1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2003 Peter Wemm 5 * Copyright (c) 1982, 1987, 1990 The Regents of the University of California. 6 * All rights reserved. 7 * 8 * This code is derived from software contributed to Berkeley by 9 * William Jolitz. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. Neither the name of the University nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include <sys/param.h> 37 #include <sys/exec.h> 38 #include <sys/fcntl.h> 39 #include <sys/imgact.h> 40 #include <sys/kernel.h> 41 #include <sys/lock.h> 42 #include <sys/malloc.h> 43 #include <sys/mutex.h> 44 #include <sys/mman.h> 45 #include <sys/namei.h> 46 #include <sys/proc.h> 47 #include <sys/procfs.h> 48 #include <sys/resourcevar.h> 49 #include <sys/systm.h> 50 #include <sys/signalvar.h> 51 #include <sys/stat.h> 52 #include <sys/sx.h> 53 #include <sys/syscall.h> 54 #include <sys/syscallsubr.h> 55 #include <sys/sysctl.h> 56 #include <sys/sysent.h> 57 #include <sys/vnode.h> 58 59 #include <vm/vm.h> 60 #include <vm/vm_kern.h> 61 #include <vm/vm_param.h> 62 #include <vm/pmap.h> 63 #include <vm/vm_map.h> 64 #include <vm/vm_object.h> 65 #include <vm/vm_extern.h> 66 67 #include <compat/freebsd32/freebsd32_signal.h> 68 #include <compat/freebsd32/freebsd32_util.h> 69 #include <compat/freebsd32/freebsd32_proto.h> 70 #include <compat/freebsd32/freebsd32.h> 71 #include <compat/ia32/ia32_signal.h> 72 #include <machine/psl.h> 73 #include <machine/segments.h> 74 #include <machine/specialreg.h> 75 #include <machine/frame.h> 76 #include <machine/md_var.h> 77 #include <machine/pcb.h> 78 #include <machine/cpufunc.h> 79 #include <machine/trap.h> 80 81 #include "vdso_ia32_offsets.h" 82 83 extern const char _binary_elf_vdso32_so_1_start[]; 84 extern const char _binary_elf_vdso32_so_1_end[]; 85 extern char _binary_elf_vdso32_so_1_size; 86 87 #ifdef COMPAT_FREEBSD4 88 static void freebsd4_ia32_sendsig(sig_t, ksiginfo_t *, sigset_t *); 89 #endif 90 91 static void 92 ia32_get_fpcontext(struct thread *td, struct ia32_mcontext *mcp, 93 char **xfpusave, size_t *xfpusave_len) 94 { 95 /* 96 * XXX Format of 64bit and 32bit FXSAVE areas differs. FXSAVE 97 * in 32bit mode saves %cs and %ds, while on 64bit it saves 98 * 64bit instruction and data pointers. Ignore the difference 99 * for now, it should be irrelevant for most applications. 100 */ 101 mcp->mc_ownedfp = fpugetregs(td); 102 bcopy(get_pcb_user_save_td(td), &mcp->mc_fpstate[0], 103 sizeof(mcp->mc_fpstate)); 104 mcp->mc_fpformat = fpuformat(); 105 if (xfpusave == NULL) 106 return; 107 if (!use_xsave || cpu_max_ext_state_size <= sizeof(struct savefpu)) { 108 *xfpusave_len = 0; 109 *xfpusave = NULL; 110 } else { 111 mcp->mc_flags |= _MC_IA32_HASFPXSTATE; 112 *xfpusave_len = mcp->mc_xfpustate_len = 113 cpu_max_ext_state_size - sizeof(struct savefpu); 114 *xfpusave = (char *)(get_pcb_user_save_td(td) + 1); 115 } 116 } 117 118 static int 119 ia32_set_fpcontext(struct thread *td, struct ia32_mcontext *mcp, 120 char *xfpustate, size_t xfpustate_len) 121 { 122 int error; 123 124 if (mcp->mc_fpformat == _MC_FPFMT_NODEV) 125 return (0); 126 else if (mcp->mc_fpformat != _MC_FPFMT_XMM) 127 return (EINVAL); 128 else if (mcp->mc_ownedfp == _MC_FPOWNED_NONE) { 129 /* We don't care what state is left in the FPU or PCB. */ 130 fpstate_drop(td); 131 error = 0; 132 } else if (mcp->mc_ownedfp == _MC_FPOWNED_FPU || 133 mcp->mc_ownedfp == _MC_FPOWNED_PCB) { 134 error = fpusetregs(td, (struct savefpu *)&mcp->mc_fpstate, 135 xfpustate, xfpustate_len); 136 } else 137 return (EINVAL); 138 return (error); 139 } 140 141 /* 142 * Get machine context. 