1 /*- 2 * Copyright (c) 1988 University of Utah. 3 * Copyright (c) 1982, 1986, 1990 The Regents of the University of California. 4 * All rights reserved. 5 * 6 * This code is derived from software contributed to Berkeley by 7 * the Systems Programming Group of the University of Utah Computer 8 * Science Department, and code derived from software contributed to 9 * Berkeley by William Jolitz. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. All advertising materials mentioning features or use of this software 20 * must display the following acknowledgement: 21 * This product includes software developed by the University of 22 * California, Berkeley and its contributors. 23 * 4. Neither the name of the University nor the names of its contributors 24 * may be used to endorse or promote products derived from this software 25 * without specific prior written permission. 26 * 27 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 30 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * 39 * from: Utah $Hdr: mem.c 1.13 89/10/08$ 40 * from: @(#)mem.c 7.2 (Berkeley) 5/9/91 41 * $FreeBSD$ 42 */ 43 44 /* 45 * Memory special file 46 */ 47 48 #include <sys/param.h> 49 #include <sys/systm.h> 50 #include <sys/conf.h> 51 #include <sys/buf.h> 52 #include <sys/kernel.h> 53 #include <sys/uio.h> 54 #include <sys/ioccom.h> 55 #include <sys/malloc.h> 56 #include <sys/memrange.h> 57 #include <sys/proc.h> 58 #include <sys/signalvar.h> 59 60 #include <machine/frame.h> 61 #include <machine/random.h> 62 #include <machine/psl.h> 63 #include <machine/specialreg.h> 64 #include <i386/isa/intr_machdep.h> 65 66 #include <vm/vm.h> 67 #include <vm/vm_prot.h> 68 #include <vm/pmap.h> 69 #include <vm/vm_extern.h> 70 71 72 static d_open_t mmopen; 73 static d_close_t mmclose; 74 static d_read_t mmrw; 75 static d_ioctl_t mmioctl; 76 static d_mmap_t memmmap; 77 static d_poll_t mmpoll; 78 79 #define CDEV_MAJOR 2 80 static struct cdevsw mem_cdevsw = { 81 /* open */ mmopen, 82 /* close */ mmclose, 83 /* read */ mmrw, 84 /* write */ mmrw, 85 /* ioctl */ mmioctl, 86 /* poll */ mmpoll, 87 /* mmap */ memmmap, 88 /* strategy */ nostrategy, 89 /* name */ "mem", 90 /* maj */ CDEV_MAJOR, 91 /* dump */ nodump, 92 /* psize */ nopsize, 93 /* flags */ D_MEM, 94 /* bmaj */ -1 95 }; 96 97 static struct random_softc random_softc[16]; 98 static caddr_t zbuf; 99 100 MALLOC_DEFINE(M_MEMDESC, "memdesc", "memory range descriptors"); 101 static int mem_ioctl __P((dev_t, u_long, caddr_t, int, struct proc *)); 102 static int random_ioctl __P((dev_t, u_long, caddr_t, int, struct proc *)); 103 104 struct mem_range_softc mem_range_softc; 105 106 107 static int 108 mmclose(dev, flags, fmt, p) 109 dev_t dev; 110 int flags; 111 int fmt; 112 struct proc *p; 113 { 114 switch (minor(dev)) { 115 case 14: 116 curproc->p_md.md_regs->tf_eflags &= ~PSL_IOPL; 117 break; 118 default: 119 break; 120 } 121 return (0); 122 } 123 124 static int 125 mmopen(dev, flags, fmt, p) 126 dev_t dev; 127 int flags; 128 int fmt; 129 struct proc *p; 130 { 131 int error; 132 133 switch (minor(dev)) { 134 case 14: 135 error = suser(p); 136 if (error != 0) 137 return (error); 138 if (securelevel > 0) 139 return (EPERM); 140 curproc->p_md.md_regs->tf_eflags |= PSL_IOPL; 141 break; 142 default: 143 break; 144 } 145 return (0); 146 } 147 148 static int 149 mmrw(dev, uio, flags) 150 dev_t dev; 151 struct uio *uio; 152 int flags; 153 { 154 register int o; 155 register u_int c, v; 156 u_int poolsize; 157 register struct iovec *iov; 158 int error = 0; 159 caddr_t buf = NULL; 160 161 while (uio->uio_resid > 0 && error == 0) { 162 iov = uio->uio_iov; 163 if (iov->iov_len == 0) { 164 uio->uio_iov++; 165 uio->uio_iovcnt--; 166 if (uio->uio_iovcnt < 0) 167 panic("mmrw"); 168 continue; 169 } 170 switch (minor(dev)) { 171 172 /* minor device 0 is physical memory */ 173 case 0: 174 v = uio->uio_offset; 175 pmap_enter(kernel_pmap, (vm_offset_t)ptvmmap, v, 176 uio->uio_rw == UIO_READ ? VM_PROT_READ : VM_PROT_WRITE, 177 TRUE); 178 o = (int)uio->uio_offset & PAGE_MASK; 179 c = (u_int)(PAGE_SIZE - ((int)iov->iov_base & PAGE_MASK)); 180 c = min(c, (u_int)(PAGE_SIZE - o)); 181 c = min(c, (u_int)iov->iov_len); 182 error = uiomove((caddr_t)&ptvmmap[o], (int)c, uio); 183 pmap_remove(kernel_pmap, (vm_offset_t)ptvmmap, 184 (vm_offset_t)&ptvmmap[PAGE_SIZE]); 185 continue; 186 187 /* minor device 1 is kernel memory */ 188 case 1: { 189 vm_offset_t addr, eaddr; 190 c = iov->iov_len; 191 192 /* 193 * Make sure that all of the pages are currently resident so 194 * that we don't create any zero-fill pages. 195 */ 196 addr = trunc_page(uio->uio_offset); 197 eaddr = round_page(uio->uio_offset + c); 198 199 if (addr < (vm_offset_t)VADDR(PTDPTDI, 0)) 200 return EFAULT; 201 if (eaddr >= (vm_offset_t)VADDR(APTDPTDI, 0)) 202 return EFAULT; 203 for (; addr < eaddr; addr += PAGE_SIZE) 204 if (pmap_extract(kernel_pmap, addr) == 0) 205 return EFAULT; 206 207 if (!kernacc((caddr_t)(int)uio->uio_offset, c, 208 uio->uio_rw == UIO_READ ? B_READ : B_WRITE)) 209 return (EFAULT); 210 error = uiomove((caddr_t)(int)uio->uio_offset, (int)c, uio); 211 continue; 212 } 213 214 /* minor device 2 is EOF/RATHOLE */ 215 case 2: 216 if (uio->uio_rw == UIO_READ) 217 return (0); 218 c = iov->iov_len; 219 break; 220 221 /* minor device 3 (/dev/random) is source of filth on read, rathole on write */ 222 case 3: 223 if (uio->uio_rw == UIO_WRITE) { 224 c = iov->iov_len; 225 break; 226 } 227 if (buf == NULL) 228 buf = (caddr_t) 229 malloc(PAGE_SIZE, M_TEMP, M_WAITOK); 230 c = min(iov->iov_len, PAGE_SIZE); 231 poolsize = read_random(buf, c); 232 if (poolsize == 0) { 233 if (buf) 234 free(buf, M_TEMP); 235 return (0); 236 } 237 c = min(c, poolsize); 238 error = uiomove(buf, (int)c, uio); 239 continue; 240 241 /* minor device 4 (/dev/urandom) is source of muck on read, rathole on write */ 242 case 4: 243 if (uio->uio_rw == UIO_WRITE) { 244 c = iov->iov_len; 245 break; 246 } 247 if (CURSIG(curproc) != 0) { 248 /* 249 * Use tsleep() to get the error code right. 250 * It should return immediately. 