xref: /illumos-gate/usr/src/uts/intel/syscall/getcontext.c (revision ed093b41a93e8563e6e1e5dae0768dda2a7bcc27)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */

/*
 * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

/*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
/*	  All Rights Reserved	*/

/*
 * Copyright 2023 Oxide Computer Company
 */

#include <sys/param.h>
#include <sys/types.h>
#include <sys/vmparam.h>
#include <sys/systm.h>
#include <sys/signal.h>
#include <sys/stack.h>
#include <sys/regset.h>
#include <sys/privregs.h>
#include <sys/frame.h>
#include <sys/proc.h>
#include <sys/brand.h>
#include <sys/psw.h>
#include <sys/ucontext.h>
#include <sys/asm_linkage.h>
#include <sys/errno.h>
#include <sys/archsystm.h>
#include <sys/schedctl.h>
#include <sys/debug.h>
#include <sys/sysmacros.h>

/*
 * This is a wrapper around copyout_noerr that returns a guaranteed error code.
 * Because we're using copyout_noerr(), we need to bound the time we're under an
 * on_fault/no_fault and attempt to do so only while we're actually copying data
 * out. The main reason for this is because we're being called back from the
 * FPU, which is being held with a kpreempt_disable() and related, we can't use
 * a larger on_fault()/no_fault() as that would both hide legitimate errors we
 * make, masquerading as user issues, and it gets trickier to reason about the
 * correct restoration of our state.
 */
static int
savecontext_copyout(const void *kaddr, void *uaddr, size_t size)
{
	label_t ljb;
	if (!on_fault(&ljb)) {
		copyout_noerr(kaddr, uaddr, size);
		no_fault();
		return (0);
	} else {
		no_fault();
		return (EFAULT);
	}
}

/*
 * Save user context.
 *
 * ucp is itself always a pointer to the kernel's copy of a ucontext_t. In the
 * traditional version of this (when flags is 0), then we just write and fill
 * out all of the ucontext_t without any care for what was there ahead of this.
 * Our callers are responsible for coyping out that state if required. When
 * there is extended state to deal with (flags include SAVECTXT_F_EXTD), our
 * callers will have already copied in and pre-populated the structure with
 * values from userland. When those pointers are non-zero then we will copy out
 * that extended state directly to the user pointer. Currently this is only done
 * for uc_xsave. Even when we perform this, the rest of the structure stays as
 * is.
 *
 * We allow the copying to happen in two different ways mostly because this is
 * also used in the signal handling context where we must be much more careful
 * about how to copy out data.
 */
int
savecontext(ucontext_t *ucp, const k_sigset_t *mask, savecontext_flags_t flags)
{
	proc_t *p = ttoproc(curthread);
	klwp_t *lwp = ttolwp(curthread);
	struct regs *rp = lwptoregs(lwp);
	boolean_t need_xsave = B_FALSE;
	boolean_t fpu_en;
	long user_xsave = 0;
	int ret;

	VERIFY0(flags & ~(SAVECTXT_F_EXTD | SAVECTXT_F_ONFAULT));

	/*
	 * We unconditionally assign to every field through the end
	 * of the gregs, but we need to bzero() everything -after- that
	 * to avoid having any kernel stack garbage escape to userland.
	 *
	 * If we have been asked to save extended state, then we must make sure
	 * that we don't clobber that value. We must also determine if the
	 * processor has xsave state. If it does not, then we just simply honor
	 * the pointer, but do not write anything out and do not set the flag.
	 */
	if ((flags & SAVECTXT_F_EXTD) != 0) {
		user_xsave = ucp->uc_xsave;
		if (fpu_xsave_enabled() && user_xsave != 0) {
			need_xsave = B_TRUE;
		}
	} else {
		/*
		 * The only other flag that we have right now is about modifying
		 * the copyout behavior when we're copying out extended
		 * information. If it's not here, we should not do anything.
		 */
		VERIFY0(flags);
	}
	bzero(&ucp->uc_mcontext.fpregs, sizeof (ucontext_t) -
	    offsetof(ucontext_t, uc_mcontext.fpregs));
	ucp->uc_xsave = user_xsave;

	ucp->uc_flags = UC_ALL;
	ucp->uc_link = (struct ucontext *)lwp->lwp_oldcontext;

