xref: /freebsd/sys/amd64/linux/linux_machdep.c (revision 22cf89c938886d14f5796fc49f9f020c23ea8eaf) 
1 /*-
2  * Copyright (c) 2004 Tim J. Robbins
3  * Copyright (c) 2002 Doug Rabson
4  * Copyright (c) 2000 Marcel Moolenaar
5  * All rights reserved.
6  * Copyright (c) 2013 Dmitry Chagin <dchagin@FreeBSD.org>
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer
13  *    in this position and unchanged.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. The name of the author may not be used to endorse or promote products
18  *    derived from this software without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
21  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
24  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30  */
31 
32 #include <sys/param.h>
33 #include <sys/systm.h>
34 #include <sys/ktr.h>
35 #include <sys/lock.h>
36 #include <sys/malloc.h>
37 #include <sys/mman.h>
38 #include <sys/mutex.h>
39 #include <sys/priv.h>
40 #include <sys/proc.h>
41 #include <sys/ptrace.h>
42 #include <sys/syscallsubr.h>
43 
44 #include <security/mac/mac_framework.h>
45 
46 #include <ufs/ufs/extattr.h>
47 #include <ufs/ufs/quota.h>
48 #include <ufs/ufs/ufsmount.h>
49 
50 #include <machine/frame.h>
51 #include <machine/md_var.h>
52 #include <machine/pcb.h>
53 #include <machine/psl.h>
54 #include <machine/segments.h>
55 #include <machine/specialreg.h>
56 
57 #include <vm/pmap.h>
58 #include <vm/vm.h>
59 #include <vm/vm_param.h>
60 #include <vm/vm_extern.h>
61 #include <vm/vm_kern.h>
62 #include <vm/vm_map.h>
63 
64 #include <x86/ifunc.h>
65 #include <x86/reg.h>
66 #include <x86/sysarch.h>
67 
68 #include <amd64/linux/linux.h>
69 #include <amd64/linux/linux_proto.h>
70 #include <compat/linux/linux_fork.h>
71 #include <compat/linux/linux_misc.h>
72 #include <compat/linux/linux_util.h>
73 
74 #define	LINUX_ARCH_AMD64		0xc000003e
75 
76 int
77 linux_set_upcall(struct thread *td, register_t stack)
78 {
79 
80 	if (stack)
81 		td->td_frame->tf_rsp = stack;
82 
83 	/*
84 	 * The newly created Linux thread returns
85 	 * to the user space by the same path that a parent does.
86 	 */
87 	td->td_frame->tf_rax = 0;
88 	return (0);
89 }
90 
91 int
92 linux_iopl(struct thread *td, struct linux_iopl_args *args)
93 {
94 	int error;
95 
96 	LINUX_CTR(iopl);
97 
98 	if (args->level > 3)
99 		return (EINVAL);
100 	if ((error = priv_check(td, PRIV_IO)) != 0)
101 		return (error);
102 	if ((error = securelevel_gt(td->td_ucred, 0)) != 0)
103 		return (error);
104 	td->td_frame->tf_rflags = (td->td_frame->tf_rflags & ~PSL_IOPL) |
105 	    (args->level * (PSL_IOPL / 3));
106 
107 	return (0);
108 }
109 
110 int
111 linux_pause(struct thread *td, struct linux_pause_args *args)
112 {
113 	struct proc *p = td->td_proc;
114 	sigset_t sigmask;
115 
116 	LINUX_CTR(pause);
117 
118 	PROC_LOCK(p);
119 	sigmask = td->td_sigmask;
120 	PROC_UNLOCK(p);
121 	return (kern_sigsuspend(td, sigmask));
122 }
123 
124 int
125 linux_arch_prctl(struct thread *td, struct linux_arch_prctl_args *args)
126 {
127 	unsigned long long cet[3];
128 	struct pcb *pcb;
129 	int error;
130 
