1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2004 Tim J. Robbins 5 * Copyright (c) 2002 Doug Rabson 6 * Copyright (c) 2000 Marcel Moolenaar 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer 14 * in this position and unchanged. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include <sys/param.h> 34 #include <sys/fcntl.h> 35 #include <sys/imgact.h> 36 #include <sys/limits.h> 37 #include <sys/lock.h> 38 #include <sys/malloc.h> 39 #include <sys/mutex.h> 40 #include <sys/priv.h> 41 #include <sys/proc.h> 42 #include <sys/reg.h> 43 #include <sys/syscallsubr.h> 44 45 #include <machine/frame.h> 46 #include <machine/md_var.h> 47 #include <machine/pcb.h> 48 #include <machine/psl.h> 49 #include <machine/segments.h> 50 #include <machine/specialreg.h> 51 #include <x86/ifunc.h> 52 53 #include <vm/pmap.h> 54 #include <vm/vm.h> 55 #include <vm/vm_map.h> 56 57 #include <security/audit/audit.h> 58 59 #include <compat/freebsd32/freebsd32_util.h> 60 #include <amd64/linux32/linux.h> 61 #include <amd64/linux32/linux32_proto.h> 62 #include <compat/linux/linux_emul.h> 63 #include <compat/linux/linux_fork.h> 64 #include <compat/linux/linux_ipc.h> 65 #include <compat/linux/linux_misc.h> 66 #include <compat/linux/linux_mmap.h> 67 #include <compat/linux/linux_signal.h> 68 #include <compat/linux/linux_util.h> 69 70 static void bsd_to_linux_rusage(struct rusage *ru, struct l_rusage *lru); 71 72 struct l_old_select_argv { 73 l_int nfds; 74 l_uintptr_t readfds; 75 l_uintptr_t writefds; 76 l_uintptr_t exceptfds; 77 l_uintptr_t timeout; 78 } __packed; 79 80 static void 81 bsd_to_linux_rusage(struct rusage *ru, struct l_rusage *lru) 82 { 83 84 lru->ru_utime.tv_sec = ru->ru_utime.tv_sec; 85 lru->ru_utime.tv_usec = ru->ru_utime.tv_usec; 86 lru->ru_stime.tv_sec = ru->ru_stime.tv_sec; 87 lru->ru_stime.tv_usec = ru->ru_stime.tv_usec; 88 lru->ru_maxrss = ru->ru_maxrss; 89 lru->ru_ixrss = ru->ru_ixrss; 90 lru->ru_idrss = ru->ru_idrss; 91 lru->ru_isrss = ru->ru_isrss; 92 lru->ru_minflt = ru->ru_minflt; 93 lru->ru_majflt = ru->ru_majflt; 94 lru->ru_nswap = ru->ru_nswap; 95 lru->ru_inblock = ru->ru_inblock; 96 lru->ru_oublock = ru->ru_oublock; 97 lru->ru_msgsnd = ru->ru_msgsnd; 98 lru->ru_msgrcv = ru->ru_msgrcv; 99 lru->ru_nsignals = ru->ru_nsignals; 100 lru->ru_nvcsw = ru->ru_nvcsw; 101 lru->ru_nivcsw = ru->ru_nivcsw; 102 } 103 104 int 105 linux_copyout_rusage(struct rusage *ru, void *uaddr) 106 { 107 struct l_rusage lru; 108 109 bsd_to_linux_rusage(ru, &lru); 110 111 return (copyout(&lru, uaddr, sizeof(struct l_rusage))); 112 } 113 114 int 115 linux_readv(struct thread *td, struct linux_readv_args *uap) 116 { 117 struct uio *auio; 118 int error; 119 120 error = freebsd32_copyinuio(uap->iovp, uap->iovcnt, &auio); 121 if (error) 122 return (error); 123 error = kern_readv(td, uap->fd, auio); 124 free(auio, M_IOV); 125 return (error); 126 } 127 128 struct l_ipc_kludge { 129 l_uintptr_t msgp; 130 l_long msgtyp; 131 } __packed; 132 133 int 134 linux_ipc(struct thread *td, struct linux_ipc_args *args) 135 { 136 137 switch (args->what & 0xFFFF) { 138 case LINUX_SEMOP: { 139 140 return (kern_semop(td, args->arg1, PTRIN(args->ptr), 141 args->arg2, NULL)); 142 } 143 case LINUX_SEMGET: { 144 struct linux_semget_args a; 145 146 a.key = args->arg1; 147 a.nsems = args->arg2; 148 a.semflg = args->arg3; 149 return (linux_semget(td, &a)); 150 } 151 