	/*
	 * Try to copyin() the ustack if one is registered. If the stack
	 * has zero size, this indicates that stack bounds checking has
	 * been disabled for this LWP. If stack bounds checking is disabled
	 * or the copyin() fails, we fall back to the legacy behavior.
	 */
	if (lwp->lwp_ustack == (uintptr_t)NULL ||
	    copyin((void *)lwp->lwp_ustack, &ucp->uc_stack,
	    sizeof (ucp->uc_stack)) != 0 ||
	    ucp->uc_stack.ss_size == 0) {

		if (lwp->lwp_sigaltstack.ss_flags == SS_ONSTACK) {
			ucp->uc_stack = lwp->lwp_sigaltstack;
		} else {
			ucp->uc_stack.ss_sp = p->p_usrstack - p->p_stksize;
			ucp->uc_stack.ss_size = p->p_stksize;
			ucp->uc_stack.ss_flags = 0;
		}
	}

	/*
	 * If either the trace flag or REQUEST_STEP is set,
	 * arrange for single-stepping and turn off the trace flag.
	 */
	if ((rp->r_ps & PS_T) || (lwp->lwp_pcb.pcb_flags & REQUEST_STEP)) {
		/*
		 * Clear PS_T so that saved user context won't have trace
		 * flag set.
		 */
		rp->r_ps &= ~PS_T;

		if (!(lwp->lwp_pcb.pcb_flags & REQUEST_NOSTEP)) {
			lwp->lwp_pcb.pcb_flags |= DEBUG_PENDING;
			/*
			 * trap() always checks DEBUG_PENDING before
			 * checking for any pending signal. This at times
			 * can potentially lead to DEBUG_PENDING not being
			 * honoured. (for eg: the lwp is stopped by
			 * stop_on_fault() called from trap(), after being
			 * awakened it might see a pending signal and call
			 * savecontext(), however on the way back to userland
			 * there is no place it can be detected). Hence in
			 * anticipation of such occasions, set AST flag for
			 * the thread which will make the thread take an
			 * excursion through trap() where it will be handled
			 * appropriately.
			 */
			aston(curthread);
		}
	}

	getgregs(lwp, ucp->uc_mcontext.gregs);
	fpu_en = (lwp->lwp_pcb.pcb_fpu.fpu_flags & FPU_EN) != 0;
	if (fpu_en)
		getfpregs(lwp, &ucp->uc_mcontext.fpregs);
	else
		ucp->uc_flags &= ~UC_FPU;

	sigktou(mask, &ucp->uc_sigmask);

	/*
	 * Determine if we need to get the rest of the xsave context out here.
	 * If the thread doesn't actually have the FPU enabled, then we don't
	 * actually need to do this. We also don't have to if it wasn't
	 * requested.
	 */
	if (!need_xsave || !fpu_en) {
		return (0);
	}

	ucp->uc_flags |= UC_XSAVE;

	/*
	 * While you might be asking why and contemplating despair, just know
	 * that some things need to just be done in the face of signal (half the
	 * reason this function exists). Basically when in signal context we
	 * can't trigger watch points. This means we need to tell the FPU copy
	 * logic to actually use the on_fault/no_fault and the non-error form of
	 * copyout (which still checks if it's a user address at least).
	 */
	if ((flags & SAVECTXT_F_ONFAULT) != 0) {
		ret = fpu_signal_copyout(lwp, ucp->uc_xsave,
		    savecontext_copyout);
	} else {
		ret = fpu_signal_copyout(lwp, ucp->uc_xsave, copyout);
	}

	return (ret);
}

/*
 * Restore user context.
 */
void
restorecontext(ucontext_t *ucp)
{
	kthread_t *t = curthread;
	klwp_t *lwp = ttolwp(t);

	lwp->lwp_oldcontext = (uintptr_t)ucp->uc_link;

	if (ucp->uc_flags & UC_STACK) {
		if (ucp->uc_stack.ss_flags == SS_ONSTACK)
			lwp->lwp_sigaltstack = ucp->uc_stack;
		else
			lwp->lwp_sigaltstack.ss_flags &= ~SS_ONSTACK;
	}

	if (ucp->uc_flags & UC_CPU) {
		/*
		 * If the trace flag is set, mark the lwp to take a
		 * single-step trap on return to user level (below).
		 * The x86 lcall interface and sysenter has already done this,
		 * and turned off the flag, but amd64 syscall interface has not.
		 */
		if (lwptoregs(lwp)->r_ps & PS_T)
			lwp->lwp_pcb.pcb_flags |= DEBUG_PENDING;
		setgregs(lwp, ucp->uc_mcontext.gregs);
		lwp->lwp_eosys = JUSTRETURN;
		t->t_post_sys = 1;
		aston(curthread);
	}

