1 /*- 2 * Copyright (c) 2004 Tim J. Robbins 3 * Copyright (c) 2002 Doug Rabson 4 * Copyright (c) 2000 Marcel Moolenaar 5 * All rights reserved. 6 * Copyright (c) 2013 Dmitry Chagin <dchagin@FreeBSD.org> 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer 13 * in this position and unchanged. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. The name of the author may not be used to endorse or promote products 18 * derived from this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 23 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 #include <sys/cdefs.h> 33 __FBSDID("$FreeBSD$"); 34 35 #include <sys/param.h> 36 #include <sys/systm.h> 37 #include <sys/ktr.h> 38 #include <sys/lock.h> 39 #include <sys/malloc.h> 40 #include <sys/mman.h> 41 #include <sys/mutex.h> 42 #include <sys/priv.h> 43 #include <sys/proc.h> 44 #include <sys/ptrace.h> 45 #include <sys/syscallsubr.h> 46 47 #include <security/mac/mac_framework.h> 48 49 #include <ufs/ufs/extattr.h> 50 #include <ufs/ufs/quota.h> 51 #include <ufs/ufs/ufsmount.h> 52 53 #include <machine/frame.h> 54 #include <machine/md_var.h> 55 #include <machine/pcb.h> 56 #include <machine/psl.h> 57 #include <machine/segments.h> 58 #include <machine/specialreg.h> 59 60 #include <vm/pmap.h> 61 #include <vm/vm.h> 62 #include <vm/vm_param.h> 63 #include <vm/vm_extern.h> 64 #include <vm/vm_kern.h> 65 #include <vm/vm_map.h> 66 67 #include <x86/ifunc.h> 68 #include <x86/reg.h> 69 #include <x86/sysarch.h> 70 71 #include <amd64/linux/linux.h> 72 #include <amd64/linux/linux_proto.h> 73 #include <compat/linux/linux_fork.h> 74 #include <compat/linux/linux_misc.h> 75 #include <compat/linux/linux_mmap.h> 76 #include <compat/linux/linux_util.h> 77 78 #define LINUX_ARCH_AMD64 0xc000003e 79 80 int 81 linux_set_upcall(struct thread *td, register_t stack) 82 { 83 84 if (stack) 85 td->td_frame->tf_rsp = stack; 86 87 /* 88 * The newly created Linux thread returns 89 * to the user space by the same path that a parent does. 90 */ 91 td->td_frame->tf_rax = 0; 92 return (0); 93 } 94 95 int 96 linux_mmap2(struct thread *td, struct linux_mmap2_args *args) 97 { 98 99 return (linux_mmap_common(td, args->addr, args->len, args->prot, 100 args->flags, args->fd, args->pgoff)); 101 } 102 103 int 104 linux_mprotect(struct thread *td, struct linux_mprotect_args *uap) 105 { 106 107 return (linux_mprotect_common(td, uap->addr, uap->len, uap->prot)); 108 } 109 110 int 111 linux_madvise(struct thread *td, struct linux_madvise_args *uap) 112 { 113 114 return (linux_madvise_common(td, uap->addr, uap->len, uap->behav)); 115 } 116 117 int 118 linux_iopl(struct thread *td, struct linux_iopl_args *args) 119 { 120 int error; 121 122 LINUX_CTR(iopl); 123 124 if (args->level > 3) 125 return (EINVAL); 126 if ((error = priv_check(td, PRIV_IO)) != 0) 127 return (error); 128 if ((error = securelevel_gt(td->td_ucred, 0)) != 0) 129 return (error); 130 td->td_frame->tf_rflags = (td->td_frame->tf_rflags & ~PSL_IOPL) | 131 (args->level * (PSL_IOPL / 3)); 132 133 return (0); 134 } 135 136 int 137 linux_pause(struct thread *td, struct linux_pause_args *args) 138 { 139 struct proc *p = td->td_proc; 140 