case LINUX_SEMCTL: { 152 struct linux_semctl_args a; 153 int error; 154 155 a.semid = args->arg1; 156 a.semnum = args->arg2; 157 a.cmd = args->arg3; 158 error = copyin(PTRIN(args->ptr), &a.arg, sizeof(a.arg)); 159 if (error) 160 return (error); 161 return (linux_semctl(td, &a)); 162 } 163 case LINUX_SEMTIMEDOP: { 164 struct linux_semtimedop_args a; 165 166 a.semid = args->arg1; 167 a.tsops = PTRIN(args->ptr); 168 a.nsops = args->arg2; 169 a.timeout = PTRIN(args->arg5); 170 return (linux_semtimedop(td, &a)); 171 } 172 case LINUX_MSGSND: { 173 struct linux_msgsnd_args a; 174 175 a.msqid = args->arg1; 176 a.msgp = PTRIN(args->ptr); 177 a.msgsz = args->arg2; 178 a.msgflg = args->arg3; 179 return (linux_msgsnd(td, &a)); 180 } 181 case LINUX_MSGRCV: { 182 struct linux_msgrcv_args a; 183 184 a.msqid = args->arg1; 185 a.msgsz = args->arg2; 186 a.msgflg = args->arg3; 187 if ((args->what >> 16) == 0) { 188 struct l_ipc_kludge tmp; 189 int error; 190 191 if (args->ptr == 0) 192 return (EINVAL); 193 error = copyin(PTRIN(args->ptr), &tmp, sizeof(tmp)); 194 if (error) 195 return (error); 196 a.msgp = PTRIN(tmp.msgp); 197 a.msgtyp = tmp.msgtyp; 198 } else { 199 a.msgp = PTRIN(args->ptr); 200 a.msgtyp = args->arg5; 201 } 202 return (linux_msgrcv(td, &a)); 203 } 204 case LINUX_MSGGET: { 205 struct linux_msgget_args a; 206 207 a.key = args->arg1; 208 a.msgflg = args->arg2; 209 return (linux_msgget(td, &a)); 210 } 211 case LINUX_MSGCTL: { 212 struct linux_msgctl_args a; 213 214 a.msqid = args->arg1; 215 a.cmd = args->arg2; 216 a.buf = PTRIN(args->ptr); 217 return (linux_msgctl(td, &a)); 218 } 219 case LINUX_SHMAT: { 220 struct linux_shmat_args a; 221 l_uintptr_t addr; 222 int error; 223 224 a.shmid = args->arg1; 225 a.shmaddr = PTRIN(args->ptr); 226 a.shmflg = args->arg2; 227 error = linux_shmat(td, &a); 228 if (error != 0) 229 return (error); 230 addr = td->td_retval[0]; 231 error = copyout(&addr, PTRIN(args->arg3), sizeof(addr)); 232 td->td_retval[0] = 0; 233 return (error); 234 } 235 case LINUX_SHMDT: { 236 struct linux_shmdt_args a; 237 238 a.shmaddr = PTRIN(args->ptr); 239 return (linux_shmdt(td, &a)); 240 } 241 case LINUX_SHMGET: { 242 struct linux_shmget_args a; 243 244 a.key = args->arg1; 245 a.size = args->arg2; 246 a.shmflg = args->arg3; 247 return (linux_shmget(td, &a)); 248 } 249 case LINUX_SHMCTL: { 250 struct linux_shmctl_args a; 251 252 a.shmid = args->arg1; 253 a.cmd = args->arg2; 254 a.buf = PTRIN(args->ptr); 255 return (linux_shmctl(td, &a)); 256 } 257 default: 258 break; 259 } 260 261 return (EINVAL); 262 } 263 264 int 265 linux_old_select(struct thread *td, struct linux_old_select_args *args) 266 { 267 struct l_old_select_argv linux_args; 268 struct linux_select_args newsel; 269 int error; 270 271 error = copyin(args->ptr, &linux_args, sizeof(linux_args)); 272 if (error) 273 return (error); 274 275 newsel.nfds = linux_args.nfds; 276 newsel.readfds = PTRIN(linux_args.readfds); 277 newsel.writefds = PTRIN(linux_args.writefds); 278 newsel.exceptfds = PTRIN(linux_args.exceptfds); 279 newsel.timeout = PTRIN(linux_args.timeout); 280 return (linux_select(td, &newsel)); 281 } 282 283 int 284 linux_set_cloned_tls(struct thread *td, void *desc) 285 { 286 struct l_user_desc info; 287 struct pcb *pcb; 288 int error; 289 290 error = copyin(desc, &info, sizeof(struct l_user_desc)); 291 if (error) { 292 linux_msg(td, "set_cloned_tls