	/*
	 * The logic to copy in the ucontex_t takes care of combining the UC_FPU
	 * and UC_XSAVE, so at this point only one of them should be set, if
	 * any.
	 */
	if (ucp->uc_flags & UC_XSAVE) {
		ASSERT0(ucp->uc_flags & UC_FPU);
		ASSERT3U((uintptr_t)ucp->uc_xsave, >=, _kernelbase);
		fpu_set_xsave(lwp, (const void *)ucp->uc_xsave);
	} else if (ucp->uc_flags & UC_FPU) {
		setfpregs(lwp, &ucp->uc_mcontext.fpregs);
	}

	if (ucp->uc_flags & UC_SIGMASK) {
		/*
		 * We don't need to acquire p->p_lock here;
		 * we are manipulating thread-private data.
		 */
		schedctl_finish_sigblock(t);
		sigutok(&ucp->uc_sigmask, &t->t_hold);
		if (sigcheck(ttoproc(t), t))
			t->t_sig_check = 1;
	}
}


int
getsetcontext(int flag, void *arg)
{
	ucontext_t uc;
	ucontext_t *ucp;
	klwp_t *lwp = ttolwp(curthread);
	void *fpu = NULL;
	stack_t dummy_stk;
	int ret;

	/*
	 * In future releases, when the ucontext structure grows,
	 * getcontext should be modified to only return the fields
	 * specified in the uc_flags.  That way, the structure can grow
	 * and still be binary compatible will all .o's which will only
	 * have old fields defined in uc_flags
	 */

	switch (flag) {
	default:
		return (set_errno(EINVAL));

	case GETCONTEXT:
		schedctl_finish_sigblock(curthread);
		ret = savecontext(&uc, &curthread->t_hold, SAVECTXT_F_NONE);
		if (ret != 0)
			return (set_errno(ret));
		if (uc.uc_flags & UC_SIGMASK)
			SIGSET_NATIVE_TO_BRAND(&uc.uc_sigmask);
		if (copyout(&uc, arg, sizeof (uc)))
			return (set_errno(EFAULT));
		return (0);

	/*
	 * In the case of GETCONTEXT_EXTD, we've theoretically been given all
	 * the required pointers of the appropriate length by libc in the
	 * ucontext_t. We must first copyin the offsets that we care about to
	 * seed the known extensions. Right now that is just the uc_xsave
	 * member. As we are setting uc_flags, we only look at the members we
	 * need to care about.
	 *
	 * The main reason that we have a different entry point is that we don't
	 * want to assume that callers have always properly zeroed their
	 * ucontext_t ahead of calling into libc. In fact, it often is just
	 * declared on the stack so we can't assume that at all. Instead,
	 * getcontext_extd does require that.
	 */
	case GETCONTEXT_EXTD:
		schedctl_finish_sigblock(curthread);
		ucp = arg;
		if (copyin(&ucp->uc_xsave, &uc.uc_xsave,
		    sizeof (uc.uc_xsave)) != 0) {
			return (set_errno(EFAULT));
		}
		ret = savecontext(&uc, &curthread->t_hold, SAVECTXT_F_EXTD);
		if (ret != 0)
			return (set_errno(ret));
		if (uc.uc_flags & UC_SIGMASK)
			SIGSET_NATIVE_TO_BRAND(&uc.uc_sigmask);
		if (copyout(&uc, arg, sizeof (uc)))
			return (set_errno(EFAULT));
		return (0);


	case SETCONTEXT:
		ucp = arg;
		if (ucp == NULL)
			exit(CLD_EXITED, 0);
		/*
		 * Don't copyin filler or floating state unless we need it.
		 * The ucontext_t struct and fields are specified in the ABI.
		 */
		if (copyin(ucp, &uc, offsetof(ucontext_t, uc_filler) -
		    sizeof (uc.uc_mcontext.fpregs))) {
			return (set_errno(EFAULT));
		}
		if (uc.uc_flags & UC_SIGMASK)
			SIGSET_BRAND_TO_NATIVE(&uc.uc_sigmask);

		if ((uc.uc_flags & UC_FPU) &&
		    copyin(&ucp->uc_mcontext.fpregs, &uc.uc_mcontext.fpregs,
		    sizeof (uc.uc_mcontext.fpregs))) {
			return (set_errno(EFAULT));
		}

		uc.uc_xsave = 0;
		if ((uc.uc_flags & UC_XSAVE) != 0) {
			int ret;