143 */ 144 static int 145 ia32_get_mcontext(struct thread *td, struct ia32_mcontext *mcp, int flags) 146 { 147 struct pcb *pcb; 148 struct trapframe *tp; 149 150 pcb = td->td_pcb; 151 tp = td->td_frame; 152 153 PROC_LOCK(curthread->td_proc); 154 mcp->mc_onstack = sigonstack(tp->tf_rsp); 155 PROC_UNLOCK(curthread->td_proc); 156 /* Entry into kernel always sets TF_HASSEGS */ 157 mcp->mc_gs = tp->tf_gs; 158 mcp->mc_fs = tp->tf_fs; 159 mcp->mc_es = tp->tf_es; 160 mcp->mc_ds = tp->tf_ds; 161 mcp->mc_edi = tp->tf_rdi; 162 mcp->mc_esi = tp->tf_rsi; 163 mcp->mc_ebp = tp->tf_rbp; 164 mcp->mc_isp = tp->tf_rsp; 165 mcp->mc_eflags = tp->tf_rflags; 166 if (flags & GET_MC_CLEAR_RET) { 167 mcp->mc_eax = 0; 168 mcp->mc_edx = 0; 169 mcp->mc_eflags &= ~PSL_C; 170 } else { 171 mcp->mc_eax = tp->tf_rax; 172 mcp->mc_edx = tp->tf_rdx; 173 } 174 mcp->mc_ebx = tp->tf_rbx; 175 mcp->mc_ecx = tp->tf_rcx; 176 mcp->mc_eip = tp->tf_rip; 177 mcp->mc_cs = tp->tf_cs; 178 mcp->mc_esp = tp->tf_rsp; 179 mcp->mc_ss = tp->tf_ss; 180 mcp->mc_len = sizeof(*mcp); 181 mcp->mc_flags = tp->tf_flags; 182 ia32_get_fpcontext(td, mcp, NULL, 0); 183 mcp->mc_fsbase = pcb->pcb_fsbase; 184 mcp->mc_gsbase = pcb->pcb_gsbase; 185 mcp->mc_xfpustate = 0; 186 mcp->mc_xfpustate_len = 0; 187 bzero(mcp->mc_spare2, sizeof(mcp->mc_spare2)); 188 return (0); 189 } 190 191 /* 192 * Set machine context. 193 * 194 * However, we don't set any but the user modifiable flags, and we won't 195 * touch the cs selector. 196 */ 197 static int 198 ia32_set_mcontext(struct thread *td, struct ia32_mcontext *mcp) 199 { 200 struct trapframe *tp; 201 char *xfpustate; 202 long rflags; 203 int ret; 204 205 tp = td->td_frame; 206 if (mcp->mc_len != sizeof(*mcp)) 207 return (EINVAL); 208 rflags = (mcp->mc_eflags & PSL_USERCHANGE) | 209 (tp->tf_rflags & ~PSL_USERCHANGE); 210 if (mcp->mc_flags & _MC_IA32_HASFPXSTATE) { 211 if (mcp->mc_xfpustate_len > cpu_max_ext_state_size - 212 sizeof(struct savefpu)) 213 return (EINVAL); 214 xfpustate = (char *)fpu_save_area_alloc(); 215 ret = copyin(PTRIN(mcp->mc_xfpustate), xfpustate, 216 mcp->mc_xfpustate_len); 217 if (ret != 0) { 218 fpu_save_area_free((struct savefpu *)xfpustate); 219 return (ret); 220 } 221 } else 222 xfpustate = NULL; 223 ret = ia32_set_fpcontext(td, mcp, xfpustate, mcp->mc_xfpustate_len); 224 fpu_save_area_free((struct savefpu *)xfpustate); 225 if (ret != 0) 226 return (ret); 227 tp->tf_gs = mcp->mc_gs; 228 tp->tf_fs = mcp->mc_fs; 229 tp->tf_es = mcp->mc_es; 230 tp->tf_ds = mcp->mc_ds; 231 tp->tf_flags = TF_HASSEGS; 232 tp->tf_rdi = mcp->mc_edi; 233 tp->tf_rsi = mcp->mc_esi; 234 tp->tf_rbp = mcp->mc_ebp; 235 tp->tf_rbx = mcp->mc_ebx; 236 tp->tf_rdx = mcp->mc_edx; 237 tp->tf_rcx = mcp->mc_ecx; 238 tp->tf_rax = mcp->mc_eax; 239 /* trapno, err */ 240 tp->tf_rip = mcp->mc_eip; 241 tp->tf_rflags = rflags; 242 tp->tf_rsp = mcp->mc_esp; 243 tp->tf_ss = mcp->mc_ss; 244 set_pcb_flags(td->td_pcb, PCB_FULL_IRET); 245 return (0); 246 } 247 248 /* 249 * The first two fields of a ucontext_t are the signal mask and 250 * the machine context. The next field is uc_link; we want to 251 * avoid destroying the link when copying out contexts. 252 */ 253 #define UC_COPY_SIZE offsetof(struct ia32_ucontext, uc_link) 254 255 int 256 freebsd32_getcontext(struct thread *td, struct freebsd32_getcontext_args *uap) 257 { 258 struct ia32_ucontext uc; 259 int ret; 260 261 if (uap->ucp == NULL) 262 ret = EINVAL; 263 else { 264 bzero(&uc, sizeof(uc)); 265 ia32_get_mcontext(td, &uc.uc_mcontext, GET_MC_CLEAR_RET); 266 PROC_LOCK(td->td_proc); 267 uc.uc_sigmask = td->td_sigmask; 268 PROC_UNLOCK(td->td_proc); 269 ret = copyout(&uc, uap->ucp, UC_COPY_SIZE); 270 } 271 return (ret); 272 } 273 274 int 275 