• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2001 - 2007 Jeff Dike (jdike@{addtoit,linux.intel}.com)
3  * Licensed under the GPL
4  */
5 
6 #include <linux/mm.h>
7 #include <linux/sched.h>
8 #include <linux/slab.h>
9 #include <linux/syscalls.h>
10 #include <linux/uaccess.h>
11 #include <asm/unistd.h>
12 #include <os.h>
13 #include <skas.h>
14 #include <sysdep/tls.h>
15 
modify_ldt(int func,void * ptr,unsigned long bytecount)16 static inline int modify_ldt (int func, void *ptr, unsigned long bytecount)
17 {
18 	return syscall(__NR_modify_ldt, func, ptr, bytecount);
19 }
20 
write_ldt_entry(struct mm_id * mm_idp,int func,struct user_desc * desc,void ** addr,int done)21 static long write_ldt_entry(struct mm_id *mm_idp, int func,
22 		     struct user_desc *desc, void **addr, int done)
23 {
24 	long res;
25 	void *stub_addr;
26 
27 	BUILD_BUG_ON(sizeof(*desc) % sizeof(long));
28 
29 	res = syscall_stub_data(mm_idp, (unsigned long *)desc,
30 				sizeof(*desc) / sizeof(long),
31 				addr, &stub_addr);
32 	if (!res) {
33 		unsigned long args[] = { func,
34 					 (unsigned long)stub_addr,
35 					 sizeof(*desc),
36 					 0, 0, 0 };
37 		res = run_syscall_stub(mm_idp, __NR_modify_ldt, args,
38 				       0, addr, done);
39 	}
40 
41 	return res;
42 }
43 
44 /*
45  * In skas mode, we hold our own ldt data in UML.
46  * Thus, the code implementing sys_modify_ldt_skas
47  * is very similar to (and mostly stolen from) sys_modify_ldt
48  * for arch/i386/kernel/ldt.c
49  * The routines copied and modified in part are:
50  * - read_ldt
51  * - read_default_ldt
52  * - write_ldt
53  * - sys_modify_ldt_skas
54  */
55 
read_ldt(void __user * ptr,unsigned long bytecount)56 static int read_ldt(void __user * ptr, unsigned long bytecount)
57 {
58 	int i, err = 0;
59 	unsigned long size;
60 	uml_ldt_t *ldt = &current->mm->context.arch.ldt;
61 
62 	if (!ldt->entry_count)
63 		goto out;
64 	if (bytecount > LDT_ENTRY_SIZE*LDT_ENTRIES)
65 		bytecount = LDT_ENTRY_SIZE*LDT_ENTRIES;
66 	err = bytecount;
67 
68 	mutex_lock(&ldt->lock);
69 	if (ldt->entry_count <= LDT_DIRECT_ENTRIES) {
70 		size = LDT_ENTRY_SIZE*LDT_DIRECT_ENTRIES;
71 		if (size > bytecount)
72 			size = bytecount;
73 		if (copy_to_user(ptr, ldt->u.entries, size))
74 			err = -EFAULT;
75 		bytecount -= size;
76 		ptr += size;
77 	}
78 	else {
79 		for (i=0; i<ldt->entry_count/LDT_ENTRIES_PER_PAGE && bytecount;
80 		     i++) {
81 			size = PAGE_SIZE;
82 			if (size > bytecount)
83 				size = bytecount;
84 			if (copy_to_user(ptr, ldt->u.pages[i], size)) {
85 				err = -EFAULT;
86 				break;
87 			}
88 			bytecount -= size;
89 			ptr += size;
90 		}
91 	}
92 	mutex_unlock(&ldt->lock);
93 
94 	if (bytecount == 0 || err == -EFAULT)
95 		goto out;
96 
97 	if (clear_user(ptr, bytecount))
98 		err = -EFAULT;
99 
100 out:
101 	return err;
102 }
103 
read_default_ldt(void __user * ptr,unsigned long bytecount)104 static int read_default_ldt(void __user * ptr, unsigned long bytecount)
105 {
106 	int err;
107 
108 	if (bytecount > 5*LDT_ENTRY_SIZE)
109 		bytecount = 5*LDT_ENTRY_SIZE;
110 
111 	err = bytecount;
112 	/*
113 	 * UML doesn't support lcall7 and lcall27.
114 	 * So, we don't really have a default ldt, but emulate
115 	 * an empty ldt of common host default ldt size.