251 */ 252 error = tsleep(&random_softc[0], 253 PZERO | PCATCH, "urand", 1); 254 if (error != 0 && error != EWOULDBLOCK) 255 continue; 256 } 257 if (buf == NULL) 258 buf = (caddr_t) 259 malloc(PAGE_SIZE, M_TEMP, M_WAITOK); 260 c = min(iov->iov_len, PAGE_SIZE); 261 poolsize = read_random_unlimited(buf, c); 262 c = min(c, poolsize); 263 error = uiomove(buf, (int)c, uio); 264 continue; 265 266 /* minor device 12 (/dev/zero) is source of nulls on read, rathole on write */ 267 case 12: 268 if (uio->uio_rw == UIO_WRITE) { 269 c = iov->iov_len; 270 break; 271 } 272 if (zbuf == NULL) { 273 zbuf = (caddr_t) 274 malloc(PAGE_SIZE, M_TEMP, M_WAITOK); 275 bzero(zbuf, PAGE_SIZE); 276 } 277 c = min(iov->iov_len, PAGE_SIZE); 278 error = uiomove(zbuf, (int)c, uio); 279 continue; 280 281 #ifdef notyet 282 /* 386 I/O address space (/dev/ioport[bwl]) is a read/write access to seperate 283 i/o device address bus, different than memory bus. Semantics here are 284 very different than ordinary read/write, as if iov_len is a multiple 285 an implied string move from a single port will be done. Note that lseek 286 must be used to set the port number reliably. */ 287 case 14: 288 if (iov->iov_len == 1) { 289 u_char tmp; 290 tmp = inb(uio->uio_offset); 291 error = uiomove (&tmp, iov->iov_len, uio); 292 } else { 293 if (!useracc((caddr_t)iov->iov_base, 294 iov->iov_len, uio->uio_rw)) 295 return (EFAULT); 296 insb(uio->uio_offset, iov->iov_base, 297 iov->iov_len); 298 } 299 break; 300 case 15: 301 if (iov->iov_len == sizeof (short)) { 302 u_short tmp; 303 tmp = inw(uio->uio_offset); 304 error = uiomove (&tmp, iov->iov_len, uio); 305 } else { 306 if (!useracc((caddr_t)iov->iov_base, 307 iov->iov_len, uio->uio_rw)) 308 return (EFAULT); 309 insw(uio->uio_offset, iov->iov_base, 310 iov->iov_len/ sizeof (short)); 311 } 312 break; 313 case 16: 314 if (iov->iov_len == sizeof (long)) { 315 u_long tmp; 316 tmp = inl(uio->uio_offset); 317 error = uiomove (&tmp, iov->iov_len, uio); 318 } else { 319 if (!useracc((caddr_t)iov->iov_base, 320 iov->iov_len, uio->uio_rw)) 321 return (EFAULT); 322 insl(uio->uio_offset, iov->iov_base, 323 iov->iov_len/ sizeof (long)); 324 } 325 break; 326 #endif 327 328 default: 329 return (ENXIO); 330 } 331 if (error) 332 break; 333 iov->iov_base += c; 334 iov->iov_len -= c; 335 uio->uio_offset += c; 336 uio->uio_resid -= c; 337 } 338 if (buf) 339 free(buf, M_TEMP); 340 return (error); 341 } 342 343 344 345 346 /*******************************************************\ 347 * allow user processes to MMAP some memory sections * 348 * instead of going through read/write * 349 \*******************************************************/ 350 static int 351 memmmap(dev_t dev, vm_offset_t offset, int nprot) 352 { 353 switch (minor(dev)) 354 { 355 356 /* minor device 0 is physical memory */ 357 case 0: 358 return i386_btop(offset); 359 360 /* minor device 1 is kernel memory */ 361 case 1: 362 return i386_btop(vtophys(offset)); 363 364 default: 365 return -1; 366 } 367 } 368 369 static int 370 mmioctl(dev, cmd, data, flags, p) 371 dev_t dev; 372 u_long cmd; 373 caddr_t data; 374 int flags; 375 struct proc *p; 376 { 377 378 switch (minor(dev)) { 379 case 0: 380 return mem_ioctl(dev, cmd, data, flags, p); 381 case 3: 382 case 4: 383 return random_ioctl(dev, cmd, data, flags, p); 384 } 385 return (ENODEV); 386 } 387 388 /* 389 * Operations for changing memory attributes. 