freebsd32_setcontext(struct thread *td, struct freebsd32_setcontext_args *uap) 276 { 277 struct ia32_ucontext uc; 278 int ret; 279 280 if (uap->ucp == NULL) 281 ret = EINVAL; 282 else { 283 ret = copyin(uap->ucp, &uc, UC_COPY_SIZE); 284 if (ret == 0) { 285 ret = ia32_set_mcontext(td, &uc.uc_mcontext); 286 if (ret == 0) { 287 kern_sigprocmask(td, SIG_SETMASK, 288 &uc.uc_sigmask, NULL, 0); 289 } 290 } 291 } 292 return (ret == 0 ? EJUSTRETURN : ret); 293 } 294 295 int 296 freebsd32_swapcontext(struct thread *td, struct freebsd32_swapcontext_args *uap) 297 { 298 struct ia32_ucontext uc; 299 int ret; 300 301 if (uap->oucp == NULL || uap->ucp == NULL) 302 ret = EINVAL; 303 else { 304 bzero(&uc, sizeof(uc)); 305 ia32_get_mcontext(td, &uc.uc_mcontext, GET_MC_CLEAR_RET); 306 PROC_LOCK(td->td_proc); 307 uc.uc_sigmask = td->td_sigmask; 308 PROC_UNLOCK(td->td_proc); 309 ret = copyout(&uc, uap->oucp, UC_COPY_SIZE); 310 if (ret == 0) { 311 ret = copyin(uap->ucp, &uc, UC_COPY_SIZE); 312 if (ret == 0) { 313 ret = ia32_set_mcontext(td, &uc.uc_mcontext); 314 if (ret == 0) { 315 kern_sigprocmask(td, SIG_SETMASK, 316 &uc.uc_sigmask, NULL, 0); 317 } 318 } 319 } 320 } 321 return (ret == 0 ? EJUSTRETURN : ret); 322 } 323 324 /* 325 * Send an interrupt to process. 326 * 327 * Stack is set up to allow sigcode stored 328 * at top to call routine, followed by kcall 329 * to sigreturn routine below. After sigreturn 330 * resets the signal mask, the stack, and the 331 * frame pointer, it returns to the user 332 * specified pc, psl. 333 */ 334 335 #ifdef COMPAT_43 336 static void 337 ia32_osendsig(sig_t catcher, ksiginfo_t *ksi, sigset_t *mask) 338 { 339 struct ia32_osigframe sf, *fp; 340 struct proc *p; 341 struct thread *td; 342 struct sigacts *psp; 343 struct trapframe *regs; 344 int sig; 345 int oonstack; 346 347 td = curthread; 348 p = td->td_proc; 349 PROC_LOCK_ASSERT(p, MA_OWNED); 350 sig = ksi->ksi_signo; 351 psp = p->p_sigacts; 352 mtx_assert(&psp->ps_mtx, MA_OWNED); 353 regs = td->td_frame; 354 oonstack = sigonstack(regs->tf_rsp); 355 356 /* Allocate space for the signal handler context. */ 357 if ((td->td_pflags & TDP_ALTSTACK) && !oonstack && 358 SIGISMEMBER(psp->ps_sigonstack, sig)) { 359 fp = (struct ia32_osigframe *)((uintptr_t)td->td_sigstk.ss_sp + 360 td->td_sigstk.ss_size - sizeof(sf)); 361 td->td_sigstk.ss_flags |= SS_ONSTACK; 362 } else 363 fp = (struct ia32_osigframe *)regs->tf_rsp - 1; 364 365 /* Build the argument list for the signal handler. */ 366 sf.sf_signum = sig; 367 sf.sf_scp = (register_t)&fp->sf_siginfo.si_sc; 368 bzero(&sf.sf_siginfo, sizeof(sf.sf_siginfo)); 369 if (SIGISMEMBER(psp->ps_siginfo, sig)) { 370 /* Signal handler installed with SA_SIGINFO. */ 371 sf.sf_arg2 = (register_t)&fp->sf_siginfo; 372 sf.sf_siginfo.si_signo = sig; 373 sf.sf_siginfo.si_code = ksi->ksi_code; 374 sf.sf_ah = (uintptr_t)catcher; 375 sf.sf_addr = 0; 376 } else { 377 /* Old FreeBSD-style arguments. */ 378 sf.sf_arg2 = ksi->ksi_code; 379 sf.sf_addr = (register_t)ksi->ksi_addr; 380 sf.sf_ah = (uintptr_t)catcher; 381 } 382 mtx_unlock(&psp->ps_mtx); 383 PROC_UNLOCK(p); 384 385 /* Save most if not all of trap frame. */ 386 sf.sf_siginfo.si_sc.sc_eax = regs->tf_rax; 387 sf.sf_siginfo.si_sc.sc_ebx = regs->tf_rbx; 388 sf.sf_siginfo.si_sc.sc_ecx = regs->tf_rcx; 389 sf.sf_siginfo.si_sc.sc_edx = regs->tf_rdx; 390 sf.sf_siginfo.si_sc.sc_esi = regs->tf_rsi; 391 sf.sf_siginfo.si_sc.sc_edi = regs->tf_rdi; 392 sf.sf_siginfo.si_sc.sc_cs = regs->tf_cs; 393 sf.sf_siginfo.si_sc.sc_ds = regs->tf_ds; 394 sf.sf_siginfo.si_sc.sc_ss = regs->tf_ss; 395 sf.sf_siginfo.si_sc.sc_es = regs->tf_es; 396 sf.sf_siginfo.si_sc.sc_fs = regs->tf_fs; 397 sf.sf_siginfo.si_sc.sc_gs = regs->tf_gs; 398 sf.sf_siginfo.si_sc.sc_isp = regs->tf_rsp; 399 400 /* Build the signal context to be used by osigreturn(). */ 401 sf.sf_siginfo.si_sc.sc_onstack = (oonstack) ? 