sigset_t sigmask; 141 142 LINUX_CTR(pause); 143 144 PROC_LOCK(p); 145 sigmask = td->td_sigmask; 146 PROC_UNLOCK(p); 147 return (kern_sigsuspend(td, sigmask)); 148 } 149 150 int 151 linux_arch_prctl(struct thread *td, struct linux_arch_prctl_args *args) 152 { 153 unsigned long long cet[3]; 154 struct pcb *pcb; 155 int error; 156 157 pcb = td->td_pcb; 158 LINUX_CTR2(arch_prctl, "0x%x, %p", args->code, args->addr); 159 160 switch (args->code) { 161 case LINUX_ARCH_SET_GS: 162 if (args->addr < VM_MAXUSER_ADDRESS) { 163 update_pcb_bases(pcb); 164 pcb->pcb_gsbase = args->addr; 165 td->td_frame->tf_gs = _ugssel; 166 error = 0; 167 } else 168 error = EPERM; 169 break; 170 case LINUX_ARCH_SET_FS: 171 if (args->addr < VM_MAXUSER_ADDRESS) { 172 update_pcb_bases(pcb); 173 pcb->pcb_fsbase = args->addr; 174 td->td_frame->tf_fs = _ufssel; 175 error = 0; 176 } else 177 error = EPERM; 178 break; 179 case LINUX_ARCH_GET_FS: 180 error = copyout(&pcb->pcb_fsbase, PTRIN(args->addr), 181 sizeof(args->addr)); 182 break; 183 case LINUX_ARCH_GET_GS: 184 error = copyout(&pcb->pcb_gsbase, PTRIN(args->addr), 185 sizeof(args->addr)); 186 break; 187 case LINUX_ARCH_CET_STATUS: 188 memset(cet, 0, sizeof(cet)); 189 error = copyout(&cet, PTRIN(args->addr), sizeof(cet)); 190 break; 191 default: 192 linux_msg(td, "unsupported arch_prctl code %#x", args->code); 193 error = EINVAL; 194 } 195 return (error); 196 } 197 198 int 199 linux_set_cloned_tls(struct thread *td, void *desc) 200 { 201 struct pcb *pcb; 202 203 if ((uint64_t)desc >= VM_MAXUSER_ADDRESS) 204 return (EPERM); 205 206 pcb = td->td_pcb; 207 update_pcb_bases(pcb); 208 pcb->pcb_fsbase = (register_t)desc; 209 td->td_frame->tf_fs = _ufssel; 210 211 return (0); 212 } 213 214 int futex_xchgl_nosmap(int oparg, uint32_t *uaddr, int *oldval); 215 int futex_xchgl_smap(int oparg, uint32_t *uaddr, int *oldval); 216 DEFINE_IFUNC(, int, futex_xchgl, (int, uint32_t *, int *)) 217 { 218 219 return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? 220 futex_xchgl_smap : futex_xchgl_nosmap); 221 } 222 223 int futex_addl_nosmap(int oparg, uint32_t *uaddr, int *oldval); 224 int futex_addl_smap(int oparg, uint32_t *uaddr, int *oldval); 225 DEFINE_IFUNC(, int, futex_addl, (int, uint32_t *, int *)) 226 { 227 228 return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? 229 futex_addl_smap : futex_addl_nosmap); 230 } 231 232 int futex_orl_nosmap(int oparg, uint32_t *uaddr, int *oldval); 233 int futex_orl_smap(int oparg, uint32_t *uaddr, int *oldval); 234 DEFINE_IFUNC(, int, futex_orl, (int, uint32_t *, int *)) 235 { 236 237 return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? 238 futex_orl_smap : futex_orl_nosmap); 239 } 240 241 int futex_andl_nosmap(int oparg, uint32_t *uaddr, int *oldval); 242 int futex_andl_smap(int oparg, uint32_t *uaddr, int *oldval); 243 DEFINE_IFUNC(, int, futex_andl, (int, uint32_t *, int *)) 244 { 245 246 return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? 247 futex_andl_smap : futex_andl_nosmap); 248 } 249 250 int futex_xorl_nosmap(int oparg, uint32_t *uaddr, int *oldval); 251 int futex_xorl_smap(int oparg, uint32_t *uaddr, int *oldval); 252 DEFINE_IFUNC(, int, futex_xorl, (int, uint32_t *, int *)) 253 { 254 255 return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? 