390 * 391 * This is basically just an ioctl shim for mem_range_attr_get 392 * and mem_range_attr_set. 393 */ 394 static int 395 mem_ioctl(dev, cmd, data, flags, p) 396 dev_t dev; 397 u_long cmd; 398 caddr_t data; 399 int flags; 400 struct proc *p; 401 { 402 int nd, error = 0; 403 struct mem_range_op *mo = (struct mem_range_op *)data; 404 struct mem_range_desc *md; 405 406 /* is this for us? */ 407 if ((cmd != MEMRANGE_GET) && 408 (cmd != MEMRANGE_SET)) 409 return (ENOTTY); 410 411 /* any chance we can handle this? */ 412 if (mem_range_softc.mr_op == NULL) 413 return (EOPNOTSUPP); 414 415 /* do we have any descriptors? */ 416 if (mem_range_softc.mr_ndesc == 0) 417 return (ENXIO); 418 419 switch (cmd) { 420 case MEMRANGE_GET: 421 nd = imin(mo->mo_arg[0], mem_range_softc.mr_ndesc); 422 if (nd > 0) { 423 md = (struct mem_range_desc *) 424 malloc(nd * sizeof(struct mem_range_desc), 425 M_MEMDESC, M_WAITOK); 426 error = mem_range_attr_get(md, &nd); 427 if (!error) 428 error = copyout(md, mo->mo_desc, 429 nd * sizeof(struct mem_range_desc)); 430 free(md, M_MEMDESC); 431 } else { 432 nd = mem_range_softc.mr_ndesc; 433 } 434 mo->mo_arg[0] = nd; 435 break; 436 437 case MEMRANGE_SET: 438 md = (struct mem_range_desc *)malloc(sizeof(struct mem_range_desc), 439 M_MEMDESC, M_WAITOK); 440 error = copyin(mo->mo_desc, md, sizeof(struct mem_range_desc)); 441 /* clamp description string */ 442 md->mr_owner[sizeof(md->mr_owner) - 1] = 0; 443 if (error == 0) 444 error = mem_range_attr_set(md, &mo->mo_arg[0]); 445 free(md, M_MEMDESC); 446 break; 447 } 448 return (error); 449 } 450 451 /* 452 * Implementation-neutral, kernel-callable functions for manipulating 453 * memory range attributes. 454 */ 455 int 456 mem_range_attr_get(mrd, arg) 457 struct mem_range_desc *mrd; 458 int *arg; 459 { 460 /* can we handle this? */ 461 if (mem_range_softc.mr_op == NULL) 462 return (EOPNOTSUPP); 463 464 if (*arg == 0) { 465 *arg = mem_range_softc.mr_ndesc; 466 } else { 467 bcopy(mem_range_softc.mr_desc, mrd, (*arg) * sizeof(struct mem_range_desc)); 468 } 469 return (0); 470 } 471 472 int 473 mem_range_attr_set(mrd, arg) 474 struct mem_range_desc *mrd; 475 int *arg; 476 { 477 /* can we handle this? */ 478 if (mem_range_softc.mr_op == NULL) 479 return (EOPNOTSUPP); 480 481 return (mem_range_softc.mr_op->set(&mem_range_softc, mrd, arg)); 482 } 483 484 #ifdef SMP 485 void 486 mem_range_AP_init(void) 487 { 488 if (mem_range_softc.mr_op && mem_range_softc.mr_op->initAP) 489 return (mem_range_softc.mr_op->initAP(&mem_range_softc)); 490 } 491 #endif 492 493 static int 494 random_ioctl(dev, cmd, data, flags, p) 495 dev_t dev; 496 u_long cmd; 497 caddr_t data; 498 int flags; 499 struct proc *p; 500 { 501 static intrmask_t interrupt_allowed; 502 intrmask_t interrupt_mask; 503 int error, intr; 504 struct random_softc *sc; 505 506 /* 507 * We're the random or urandom device. The only ioctls are for 508 * selecting and inspecting which interrupts are used in the muck 509 * gathering business. 