1 : 0; 402 SIG2OSIG(*mask, sf.sf_siginfo.si_sc.sc_mask); 403 sf.sf_siginfo.si_sc.sc_esp = regs->tf_rsp; 404 sf.sf_siginfo.si_sc.sc_ebp = regs->tf_rbp; 405 sf.sf_siginfo.si_sc.sc_eip = regs->tf_rip; 406 sf.sf_siginfo.si_sc.sc_eflags = regs->tf_rflags; 407 sf.sf_siginfo.si_sc.sc_trapno = regs->tf_trapno; 408 sf.sf_siginfo.si_sc.sc_err = regs->tf_err; 409 410 /* 411 * Copy the sigframe out to the user's stack. 412 */ 413 if (copyout(&sf, fp, sizeof(*fp)) != 0) { 414 #ifdef DEBUG 415 printf("process %ld has trashed its stack\n", (long)p->p_pid); 416 #endif 417 PROC_LOCK(p); 418 sigexit(td, SIGILL); 419 } 420 421 regs->tf_rsp = (uintptr_t)fp; 422 regs->tf_rip = PROC_PS_STRINGS(p) - 423 (_binary_elf_vdso32_so_1_end - _binary_elf_vdso32_so_1_start) + 424 VDSO_IA32_OSIGCODE_OFFSET; 425 regs->tf_rflags &= ~(PSL_T | PSL_D); 426 regs->tf_cs = _ucode32sel; 427 regs->tf_ds = _udatasel; 428 regs->tf_es = _udatasel; 429 regs->tf_fs = _udatasel; 430 regs->tf_ss = _udatasel; 431 set_pcb_flags(td->td_pcb, PCB_FULL_IRET); 432 PROC_LOCK(p); 433 mtx_lock(&psp->ps_mtx); 434 } 435 #endif 436 437 #ifdef COMPAT_FREEBSD4 438 static void 439 freebsd4_ia32_sendsig(sig_t catcher, ksiginfo_t *ksi, sigset_t *mask) 440 { 441 struct ia32_freebsd4_sigframe sf, *sfp; 442 struct siginfo32 siginfo; 443 struct proc *p; 444 struct thread *td; 445 struct sigacts *psp; 446 struct trapframe *regs; 447 int oonstack; 448 int sig; 449 450 td = curthread; 451 p = td->td_proc; 452 siginfo_to_siginfo32(&ksi->ksi_info, &siginfo); 453 454 PROC_LOCK_ASSERT(p, MA_OWNED); 455 sig = siginfo.si_signo; 456 psp = p->p_sigacts; 457 mtx_assert(&psp->ps_mtx, MA_OWNED); 458 regs = td->td_frame; 459 oonstack = sigonstack(regs->tf_rsp); 460 461 /* Save user context. */ 462 bzero(&sf, sizeof(sf)); 463 sf.sf_uc.uc_sigmask = *mask; 464 sf.sf_uc.uc_stack.ss_sp = (uintptr_t)td->td_sigstk.ss_sp; 465 sf.sf_uc.uc_stack.ss_size = td->td_sigstk.ss_size; 466 sf.sf_uc.uc_stack.ss_flags = (td->td_pflags & TDP_ALTSTACK) 467 ? ((oonstack) ? SS_ONSTACK : 0) : SS_DISABLE; 468 sf.sf_uc.uc_mcontext.mc_onstack = (oonstack) ? 1 : 0; 469 sf.sf_uc.uc_mcontext.mc_edi = regs->tf_rdi; 470 sf.sf_uc.uc_mcontext.mc_esi = regs->tf_rsi; 471 sf.sf_uc.uc_mcontext.mc_ebp = regs->tf_rbp; 472 sf.sf_uc.uc_mcontext.mc_isp = regs->tf_rsp; /* XXX */ 473 sf.sf_uc.uc_mcontext.mc_ebx = regs->tf_rbx; 474 sf.sf_uc.uc_mcontext.mc_edx = regs->tf_rdx; 475 sf.sf_uc.uc_mcontext.mc_ecx = regs->tf_rcx; 476 sf.sf_uc.uc_mcontext.mc_eax = regs->tf_rax; 477 sf.sf_uc.uc_mcontext.mc_trapno = regs->tf_trapno; 478 sf.sf_uc.uc_mcontext.mc_err = regs->tf_err; 479 sf.sf_uc.uc_mcontext.mc_eip = regs->tf_rip; 480 sf.sf_uc.uc_mcontext.mc_cs = regs->tf_cs; 481 sf.sf_uc.uc_mcontext.mc_eflags = regs->tf_rflags; 482 sf.sf_uc.uc_mcontext.mc_esp = regs->tf_rsp; 483 sf.sf_uc.uc_mcontext.mc_ss = regs->tf_ss; 484 sf.sf_uc.uc_mcontext.mc_ds = regs->tf_ds; 485 sf.sf_uc.uc_mcontext.mc_es = regs->tf_es; 486 sf.sf_uc.uc_mcontext.mc_fs = regs->tf_fs; 487 sf.sf_uc.uc_mcontext.mc_gs = regs->tf_gs; 488 bzero(sf.sf_uc.uc_mcontext.mc_fpregs, 489 sizeof(sf.sf_uc.uc_mcontext.mc_fpregs)); 490 bzero(sf.sf_uc.uc_mcontext.__spare__, 491 sizeof(sf.sf_uc.uc_mcontext.__spare__)); 492 bzero(sf.sf_uc.__spare__, sizeof(sf.sf_uc.