116 	 */
117 	if (clear_user(ptr, bytecount))
118 		err = -EFAULT;
119 
120 	return err;
121 }
122 
write_ldt(void __user * ptr,unsigned long bytecount,int func)123 static int write_ldt(void __user * ptr, unsigned long bytecount, int func)
124 {
125 	uml_ldt_t *ldt = &current->mm->context.arch.ldt;
126 	struct mm_id * mm_idp = &current->mm->context.id;
127 	int i, err;
128 	struct user_desc ldt_info;
129 	struct ldt_entry entry0, *ldt_p;
130 	void *addr = NULL;
131 
132 	err = -EINVAL;
133 	if (bytecount != sizeof(ldt_info))
134 		goto out;
135 	err = -EFAULT;
136 	if (copy_from_user(&ldt_info, ptr, sizeof(ldt_info)))
137 		goto out;
138 
139 	err = -EINVAL;
140 	if (ldt_info.entry_number >= LDT_ENTRIES)
141 		goto out;
142 	if (ldt_info.contents == 3) {
143 		if (func == 1)
144 			goto out;
145 		if (ldt_info.seg_not_present == 0)
146 			goto out;
147 	}
148 
149 	mutex_lock(&ldt->lock);
150 
151 	err = write_ldt_entry(mm_idp, func, &ldt_info, &addr, 1);
152 	if (err)
153 		goto out_unlock;
154 
155 	if (ldt_info.entry_number >= ldt->entry_count &&
156 	    ldt_info.entry_number >= LDT_DIRECT_ENTRIES) {
157 		for (i=ldt->entry_count/LDT_ENTRIES_PER_PAGE;
158 		     i*LDT_ENTRIES_PER_PAGE <= ldt_info.entry_number;
159 		     i++) {
160 			if (i == 0)
161 				memcpy(&entry0, ldt->u.entries,
162 				       sizeof(entry0));
163 			ldt->u.pages[i] = (struct ldt_entry *)
164 				__get_free_page(GFP_KERNEL|__GFP_ZERO);
165 			if (!ldt->u.pages[i]) {
166 				err = -ENOMEM;
167 				/* Undo the change in host */
168 				memset(&ldt_info, 0, sizeof(ldt_info));
169 				write_ldt_entry(mm_idp, 1, &ldt_info, &addr, 1);
170 				goto out_unlock;
171 			}
172 			if (i == 0) {
173 				memcpy(ldt->u.pages[0], &entry0,
174 				       sizeof(entry0));
175 				memcpy(ldt->u.pages[0]+1, ldt->u.entries+1,
176 				       sizeof(entry0)*(LDT_DIRECT_ENTRIES-1));
177 			}
178 			ldt->entry_count = (i + 1) * LDT_ENTRIES_PER_PAGE;
179 		}
180 	}
181 	if (ldt->entry_count <= ldt_info.entry_number)
182 		ldt->entry_count = ldt_info.entry_number + 1;
183 
184 	if (ldt->entry_count <= LDT_DIRECT_ENTRIES)
185 		ldt_p = ldt->u.entries + ldt_info.entry_number;
186 	else
187 		ldt_p = ldt->u.pages[ldt_info.entry_number/LDT_ENTRIES_PER_PAGE] +
188 			ldt_info.entry_number%LDT_ENTRIES_PER_PAGE;
189 
190 	if (ldt_info.base_addr == 0 && ldt_info.limit == 0 &&
191 	   (func == 1 || LDT_empty(&ldt_info))) {
192 		ldt_p->a = 0;
193 		ldt_p->b = 0;
194 	}
195 	else{
196 		if (func == 1)
197 			ldt_info.useable = 0;
198 		ldt_p->a = LDT_entry_a(&ldt_info);
199 		ldt_p->b = LDT_entry_b(&ldt_info);
200 	}
201 	err = 0;
202 
203 out_unlock:
204 	mutex_unlock(&ldt->lock);
205 out:
206 	return err;
207 }
208 
do_modify_ldt_skas(int func,void __user * ptr,unsigned long bytecount)209 static long do_modify_ldt_skas(int func, void __user *ptr,
210 			       unsigned long bytecount)
211 {
212 	int ret = -ENOSYS;
213 
214 	switch (func) {
215 		case 0:
216 			ret = read_ldt(ptr, bytecount);
217 			break;
218 		case 1:
219 		case 0x11:
220 			ret = write_ldt(ptr, bytecount, func);
221 			break;
222 		case 2:
223 			ret = read_default_ldt(ptr, bytecount);
224 			break;
225 	}
226 	return ret;
227 }
228 
229 static DEFINE_SPINLOCK(host_ldt_lock);
230 static short dummy_list[9] = {0, -1};
231 static short * host_ldt_entries = NULL;
232 
ldt_get_host_info(void)233 static void ldt_get_host_info(void)
234 {
235 	long ret;
236 	struct ldt_entry * ldt;
237 	short *tmp;
238 	int i, size, k, order;
239 
240 	spin_lock(&host_ldt_lock);
241 
242 	if (host_ldt_entries != NULL) {
243 		spin_unlock(&host_ldt_lock);
244 		return;
245 	}
246 	host_ldt_entries = dummy_list+1;
247 
248 	spin_unlock(&host_ldt_lock);
249 
250 	for (i = LDT_PAGES_MAX-1, order=0; i; i>>=1, order++)
251 		;
252 
253 	ldt = (struct ldt_entry *)