131 	pcb = td->td_pcb;
132 	LINUX_CTR2(arch_prctl, "0x%x, %p", args->code, args->addr);
133 
134 	switch (args->code) {
135 	case LINUX_ARCH_SET_GS:
136 		if (args->addr < VM_MAXUSER_ADDRESS) {
137 			update_pcb_bases(pcb);
138 			pcb->pcb_gsbase = args->addr;
139 			td->td_frame->tf_gs = _ugssel;
140 			error = 0;
141 		} else
142 			error = EPERM;
143 		break;
144 	case LINUX_ARCH_SET_FS:
145 		if (args->addr < VM_MAXUSER_ADDRESS) {
146 			update_pcb_bases(pcb);
147 			pcb->pcb_fsbase = args->addr;
148 			td->td_frame->tf_fs = _ufssel;
149 			error = 0;
150 		} else
151 			error = EPERM;
152 		break;
153 	case LINUX_ARCH_GET_FS:
154 		error = copyout(&pcb->pcb_fsbase, PTRIN(args->addr),
155 		    sizeof(args->addr));
156 		break;
157 	case LINUX_ARCH_GET_GS:
158 		error = copyout(&pcb->pcb_gsbase, PTRIN(args->addr),
159 		    sizeof(args->addr));
160 		break;
161 	case LINUX_ARCH_CET_STATUS:
162 		memset(cet, 0, sizeof(cet));
163 		error = copyout(&cet, PTRIN(args->addr), sizeof(cet));
164 		break;
165 	default:
166 		linux_msg(td, "unsupported arch_prctl code %#x", args->code);
167 		error = EINVAL;
168 	}
169 	return (error);
170 }
171 
172 int
173 linux_set_cloned_tls(struct thread *td, void *desc)
174 {
175 	struct pcb *pcb;
176 
177 	if ((uint64_t)desc >= VM_MAXUSER_ADDRESS)
178 		return (EPERM);
179 
180 	pcb = td->td_pcb;
181 	update_pcb_bases(pcb);
182 	pcb->pcb_fsbase = (register_t)desc;
183 	td->td_frame->tf_fs = _ufssel;
184 
185 	return (0);
186 }
187 
188 int futex_xchgl_nosmap(int oparg, uint32_t *uaddr, int *oldval);
189 int futex_xchgl_smap(int oparg, uint32_t *uaddr, int *oldval);
190 DEFINE_IFUNC(, int, futex_xchgl, (int, uint32_t *, int *))
191 {
192 
193 	return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ?
194 	    futex_xchgl_smap : futex_xchgl_nosmap);
195 }
196 
197 int futex_addl_nosmap(int oparg, uint32_t *uaddr, int *oldval);
198 int futex_addl_smap(int oparg, uint32_t *uaddr, int *oldval);
199 DEFINE_IFUNC(, int, futex_addl, (int, uint32_t *, int *))
200 {
201 
202 	return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ?
203 	    futex_addl_smap : futex_addl_nosmap);
204 }
205 
206 int futex_orl_nosmap(int oparg, uint32_t *uaddr, int *oldval);
207 int futex_orl_smap(int oparg, uint32_t *uaddr, int *oldval);
208 DEFINE_IFUNC(, int, futex_orl, (int, uint32_t *, int *))
209 {
210 
211 	return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ?
212 	    futex_orl_smap : futex_orl_nosmap);
213 }
214 
215 int futex_andl_nosmap(int oparg, uint32_t *uaddr, int *oldval);
216 int futex_andl_smap(int oparg, uint32_t *uaddr, int *oldval);
217 DEFINE_IFUNC(, int, futex_andl, (int, uint32_t *, int *))
218 {
219 
220 	return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ?
221 	    futex_andl_smap : futex_andl_nosmap);
222 }
223 
224 int futex_xorl_nosmap(int oparg, uint32_t *uaddr, int *oldval);
225 int futex_xorl_smap(int oparg, uint32_t *uaddr, int *oldval);
226 DEFINE_IFUNC(, int, futex_xorl, (int, uint32_t *, int *))
227 {
228 
229 	return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ?