__spare__)); 493 494 /* Allocate space for the signal handler context. */ 495 if ((td->td_pflags & TDP_ALTSTACK) != 0 && !oonstack && 496 SIGISMEMBER(psp->ps_sigonstack, sig)) { 497 sfp = (struct ia32_freebsd4_sigframe *)((uintptr_t)td->td_sigstk.ss_sp + 498 td->td_sigstk.ss_size - sizeof(sf)); 499 } else 500 sfp = (struct ia32_freebsd4_sigframe *)regs->tf_rsp - 1; 501 PROC_UNLOCK(p); 502 503 /* Build the argument list for the signal handler. */ 504 sf.sf_signum = sig; 505 sf.sf_ucontext = (register_t)&sfp->sf_uc; 506 bzero(&sf.sf_si, sizeof(sf.sf_si)); 507 if (SIGISMEMBER(psp->ps_siginfo, sig)) { 508 /* Signal handler installed with SA_SIGINFO. */ 509 sf.sf_siginfo = (u_int32_t)(uintptr_t)&sfp->sf_si; 510 sf.sf_ah = (u_int32_t)(uintptr_t)catcher; 511 512 /* Fill in POSIX parts */ 513 sf.sf_si = siginfo; 514 sf.sf_si.si_signo = sig; 515 } else { 516 /* Old FreeBSD-style arguments. */ 517 sf.sf_siginfo = siginfo.si_code; 518 sf.sf_addr = (u_int32_t)siginfo.si_addr; 519 sf.sf_ah = (u_int32_t)(uintptr_t)catcher; 520 } 521 mtx_unlock(&psp->ps_mtx); 522 523 /* 524 * Copy the sigframe out to the user's stack. 525 */ 526 if (copyout(&sf, sfp, sizeof(*sfp)) != 0) { 527 #ifdef DEBUG 528 printf("process %ld has trashed its stack\n", (long)p->p_pid); 529 #endif 530 PROC_LOCK(p); 531 sigexit(td, SIGILL); 532 } 533 534 regs->tf_rsp = (uintptr_t)sfp; 535 regs->tf_rip = PROC_SIGCODE(p) + 536 VDSO_FREEBSD4_IA32_SIGCODE_OFFSET - VDSO_IA32_SIGCODE_OFFSET; 537 regs->tf_rflags &= ~(PSL_T | PSL_D); 538 regs->tf_cs = _ucode32sel; 539 regs->tf_ss = _udatasel; 540 regs->tf_ds = _udatasel; 541 regs->tf_es = _udatasel; 542 set_pcb_flags(td->td_pcb, PCB_FULL_IRET); 543 /* leave user %fs and %gs untouched */ 544 PROC_LOCK(p); 545 mtx_lock(&psp->ps_mtx); 546 } 547 #endif /* COMPAT_FREEBSD4 */ 548 549 void 550 ia32_sendsig(sig_t catcher, ksiginfo_t *ksi, sigset_t *mask) 551 { 552 struct ia32_sigframe sf, *sfp; 553 struct siginfo32 siginfo; 554 struct proc *p; 555 struct thread *td; 556 struct sigacts *psp; 557 char *sp; 558 struct trapframe *regs; 559 char *xfpusave; 560 size_t xfpusave_len; 561 int oonstack; 562 int sig; 563 564 siginfo_to_siginfo32(&ksi->ksi_info, &siginfo); 565 td = curthread; 566 p = td->td_proc; 567 PROC_LOCK_ASSERT(p, MA_OWNED); 568 sig = siginfo.si_signo; 569 psp = p->p_sigacts; 570 #ifdef COMPAT_FREEBSD4 571 if (SIGISMEMBER(psp->ps_freebsd4, sig)) { 572 freebsd4_ia32_sendsig(catcher, ksi, mask); 573 return; 574 } 575 #endif 576 #ifdef COMPAT_43 577 if (SIGISMEMBER(psp->ps_osigset, sig)) { 578 ia32_osendsig(catcher, ksi, mask); 579 return; 580 } 581 #endif 582 mtx_assert(&psp->ps_mtx, MA_OWNED); 583 regs = td->td_frame; 584 oonstack = sigonstack(regs->tf_rsp); 585 586 /* Save user context. */ 587 bzero(&sf, sizeof(sf)); 588 sf.sf_uc.uc_sigmask = *mask; 589 sf.sf_uc.uc_stack.ss_sp = (uintptr_t)td->td_sigstk.ss_sp; 590 sf.sf_uc.uc_stack.ss_size = td->td_sigstk.ss_size; 591 sf.sf_uc.uc_stack.ss_flags = (td->td_pflags & TDP_ALTSTACK) 592 ? ((oonstack) ? SS_ONSTACK : 0) : SS_DISABLE; 593 sf.sf_uc.uc_mcontext.mc_onstack = (oonstack) ? 1 : 0; 594 sf.sf_uc.uc_mcontext.mc_edi = regs->tf_rdi; 595 sf.sf_uc.uc_mcontext.mc_esi = regs->tf_rsi; 596 sf.sf_uc.uc_mcontext.mc_ebp = regs->tf_rbp; 597 sf.sf_uc.uc_mcontext.mc_isp = regs->tf_rsp; /* XXX */ 598 sf.sf_uc.uc_mcontext.mc_ebx = regs->tf_rbx; 599 sf.sf_uc.uc_mcontext.mc_edx = regs->tf_rdx; 600 sf.sf_uc.uc_mcontext.mc_ecx = regs->tf_rcx; 601 sf.sf_uc.uc_mcontext.mc_eax = regs->tf_rax; 602 sf.sf_uc.uc_mcontext.mc_trapno = regs->tf_trapno; 603 sf.sf_uc.uc_mcontext.mc_err = regs->tf_err; 604 sf.sf_uc.uc_mcontext.mc_eip = regs->tf_rip; 605 sf.sf_uc.uc_mcontext.mc_cs = regs->tf_cs; 606 sf.sf_uc.uc_mcontext.mc_eflags = regs->tf_rflags; 607 sf.sf_uc.uc_mcontext.mc_esp = regs->tf_rsp; 608 sf.sf_uc.uc_mcontext.mc_ss = regs->tf_ss; 609 sf.sf_uc.uc_mcontext.mc_ds = regs->tf_ds; 610 sf.sf_uc.uc_mcontext.mc_es = regs->tf_es; 