1 /* By Ross Biro 1/23/92 */ 2 /* 3 * Pentium III FXSR, SSE support 4 * Gareth Hughes <gareth@valinux.com>, May 2000 5 * 6 * BTS tracing 7 * Markus Metzger <markus.t.metzger@intel.com>, Dec 2007 8 */ 9 10 #include <linux/kernel.h> 11 #include <linux/sched.h> 12 #include <linux/mm.h> 13 #include <linux/smp.h> 14 #include <linux/errno.h> 15 #include <linux/ptrace.h> 16 #include <linux/regset.h> 17 #include <linux/tracehook.h> 18 #include <linux/user.h> 19 #include <linux/elf.h> 20 #include <linux/security.h> 21 #include <linux/audit.h> 22 #include <linux/seccomp.h> 23 #include <linux/signal.h> 24 #include <linux/workqueue.h> 25 #include <linux/perf_event.h> 26 #include <linux/hw_breakpoint.h> 27 28 #include <asm/uaccess.h> 29 #include <asm/pgtable.h> 30 #include <asm/system.h> 31 #include <asm/processor.h> 32 #include <asm/i387.h> 33 #include <asm/debugreg.h> 34 #include <asm/ldt.h> 35 #include <asm/desc.h> 36 #include <asm/prctl.h> 37 #include <asm/proto.h> 38 #include <asm/ds.h> 39 #include <asm/hw_breakpoint.h> 40 41 #include "tls.h" 42 43 #define CREATE_TRACE_POINTS 44 #include <trace/events/syscalls.h> 45 46 enum x86_regset { 47 REGSET_GENERAL, 48 REGSET_FP, 49 REGSET_XFP, 50 REGSET_IOPERM64 = REGSET_XFP, 51 REGSET_XSTATE, 52 REGSET_TLS, 53 REGSET_IOPERM32, 54 }; 55 56 struct pt_regs_offset { 57 const char *name; 58 int offset; 59 }; 60 61 #define REG_OFFSET_NAME(r) {.name = #r, .offset = offsetof(struct pt_regs, r)} 62 #define REG_OFFSET_END {.name = NULL, .offset = 0} 63 64 static const struct pt_regs_offset regoffset_table[] = { 65 #ifdef CONFIG_X86_64 66 REG_OFFSET_NAME(r15), 67 REG_OFFSET_NAME(r14), 68 REG_OFFSET_NAME(r13), 69 REG_OFFSET_NAME(r12), 70 REG_OFFSET_NAME(r11), 71 REG_OFFSET_NAME(r10), 72 REG_OFFSET_NAME(r9), 73 REG_OFFSET_NAME(r8), 74 #endif 75 REG_OFFSET_NAME(bx), 76 REG_OFFSET_NAME(cx), 77 REG_OFFSET_NAME(dx), 78 REG_OFFSET_NAME(si), 79 REG_OFFSET_NAME(di), 80 REG_OFFSET_NAME(bp), 81 REG_OFFSET_NAME(ax), 82 #ifdef CONFIG_X86_32 83 REG_OFFSET_NAME(ds), 84 REG_OFFSET_NAME(es), 85 REG_OFFSET_NAME(fs), 86 REG_OFFSET_NAME(gs), 87 #endif 88 REG_OFFSET_NAME(orig_ax), 89 REG_OFFSET_NAME(ip), 90 REG_OFFSET_NAME(cs), 91 REG_OFFSET_NAME(flags), 92 REG_OFFSET_NAME(sp), 93 REG_OFFSET_NAME(ss), 94 REG_OFFSET_END, 95 }; 96 97 /** 98 * regs_query_register_offset() - query register offset from its name 99 * @name: the name of a register 100 * 101 * regs_query_register_offset() returns the offset of a register in struct 102 * pt_regs from its name. If the name is invalid, this returns -EINVAL; 103 */ 104 int regs_query_register_offset(const char *name) 105 { 106 const struct pt_regs_offset *roff; 107 for (roff = regoffset_table; roff->name != NULL; roff++) 108 if (!strcmp(roff->name, name)) 109 return roff->offset; 110 return -EINVAL; 111 } 112 113 /** 114 * regs_query_register_name() - query register name from its offset 115 * @offset: the offset of a register in struct pt_regs. 116 * 117 * regs_query_register_name() returns the name of a register from its 118 * offset in struct pt_regs. If the @offset is invalid, this returns NULL; 119 */ 120 const char *regs_query_register_name(unsigned int offset) 121 { 122 const struct pt_regs_offset *roff; 123 for (roff = regoffset_table; roff->name != NULL; roff++) 124 if (roff->offset == offset) 125 return roff->name; 126 return NULL; 127 } 128 129 static const int arg_offs_table[] = { 130 #ifdef CONFIG_X86_32 131 [0] = offsetof(struct pt_regs, ax), 132 [1] = offsetof(struct pt_regs, dx), 133 [2] = offsetof(struct pt_regs, cx) 134 #else /* CONFIG_X86_64 */ 135 [0] = offsetof(struct pt_regs, di), 136 [1] = offsetof(struct pt_regs, si), 137 [2] = offsetof(struct pt_regs, dx), 138 [3] = offsetof(struct pt_regs, cx), 139 [4] = offsetof(struct pt_regs, r8), 140 [5] = offsetof(struct pt_regs, r9) 141 #endif 142 }; 143 144 /* 145 * does not yet catch signals sent when the child dies. 146 * in exit.c or in signal.c. 147 */ 148 149 /* 150 * Determines which flags the user has access to [1 = access, 0 = no access]. 