copyin info failed!"); 293 } else { 294 /* We might copy out the entry_number as GUGS32_SEL. */ 295 info.entry_number = GUGS32_SEL; 296 error = copyout(&info, desc, sizeof(struct l_user_desc)); 297 if (error) 298 linux_msg(td, "set_cloned_tls copyout info failed!"); 299 300 pcb = td->td_pcb; 301 update_pcb_bases(pcb); 302 pcb->pcb_gsbase = (register_t)info.base_addr; 303 td->td_frame->tf_gs = GSEL(GUGS32_SEL, SEL_UPL); 304 } 305 306 return (error); 307 } 308 309 int 310 linux_set_upcall(struct thread *td, register_t stack) 311 { 312 313 if (stack) 314 td->td_frame->tf_rsp = stack; 315 316 /* 317 * The newly created Linux thread returns 318 * to the user space by the same path that a parent do. 319 */ 320 td->td_frame->tf_rax = 0; 321 return (0); 322 } 323 324 int 325 linux_mmap2(struct thread *td, struct linux_mmap2_args *args) 326 { 327 328 return (linux_mmap_common(td, PTROUT(args->addr), args->len, args->prot, 329 args->flags, args->fd, (uint64_t)(uint32_t)args->pgoff * 330 PAGE_SIZE)); 331 } 332 333 int 334 linux_mmap(struct thread *td, struct linux_mmap_args *args) 335 { 336 int error; 337 struct l_mmap_argv linux_args; 338 339 error = copyin(args->ptr, &linux_args, sizeof(linux_args)); 340 if (error) 341 return (error); 342 343 return (linux_mmap_common(td, linux_args.addr, linux_args.len, 344 linux_args.prot, linux_args.flags, linux_args.fd, 345 (uint32_t)linux_args.pgoff)); 346 } 347 348 int 349 linux_mprotect(struct thread *td, struct linux_mprotect_args *uap) 350 { 351 352 return (linux_mprotect_common(td, PTROUT(uap->addr), uap->len, uap->prot)); 353 } 354 355 int 356 linux_madvise(struct thread *td, struct linux_madvise_args *uap) 357 { 358 359 return (linux_madvise_common(td, PTROUT(uap->addr), uap->len, uap->behav)); 360 } 361 362 int 363 linux_iopl(struct thread *td, struct linux_iopl_args *args) 364 { 365 int error; 366 367 if (args->level < 0 || args->level > 3) 368 return (EINVAL); 369 if ((error = priv_check(td, PRIV_IO)) != 0) 370 return (error); 371 if ((error = securelevel_gt(td->td_ucred, 0)) != 0) 372 return (error); 373 td->td_frame->tf_rflags = (td->td_frame->tf_rflags & ~PSL_IOPL) | 374 (args->level * (PSL_IOPL / 3)); 375 376 return (0); 377 } 378 379 int 380 linux_sigaction(struct thread *td, struct linux_sigaction_args *args) 381 { 382 l_osigaction_t osa; 383 l_sigaction_t act, oact; 384 int error; 385 386 if (args->nsa != NULL) { 387 error = copyin(args->nsa, &osa, sizeof(l_osigaction_t)); 388 if (error) 389 return (error); 390 act.lsa_handler = osa.lsa_handler; 391 act.lsa_flags = osa.lsa_flags; 392 act.lsa_restorer = osa.lsa_restorer; 393 LINUX_SIGEMPTYSET(act.lsa_mask); 394 act.lsa_mask.__mask = osa.lsa_mask; 395 } 396 397 error = linux_do_sigaction(td, args->sig, args->nsa ? &act : NULL, 398 args->osa ? &oact : NULL); 399 400 if (args->osa != NULL && !error) { 401 osa.lsa_handler = oact.lsa_handler; 402 osa.lsa_flags = oact.lsa_flags; 403 osa.lsa_restorer = oact.lsa_restorer; 404 osa.lsa_mask = oact.lsa_mask.__mask; 405 error = copyout(&osa, args->osa, sizeof(l_osigaction_t)); 406 } 407 408 return (error); 409 } 410 411 /* 412 * Linux has two extra args, restart and oldmask. We don't use these, 413 * but it seems that "restart" is actually a context pointer that 414 * enables the signal to happen with a different register set. 415 */ 416 int 417 linux_sigsuspend(struct thread *td, struct linux_sigsuspend_args *args) 418 { 419 sigset_t sigmask; 420 l_sigset_t mask; 421 422 LINUX_SIGEMPTYSET(mask); 423 mask.