256 futex_xorl_smap : futex_xorl_nosmap); 257 } 258 259 void 260 bsd_to_linux_regset(const struct reg *b_reg, struct linux_pt_regset *l_regset) 261 { 262 263 l_regset->r15 = b_reg->r_r15; 264 l_regset->r14 = b_reg->r_r14; 265 l_regset->r13 = b_reg->r_r13; 266 l_regset->r12 = b_reg->r_r12; 267 l_regset->rbp = b_reg->r_rbp; 268 l_regset->rbx = b_reg->r_rbx; 269 l_regset->r11 = b_reg->r_r11; 270 l_regset->r10 = b_reg->r_r10; 271 l_regset->r9 = b_reg->r_r9; 272 l_regset->r8 = b_reg->r_r8; 273 l_regset->rax = b_reg->r_rax; 274 l_regset->rcx = b_reg->r_rcx; 275 l_regset->rdx = b_reg->r_rdx; 276 l_regset->rsi = b_reg->r_rsi; 277 l_regset->rdi = b_reg->r_rdi; 278 l_regset->orig_rax = b_reg->r_rax; 279 l_regset->rip = b_reg->r_rip; 280 l_regset->cs = b_reg->r_cs; 281 l_regset->eflags = b_reg->r_rflags; 282 l_regset->rsp = b_reg->r_rsp; 283 l_regset->ss = b_reg->r_ss; 284 l_regset->fs_base = 0; 285 l_regset->gs_base = 0; 286 l_regset->ds = b_reg->r_ds; 287 l_regset->es = b_reg->r_es; 288 l_regset->fs = b_reg->r_fs; 289 l_regset->gs = b_reg->r_gs; 290 } 291 292 void 293 linux_to_bsd_regset(struct reg *b_reg, const struct linux_pt_regset *l_regset) 294 { 295 296 b_reg->r_r15 = l_regset->r15; 297 b_reg->r_r14 = l_regset->r14; 298 b_reg->r_r13 = l_regset->r13; 299 b_reg->r_r12 = l_regset->r12; 300 b_reg->r_rbp = l_regset->rbp; 301 b_reg->r_rbx = l_regset->rbx; 302 b_reg->r_r11 = l_regset->r11; 303 b_reg->r_r10 = l_regset->r10; 304 b_reg->r_r9 = l_regset->r9; 305 b_reg->r_r8 = l_regset->r8; 306 b_reg->r_rax = l_regset->rax; 307 b_reg->r_rcx = l_regset->rcx; 308 b_reg->r_rdx = l_regset->rdx; 309 b_reg->r_rsi = l_regset->rsi; 310 b_reg->r_rdi = l_regset->rdi; 311 b_reg->r_rax = l_regset->orig_rax; 312 b_reg->r_rip = l_regset->rip; 313 b_reg->r_cs = l_regset->cs; 314 b_reg->r_rflags = l_regset->eflags; 315 b_reg->r_rsp = l_regset->rsp; 316 b_reg->r_ss = l_regset->ss; 317 b_reg->r_ds = l_regset->ds; 318 b_reg->r_es = l_regset->es; 319 b_reg->r_fs = l_regset->fs; 320 b_reg->r_gs = l_regset->gs; 321 } 322 323 void 324 linux_ptrace_get_syscall_info_machdep(const struct reg *reg, 325 struct syscall_info *si) 326 { 327 328 si->arch = LINUX_ARCH_AMD64; 329 si->instruction_pointer = reg->r_rip; 330 si->stack_pointer = reg->r_rsp; 331 } 332 333 int 334 linux_ptrace_getregs_machdep(struct thread *td, pid_t pid, 335 struct linux_pt_regset *l_regset) 336 { 337 struct ptrace_lwpinfo lwpinfo; 338 struct pcb *pcb; 339 int error; 340 341 pcb = td->td_pcb; 342 if (td == curthread) 343 update_pcb_bases(pcb); 344 345 l_regset->fs_base = pcb->pcb_fsbase; 346 l_regset->gs_base = pcb->pcb_gsbase; 347 348 error = kern_ptrace(td, PT_LWPINFO, pid, &lwpinfo, sizeof(lwpinfo)); 349 if (error != 0) { 350 linux_msg(td, "PT_LWPINFO failed with error %d", error); 351 return (error); 352 } 353 if ((lwpinfo.pl_flags & (PL_FLAG_SCE | PL_FLAG_SCX)) != 0) { 354 /* 355 * In Linux, the syscall number - passed to the syscall 356 * as rax - is preserved in orig_rax; rax gets overwritten 357 * with syscall return value. 