1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2003 Peter Wemm 5 * Copyright (c) 1982, 1987, 1990 The Regents of the University of California. 6 * All rights reserved. 7 * 8 * This code is derived from software contributed to Berkeley by 9 * William Jolitz. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. Neither the name of the University nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include <sys/cdefs.h> 37 __FBSDID("$FreeBSD$"); 38 39 #include "opt_compat.h" 40 41 #include <sys/param.h> 42 #include <sys/exec.h> 43 #include <sys/fcntl.h> 44 #include <sys/imgact.h> 45 #include <sys/kernel.h> 46 #include <sys/lock.h> 47 #include <sys/malloc.h> 48 #include <sys/mutex.h> 49 #include <sys/mman.h> 50 #include <sys/namei.h> 51 #include <sys/pioctl.h> 52 #include <sys/proc.h> 53 #include <sys/procfs.h> 54 #include <sys/resourcevar.h> 55 #include <sys/systm.h> 56 #include <sys/signalvar.h> 57 #include <sys/stat.h> 58 #include <sys/sx.h> 59 #include <sys/syscall.h> 60 #include <sys/syscallsubr.h> 61 #include <sys/sysctl.h> 62 #include <sys/sysent.h> 63 #include <sys/vnode.h> 64 65 #include <vm/vm.h> 66 #include <vm/vm_kern.h> 67 #include <vm/vm_param.h> 68 #include <vm/pmap.h> 69 #include <vm/vm_map.h> 70 #include <vm/vm_object.h> 71 #include <vm/vm_extern.h> 72 73 #include <compat/freebsd32/freebsd32_signal.h> 74 #include <compat/freebsd32/freebsd32_util.h> 75 #include <compat/freebsd32/freebsd32_proto.h> 76 #include <compat/freebsd32/freebsd32.h> 77 #include <compat/ia32/ia32_signal.h> 78 #include <machine/psl.h> 79 #include <machine/segments.h> 80 #include <machine/specialreg.h> 81 #include <machine/frame.h> 82 #include <machine/md_var.h> 83 #include <machine/pcb.h> 84 #include <machine/cpufunc.h> 85 #include <machine/trap.h> 86 87 #ifdef COMPAT_FREEBSD4 88 static void freebsd4_ia32_sendsig(sig_t, ksiginfo_t *, sigset_t *); 89 #endif 90 91 #define CS_SECURE(cs) (ISPL(cs) == SEL_UPL) 92 #define EFL_SECURE(ef, oef) ((((ef) ^ (oef)) & ~PSL_USERCHANGE) == 0) 93 94 static void 95 ia32_get_fpcontext(struct thread *td, struct ia32_mcontext *mcp, 96 char *xfpusave, size_t xfpusave_len) 97 { 98 size_t max_len, len; 99 100 /* 101 * XXX Format of 64bit and 32bit FXSAVE areas differs. FXSAVE 102 * in 32bit mode saves %cs and %ds, while on 64bit it saves 103 * 64bit instruction and data pointers. Ignore the difference 104 * for now, it should be irrelevant for most applications. 105 */ 106 mcp->mc_ownedfp = fpugetregs(td); 107 bcopy(get_pcb_user_save_td(td), &mcp->mc_fpstate[0], 108 sizeof(mcp->mc_fpstate)); 109 mcp->mc_fpformat = fpuformat(); 110 if (!use_xsave || xfpusave_len == 0) 111 return; 112 max_len = cpu_max_ext_state_size - sizeof(struct savefpu); 113 len = xfpusave_len; 114 if (len > max_len) { 115 len = max_len; 116 bzero(xfpusave + max_len, len - max_len); 117 } 118 mcp->mc_flags |= _MC_IA32_HASFPXSTATE; 119 mcp->mc_xfpustate_len = len; 120 bcopy(get_pcb_user_save_td(td) + 1, xfpusave, len); 121 } 122 123 static int 124 ia32_set_fpcontext(struct thread *td, struct ia32_mcontext *mcp, 125 char *xfpustate, size_t xfpustate_len) 126 { 127 int error; 128 129 if (mcp->mc_fpformat == _MC_FPFMT_NODEV) 130 return (0); 131 else if (mcp->mc_fpformat != _MC_FPFMT_XMM) 132 return (EINVAL); 133 else if (mcp->mc_ownedfp == _MC_FPOWNED_NONE) { 134 /* We don't care what state is left in the FPU or PCB. */ 135 fpstate_drop(td); 136 error = 0; 137 } else if (mcp->mc_ownedfp == _MC_FPOWNED_FPU || 138 mcp->mc_ownedfp == _MC_FPOWNED_PCB) { 139 error = fpusetregs(td, (struct savefpu *)&mcp->mc_fpstate, 140 xfpustate, xfpustate_len); 141 } else 142 return (EINVAL); 143 return (error); 144 } 145 146 /* 147 * Get machine context. 