151 */ 152 #define FLAG_MASK_32 ((unsigned long) \ 153 (X86_EFLAGS_CF | X86_EFLAGS_PF | \ 154 X86_EFLAGS_AF | X86_EFLAGS_ZF | \ 155 X86_EFLAGS_SF | X86_EFLAGS_TF | \ 156 X86_EFLAGS_DF | X86_EFLAGS_OF | \ 157 X86_EFLAGS_RF | X86_EFLAGS_AC)) 158 159 /* 160 * Determines whether a value may be installed in a segment register. 161 */ 162 static inline bool invalid_selector(u16 value) 163 { 164 return unlikely(value != 0 && (value & SEGMENT_RPL_MASK) != USER_RPL); 165 } 166 167 #ifdef CONFIG_X86_32 168 169 #define FLAG_MASK FLAG_MASK_32 170 171 static unsigned long *pt_regs_access(struct pt_regs *regs, unsigned long regno) 172 { 173 BUILD_BUG_ON(offsetof(struct pt_regs, bx) != 0); 174 return ®s->bx + (regno >> 2); 175 } 176 177 static u16 get_segment_reg(struct task_struct *task, unsigned long offset) 178 { 179 /* 180 * Returning the value truncates it to 16 bits. 181 */ 182 unsigned int retval; 183 if (offset != offsetof(struct user_regs_struct, gs)) 184 retval = *pt_regs_access(task_pt_regs(task), offset); 185 else { 186 if (task == current) 187 retval = get_user_gs(task_pt_regs(task)); 188 else 189 retval = task_user_gs(task); 190 } 191 return retval; 192 } 193 194 static int set_segment_reg(struct task_struct *task, 195 unsigned long offset, u16 value) 196 { 197 /* 198 * The value argument was already truncated to 16 bits. 199 */ 200 if (invalid_selector(value)) 201 return -EIO; 202 203 /* 204 * For %cs and %ss we cannot permit a null selector. 205 * We can permit a bogus selector as long as it has USER_RPL. 206 * Null selectors are fine for other segment registers, but 207 * we will never get back to user mode with invalid %cs or %ss 208 * and will take the trap in iret instead. Much code relies 209 * on user_mode() to distinguish a user trap frame (which can 210 * safely use invalid selectors) from a kernel trap frame. 211 */ 212 switch (offset) { 213 case offsetof(struct user_regs_struct, cs): 214 case offsetof(struct user_regs_struct, ss): 215 if (unlikely(value == 0)) 216 return -EIO; 217 218 default: 219 *pt_regs_access(task_pt_regs(task), offset) = value; 220 break; 221 222 case offsetof(struct user_regs_struct, gs): 223 if (task == current) 224 set_user_gs(task_pt_regs(task), value); 225 else 226 task_user_gs(task) = value; 227 } 228 229 return 0; 230 } 231 232 #else /* CONFIG_X86_64 */ 233 234 #define FLAG_MASK (FLAG_MASK_32 | X86_EFLAGS_NT) 235 236 static unsigned long *pt_regs_access(struct pt_regs *regs, unsigned long offset) 237 { 238 BUILD_BUG_ON(offsetof(struct pt_regs, r15) != 0); 239 return ®s->r15 + (offset / sizeof(regs->r15)); 240 } 241 242 static u16 get_segment_reg(struct task_struct *task, unsigned long offset) 243 { 244 /* 245 * Returning the value truncates it to 16 bits. 246 */ 247 unsigned int seg; 248 249 switch (offset) { 250 case offsetof(struct user_regs_struct, fs): 251 if (task == current) { 252 /* Older gas can't assemble movq %?s,%r?? */ 253 asm("movl %%fs,%0" : "=r" (seg)); 254 return seg; 255 } 256 