			if (copyin(&ucp->uc_xsave, &uc.uc_xsave,
			    sizeof (uc.uc_xsave)) != 0) {
				return (set_errno(EFAULT));
			}

			ret = fpu_signal_copyin(lwp, &uc);
			if (ret != 0) {
				return (set_errno(ret));
			}
		}

		restorecontext(&uc);

		if ((uc.uc_flags & UC_STACK) && (lwp->lwp_ustack != 0))
			(void) copyout(&uc.uc_stack, (stack_t *)lwp->lwp_ustack,
			    sizeof (uc.uc_stack));
		return (0);

	case GETUSTACK:
		if (copyout(&lwp->lwp_ustack, arg, sizeof (caddr_t)))
			return (set_errno(EFAULT));
		return (0);

	case SETUSTACK:
		if (copyin(arg, &dummy_stk, sizeof (dummy_stk)))
			return (set_errno(EFAULT));
		lwp->lwp_ustack = (uintptr_t)arg;
		return (0);
	}
}

#ifdef _SYSCALL32_IMPL

/*
 * Save user context for 32-bit processes.
 */
int
savecontext32(ucontext32_t *ucp, const k_sigset_t *mask,
    savecontext_flags_t flags)
{
	proc_t *p = ttoproc(curthread);
	klwp_t *lwp = ttolwp(curthread);
	struct regs *rp = lwptoregs(lwp);
	boolean_t need_xsave = B_FALSE;
	boolean_t fpu_en;
	int32_t user_xsave = 0;
	uintptr_t uaddr;
	int ret;

	/*
	 * See savecontext for an explanation of this.
	 */
	if ((flags & SAVECTXT_F_EXTD) != 0) {
		user_xsave = ucp->uc_xsave;
		if (fpu_xsave_enabled() && user_xsave != 0) {
			need_xsave = B_TRUE;
		}
	} else {
		VERIFY0(flags);
	}
	bzero(&ucp->uc_mcontext.fpregs, sizeof (ucontext32_t) -
	    offsetof(ucontext32_t, uc_mcontext.fpregs));
	ucp->uc_xsave = user_xsave;

	ucp->uc_flags = UC_ALL;
	ucp->uc_link = (caddr32_t)lwp->lwp_oldcontext;

	if (lwp->lwp_ustack == (uintptr_t)NULL ||
	    copyin((void *)lwp->lwp_ustack, &ucp->uc_stack,
	    sizeof (ucp->uc_stack)) != 0 ||
	    ucp->uc_stack.ss_size == 0) {

		if (lwp->lwp_sigaltstack.ss_flags == SS_ONSTACK) {
			ucp->uc_stack.ss_sp =
			    (caddr32_t)(uintptr_t)lwp->lwp_sigaltstack.ss_sp;
			ucp->uc_stack.ss_size =
			    (size32_t)lwp->lwp_sigaltstack.ss_size;
			ucp->uc_stack.ss_flags = SS_ONSTACK;
		} else {
			ucp->uc_stack.ss_sp = (caddr32_t)(uintptr_t)
			    (p->p_usrstack - p->p_stksize);
			ucp->uc_stack.ss_size = (size32_t)p->p_stksize;
			ucp->uc_stack.ss_flags = 0;
		}
	}

	/*
	 * If either the trace flag or REQUEST_STEP is set, arrange
	 * for single-stepping and turn off the trace flag.
	 */
	if ((rp->r_ps & PS_T) || (lwp->lwp_pcb.pcb_flags & REQUEST_STEP)) {
		/*
		 * Clear PS_T so that saved user context won't have trace
		 * flag set.
		 */
		rp->r_ps &= ~PS_T;

		if (!(lwp->lwp_pcb.pcb_flags & REQUEST_NOSTEP)) {
			lwp->lwp_pcb.pcb_flags |= DEBUG_PENDING;
			/*
			 * See comments in savecontext().
			 */
			aston(curthread);
		}
	}

	getgregs32(lwp, ucp->uc_mcontext.gregs);
	fpu_en = (lwp->lwp_pcb.pcb_fpu.fpu_flags & FPU_EN) != 0;
	if (fpu_en)
		getfpregs32(lwp, &ucp->uc_mcontext.fpregs);
	else
		ucp->uc_flags &= ~UC_FPU;

	sigktou(mask, &ucp->uc_sigmask);

	if (!need_xsave || !fpu_en) {
		return (0);
	}

	ucp->uc_flags |= UC_XSAVE;