148 */ 149 static int 150 ia32_get_mcontext(struct thread *td, struct ia32_mcontext *mcp, int flags) 151 { 152 struct pcb *pcb; 153 struct trapframe *tp; 154 155 pcb = td->td_pcb; 156 tp = td->td_frame; 157 158 PROC_LOCK(curthread->td_proc); 159 mcp->mc_onstack = sigonstack(tp->tf_rsp); 160 PROC_UNLOCK(curthread->td_proc); 161 /* Entry into kernel always sets TF_HASSEGS */ 162 mcp->mc_gs = tp->tf_gs; 163 mcp->mc_fs = tp->tf_fs; 164 mcp->mc_es = tp->tf_es; 165 mcp->mc_ds = tp->tf_ds; 166 mcp->mc_edi = tp->tf_rdi; 167 mcp->mc_esi = tp->tf_rsi; 168 mcp->mc_ebp = tp->tf_rbp; 169 mcp->mc_isp = tp->tf_rsp; 170 mcp->mc_eflags = tp->tf_rflags; 171 if (flags & GET_MC_CLEAR_RET) { 172 mcp->mc_eax = 0; 173 mcp->mc_edx = 0; 174 mcp->mc_eflags &= ~PSL_C; 175 } else { 176 mcp->mc_eax = tp->tf_rax; 177 mcp->mc_edx = tp->tf_rdx; 178 } 179 mcp->mc_ebx = tp->tf_rbx; 180 mcp->mc_ecx = tp->tf_rcx; 181 mcp->mc_eip = tp->tf_rip; 182 mcp->mc_cs = tp->tf_cs; 183 mcp->mc_esp = tp->tf_rsp; 184 mcp->mc_ss = tp->tf_ss; 185 mcp->mc_len = sizeof(*mcp); 186 mcp->mc_flags = tp->tf_flags; 187 ia32_get_fpcontext(td, mcp, NULL, 0); 188 mcp->mc_fsbase = pcb->pcb_fsbase; 189 mcp->mc_gsbase = pcb->pcb_gsbase; 190 mcp->mc_xfpustate = 0; 191 mcp->mc_xfpustate_len = 0; 192 bzero(mcp->mc_spare2, sizeof(mcp->mc_spare2)); 193 return (0); 194 } 195 196 /* 197 * Set machine context. 198 * 199 * However, we don't set any but the user modifiable flags, and we won't 200 * touch the cs selector. 201 */ 202 static int 203 ia32_set_mcontext(struct thread *td, struct ia32_mcontext *mcp) 204 { 205 struct trapframe *tp; 206 char *xfpustate; 207 long rflags; 208 int ret; 209 210 tp = td->td_frame; 211 if (mcp->mc_len != sizeof(*mcp)) 212 return (EINVAL); 213 rflags = (mcp->mc_eflags & PSL_USERCHANGE) | 214 (tp->tf_rflags & ~PSL_USERCHANGE); 215 if (mcp->mc_flags & _MC_IA32_HASFPXSTATE) { 216 if (mcp->mc_xfpustate_len > cpu_max_ext_state_size - 217 sizeof(struct savefpu)) 218 return (EINVAL); 219 xfpustate = __builtin_alloca(mcp->mc_xfpustate_len); 220 ret = copyin(PTRIN(mcp->mc_xfpustate), xfpustate, 221 mcp->mc_xfpustate_len); 222 if (ret != 0) 223 return (ret); 224 } else 225 xfpustate = NULL; 226 ret = ia32_set_fpcontext(td, mcp, xfpustate, mcp->mc_xfpustate_len); 227 if (ret != 0) 228 return (ret); 229 tp->tf_gs = mcp->mc_gs; 230 tp->tf_fs = mcp->mc_fs; 231 tp->tf_es = mcp->mc_es; 232 tp->tf_ds = mcp->mc_ds; 233 tp->tf_flags = TF_HASSEGS; 234 tp->tf_rdi = mcp->mc_edi; 235 tp->tf_rsi = mcp->mc_esi; 236 tp->tf_rbp = mcp->mc_ebp; 237 tp->tf_rbx = mcp->mc_ebx; 238 tp->tf_rdx = mcp->mc_edx; 239 tp->tf_rcx = mcp->mc_ecx; 240 tp->tf_rax = mcp->mc_eax; 241 /* trapno, err */ 242 tp->tf_rip = mcp->mc_eip; 243 tp->tf_rflags = rflags; 244 tp->tf_rsp = mcp->mc_esp; 245 tp->tf_ss = mcp->mc_ss; 246 set_pcb_flags(td->td_pcb, PCB_FULL_IRET); 247 return (0); 248 } 249 250 /* 251 * The first two fields of a ucontext_t are the signal mask and 252 * the machine context. The next field is uc_link; we want to 253 * avoid destroying the link when copying out contexts. 254 */ 255 #define UC_COPY_SIZE offsetof(struct ia32_ucontext, uc_link) 256 257 int 258 freebsd32_getcontext(struct thread *td, struct freebsd32_getcontext_args *uap) 259 { 260 struct ia32_ucontext uc; 261 int ret; 262 263 if (uap->ucp == NULL) 264 ret = EINVAL; 265 else { 266 ia32_get_mcontext(td, &uc.uc_mcontext, GET_MC_CLEAR_RET); 267 PROC_LOCK(td->td_proc); 268 uc.uc_sigmask = td->td_sigmask; 269 PROC_UNLOCK(td->td_proc); 270 bzero(&uc.__spare__, sizeof(uc.