510 */ 511 if (cmd != MEM_SETIRQ && cmd != MEM_CLEARIRQ && cmd != MEM_RETURNIRQ) 512 return (ENOTTY); 513 514 /* 515 * Even inspecting the state is privileged, since it gives a hint 516 * about how easily the randomness might be guessed. 517 */ 518 error = suser(p); 519 if (error != 0) 520 return (error); 521 522 /* 523 * XXX the data is 16-bit due to a historical botch, so we use 524 * magic 16's instead of ICU_LEN and can't support 24 interrupts 525 * under SMP. 526 */ 527 intr = *(int16_t *)data; 528 if (cmd != MEM_RETURNIRQ && (intr < 0 || intr >= 16)) 529 return (EINVAL); 530 531 interrupt_mask = 1 << intr; 532 sc = &random_softc[intr]; 533 switch (cmd) { 534 case MEM_SETIRQ: 535 if (interrupt_allowed & interrupt_mask) 536 break; 537 interrupt_allowed |= interrupt_mask; 538 sc->sc_intr = intr; 539 disable_intr(); 540 sc->sc_handler = intr_handler[intr]; 541 intr_handler[intr] = add_interrupt_randomness; 542 sc->sc_arg = intr_unit[intr]; 543 intr_unit[intr] = sc; 544 enable_intr(); 545 break; 546 case MEM_CLEARIRQ: 547 if (!(interrupt_allowed & interrupt_mask)) 548 break; 549 interrupt_allowed &= ~interrupt_mask; 550 disable_intr(); 551 intr_handler[intr] = sc->sc_handler; 552 intr_unit[intr] = sc->sc_arg; 553 enable_intr(); 554 break; 555 case MEM_RETURNIRQ: 556 *(u_int16_t *)data = interrupt_allowed; 557 break; 558 } 559 return (0); 560 } 561 562 int 563 mmpoll(dev, events, p) 564 dev_t dev; 565 int events; 566 struct proc *p; 567 { 568 switch (minor(dev)) { 569 case 3: /* /dev/random */ 570 return random_poll(dev, events, p); 571 case 4: /* /dev/urandom */ 572 default: 573 return seltrue(dev, events, p); 574 } 575 } 576 577 /* 578 * Routine that identifies /dev/mem and /dev/kmem. 579 * 580 * A minimal stub routine can always return 0. 581 */ 582 int 583 iskmemdev(dev) 584 dev_t dev; 585 { 586 587 return ((major(dev) == mem_cdevsw.d_maj) 588 && (minor(dev) == 0 || minor(dev) == 1)); 589 } 590 591 int 592 iszerodev(dev) 593 dev_t dev; 594 { 595 return ((major(dev) == mem_cdevsw.d_maj) 596 && minor(dev) == 12); 597 } 598 599 static void 600 mem_drvinit(void *unused) 601 { 602 603 /* Initialise memory range handling */ 604 if (mem_range_softc.mr_op != NULL) 605 mem_range_softc.mr_op->init(&mem_range_softc); 606 607 make_dev(&mem_cdevsw, 0, UID_ROOT, GID_KMEM, 0640, "mem"); 608 make_dev(&mem_cdevsw, 1, UID_ROOT, GID_KMEM, 0640, "kmem"); 609 make_dev(&mem_cdevsw, 2, UID_ROOT, GID_WHEEL, 0666, "null"); 610 make_dev(&mem_cdevsw, 3, UID_ROOT, GID_WHEEL, 0644, "random"); 611 make_dev(&mem_cdevsw, 4, UID_ROOT, GID_WHEEL, 0644, "urandom"); 612 make_dev(&mem_cdevsw, 12, UID_ROOT, GID_WHEEL, 0666, "zero"); 613 make_dev(&mem_cdevsw, 14, UID_ROOT, GID_WHEEL, 0600, "io"); 614 } 615 616 SYSINIT(memdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,mem_drvinit,NULL) 617 618