358 */ 359 l_regset->orig_rax = lwpinfo.pl_syscall_code; 360 } 361 362 return (0); 363 } 364 365 #define LINUX_URO(a,m) ((uintptr_t)a == offsetof(struct linux_pt_regset, m)) 366 367 int 368 linux_ptrace_peekuser(struct thread *td, pid_t pid, void *addr, void *data) 369 { 370 struct linux_pt_regset reg; 371 struct reg b_reg; 372 uint64_t val; 373 int error; 374 375 if ((uintptr_t)addr & (sizeof(data) -1) || (uintptr_t)addr < 0) 376 return (EIO); 377 if ((uintptr_t)addr >= sizeof(struct linux_pt_regset)) { 378 LINUX_RATELIMIT_MSG_OPT1("PTRACE_PEEKUSER offset %ld " 379 "not implemented; returning EINVAL", (uintptr_t)addr); 380 return (EINVAL); 381 } 382 383 if (LINUX_URO(addr, fs_base)) 384 return (kern_ptrace(td, PT_GETFSBASE, pid, data, 0)); 385 if (LINUX_URO(addr, gs_base)) 386 return (kern_ptrace(td, PT_GETGSBASE, pid, data, 0)); 387 if ((error = kern_ptrace(td, PT_GETREGS, pid, &b_reg, 0)) != 0) 388 return (error); 389 bsd_to_linux_regset(&b_reg, ®); 390 val = *(®.r15 + ((uintptr_t)addr / sizeof(reg.r15))); 391 return (copyout(&val, data, sizeof(val))); 392 } 393 394 static inline bool 395 linux_invalid_selector(u_short val) 396 { 397 398 return (val != 0 && ISPL(val) != SEL_UPL); 399 } 400 401 struct linux_segreg_off { 402 uintptr_t reg; 403 bool is0; 404 }; 405 406 const struct linux_segreg_off linux_segregs_off[] = { 407 { 408 .reg = offsetof(struct linux_pt_regset, gs), 409 .is0 = true, 410 }, 411 { 412 .reg = offsetof(struct linux_pt_regset, fs), 413 .is0 = true, 414 }, 415 { 416 .reg = offsetof(struct linux_pt_regset, ds), 417 .is0 = true, 418 }, 419 { 420 .reg = offsetof(struct linux_pt_regset, es), 421 .is0 = true, 422 }, 423 { 424 .reg = offsetof(struct linux_pt_regset, cs), 425 .is0 = false, 426 }, 427 { 428 .reg = offsetof(struct linux_pt_regset, ss), 429 .is0 = false, 430 }, 431 }; 432 433 int 434 linux_ptrace_pokeuser(struct thread *td, pid_t pid, void *addr, void *data) 435 { 436 struct linux_pt_regset reg; 437 struct reg b_reg, b_reg1; 438 int error, i; 439 440 if ((uintptr_t)addr & (sizeof(data) -1) || (uintptr_t)addr < 0) 441 return (EIO); 442 if ((uintptr_t)addr >= sizeof(struct linux_pt_regset)) { 443 LINUX_RATELIMIT_MSG_OPT1("PTRACE_POKEUSER offset %ld " 444 "not implemented; returning EINVAL", (uintptr_t)addr); 445 return (EINVAL); 446 } 447 448 if (LINUX_URO(addr, fs_base)) 449 return (kern_ptrace(td, PT_SETFSBASE, pid, data, 0)); 450 if (LINUX_URO(addr, gs_base)) 451 return (kern_ptrace(td, PT_SETGSBASE, pid, data, 0)); 452 for (i = 0; i < nitems(linux_segregs_off); i++) { 453 if ((uintptr_t)addr == linux_segregs_off[i].reg) { 454 if (linux_invalid_selector((uintptr_t)data)) 455 return (EIO); 456 if (!linux_segregs_off[i].is0 && (uintptr_t)data == 0) 457 return (EIO); 458 } 459 } 460 if ((error = kern_ptrace(td, PT_GETREGS, pid, &b_reg, 0)) != 0) 461 return (error); 462 bsd_to_linux_regset(&b_reg, ®); 463 *(®.r15 + ((uintptr_t)addr / sizeof(reg.r15))) = (uint64_t)data; 464 linux_to_bsd_regset(&b_reg1, ®); 465 b_reg1.r_err = b_reg.r_err; 466 b_reg1.r_trapno = b_reg.r_trapno; 467 return (kern_ptrace(td, PT_SETREGS, pid, &b_reg, 0)); 468 } 469 #undef LINUX_URO 470