__spare__)); 271 ret = copyout(&uc, uap->ucp, UC_COPY_SIZE); 272 } 273 return (ret); 274 } 275 276 int 277 freebsd32_setcontext(struct thread *td, struct freebsd32_setcontext_args *uap) 278 { 279 struct ia32_ucontext uc; 280 int ret; 281 282 if (uap->ucp == NULL) 283 ret = EINVAL; 284 else { 285 ret = copyin(uap->ucp, &uc, UC_COPY_SIZE); 286 if (ret == 0) { 287 ret = ia32_set_mcontext(td, &uc.uc_mcontext); 288 if (ret == 0) { 289 kern_sigprocmask(td, SIG_SETMASK, 290 &uc.uc_sigmask, NULL, 0); 291 } 292 } 293 } 294 return (ret == 0 ? EJUSTRETURN : ret); 295 } 296 297 int 298 freebsd32_swapcontext(struct thread *td, struct freebsd32_swapcontext_args *uap) 299 { 300 struct ia32_ucontext uc; 301 int ret; 302 303 if (uap->oucp == NULL || uap->ucp == NULL) 304 ret = EINVAL; 305 else { 306 ia32_get_mcontext(td, &uc.uc_mcontext, GET_MC_CLEAR_RET); 307 PROC_LOCK(td->td_proc); 308 uc.uc_sigmask = td->td_sigmask; 309 PROC_UNLOCK(td->td_proc); 310 ret = copyout(&uc, uap->oucp, UC_COPY_SIZE); 311 if (ret == 0) { 312 ret = copyin(uap->ucp, &uc, UC_COPY_SIZE); 313 if (ret == 0) { 314 ret = ia32_set_mcontext(td, &uc.uc_mcontext); 315 if (ret == 0) { 316 kern_sigprocmask(td, SIG_SETMASK, 317 &uc.uc_sigmask, NULL, 0); 318 } 319 } 320 } 321 } 322 return (ret == 0 ? EJUSTRETURN : ret); 323 } 324 325 /* 326 * Send an interrupt to process. 327 * 328 * Stack is set up to allow sigcode stored 329 * at top to call routine, followed by kcall 330 * to sigreturn routine below. After sigreturn 331 * resets the signal mask, the stack, and the 332 * frame pointer, it returns to the user 333 * specified pc, psl. 334 */ 335 336 #ifdef COMPAT_43 337 static void 338 ia32_osendsig(sig_t catcher, ksiginfo_t *ksi, sigset_t *mask) 339 { 340 struct ia32_sigframe3 sf, *fp; 341 struct proc *p; 342 struct thread *td; 343 struct sigacts *psp; 344 struct trapframe *regs; 345 int sig; 346 int oonstack; 347 348 td = curthread; 349 p = td->td_proc; 350 PROC_LOCK_ASSERT(p, MA_OWNED); 351 sig = ksi->ksi_signo; 352 psp = p->p_sigacts; 353 mtx_assert(&psp->ps_mtx, MA_OWNED); 354 regs = td->td_frame; 355 oonstack = sigonstack(regs->tf_rsp); 356 357 /* Allocate space for the signal handler context. */ 358 if ((td->td_pflags & TDP_ALTSTACK) && !oonstack && 359 SIGISMEMBER(psp->ps_sigonstack, sig)) { 360 fp = (struct ia32_sigframe3 *)((uintptr_t)td->td_sigstk.ss_sp + 361 td->td_sigstk.ss_size - sizeof(sf)); 362 td->td_sigstk.ss_flags |= SS_ONSTACK; 363 } else 364 fp = (struct ia32_sigframe3 *)regs->tf_rsp - 1; 365 366 /* Build the argument list for the signal handler. */ 367 sf.sf_signum = sig; 368 sf.sf_scp = (register_t)&fp->sf_siginfo.si_sc; 369 if (SIGISMEMBER(psp->ps_siginfo, sig)) { 370 /* Signal handler installed with SA_SIGINFO. */ 371 sf.sf_arg2 = (register_t)&fp->sf_siginfo; 372 sf.sf_siginfo.si_signo = sig; 373 sf.sf_siginfo.si_code = ksi->ksi_code; 374 sf.sf_ah = (uintptr_t)catcher; 375 } else { 376 /* Old FreeBSD-style arguments. */ 377 sf.sf_arg2 = ksi->ksi_code; 378 sf.sf_addr = (register_t)ksi->ksi_addr; 379 sf.sf_ah = (uintptr_t)catcher; 380 } 381 mtx_unlock(&psp->ps_mtx); 382 PROC_UNLOCK(p); 383 384 /* Save most if not all of trap frame. */ 385 sf.sf_siginfo.si_sc.sc_eax = regs->tf_rax; 386 sf.sf_siginfo.si_sc.sc_ebx = regs->tf_rbx; 387 sf.sf_siginfo.si_sc.sc_ecx = regs->tf_rcx; 388 sf.sf_siginfo.si_sc.sc_edx = regs->tf_rdx; 389 sf.sf_siginfo.si_sc.sc_esi = regs->tf_rsi; 390 sf.sf_siginfo.si_sc.sc_edi = regs->tf_rdi; 391 sf.sf_siginfo.si_sc.sc_cs = regs->tf_cs; 392 sf.sf_siginfo.si_sc.sc_ds = regs->tf_ds; 393 sf.sf_siginfo.si_sc.sc_ss = regs->tf_ss; 394 sf.sf_siginfo.si_sc.sc_es = regs->tf_es; 395 sf.sf_siginfo.si_sc.sc_fs = regs->tf_fs; 396 sf.sf_siginfo.si_sc.sc_gs = regs->tf_gs; 397 sf.sf_siginfo.si_sc.sc_isp = regs->tf_rsp; 398 399 /* Build the signal context to be used by osigreturn(). */ 400 sf.sf_siginfo.si_sc.sc_onstack = (oonstack) ? 