return task->thread.fsindex; 257 case offsetof(struct user_regs_struct, gs): 258 if (task == current) { 259 asm("movl %%gs,%0" : "=r" (seg)); 260 return seg; 261 } 262 return task->thread.gsindex; 263 case offsetof(struct user_regs_struct, ds): 264 if (task == current) { 265 asm("movl %%ds,%0" : "=r" (seg)); 266 return seg; 267 } 268 return task->thread.ds; 269 case offsetof(struct user_regs_struct, es): 270 if (task == current) { 271 asm("movl %%es,%0" : "=r" (seg)); 272 return seg; 273 } 274 return task->thread.es; 275 276 case offsetof(struct user_regs_struct, cs): 277 case offsetof(struct user_regs_struct, ss): 278 break; 279 } 280 return *pt_regs_access(task_pt_regs(task), offset); 281 } 282 283 static int set_segment_reg(struct task_struct *task, 284 unsigned long offset, u16 value) 285 { 286 /* 287 * The value argument was already truncated to 16 bits. 288 */ 289 if (invalid_selector(value)) 290 return -EIO; 291 292 switch (offset) { 293 case offsetof(struct user_regs_struct,fs): 294 /* 295 * If this is setting fs as for normal 64-bit use but 296 * setting fs_base has implicitly changed it, leave it. 297 */ 298 if ((value == FS_TLS_SEL && task->thread.fsindex == 0 && 299 task->thread.fs != 0) || 300 (value == 0 && task->thread.fsindex == FS_TLS_SEL && 301 task->thread.fs == 0)) 302 break; 303 task->thread.fsindex = value; 304 if (task == current) 305 loadsegment(fs, task->thread.fsindex); 306 break; 307 case offsetof(struct user_regs_struct,gs): 308 /* 309 * If this is setting gs as for normal 64-bit use but 310 * setting gs_base has implicitly changed it, leave it. 311 */ 312 if ((value == GS_TLS_SEL && task->thread.gsindex == 0 && 313 task->thread.gs != 0) || 314 (value == 0 && task->thread.gsindex == GS_TLS_SEL && 315 task->thread.gs == 0)) 316 break; 317 task->thread.gsindex = value; 318 if (task == current) 319 load_gs_index(task->thread.gsindex); 320 break; 321 case offsetof(struct user_regs_struct,ds): 322 task->thread.ds = value; 323 if (task == current) 324 loadsegment(ds, task->thread.ds); 325 break; 326 case offsetof(struct user_regs_struct,es): 327 task->thread.es = value; 328 if (task == current) 329 loadsegment(es, task->thread.es); 330 break; 331 332 /* 333 * Can't actually change these in 64-bit mode. 334 */ 335 case offsetof(struct user_regs_struct,cs): 336 if (unlikely(value == 0)) 337 return -EIO; 338 #ifdef CONFIG_IA32_EMULATION 339 if (test_tsk_thread_flag(task, TIF_IA32)) 340 task_pt_regs(task)->cs = value; 341 #endif 342 break; 343 case offsetof(struct user_regs_struct,ss): 344 if (unlikely(value == 0)) 345 return -EIO; 346 #ifdef CONFIG_IA32_EMULATION 347 if (test_tsk_thread_flag(task, TIF_IA32)) 348 task_pt_regs(task)->ss = value; 349 #endif 350 break; 351 } 352 353 return 0; 354 } 355 356 #endif /* CONFIG_X86_32 */ 357 358 static unsigned long get_flags(struct task_struct *task) 359 { 360 unsigned long retval = task_pt_regs(task)->flags; 361 362 /* 363 * If the debugger set TF, hide it from the readout. 