611 sf.sf_uc.uc_mcontext.mc_fs = regs->tf_fs; 612 sf.sf_uc.uc_mcontext.mc_gs = regs->tf_gs; 613 sf.sf_uc.uc_mcontext.mc_len = sizeof(sf.sf_uc.uc_mcontext); /* magic */ 614 ia32_get_fpcontext(td, &sf.sf_uc.uc_mcontext, &xfpusave, &xfpusave_len); 615 sf.sf_uc.uc_mcontext.mc_fsbase = td->td_pcb->pcb_fsbase; 616 sf.sf_uc.uc_mcontext.mc_gsbase = td->td_pcb->pcb_gsbase; 617 618 /* Allocate space for the signal handler context. */ 619 if ((td->td_pflags & TDP_ALTSTACK) != 0 && !oonstack && 620 SIGISMEMBER(psp->ps_sigonstack, sig)) 621 sp = (char *)td->td_sigstk.ss_sp + td->td_sigstk.ss_size; 622 else 623 sp = (char *)regs->tf_rsp; 624 if (xfpusave != NULL) { 625 sp -= xfpusave_len; 626 sp = (char *)((unsigned long)sp & ~0x3Ful); 627 sf.sf_uc.uc_mcontext.mc_xfpustate = (register_t)sp; 628 } 629 sp -= sizeof(sf); 630 /* Align to 16 bytes. */ 631 sfp = (struct ia32_sigframe *)((uintptr_t)sp & ~0xF); 632 PROC_UNLOCK(p); 633 634 /* Build the argument list for the signal handler. */ 635 sf.sf_signum = sig; 636 sf.sf_ucontext = (register_t)&sfp->sf_uc; 637 bzero(&sf.sf_si, sizeof(sf.sf_si)); 638 if (SIGISMEMBER(psp->ps_siginfo, sig)) { 639 /* Signal handler installed with SA_SIGINFO. */ 640 sf.sf_siginfo = (u_int32_t)(uintptr_t)&sfp->sf_si; 641 sf.sf_ah = (u_int32_t)(uintptr_t)catcher; 642 643 /* Fill in POSIX parts */ 644 sf.sf_si = siginfo; 645 sf.sf_si.si_signo = sig; 646 } else { 647 /* Old FreeBSD-style arguments. */ 648 sf.sf_siginfo = siginfo.si_code; 649 sf.sf_addr = (u_int32_t)siginfo.si_addr; 650 sf.sf_ah = (u_int32_t)(uintptr_t)catcher; 651 } 652 mtx_unlock(&psp->ps_mtx); 653 654 /* 655 * Copy the sigframe out to the user's stack. 656 */ 657 if (copyout(&sf, sfp, sizeof(*sfp)) != 0 || 658 (xfpusave != NULL && copyout(xfpusave, 659 PTRIN(sf.sf_uc.uc_mcontext.mc_xfpustate), xfpusave_len) 660 != 0)) { 661 #ifdef DEBUG 662 printf("process %ld has trashed its stack\n", (long)p->p_pid); 663 #endif 664 PROC_LOCK(p); 665 sigexit(td, SIGILL); 666 } 667 668 fpstate_drop(td); 669 regs->tf_rsp = (uintptr_t)sfp; 670 regs->tf_rip = PROC_SIGCODE(p); 671 regs->tf_rflags &= ~(PSL_T | PSL_D); 672 regs->tf_cs = _ucode32sel; 673 regs->tf_ss = _udatasel; 674 regs->tf_ds = _udatasel; 675 regs->tf_es = _udatasel; 676 set_pcb_flags(td->td_pcb, PCB_FULL_IRET); 677 /* XXXKIB leave user %fs and %gs untouched */ 678 PROC_LOCK(p); 679 mtx_lock(&psp->ps_mtx); 680 } 681 682 /* 683 * System call to cleanup state after a signal 684 * has been taken. Reset signal mask and 685 * stack state from context left by sendsig (above). 686 * Return to previous pc and psl as specified by 687 * context left by sendsig. Check carefully to 688 * make sure that the user has not modified the 689 * state to gain improper privileges. 690 */ 691 692 #ifdef COMPAT_43 693 int 694 ofreebsd32_sigreturn(struct thread *td, struct ofreebsd32_sigreturn_args *uap) 695 { 696 struct ia32_osigcontext sc, *scp; 697 struct trapframe *regs; 698 int eflags, error; 699 ksiginfo_t ksi; 700 701 regs = td->td_frame; 702 error = copyin(uap->sigcntxp, &sc, sizeof(sc)); 703 if (error != 0) 704 return (error); 705 scp = ≻ 706 eflags = scp->sc_eflags; 707 if (!EFL_SECURE(eflags, regs->tf_rflags)) { 708 return (EINVAL); 709 } 710 if (!CS_SECURE(scp->sc_cs)) { 711 ksiginfo_init_trap(&ksi); 712 ksi.ksi_signo = SIGBUS; 713 ksi.ksi_code = BUS_OBJERR; 714 ksi.ksi_trapno = T_PROTFLT; 715 ksi.ksi_addr = (void *)regs->tf_rip; 716 trapsignal(td, &ksi); 717 return (EINVAL); 718 } 719 regs->tf_ds = scp->sc_ds; 720 regs->tf_es = scp->sc_es; 721 regs->tf_fs = scp->sc_fs; 722 regs->tf_gs = scp->sc_gs; 723 724 regs->tf_rax = scp->sc_eax; 725 regs->tf_rbx = scp->sc_ebx; 726 regs->tf_rcx = scp->sc_ecx; 727 regs->tf_rdx = scp->sc_edx; 728 regs->tf_rsi = scp->sc_esi; 729 regs->tf_rdi = scp->sc_edi; 730 regs->tf_cs = scp->sc_cs; 731 regs->tf_ss = scp->sc_ss; 732 regs->tf_rbp = scp->sc_ebp; 733 regs->tf_rsp = scp->sc_esp; 734 regs->tf_rip = scp->sc_eip; 735 regs->tf_rflags = eflags; 736 737 if (scp->sc_onstack & 1) 738 td->td_sigstk.ss_flags |= SS_ONSTACK; 739 else 740 td->td_sigstk.ss_flags &= ~SS_ONSTACK; 741 742 kern_sigprocmask(td, SIG_SETMASK, (sigset_t *)&scp->sc_mask, NULL, 743 SIGPROCMASK_OLD); 744 set_pcb_flags(td->td_pcb, PCB_FULL_IRET); 745 return (EJUSTRETURN); 746 } 747 #endif 748 749 #ifdef COMPAT_FREEBSD4 750 int 751 freebsd4_freebsd32_sigreturn(struct thread *td, 752 struct freebsd4_freebsd32_sigreturn_args *uap) 753 { 754 struct ia32_freebsd4_ucontext uc; 755 struct trapframe *regs; 756 struct ia32_freebsd4_ucontext *ucp; 757 int cs, eflags, error; 758 ksiginfo_t ksi; 759 760 error = copyin(uap->sigcntxp, &uc, sizeof(uc)); 761 if (error != 0) 762 return (error); 763 ucp = &uc; 764 regs = td->td_frame; 765 eflags = ucp->uc_mcontext.mc_eflags; 766 /* 767 * Don't allow users to change privileged or reserved flags. 768 */ 769 if (!EFL_SECURE(eflags, regs->tf_rflags)) { 770 uprintf("pid %d (%s): freebsd4_freebsd32_sigreturn eflags = 0x%x\n", 771 td->td_proc->p_pid, td->td_name, eflags); 772 return (EINVAL); 773 } 774 775 /* 776 * Don't allow users to load a valid privileged %cs. Let the 777 * hardware check for invalid selectors, excess privilege in 778 * other selectors, invalid %eip's and invalid %esp's. 779 */ 780 cs = ucp->uc_mcontext.mc_cs; 781 if (!CS_SECURE(cs)) { 782 uprintf("pid %d (%s): freebsd4_sigreturn cs = 0x%x\n", 783 td->td_proc->p_pid, td->td_name, cs); 784 ksiginfo_init_trap(&ksi); 785 ksi.ksi_signo = SIGBUS; 786 ksi.ksi_code = BUS_OBJERR; 787 ksi.ksi_trapno = T_PROTFLT; 788 ksi.ksi_addr = (void *)regs->tf_rip; 789 trapsignal(td, &ksi); 790 return (EINVAL); 791 } 792 793 regs->tf_rdi = ucp->uc_mcontext.mc_edi; 794 regs->tf_rsi = ucp->uc_mcontext.mc_esi; 795 regs->tf_rbp = ucp->uc_mcontext.mc_ebp; 796 regs->tf_rbx = ucp->uc_mcontext.mc_ebx; 797 regs->tf_rdx = ucp->uc_mcontext.mc_edx; 798 regs->tf_rcx = ucp->uc_mcontext.mc_ecx; 799 regs->tf_rax = ucp->uc_mcontext.mc_eax; 800 regs->tf_trapno = ucp->uc_mcontext.mc_trapno; 801 regs->tf_err = ucp->uc_mcontext.mc_err; 802 regs->tf_rip = ucp->uc_mcontext.mc_eip; 803 regs->tf_cs = cs; 804 regs->tf_rflags = ucp->uc_mcontext.mc_eflags; 805 regs->tf_rsp = ucp->uc_mcontext.mc_esp; 806 regs->tf_ss = ucp->uc_mcontext.mc_ss; 807 regs->tf_ds = ucp->uc_mcontext.mc_ds; 808 regs->tf_es = ucp->uc_mcontext.mc_es; 809 regs->tf_fs = ucp->uc_mcontext.mc_fs; 810 regs->tf_gs = ucp->uc_mcontext.mc_gs; 811 812 kern_sigprocmask(td, SIG_SETMASK, &ucp->uc_sigmask, NULL, 0); 813 set_pcb_flags(td->td_pcb, PCB_FULL_IRET); 814 return (EJUSTRETURN); 815 } 816 #endif /* COMPAT_FREEBSD4 */ 817 818 int 819 freebsd32_sigreturn(struct thread *td, struct freebsd32_sigreturn_args *uap) 820 { 821 struct ia32_ucontext uc; 822 struct trapframe *regs; 823 struct ia32_ucontext *ucp; 824 char *xfpustate; 825 size_t xfpustate_len; 826 int cs, eflags, error, ret; 827 ksiginfo_t ksi; 828 829 error = copyin(uap->sigcntxp, &uc, sizeof(uc)); 830 if (error != 0) 831 return (error); 832 ucp = &uc; 833 regs = td->td_frame; 834 eflags = ucp->uc_mcontext.mc_eflags; 835 /* 836 * Don't allow users to change privileged or reserved flags. 