	/*
	 * Due to not wanting to change or break programs, the filler in the
	 * ucontext_t was always declared as a long, which is signed. Because
	 * this is the 32-bit version, this is an int32_t. We cannot directly go
	 * to a uintptr_t otherwise we might get sign extension, so we first
	 * have to go through a uint32_t and then a uintptr_t. Otherwise, see
	 * savecontext().
	 */
	uaddr = (uintptr_t)(uint32_t)ucp->uc_xsave;
	if ((flags & SAVECTXT_F_ONFAULT) != 0) {
		ret = fpu_signal_copyout(lwp, uaddr, savecontext_copyout);
	} else {
		ret = fpu_signal_copyout(lwp, uaddr, copyout);
	}

	return (ret);
}

int
getsetcontext32(int flag, void *arg)
{
	ucontext32_t uc;
	ucontext_t ucnat;
	ucontext32_t *ucp;
	klwp_t *lwp = ttolwp(curthread);
	caddr32_t ustack32;
	stack32_t dummy_stk32;
	int ret;

	switch (flag) {
	default:
		return (set_errno(EINVAL));

	case GETCONTEXT:
		schedctl_finish_sigblock(curthread);
		ret = savecontext32(&uc, &curthread->t_hold, SAVECTXT_F_NONE);
		if (ret != 0)
			return (set_errno(ret));
		if (uc.uc_flags & UC_SIGMASK)
			SIGSET_NATIVE_TO_BRAND(&uc.uc_sigmask);
		if (copyout(&uc, arg, sizeof (uc)))
			return (set_errno(EFAULT));
		return (0);

	/*
	 * See getsetcontext() for an explanation of what is going on here.
	 */
	case GETCONTEXT_EXTD:
		schedctl_finish_sigblock(curthread);
		ucp = arg;
		if (copyin(&ucp->uc_xsave, &uc.uc_xsave,
		    sizeof (uc.uc_xsave)) != 0) {
			return (set_errno(EFAULT));
		}
		ret = savecontext32(&uc, &curthread->t_hold, SAVECTXT_F_EXTD);
		if (ret != 0)
			return (set_errno(ret));
		if (uc.uc_flags & UC_SIGMASK)
			SIGSET_NATIVE_TO_BRAND(&uc.uc_sigmask);
		if (copyout(&uc, arg, sizeof (uc)))
			return (set_errno(EFAULT));
		return (0);

	case SETCONTEXT:
		ucp = arg;
		if (ucp == NULL)
			exit(CLD_EXITED, 0);
		if (copyin(ucp, &uc, offsetof(ucontext32_t, uc_filler) -
		    sizeof (uc.uc_mcontext.fpregs))) {
			return (set_errno(EFAULT));
		}
		if (uc.uc_flags & UC_SIGMASK)
			SIGSET_BRAND_TO_NATIVE(&uc.uc_sigmask);
		if ((uc.uc_flags & UC_FPU) &&
		    copyin(&ucp->uc_mcontext.fpregs, &uc.uc_mcontext.fpregs,
		    sizeof (uc.uc_mcontext.fpregs))) {
			return (set_errno(EFAULT));
		}

		uc.uc_xsave = 0;
		if ((uc.uc_flags & UC_XSAVE) != 0 &&
		    copyin(&ucp->uc_xsave, &uc.uc_xsave,
		    sizeof (uc.uc_xsave)) != 0) {
			return (set_errno(EFAULT));
		}

		ucontext_32ton(&uc, &ucnat);

		if ((ucnat.uc_flags & UC_XSAVE) != 0) {
			int ret = fpu_signal_copyin(lwp, &ucnat);
			if (ret != 0) {
				return (set_errno(ret));
			}
		}

		restorecontext(&ucnat);

		if ((uc.uc_flags & UC_STACK) && (lwp->lwp_ustack != 0))
			(void) copyout(&uc.uc_stack,
			    (stack32_t *)lwp->lwp_ustack, sizeof (uc.uc_stack));
		return (0);

	case GETUSTACK:
		ustack32 = (caddr32_t)lwp->lwp_ustack;
		if (copyout(&ustack32, arg, sizeof (ustack32)))
			return (set_errno(EFAULT));
		return (0);

	case SETUSTACK:
		if (copyin(arg, &dummy_stk32, sizeof (dummy_stk32)))
			return (set_errno(EFAULT));
		lwp->lwp_ustack = (uintptr_t)arg;
		return (0);
	}
}

#endif	/* _SYSCALL32_IMPL */