1 : 0; 401 SIG2OSIG(*mask, sf.sf_siginfo.si_sc.sc_mask); 402 sf.sf_siginfo.si_sc.sc_esp = regs->tf_rsp; 403 sf.sf_siginfo.si_sc.sc_ebp = regs->tf_rbp; 404 sf.sf_siginfo.si_sc.sc_eip = regs->tf_rip; 405 sf.sf_siginfo.si_sc.sc_eflags = regs->tf_rflags; 406 sf.sf_siginfo.si_sc.sc_trapno = regs->tf_trapno; 407 sf.sf_siginfo.si_sc.sc_err = regs->tf_err; 408 409 /* 410 * Copy the sigframe out to the user's stack. 411 */ 412 if (copyout(&sf, fp, sizeof(*fp)) != 0) { 413 #ifdef DEBUG 414 printf("process %ld has trashed its stack\n", (long)p->p_pid); 415 #endif 416 PROC_LOCK(p); 417 sigexit(td, SIGILL); 418 } 419 420 regs->tf_rsp = (uintptr_t)fp; 421 regs->tf_rip = p->p_sysent->sv_psstrings - sz_ia32_osigcode; 422 regs->tf_rflags &= ~(PSL_T | PSL_D); 423 regs->tf_cs = _ucode32sel; 424 regs->tf_ds = _udatasel; 425 regs->tf_es = _udatasel; 426 regs->tf_fs = _udatasel; 427 regs->tf_ss = _udatasel; 428 set_pcb_flags(td->td_pcb, PCB_FULL_IRET); 429 PROC_LOCK(p); 430 mtx_lock(&psp->ps_mtx); 431 } 432 #endif 433 434 #ifdef COMPAT_FREEBSD4 435 static void 436 freebsd4_ia32_sendsig(sig_t catcher, ksiginfo_t *ksi, sigset_t *mask) 437 { 438 struct ia32_sigframe4 sf, *sfp; 439 struct siginfo32 siginfo; 440 struct proc *p; 441 struct thread *td; 442 struct sigacts *psp; 443 struct trapframe *regs; 444 int oonstack; 445 int sig; 446 447 td = curthread; 448 p = td->td_proc; 449 siginfo_to_siginfo32(&ksi->ksi_info, &siginfo); 450 451 PROC_LOCK_ASSERT(p, MA_OWNED); 452 sig = siginfo.si_signo; 453 psp = p->p_sigacts; 454 mtx_assert(&psp->ps_mtx, MA_OWNED); 455 regs = td->td_frame; 456 oonstack = sigonstack(regs->tf_rsp); 457 458 /* Save user context. */ 459 bzero(&sf, sizeof(sf)); 460 sf.sf_uc.uc_sigmask = *mask; 461 sf.sf_uc.uc_stack.ss_sp = (uintptr_t)td->td_sigstk.ss_sp; 462 sf.sf_uc.uc_stack.ss_size = td->td_sigstk.ss_size; 463 sf.sf_uc.uc_stack.ss_flags = (td->td_pflags & TDP_ALTSTACK) 464 ? ((oonstack) ? SS_ONSTACK : 0) : SS_DISABLE; 465 sf.sf_uc.uc_mcontext.mc_onstack = (oonstack) ? 1 : 0; 466 sf.sf_uc.uc_mcontext.mc_edi = regs->tf_rdi; 467 sf.sf_uc.uc_mcontext.mc_esi = regs->tf_rsi; 468 sf.sf_uc.uc_mcontext.mc_ebp = regs->tf_rbp; 469 sf.sf_uc.uc_mcontext.mc_isp = regs->tf_rsp; /* XXX */ 470 sf.sf_uc.uc_mcontext.mc_ebx = regs->tf_rbx; 471 sf.sf_uc.uc_mcontext.mc_edx = regs->tf_rdx; 472 sf.sf_uc.uc_mcontext.mc_ecx = regs->tf_rcx; 473 sf.sf_uc.uc_mcontext.mc_eax = regs->tf_rax; 474 sf.sf_uc.uc_mcontext.mc_trapno = regs->tf_trapno; 475 sf.sf_uc.uc_mcontext.mc_err = regs->tf_err; 476 sf.sf_uc.uc_mcontext.mc_eip = regs->tf_rip; 477 sf.sf_uc.uc_mcontext.mc_cs = regs->tf_cs; 478 sf.sf_uc.uc_mcontext.mc_eflags = regs->tf_rflags; 479 sf.sf_uc.uc_mcontext.mc_esp = regs->tf_rsp; 480 sf.sf_uc.uc_mcontext.mc_ss = regs->tf_ss; 481 sf.sf_uc.uc_mcontext.mc_ds = regs->tf_ds; 482 sf.sf_uc.uc_mcontext.mc_es = regs->tf_es; 483 sf.sf_uc.uc_mcontext.mc_fs = regs->tf_fs; 484 sf.sf_uc.uc_mcontext.mc_gs = regs->tf_gs; 485 bzero(sf.sf_uc.uc_mcontext.mc_fpregs, 486 sizeof(sf.sf_uc.uc_mcontext.mc_fpregs)); 487 bzero(sf.sf_uc.uc_mcontext.__spare__, 488 sizeof(sf.sf_uc.uc_mcontext.__spare__)); 489 bzero(sf.sf_uc.__spare__, sizeof(sf.sf_uc.