpreter, followed by all of the 323 // original argv arguments (which includes the script name in argv[0]). 324 // The length of the first line of an interpreted script may not exceed 325 // 127 characters, or ZX_ERR_NOT_FOUND will be returned. If an invalid vmo 326 // handle is passed, ZX_ERR_INVALID_ARGS will be returned. 327 zx_status_t launchpad_file_load(launchpad_t* lp, zx_handle_t vmo); 328 329 // The maximum length of the first line of a file that specifies an 330 // interpreter, using the #! syntax. 331 #define LP_MAX_INTERP_LINE_LEN 127 332 333 // The maximum levels of indirection allowed in script execution. 334 #define LP_MAX_SCRIPT_NEST_LEVEL 5 335 336 // Discover the entry-point address after a successful call to 337 // launchpad_elf_load or launchpad_elf_load_basic. This can be used 338 // in zx_process_start directly rather than calling launchpad_go, 339 // to bypass sending the standard startup message. 340 zx_status_t launchpad_get_entry_address(launchpad_t* lp, zx_vaddr_t* entry); 341 342 // Return the base address after a successful call to 343 // launchpad_elf_load or launchpad_elf_load_basic. 344 zx_status_t launchpad_get_base_address(launchpad_t* lp, zx_vaddr_t* base); 345 346 // Set the flag saying whether to send an initial bootstrap message 347 // for the dynamic linker, and return the old value of the flag. 348 // This flag is always cleared by launchpad_elf_load_basic and by a 349 // launchpad_go call that succeeds in sending the message (even 350 // if it later fails to send the main bootstrap message or fails to 351 // start the process). It's set or cleared by launchpad_elf_load 352 // depending on whether the file has a PT_INTERP program header. 353 bool launchpad_send_loader_message(launchpad_t* lp, bool do_send); 354 355 // Set the handle to the loader service to be used when required, 356 // and transferred in the initial bootstrap message to the dynamic 357 // linker. This consumes the handle passed, and returns the old 358 // handle (passing ownership of it to the caller). If no handle has 359 // been explicitly specified when launchpad_elf_load encounters a 360 // PT_INTERP header, it will launch fdio_loader_service and install 361 // that handle (after using it to look up the PT_INTERP string). 362 zx_handle_t launchpad_use_loader_service(launchpad_t* lp, zx_handle_t svc); 363 364 // This duplicates the globally-held VM object handle for the system 365 // vDSO. The return value is that of zx_handle_duplicate. If 366 // launchpad_set_vdso_vmo has been called with a valid handle, this 367 // just duplicates the handle passed in the last call. Otherwise, 368 // the first time the system vDSO is needed it's fetched with 369 // zx_take_startup_handle. 370 zx_status_t launchpad_get_vdso_vmo(zx_handle_t* out); 371 372 // Replace the globally-held VM object handle for the system vDSO. 373 // This takes ownership of the given handle, and returns the old 374 // handle, of which the caller takes ownership. It does not check 375 // the handle for validity. If ZX_HANDLE_INVALID is passed here, 376 // then the next time the system vDSO is needed it will be fetched 377 // with zx_take_startup_handle as if it were the first time. If 378 // the system vDSO has not been needed before this call, then the 379 // return value will be ZX_HANDLE_INVALID. 380 zx_handle_t launchpad_set_vdso_vmo(zx_handle_t vmo); 381 382 // Add the VM object handle for the system vDSO to the launchpad, so 383 // the launched process will be able to load it into its own 384 // children. This is just shorthand for launchpad_add_handle with 385 // the handle returned by launchpad_get_vdso_vmo. 386 zx_status_t launchpad_add_vdso_vmo(launchpad_t* lp); 387 388 // Load the system vDSO into the launchpad's nascent process. The 389 // given handle is not consumed. If given ZX_HANDLE_INVALID, this 390 // uses the VM object that launchpad_get_vdso_vmo would return 391 // instead. This just calls launchpad_elf_load_extra to do the 392 // loading, and records the vDSO's base address for launchpad_go 393 // to pass to the new process's initial thread. 394 zx_status_t launchpad_load_vdso(launchpad_t* lp, zx_handle_t vmo); 395 396 // Set the size of the initial thread's stack, and return the old setting. 397 // The initial setting after launchpad_create is a system default. 398 // If this is passed zero, then there will be no stack allocated. 399 // Otherwise, the size passed is rounded up to a multiple of the page size. 400 size_t launchpad_set_stack_size(launchpad_t* lp, size_t new_size); 401 402 __END_CDECLS 403