254 	      __get_free_pages(GFP_KERNEL|__GFP_ZERO, order);
255 	if (ldt == NULL) {
256 		printk(KERN_ERR "ldt_get_host_info: couldn't allocate buffer "
257 		       "for host ldt\n");
258 		return;
259 	}
260 
261 	ret = modify_ldt(0, ldt, (1<<order)*PAGE_SIZE);
262 	if (ret < 0) {
263 		printk(KERN_ERR "ldt_get_host_info: couldn't read host ldt\n");
264 		goto out_free;
265 	}
266 	if (ret == 0) {
267 		/* default_ldt is active, simply write an empty entry 0 */
268 		host_ldt_entries = dummy_list;
269 		goto out_free;
270 	}
271 
272 	for (i=0, size=0; i<ret/LDT_ENTRY_SIZE; i++) {
273 		if (ldt[i].a != 0 || ldt[i].b != 0)
274 			size++;
275 	}
276 
277 	if (size < ARRAY_SIZE(dummy_list))
278 		host_ldt_entries = dummy_list;
279 	else {
280 		size = (size + 1) * sizeof(dummy_list[0]);
281 		tmp = kmalloc(size, GFP_KERNEL);
282 		if (tmp == NULL) {
283 			printk(KERN_ERR "ldt_get_host_info: couldn't allocate "
284 			       "host ldt list\n");
285 			goto out_free;
286 		}
287 		host_ldt_entries = tmp;
288 	}
289 
290 	for (i=0, k=0; i<ret/LDT_ENTRY_SIZE; i++) {
291 		if (ldt[i].a != 0 || ldt[i].b != 0)
292 			host_ldt_entries[k++] = i;
293 	}
294 	host_ldt_entries[k] = -1;
295 
296 out_free:
297 	free_pages((unsigned long)ldt, order);
298 }
299 
init_new_ldt(struct mm_context * new_mm,struct mm_context * from_mm)300 long init_new_ldt(struct mm_context *new_mm, struct mm_context *from_mm)
301 {
302 	struct user_desc desc;
303 	short * num_p;
304 	int i;
305 	long page, err=0;
306 	void *addr = NULL;
307 
308 
309 	mutex_init(&new_mm->arch.ldt.lock);
310 
311 	if (!from_mm) {
312 		memset(&desc, 0, sizeof(desc));
313 		/*
314 		 * Now we try to retrieve info about the ldt, we
315 		 * inherited from the host. All ldt-entries found
316 		 * will be reset in the following loop
317 		 */
318 		ldt_get_host_info();
319 		for (num_p=host_ldt_entries; *num_p != -1; num_p++) {
320 			desc.entry_number = *num_p;
321 			err = write_ldt_entry(&new_mm->id, 1, &desc,
322 					      &addr, *(num_p + 1) == -1);
323 			if (err)
324 				break;
325 		}
326 		new_mm->arch.ldt.entry_count = 0;
327 
328 		goto out;
329 	}
330 
331 	/*
332 	 * Our local LDT is used to supply the data for
333 	 * modify_ldt(READLDT), if PTRACE_LDT isn't available,
334 	 * i.e., we have to use the stub for modify_ldt, which
335 	 * can't handle the big read buffer of up to 64kB.
336 	 */
337 	mutex_lock(&from_mm->arch.ldt.lock);
338 	if (from_mm->arch.ldt.entry_count <= LDT_DIRECT_ENTRIES)
339 		memcpy(new_mm->arch.ldt.u.entries, from_mm->arch.ldt.u.entries,
340 		       sizeof(new_mm->arch.ldt.u.entries));
341 	else {
342 		i = from_mm->arch.ldt.entry_count / LDT_ENTRIES_PER_PAGE;
343 		while (i-->0) {
344 			page = __get_free_page(GFP_KERNEL|__GFP_ZERO);
345 			if (!page) {
346 				err = -ENOMEM;
347 				break;
348 			}
349 			new_mm->arch.ldt.u.pages[i] =
350 				(struct ldt_entry *) page;
351 			memcpy(new_mm->arch.ldt.u.pages[i],
352 			       from_mm->arch.ldt.u.pages[i], PAGE_SIZE);
353 		}
354 	}
355 	new_mm->arch.ldt.entry_count = from_mm->arch.ldt.entry_count;
356 	mutex_unlock(&from_mm->arch.ldt.lock);
357 
358     out:
359 	return err;
360 }
361 
362 
free_ldt(struct mm_context * mm)363 void free_ldt(struct mm_context *mm)
364 {
365 	int i;
366 
367 	if (mm->arch.ldt.entry_count > LDT_DIRECT_ENTRIES) {
368 		i = mm->arch.ldt.entry_count / LDT_ENTRIES_PER_PAGE;
369 		while (i-- > 0)
370 			free_page((long) mm->arch.ldt.u.pages[i]);
371 	}
372 	mm->arch.ldt.entry_count = 0;
373 }
374 
SYSCALL_DEFINE3(modify_ldt,int,func,void __user *,ptr,unsigned long,bytecount)375 SYSCALL_DEFINE3(modify_ldt, int , func , void __user * , ptr ,
376 		unsigned long , bytecount)
377 {
378 	/* See non-um modify_ldt() for why we do this cast */
379 	return (unsigned int)do_modify_ldt_skas(func, ptr, bytecount);
380 }
381