__spare__)); 490 491 /* Allocate space for the signal handler context. */ 492 if ((td->td_pflags & TDP_ALTSTACK) != 0 && !oonstack && 493 SIGISMEMBER(psp->ps_sigonstack, sig)) { 494 sfp = (struct ia32_sigframe4 *)((uintptr_t)td->td_sigstk.ss_sp + 495 td->td_sigstk.ss_size - sizeof(sf)); 496 } else 497 sfp = (struct ia32_sigframe4 *)regs->tf_rsp - 1; 498 PROC_UNLOCK(p); 499 500 /* Build the argument list for the signal handler. */ 501 sf.sf_signum = sig; 502 sf.sf_ucontext = (register_t)&sfp->sf_uc; 503 bzero(&sf.sf_si, sizeof(sf.sf_si)); 504 if (SIGISMEMBER(psp->ps_siginfo, sig)) { 505 /* Signal handler installed with SA_SIGINFO. */ 506 sf.sf_siginfo = (u_int32_t)(uintptr_t)&sfp->sf_si; 507 sf.sf_ah = (u_int32_t)(uintptr_t)catcher; 508 509 /* Fill in POSIX parts */ 510 sf.sf_si = siginfo; 511 sf.sf_si.si_signo = sig; 512 } else { 513 /* Old FreeBSD-style arguments. */ 514 sf.sf_siginfo = siginfo.si_code; 515 sf.sf_addr = (u_int32_t)siginfo.si_addr; 516 sf.sf_ah = (u_int32_t)(uintptr_t)catcher; 517 } 518 mtx_unlock(&psp->ps_mtx); 519 520 /* 521 * Copy the sigframe out to the user's stack. 522 */ 523 if (copyout(&sf, sfp, sizeof(*sfp)) != 0) { 524 #ifdef DEBUG 525 printf("process %ld has trashed its stack\n", (long)p->p_pid); 526 #endif 527 PROC_LOCK(p); 528 sigexit(td, SIGILL); 529 } 530 531 regs->tf_rsp = (uintptr_t)sfp; 532 regs->tf_rip = p->p_sysent->sv_sigcode_base + sz_ia32_sigcode - 533 sz_freebsd4_ia32_sigcode; 534 regs->tf_rflags &= ~(PSL_T | PSL_D); 535 regs->tf_cs = _ucode32sel; 536 regs->tf_ss = _udatasel; 537 regs->tf_ds = _udatasel; 538 regs->tf_es = _udatasel; 539 set_pcb_flags(td->td_pcb, PCB_FULL_IRET); 540 /* leave user %fs and %gs untouched */ 541 PROC_LOCK(p); 542 mtx_lock(&psp->ps_mtx); 543 } 544 #endif /* COMPAT_FREEBSD4 */ 545 546 void 547 ia32_sendsig(sig_t catcher, ksiginfo_t *ksi, sigset_t *mask) 548 { 549 struct ia32_sigframe sf, *sfp; 550 struct siginfo32 siginfo; 551 struct proc *p; 552 struct thread *td; 553 struct sigacts *psp; 554 char *sp; 555 struct trapframe *regs; 556 char *xfpusave; 557 size_t xfpusave_len; 558 int oonstack; 559 int sig; 560 561 siginfo_to_siginfo32(&ksi->ksi_info, &siginfo); 562 td = curthread; 563 p = td->td_proc; 564 PROC_LOCK_ASSERT(p, MA_OWNED); 565 sig = siginfo.si_signo; 566 psp = p->p_sigacts; 567 #ifdef COMPAT_FREEBSD4 568 if (SIGISMEMBER(psp->ps_freebsd4, sig)) { 569 freebsd4_ia32_sendsig(catcher, ksi, mask); 570 return; 571 } 572 #endif 573 #ifdef COMPAT_43 574 if (SIGISMEMBER(psp->ps_osigset, sig)) { 575 ia32_osendsig(catcher, ksi, mask); 576 return; 577 } 578 #endif 579 mtx_assert(&psp->ps_mtx, MA_OWNED); 580 regs = td->td_frame; 581 oonstack = sigonstack(regs->tf_rsp); 582 583 if (cpu_max_ext_state_size > sizeof(struct savefpu) && use_xsave) { 584 xfpusave_len = cpu_max_ext_state_size - sizeof(struct savefpu); 585 xfpusave = __builtin_alloca(xfpusave_len); 586 } else { 587 xfpusave_len = 0; 588 xfpusave = NULL; 589 } 590 591 /* Save user context. */ 592 bzero(&sf, sizeof(sf)); 593 sf.sf_uc.uc_sigmask = *mask; 594 sf.sf_uc.uc_stack.ss_sp = (uintptr_t)td->td_sigstk.ss_sp; 595 sf.sf_uc.uc_stack.ss_size = td->td_sigstk.ss_size; 596 sf.sf_uc.uc_stack.ss_flags = (td->td_pflags & TDP_ALTSTACK) 597 ? ((oonstack) ? SS_ONSTACK : 0) : SS_DISABLE; 598 sf.sf_uc.uc_mcontext.mc_onstack = (oonstack) ? 1 : 0; 599 sf.sf_uc.uc_mcontext.mc_edi = regs->tf_rdi; 600 sf.sf_uc.uc_mcontext.mc_esi = regs->tf_rsi; 601 sf.sf_uc.uc_mcontext.mc_ebp = regs->tf_rbp; 602 sf.sf_uc.uc_mcontext.mc_isp = regs->tf_rsp; /* XXX */ 603 sf.sf_uc.uc_mcontext.mc_ebx = regs->tf_rbx; 604 sf.sf_uc.uc_mcontext.mc_edx = regs->tf_rdx; 605 sf.sf_uc.uc_mcontext.mc_ecx = regs->tf_rcx; 606 sf.sf_uc.uc_mcontext.mc_eax = regs->tf_rax; 607 sf.sf_uc.uc_mcontext.mc_trapno = regs->tf_trapno; 608 sf.sf_uc.uc_mcontext.mc_err = regs->tf_err; 609 sf.sf_uc.uc_mcontext.mc_eip = regs->tf_rip; 610 sf.sf_uc.uc_mcontext.mc_cs = regs->tf_cs; 611 sf.sf_uc.uc_mcontext.mc_eflags = regs->tf_rflags; 612 sf.sf_uc.uc_mcontext.mc_esp = regs->tf_rsp; 613 sf.sf_uc.uc_mcontext.mc_ss = regs->tf_ss; 614 sf.sf_uc.uc_mcontext.mc_ds = regs->tf_ds; 615 sf.sf_uc.uc_mcontext.mc_es = regs->tf_es; 616 sf.sf_uc.uc_mcontext.mc_fs = regs->tf_fs; 617 sf.sf_uc.uc_mcontext.mc_gs = regs->tf_gs; 618 sf.sf_uc.uc_mcontext.mc_len = sizeof(sf.sf_uc.uc_mcontext); /* magic */ 619 ia32_get_fpcontext(td, &sf.sf_uc.uc_mcontext, xfpusave, xfpusave_len); 620 fpstate_drop(td); 621 sf.sf_uc.uc_mcontext.mc_fsbase = td->td_pcb->pcb_fsbase; 622 sf.sf_uc.uc_mcontext.mc_gsbase = td->td_pcb->pcb_gsbase; 623 bzero(sf.sf_uc.