__mask = args->mask; 424 linux_to_bsd_sigset(&mask, &sigmask); 425 return (kern_sigsuspend(td, sigmask)); 426 } 427 428 int 429 linux_pause(struct thread *td, struct linux_pause_args *args) 430 { 431 struct proc *p = td->td_proc; 432 sigset_t sigmask; 433 434 PROC_LOCK(p); 435 sigmask = td->td_sigmask; 436 PROC_UNLOCK(p); 437 return (kern_sigsuspend(td, sigmask)); 438 } 439 440 int 441 linux_gettimeofday(struct thread *td, struct linux_gettimeofday_args *uap) 442 { 443 struct timeval atv; 444 l_timeval atv32; 445 struct timezone rtz; 446 int error = 0; 447 448 if (uap->tp) { 449 microtime(&atv); 450 atv32.tv_sec = atv.tv_sec; 451 atv32.tv_usec = atv.tv_usec; 452 error = copyout(&atv32, uap->tp, sizeof(atv32)); 453 } 454 if (error == 0 && uap->tzp != NULL) { 455 rtz.tz_minuteswest = 0; 456 rtz.tz_dsttime = 0; 457 error = copyout(&rtz, uap->tzp, sizeof(rtz)); 458 } 459 return (error); 460 } 461 462 int 463 linux_settimeofday(struct thread *td, struct linux_settimeofday_args *uap) 464 { 465 l_timeval atv32; 466 struct timeval atv, *tvp; 467 struct timezone atz, *tzp; 468 int error; 469 470 if (uap->tp) { 471 error = copyin(uap->tp, &atv32, sizeof(atv32)); 472 if (error) 473 return (error); 474 atv.tv_sec = atv32.tv_sec; 475 atv.tv_usec = atv32.tv_usec; 476 tvp = &atv; 477 } else 478 tvp = NULL; 479 if (uap->tzp) { 480 error = copyin(uap->tzp, &atz, sizeof(atz)); 481 if (error) 482 return (error); 483 tzp = &atz; 484 } else 485 tzp = NULL; 486 return (kern_settimeofday(td, tvp, tzp)); 487 } 488 489 int 490 linux_getrusage(struct thread *td, struct linux_getrusage_args *uap) 491 { 492 struct rusage s; 493 int error; 494 495 error = kern_getrusage(td, uap->who, &s); 496 if (error != 0) 497 return (error); 498 if (uap->rusage != NULL) 499 error = linux_copyout_rusage(&s, uap->rusage); 500 return (error); 501 } 502 503 int 504 linux_set_thread_area(struct thread *td, 505 struct linux_set_thread_area_args *args) 506 { 507 struct l_user_desc info; 508 struct pcb *pcb; 509 int error; 510 511 error = copyin(args->desc, &info, sizeof(struct l_user_desc)); 512 if (error) 513 return (error); 514 515 /* 516 * Semantics of Linux version: every thread in the system has array 517 * of three TLS descriptors. 1st is GLIBC TLS, 2nd is WINE, 3rd unknown. 518 * This syscall loads one of the selected TLS descriptors with a value 519 * and also loads GDT descriptors 6, 7 and 8 with the content of 520 * the per-thread descriptors. 521 * 522 * Semantics of FreeBSD version: I think we can ignore that Linux has 523 * three per-thread descriptors and use just the first one. 524 * The tls_array[] is used only in [gs]et_thread_area() syscalls and 525 * for loading the GDT descriptors. We use just one GDT descriptor 526 * for TLS, so we will load just one. 527 * 528 * XXX: This doesn't work when a user space process tries to use more 529 * than one TLS segment. Comment in the Linux source says wine might 530 * do this. 531 */ 532 533 /* 534 * GLIBC reads current %gs and call set_thread_area() with it. 535 * We should let GUDATA_SEL and GUGS32_SEL proceed as well because 536 * we use these segments. 