230 	    futex_xorl_smap : futex_xorl_nosmap);
231 }
232 
233 void
234 bsd_to_linux_regset(const struct reg *b_reg, struct linux_pt_regset *l_regset)
235 {
236 
237 	l_regset->r15 = b_reg->r_r15;
238 	l_regset->r14 = b_reg->r_r14;
239 	l_regset->r13 = b_reg->r_r13;
240 	l_regset->r12 = b_reg->r_r12;
241 	l_regset->rbp = b_reg->r_rbp;
242 	l_regset->rbx = b_reg->r_rbx;
243 	l_regset->r11 = b_reg->r_r11;
244 	l_regset->r10 = b_reg->r_r10;
245 	l_regset->r9 = b_reg->r_r9;
246 	l_regset->r8 = b_reg->r_r8;
247 	l_regset->rax = b_reg->r_rax;
248 	l_regset->rcx = b_reg->r_rcx;
249 	l_regset->rdx = b_reg->r_rdx;
250 	l_regset->rsi = b_reg->r_rsi;
251 	l_regset->rdi = b_reg->r_rdi;
252 	l_regset->orig_rax = b_reg->r_rax;
253 	l_regset->rip = b_reg->r_rip;
254 	l_regset->cs = b_reg->r_cs;
255 	l_regset->eflags = b_reg->r_rflags;
256 	l_regset->rsp = b_reg->r_rsp;
257 	l_regset->ss = b_reg->r_ss;
258 	l_regset->fs_base = 0;
259 	l_regset->gs_base = 0;
260 	l_regset->ds = b_reg->r_ds;
261 	l_regset->es = b_reg->r_es;
262 	l_regset->fs = b_reg->r_fs;
263 	l_regset->gs = b_reg->r_gs;
264 }
265 
266 void
267 linux_to_bsd_regset(struct reg *b_reg, const struct linux_pt_regset *l_regset)
268 {
269 
270 	b_reg->r_r15 = l_regset->r15;
271 	b_reg->r_r14 = l_regset->r14;
272 	b_reg->r_r13 = l_regset->r13;
273 	b_reg->r_r12 = l_regset->r12;
274 	b_reg->r_rbp = l_regset->rbp;
275 	b_reg->r_rbx = l_regset->rbx;
276 	b_reg->r_r11 = l_regset->r11;
277 	b_reg->r_r10 = l_regset->r10;
278 	b_reg->r_r9 = l_regset->r9;
279 	b_reg->r_r8 = l_regset->r8;
280 	b_reg->r_rax = l_regset->rax;
281 	b_reg->r_rcx = l_regset->rcx;
282 	b_reg->r_rdx = l_regset->rdx;
283 	b_reg->r_rsi = l_regset->rsi;
284 	b_reg->r_rdi = l_regset->rdi;
285 	b_reg->r_rax = l_regset->orig_rax;
286 	b_reg->r_rip = l_regset->rip;
287 	b_reg->r_cs = l_regset->cs;
288 	b_reg->r_rflags = l_regset->eflags;
289 	b_reg->r_rsp = l_regset->rsp;
290 	b_reg->r_ss = l_regset->ss;
291 	b_reg->r_ds = l_regset->ds;
292 	b_reg->r_es = l_regset->es;
293 	b_reg->r_fs = l_regset->fs;
294 	b_reg->r_gs = l_regset->gs;
295 }
296 
297 void
298 linux_ptrace_get_syscall_info_machdep(const struct reg *reg,
299     struct syscall_info *si)
300 {
301 
302 	si->arch = LINUX_ARCH_AMD64;
303 	si->instruction_pointer = reg->r_rip;
304 	si->stack_pointer = reg->r_rsp;
305 }
306 
307 int
308 linux_ptrace_getregs_machdep(struct thread *td, pid_t pid,
309     struct linux_pt_regset *l_regset)
310 {
311 	struct ptrace_lwpinfo lwpinfo;
312 	struct pcb *pcb;
313 	int error;
314 
315 	pcb = td->td_pcb;
316 	if (td == curthread)
317 		update_pcb_bases(pcb);
318 
319 	l_regset->fs_base = pcb->pcb_fsbase;
320 	l_regset->gs_base = pcb->pcb_gsbase;
321 
322 	error = kern_ptrace(td, PT_LWPINFO, pid, &lwpinfo, sizeof(lwpinfo));
323 	if (error != 0) {
324 		linux_msg(td, "PT_LWPINFO failed with error %d", error);
325 		return (error);
326 	}
327 	if ((lwpinfo.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX)) != 0) {
328 		/*
329 		 * In Linux, the syscall number - passed to the syscall
330 		 * as rax - is preserved in orig_rax; rax gets overwritten
331 		 * with syscall return value.