__spare__, sizeof(sf.sf_uc.__spare__)); 624 625 /* Allocate space for the signal handler context. */ 626 if ((td->td_pflags & TDP_ALTSTACK) != 0 && !oonstack && 627 SIGISMEMBER(psp->ps_sigonstack, sig)) 628 sp = (char *)td->td_sigstk.ss_sp + td->td_sigstk.ss_size; 629 else 630 sp = (char *)regs->tf_rsp; 631 if (xfpusave != NULL) { 632 sp -= xfpusave_len; 633 sp = (char *)((unsigned long)sp & ~0x3Ful); 634 sf.sf_uc.uc_mcontext.mc_xfpustate = (register_t)sp; 635 } 636 sp -= sizeof(sf); 637 /* Align to 16 bytes. */ 638 sfp = (struct ia32_sigframe *)((uintptr_t)sp & ~0xF); 639 PROC_UNLOCK(p); 640 641 /* Build the argument list for the signal handler. */ 642 sf.sf_signum = sig; 643 sf.sf_ucontext = (register_t)&sfp->sf_uc; 644 bzero(&sf.sf_si, sizeof(sf.sf_si)); 645 if (SIGISMEMBER(psp->ps_siginfo, sig)) { 646 /* Signal handler installed with SA_SIGINFO. */ 647 sf.sf_siginfo = (u_int32_t)(uintptr_t)&sfp->sf_si; 648 sf.sf_ah = (u_int32_t)(uintptr_t)catcher; 649 650 /* Fill in POSIX parts */ 651 sf.sf_si = siginfo; 652 sf.sf_si.si_signo = sig; 653 } else { 654 /* Old FreeBSD-style arguments. */ 655 sf.sf_siginfo = siginfo.si_code; 656 sf.sf_addr = (u_int32_t)siginfo.si_addr; 657 sf.sf_ah = (u_int32_t)(uintptr_t)catcher; 658 } 659 mtx_unlock(&psp->ps_mtx); 660 661 /* 662 * Copy the sigframe out to the user's stack. 663 */ 664 if (copyout(&sf, sfp, sizeof(*sfp)) != 0 || 665 (xfpusave != NULL && copyout(xfpusave, 666 PTRIN(sf.sf_uc.uc_mcontext.mc_xfpustate), xfpusave_len) 667 != 0)) { 668 #ifdef DEBUG 669 printf("process %ld has trashed its stack\n", (long)p->p_pid); 670 #endif 671 PROC_LOCK(p); 672 sigexit(td, SIGILL); 673 } 674 675 regs->tf_rsp = (uintptr_t)sfp; 676 regs->tf_rip = p->p_sysent->sv_sigcode_base; 677 regs->tf_rflags &= ~(PSL_T | PSL_D); 678 regs->tf_cs = _ucode32sel; 679 regs->tf_ss = _udatasel; 680 regs->tf_ds = _udatasel; 681 regs->tf_es = _udatasel; 682 set_pcb_flags(td->td_pcb, PCB_FULL_IRET); 683 /* XXXKIB leave user %fs and %gs untouched */ 684 PROC_LOCK(p); 685 mtx_lock(&psp->ps_mtx); 686 } 687 688 /* 689 * System call to cleanup state after a signal 690 * has been taken. Reset signal mask and 691 * stack state from context left by sendsig (above). 692 * Return to previous pc and psl as specified by 693 * context left by sendsig. Check carefully to 694 * make sure that the user has not modified the 695 * state to gain improper privileges. 696 */ 697 698 #ifdef COMPAT_43 699 int 700 ofreebsd32_sigreturn(struct thread *td, struct ofreebsd32_sigreturn_args *uap) 701 { 702 struct ia32_sigcontext3 sc, *scp; 703 struct trapframe *regs; 704 int eflags, error; 705 ksiginfo_t ksi; 706 707 regs = td->td_frame; 708 error = copyin(uap->sigcntxp, &sc, sizeof(sc)); 709 if (error != 0) 710 return (error); 711 scp = ≻ 712 eflags = scp->sc_eflags; 713 if (!EFL_SECURE(eflags, regs->tf_rflags)) { 714 return (EINVAL); 715 } 716 if (!CS_SECURE(scp->sc_cs)) { 717 ksiginfo_init_trap(&ksi); 718 ksi.ksi_signo = SIGBUS; 719 ksi.ksi_code = BUS_OBJERR; 720 ksi.ksi_trapno = T_PROTFLT; 721 ksi.ksi_addr = (void *)regs->tf_rip; 722 trapsignal(td, &ksi); 723 return (EINVAL); 724 } 725 regs->tf_ds = scp->sc_ds; 726 regs->tf_es = scp->sc_es; 727 regs->tf_fs = scp->sc_fs; 728 regs->tf_gs = scp->sc_gs; 729 730 regs->tf_rax = scp->sc_eax; 