537 */ 538 switch (info.entry_number) { 539 case GUGS32_SEL: 540 case GUDATA_SEL: 541 case 6: 542 case -1: 543 info.entry_number = GUGS32_SEL; 544 break; 545 default: 546 return (EINVAL); 547 } 548 549 /* 550 * We have to copy out the GDT entry we use. 551 * 552 * XXX: What if a user space program does not check the return value 553 * and tries to use 6, 7 or 8? 554 */ 555 error = copyout(&info, args->desc, sizeof(struct l_user_desc)); 556 if (error) 557 return (error); 558 559 pcb = td->td_pcb; 560 update_pcb_bases(pcb); 561 pcb->pcb_gsbase = (register_t)info.base_addr; 562 update_gdt_gsbase(td, info.base_addr); 563 564 return (0); 565 } 566 567 void 568 bsd_to_linux_regset32(const struct reg32 *b_reg, 569 struct linux_pt_regset32 *l_regset) 570 { 571 572 l_regset->ebx = b_reg->r_ebx; 573 l_regset->ecx = b_reg->r_ecx; 574 l_regset->edx = b_reg->r_edx; 575 l_regset->esi = b_reg->r_esi; 576 l_regset->edi = b_reg->r_edi; 577 l_regset->ebp = b_reg->r_ebp; 578 l_regset->eax = b_reg->r_eax; 579 l_regset->ds = b_reg->r_ds; 580 l_regset->es = b_reg->r_es; 581 l_regset->fs = b_reg->r_fs; 582 l_regset->gs = b_reg->r_gs; 583 l_regset->orig_eax = b_reg->r_eax; 584 l_regset->eip = b_reg->r_eip; 585 l_regset->cs = b_reg->r_cs; 586 l_regset->eflags = b_reg->r_eflags; 587 l_regset->esp = b_reg->r_esp; 588 l_regset->ss = b_reg->r_ss; 589 } 590 591 int futex_xchgl_nosmap(int oparg, uint32_t *uaddr, int *oldval); 592 int futex_xchgl_smap(int oparg, uint32_t *uaddr, int *oldval); 593 DEFINE_IFUNC(, int, futex_xchgl, (int, uint32_t *, int *)) 594 { 595 596 return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? 597 futex_xchgl_smap : futex_xchgl_nosmap); 598 } 599 600 int futex_addl_nosmap(int oparg, uint32_t *uaddr, int *oldval); 601 int futex_addl_smap(int oparg, uint32_t *uaddr, int *oldval); 602 DEFINE_IFUNC(, int, futex_addl, (int, uint32_t *, int *)) 603 { 604 605 return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? 606 futex_addl_smap : futex_addl_nosmap); 607 } 608 609 int futex_orl_nosmap(int oparg, uint32_t *uaddr, int *oldval); 610 int futex_orl_smap(int oparg, uint32_t *uaddr, int *oldval); 611 DEFINE_IFUNC(, int, futex_orl, (int, uint32_t *, int *)) 612 { 613 614 return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? 615 futex_orl_smap : futex_orl_nosmap); 616 } 617 618 int futex_andl_nosmap(int oparg, uint32_t *uaddr, int *oldval); 619 int futex_andl_smap(int oparg, uint32_t *uaddr, int *oldval); 620 DEFINE_IFUNC(, int, futex_andl, (int, uint32_t *, int *)) 621 { 622 623 return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? 624 futex_andl_smap : futex_andl_nosmap); 625 } 626 627 int futex_xorl_nosmap(int oparg, uint32_t *uaddr, int *oldval); 628 int futex_xorl_smap(int oparg, uint32_t *uaddr, int *oldval); 629 DEFINE_IFUNC(, int, futex_xorl, (int, uint32_t *, int *)) 630 { 631 632 return ((cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0 ? 633 futex_xorl_smap : futex_xorl_nosmap); 634 } 635 636 int 637 linux_ptrace_peekuser(struct thread *td, pid_t pid, void *addr, void *data) 638 { 639 640 LINUX_RATELIMIT_MSG_OPT1("PTRACE_PEEKUSER offset %ld not implemented; " 641 "returning EINVAL", (uintptr_t)addr); 642 return (EINVAL); 643 } 644 645 int 646 linux_ptrace_pokeuser(struct thread *td, pid_t pid, void *addr, void *data) 647 { 648 649 LINUX_RATELIMIT_MSG_OPT1("PTRACE_POKEUSER offset %ld " 650 "not implemented; returning EINVAL", (uintptr_t)addr); 651 return (EINVAL); 652 } 653