332 		 */
333 		l_regset->orig_rax = lwpinfo.pl_syscall_code;
334 	}
335 
336 	return (0);
337 }
338 
339 #define	LINUX_URO(a,m) ((uintptr_t)a == offsetof(struct linux_pt_regset, m))
340 
341 int
342 linux_ptrace_peekuser(struct thread *td, pid_t pid, void *addr, void *data)
343 {
344 	struct linux_pt_regset reg;
345 	struct reg b_reg;
346 	uint64_t val;
347 	int error;
348 
349 	if ((uintptr_t)addr & (sizeof(data) -1) || (uintptr_t)addr < 0)
350 		return (EIO);
351 	if ((uintptr_t)addr >= sizeof(struct linux_pt_regset)) {
352 		LINUX_RATELIMIT_MSG_OPT1("PTRACE_PEEKUSER offset %ld "
353 		    "not implemented; returning EINVAL", (uintptr_t)addr);
354 		return (EINVAL);
355 	}
356 
357 	if (LINUX_URO(addr, fs_base))
358 		return (kern_ptrace(td, PT_GETFSBASE, pid, data, 0));
359 	if (LINUX_URO(addr, gs_base))
360 		return (kern_ptrace(td, PT_GETGSBASE, pid, data, 0));
361 	if ((error = kern_ptrace(td, PT_GETREGS, pid, &b_reg, 0)) != 0)
362 		return (error);
363 	bsd_to_linux_regset(&b_reg, &reg);
364 	val = *(&reg.r15 + ((uintptr_t)addr / sizeof(reg.r15)));
365 	return (copyout(&val, data, sizeof(val)));
366 }
367 
368 static inline bool
369 linux_invalid_selector(u_short val)
370 {
371 
372 	return (val != 0 && ISPL(val) != SEL_UPL);
373 }
374 
375 struct linux_segreg_off {
376 	uintptr_t	reg;
377 	bool		is0;
378 };
379 
380 const struct linux_segreg_off linux_segregs_off[] = {
381 	{
382 		.reg = offsetof(struct linux_pt_regset, gs),
383 		.is0 = true,
384 	},
385 	{
386 		.reg = offsetof(struct linux_pt_regset, fs),
387 		.is0 = true,
388 	},
389 	{
390 		.reg = offsetof(struct linux_pt_regset, ds),
391 		.is0 = true,
392 	},
393 	{
394 		.reg = offsetof(struct linux_pt_regset, es),
395 		.is0 = true,
396 	},
397 	{
398 		.reg = offsetof(struct linux_pt_regset, cs),
399 		.is0 = false,
400 	},
401 	{
402 		.reg = offsetof(struct linux_pt_regset, ss),
403 		.is0 = false,
404 	},
405 };
406 
407 int
408 linux_ptrace_pokeuser(struct thread *td, pid_t pid, void *addr, void *data)
409 {
410 	struct linux_pt_regset reg;
411 	struct reg b_reg, b_reg1;
412 	int error, i;
413 
414 	if ((uintptr_t)addr & (sizeof(data) -1) || (uintptr_t)addr < 0)
415 		return (EIO);
416 	if ((uintptr_t)addr >= sizeof(struct linux_pt_regset)) {
417 		LINUX_RATELIMIT_MSG_OPT1("PTRACE_POKEUSER offset %ld "
418 		    "not implemented; returning EINVAL", (uintptr_t)addr);
419 		return (EINVAL);
420 	}
421 
422 	if (LINUX_URO(addr, fs_base))
423 		return (kern_ptrace(td, PT_SETFSBASE, pid, data, 0));
424 	if (LINUX_URO(addr, gs_base))
425 		return (kern_ptrace(td, PT_SETGSBASE, pid, data, 0));
426 	for (i = 0; i < nitems(linux_segregs_off); i++) {
427 		if ((uintptr_t)addr == linux_segregs_off[i].reg) {
428 			if (linux_invalid_selector((uintptr_t)data))
429 				return (EIO);
430 			if (!linux_segregs_off[i].is0 && (uintptr_t)data == 0)
431 				return (EIO);
432 		}
433 	}
434 	if ((error = kern_ptrace(td, PT_GETREGS, pid, &b_reg, 0)) != 0)
435 		return (error);
436 	bsd_to_linux_regset(&b_reg, &reg);
437 	*(&reg.r15 + ((uintptr_t)addr / sizeof(reg.r15))) = (uint64_t)data;
438 	linux_to_bsd_regset(&b_reg1, &reg);
439 	b_reg1.r_err = b_reg.r_err;
440 	b_reg1.r_trapno = b_reg.r_trapno;
441 	return (kern_ptrace(td, PT_SETREGS, pid, &b_reg, 0));
442 }
443 #undef LINUX_URO
444