731 regs->tf_rbx = scp->sc_ebx; 732 regs->tf_rcx = scp->sc_ecx; 733 regs->tf_rdx = scp->sc_edx; 734 regs->tf_rsi = scp->sc_esi; 735 regs->tf_rdi = scp->sc_edi; 736 regs->tf_cs = scp->sc_cs; 737 regs->tf_ss = scp->sc_ss; 738 regs->tf_rbp = scp->sc_ebp; 739 regs->tf_rsp = scp->sc_esp; 740 regs->tf_rip = scp->sc_eip; 741 regs->tf_rflags = eflags; 742 743 if (scp->sc_onstack & 1) 744 td->td_sigstk.ss_flags |= SS_ONSTACK; 745 else 746 td->td_sigstk.ss_flags &= ~SS_ONSTACK; 747 748 kern_sigprocmask(td, SIG_SETMASK, (sigset_t *)&scp->sc_mask, NULL, 749 SIGPROCMASK_OLD); 750 set_pcb_flags(td->td_pcb, PCB_FULL_IRET); 751 return (EJUSTRETURN); 752 } 753 #endif 754 755 #ifdef COMPAT_FREEBSD4 756 /* 757 * MPSAFE 758 */ 759 int 760 freebsd4_freebsd32_sigreturn(td, uap) 761 struct thread *td; 762 struct freebsd4_freebsd32_sigreturn_args /* { 763 const struct freebsd4_freebsd32_ucontext *sigcntxp; 764 } */ *uap; 765 { 766 struct ia32_ucontext4 uc; 767 struct trapframe *regs; 768 struct ia32_ucontext4 *ucp; 769 int cs, eflags, error; 770 ksiginfo_t ksi; 771 772 error = copyin(uap->sigcntxp, &uc, sizeof(uc)); 773 if (error != 0) 774 return (error); 775 ucp = &uc; 776 regs = td->td_frame; 777 eflags = ucp->uc_mcontext.mc_eflags; 778 /* 779 * Don't allow users to change privileged or reserved flags. 780 */ 781 if (!EFL_SECURE(eflags, regs->tf_rflags)) { 782 uprintf("pid %d (%s): freebsd4_freebsd32_sigreturn eflags = 0x%x\n", 783 td->td_proc->p_pid, td->td_name, eflags); 784 return (EINVAL); 785 } 786 787 /* 788 * Don't allow users to load a valid privileged %cs. Let the 789 * hardware check for invalid selectors, excess privilege in 790 * other selectors, invalid %eip's and invalid %esp's. 791 */ 792 cs = ucp->uc_mcontext.mc_cs; 793 if (!CS_SECURE(cs)) { 794 uprintf("pid %d (%s): freebsd4_sigreturn cs = 0x%x\n", 795 td->td_proc->p_pid, td->td_name, cs); 796 ksiginfo_init_trap(&ksi); 797 ksi.ksi_signo = SIGBUS; 798 ksi.ksi_code = BUS_OBJERR; 799 ksi.ksi_trapno = T_PROTFLT; 800 ksi.ksi_addr = (void *)regs->tf_rip; 801 trapsignal(td, &ksi); 802 return (EINVAL); 803 } 804 805 regs->tf_rdi = ucp->uc_mcontext.mc_edi; 806 regs->tf_rsi = ucp->uc_mcontext.mc_esi; 807 regs->tf_rbp = ucp->uc_mcontext.mc_ebp; 808 regs->tf_rbx = ucp->uc_mcontext.mc_ebx; 809 regs->tf_rdx = ucp->uc_mcontext.mc_edx; 810 regs->tf_rcx = ucp->uc_mcontext.mc_ecx; 811 regs->tf_rax = ucp->uc_mcontext.mc_eax; 812 regs->tf_trapno = ucp->uc_mcontext.mc_trapno; 813 regs->tf_err = ucp->uc_mcontext.mc_err; 814 regs->tf_rip = ucp->uc_mcontext.mc_eip; 815 regs->tf_cs = cs; 816 regs->tf_rflags = ucp->uc_mcontext.mc_eflags; 817 regs->tf_rsp = ucp->uc_mcontext.mc_esp; 818 regs->tf_ss = ucp->uc_mcontext.mc_ss; 819 regs->tf_ds = ucp->uc_mcontext.mc_ds; 820 regs->tf_es = ucp->uc_mcontext.mc_es; 821 regs->tf_fs = ucp->uc_mcontext.mc_fs; 822 regs->tf_gs = ucp->uc_mcontext.mc_gs; 823 824 kern_sigprocmask(td, SIG_SETMASK, &ucp->uc_sigmask, NULL, 0); 825 set_pcb_flags(td->td_pcb, PCB_FULL_IRET); 826 return (EJUSTRETURN); 827 } 828 #endif /* COMPAT_FREEBSD4 */ 829 830 /* 831 * MPSAFE 832 */ 833 int 834 freebsd32_sigreturn(td, uap) 835 struct thread *td; 836 struct freebsd32_sigreturn_args /* { 837 const struct freebsd32_ucontext *sigcntxp; 838 } */ *uap; 839 { 840 struct ia32_ucontext uc; 841 struct trapframe *regs; 842 struct ia32_ucontext *ucp; 843 char *xfpustate; 844 size_t xfpustate_len; 845 int cs, eflags, error, ret; 846 ksiginfo_t ksi; 847 848 error = copyin(uap->sigcntxp, &uc, sizeof(uc)); 849 if (error != 0) 850 return (error); 851 ucp = &uc; 852 regs = td->td_frame; 853 eflags = ucp->uc_mcontext.mc_eflags; 854 /* 855 * Don't allow users to change privileged or reserved flags. 