837 */ 838 if (!EFL_SECURE(eflags, regs->tf_rflags)) { 839 uprintf("pid %d (%s): freebsd32_sigreturn eflags = 0x%x\n", 840 td->td_proc->p_pid, td->td_name, eflags); 841 return (EINVAL); 842 } 843 844 /* 845 * Don't allow users to load a valid privileged %cs. Let the 846 * hardware check for invalid selectors, excess privilege in 847 * other selectors, invalid %eip's and invalid %esp's. 848 */ 849 cs = ucp->uc_mcontext.mc_cs; 850 if (!CS_SECURE(cs)) { 851 uprintf("pid %d (%s): sigreturn cs = 0x%x\n", 852 td->td_proc->p_pid, td->td_name, cs); 853 ksiginfo_init_trap(&ksi); 854 ksi.ksi_signo = SIGBUS; 855 ksi.ksi_code = BUS_OBJERR; 856 ksi.ksi_trapno = T_PROTFLT; 857 ksi.ksi_addr = (void *)regs->tf_rip; 858 trapsignal(td, &ksi); 859 return (EINVAL); 860 } 861 862 if ((ucp->uc_mcontext.mc_flags & _MC_HASFPXSTATE) != 0) { 863 xfpustate_len = uc.uc_mcontext.mc_xfpustate_len; 864 if (xfpustate_len > cpu_max_ext_state_size - 865 sizeof(struct savefpu)) { 866 uprintf("pid %d (%s): sigreturn xfpusave_len = 0x%zx\n", 867 td->td_proc->p_pid, td->td_name, xfpustate_len); 868 return (EINVAL); 869 } 870 xfpustate = (char *)fpu_save_area_alloc(); 871 error = copyin(PTRIN(ucp->uc_mcontext.mc_xfpustate), 872 xfpustate, xfpustate_len); 873 if (error != 0) { 874 fpu_save_area_free((struct savefpu *)xfpustate); 875 uprintf( 876 "pid %d (%s): sigreturn copying xfpustate failed\n", 877 td->td_proc->p_pid, td->td_name); 878 return (error); 879 } 880 } else { 881 xfpustate = NULL; 882 xfpustate_len = 0; 883 } 884 ret = ia32_set_fpcontext(td, &ucp->uc_mcontext, xfpustate, 885 xfpustate_len); 886 fpu_save_area_free((struct savefpu *)xfpustate); 887 if (ret != 0) { 888 uprintf("pid %d (%s): sigreturn set_fpcontext err %d\n", 889 td->td_proc->p_pid, td->td_name, ret); 890 return (ret); 891 } 892 893 regs->tf_rdi = ucp->uc_mcontext.mc_edi; 894 regs->tf_rsi = ucp->uc_mcontext.mc_esi; 895 regs->tf_rbp = ucp->uc_mcontext.mc_ebp; 896 regs->tf_rbx = ucp->uc_mcontext.mc_ebx; 897 regs->tf_rdx = ucp->uc_mcontext.mc_edx; 898 regs->tf_rcx = ucp->uc_mcontext.mc_ecx; 899 regs->tf_rax = ucp->uc_mcontext.mc_eax; 900 regs->tf_trapno = ucp->uc_mcontext.mc_trapno; 901 regs->tf_err = ucp->uc_mcontext.mc_err; 902 regs->tf_rip = ucp->uc_mcontext.mc_eip; 903 regs->tf_cs = cs; 904 regs->tf_rflags = ucp->uc_mcontext.mc_eflags; 905 regs->tf_rsp = ucp->uc_mcontext.mc_esp; 906 regs->tf_ss = ucp->uc_mcontext.mc_ss; 907 regs->tf_ds = ucp->uc_mcontext.mc_ds; 908 regs->tf_es = ucp->uc_mcontext.mc_es; 909 regs->tf_fs = ucp->uc_mcontext.mc_fs; 910 regs->tf_gs = ucp->uc_mcontext.mc_gs; 911 regs->tf_flags = TF_HASSEGS; 912 913 kern_sigprocmask(td, SIG_SETMASK, &ucp->uc_sigmask, NULL, 0); 914 set_pcb_flags(td->td_pcb, PCB_FULL_IRET); 915 return (EJUSTRETURN); 916 } 917 918 /* 919 * Clear registers on exec 920 */ 921 void 922 ia32_setregs(struct thread *td, struct image_params *imgp, uintptr_t stack) 923 { 924 struct trapframe *regs; 925 struct pcb *pcb; 926 register_t saved_rflags; 927 928 regs = td->td_frame; 929 pcb = td->td_pcb; 930 931 if (td->td_proc->p_md.md_ldt != NULL) 932 user_ldt_free(td); 933 #ifdef COMPAT_43 934 setup_lcall_gate(); 935 #endif 936 937 pcb->pcb_fsbase = 0; 938 pcb->pcb_gsbase = 0; 939 pcb->pcb_initial_fpucw = __INITIAL_FPUCW_I386__; 940 941 saved_rflags = regs->tf_rflags & PSL_T; 942 bzero((char *)regs, sizeof(struct trapframe)); 943 regs->tf_rip = imgp->entry_addr; 944 regs->tf_rsp = stack; 945 regs->tf_rflags = PSL_USER | saved_rflags; 946 regs->tf_ss = _udatasel; 947 regs->tf_cs = _ucode32sel; 948 regs->tf_rbx = (register_t)imgp->ps_strings; 949 regs->tf_ds = _udatasel; 950 regs->tf_es = _udatasel; 951 regs->tf_fs = _ufssel; 952 regs->tf_gs = _ugssel; 953 regs->tf_flags = TF_HASSEGS; 954 955 x86_clear_dbregs(pcb); 956 957 fpstate_drop(td); 958 959 /* Return via doreti so that we can change to a different %cs */ 960 set_pcb_flags(pcb, PCB_32BIT | PCB_FULL_IRET); 961 } 962