856 */ 857 if (!EFL_SECURE(eflags, regs->tf_rflags)) { 858 uprintf("pid %d (%s): freebsd32_sigreturn eflags = 0x%x\n", 859 td->td_proc->p_pid, td->td_name, eflags); 860 return (EINVAL); 861 } 862 863 /* 864 * Don't allow users to load a valid privileged %cs. Let the 865 * hardware check for invalid selectors, excess privilege in 866 * other selectors, invalid %eip's and invalid %esp's. 867 */ 868 cs = ucp->uc_mcontext.mc_cs; 869 if (!CS_SECURE(cs)) { 870 uprintf("pid %d (%s): sigreturn cs = 0x%x\n", 871 td->td_proc->p_pid, td->td_name, cs); 872 ksiginfo_init_trap(&ksi); 873 ksi.ksi_signo = SIGBUS; 874 ksi.ksi_code = BUS_OBJERR; 875 ksi.ksi_trapno = T_PROTFLT; 876 ksi.ksi_addr = (void *)regs->tf_rip; 877 trapsignal(td, &ksi); 878 return (EINVAL); 879 } 880 881 if ((ucp->uc_mcontext.mc_flags & _MC_HASFPXSTATE) != 0) { 882 xfpustate_len = uc.uc_mcontext.mc_xfpustate_len; 883 if (xfpustate_len > cpu_max_ext_state_size - 884 sizeof(struct savefpu)) { 885 uprintf("pid %d (%s): sigreturn xfpusave_len = 0x%zx\n", 886 td->td_proc->p_pid, td->td_name, xfpustate_len); 887 return (EINVAL); 888 } 889 xfpustate = __builtin_alloca(xfpustate_len); 890 error = copyin(PTRIN(ucp->uc_mcontext.mc_xfpustate), 891 xfpustate, xfpustate_len); 892 if (error != 0) { 893 uprintf( 894 "pid %d (%s): sigreturn copying xfpustate failed\n", 895 td->td_proc->p_pid, td->td_name); 896 return (error); 897 } 898 } else { 899 xfpustate = NULL; 900 xfpustate_len = 0; 901 } 902 ret = ia32_set_fpcontext(td, &ucp->uc_mcontext, xfpustate, 903 xfpustate_len); 904 if (ret != 0) { 905 uprintf("pid %d (%s): sigreturn set_fpcontext err %d\n", 906 td->td_proc->p_pid, td->td_name, ret); 907 return (ret); 908 } 909 910 regs->tf_rdi = ucp->uc_mcontext.mc_edi; 911 regs->tf_rsi = ucp->uc_mcontext.mc_esi; 912 regs->tf_rbp = ucp->uc_mcontext.mc_ebp; 913 regs->tf_rbx = ucp->uc_mcontext.mc_ebx; 914 regs->tf_rdx = ucp->uc_mcontext.mc_edx; 915 regs->tf_rcx = ucp->uc_mcontext.mc_ecx; 916 regs->tf_rax = ucp->uc_mcontext.mc_eax; 917 regs->tf_trapno = ucp->uc_mcontext.mc_trapno; 918 regs->tf_err = ucp->uc_mcontext.mc_err; 919 regs->tf_rip = ucp->uc_mcontext.mc_eip; 920 regs->tf_cs = cs; 921 regs->tf_rflags = ucp->uc_mcontext.mc_eflags; 922 regs->tf_rsp = ucp->uc_mcontext.mc_esp; 923 regs->tf_ss = ucp->uc_mcontext.mc_ss; 924 regs->tf_ds = ucp->uc_mcontext.mc_ds; 925 regs->tf_es = ucp->uc_mcontext.mc_es; 926 regs->tf_fs = ucp->uc_mcontext.mc_fs; 927 regs->tf_gs = ucp->uc_mcontext.mc_gs; 928 regs->tf_flags = TF_HASSEGS; 929 930 kern_sigprocmask(td, SIG_SETMASK, &ucp->uc_sigmask, NULL, 0); 931 set_pcb_flags(td->td_pcb, PCB_FULL_IRET); 932 return (EJUSTRETURN); 933 } 934 935 /* 936 * Clear registers on exec 937 */ 938 void 939 ia32_setregs(struct thread *td, struct image_params *imgp, u_long stack) 940 { 941 struct trapframe *regs = td->td_frame; 942 struct pcb *pcb = td->td_pcb; 943 944 if (td->td_proc->p_md.md_ldt != NULL) 945 user_ldt_free(td); 946 #ifdef COMPAT_43 947 setup_lcall_gate(); 948 #endif 949 950 pcb->pcb_fsbase = 0; 951 pcb->pcb_gsbase = 0; 952 pcb->pcb_initial_fpucw = __INITIAL_FPUCW_I386__; 953 954 bzero((char *)regs, sizeof(struct trapframe)); 955 regs->tf_rip = imgp->entry_addr; 956 regs->tf_rsp = stack; 957 regs->tf_rflags = PSL_USER | (regs->tf_rflags & PSL_T); 958 regs->tf_ss = _udatasel; 959 regs->tf_cs = _ucode32sel; 960 regs->tf_rbx = imgp->ps_strings; 961 regs->tf_ds = _udatasel; 962 regs->tf_es = _udatasel; 963 regs->tf_fs = _ufssel; 964 regs->tf_gs = _ugssel; 965 regs->tf_flags = TF_HASSEGS; 966 967 fpstate_drop(td); 968 969 /* Return via doreti so that we can change to a different %cs */ 970 set_pcb_flags(pcb, PCB_32BIT | PCB_FULL_IRET); 971 } 972