364 */ 365 if (test_tsk_thread_flag(task, TIF_FORCED_TF)) 366 retval &= ~X86_EFLAGS_TF; 367 368 return retval; 369 } 370 371 static int set_flags(struct task_struct *task, unsigned long value) 372 { 373 struct pt_regs *regs = task_pt_regs(task); 374 375 /* 376 * If the user value contains TF, mark that 377 * it was not "us" (the debugger) that set it. 378 * If not, make sure it stays set if we had. 379 */ 380 if (value & X86_EFLAGS_TF) 381 clear_tsk_thread_flag(task, TIF_FORCED_TF); 382 else if (test_tsk_thread_flag(task, TIF_FORCED_TF)) 383 value |= X86_EFLAGS_TF; 384 385 regs->flags = (regs->flags & ~FLAG_MASK) | (value & FLAG_MASK); 386 387 return 0; 388 } 389 390 static int putreg(struct task_struct *child, 391 unsigned long offset, unsigned long value) 392 { 393 switch (offset) { 394 case offsetof(struct user_regs_struct, cs): 395 case offsetof(struct user_regs_struct, ds): 396 case offsetof(struct user_regs_struct, es): 397 case offsetof(struct user_regs_struct, fs): 398 case offsetof(struct user_regs_struct, gs): 399 case offsetof(struct user_regs_struct, ss): 400 return set_segment_reg(child, offset, value); 401 402 case offsetof(struct user_regs_struct, flags): 403 return set_flags(child, value); 404 405 #ifdef CONFIG_X86_64 406 case offsetof(struct user_regs_struct,fs_base): 407 if (value >= TASK_SIZE_OF(child)) 408 return -EIO; 409 /* 410 * When changing the segment base, use do_arch_prctl 411 * to set either thread.fs or thread.fsindex and the 412 * corresponding GDT slot. 413 */ 414 if (child->thread.fs != value) 415 return do_arch_prctl(child, ARCH_SET_FS, value); 416 return 0; 417 case offsetof(struct user_regs_struct,gs_base): 418 /* 419 * Exactly the same here as the %fs handling above. 420 */ 421 if (value >= TASK_SIZE_OF(child)) 422 return -EIO; 423 if (child->thread.gs != value) 424 return do_arch_prctl(child, ARCH_SET_GS, value); 425 return 0; 426 #endif 427 } 428 429 *pt_regs_access(task_pt_regs(child), offset) = value; 430 return 0; 431 } 432 433 static unsigned long getreg(struct task_struct *task, unsigned long offset) 434 { 435 switch (offset) { 436 case offsetof(struct user_regs_struct, cs): 437 case offsetof(struct user_regs_struct, ds): 438 case offsetof(struct user_regs_struct, es): 439 case offsetof(struct user_regs_struct, fs): 440 case offsetof(struct user_regs_struct, gs): 441 case offsetof(struct user_regs_struct, ss): 442 return get_segment_reg(task, offset); 443 444 case offsetof(struct user_regs_struct, flags): 445 return get_flags(task); 446 447 #ifdef CONFIG_X86_64 448 case offsetof(struct user_regs_struct, fs_base): { 449 /* 450 * do_arch_prctl may have used a GDT slot instead of 451 * the MSR. To userland, it appears the same either 452 * way, except the %fs segment selector might not be 0. 453 */ 454 unsigned int seg = task->thread.fsindex; 455 if (task->thread.fs != 0) 456 return task->thread.fs; 457 if (task == current) 458 asm("movl %%fs,%0" : "=r" (seg)); 459 if (seg != FS_TLS_SEL) 460 return 0; 461 return get_desc_base(&task->thread.tls_array[FS_TLS]); 462 } 463 case offsetof(struct user_regs_struct, gs_base): { 464 /* 465 * Exactly the same here as the %fs handling above. 466 */ 467 unsigned int seg = task->thread.gsindex; 468 if (task->thread.gs != 0) 469 return task->thread.gs; 470 if (task == current) 471 asm("movl %%gs,%0" : "=r" (seg)); 472 if (seg != GS_TLS_SEL) 473 return 0; 474 return get_desc_base(&task->thread.tls_array[GS_TLS]); 475 } 476 #endif 477 } 478 479 return *pt_regs_access(task_pt_regs(task), offset); 480 } 481 482 static int genregs_get(struct task_struct *target, 483 const struct user_regset *regset, 484 unsigned int pos, unsigned int count, 485 void *kbuf, void __user *ubuf) 486 { 487 if (kbuf) { 488 unsigned long *k = kbuf; 489 while (count >= sizeof(*k)) { 490 *k++ = getreg(target, pos); 491 count -= sizeof(*k); 492 pos += sizeof(*k); 493 } 494 } else { 495 unsigned long __user *u = ubuf; 496 while (count >= sizeof(*u)) { 497 if (__put_user(getreg(target, pos), u++)) 498 return -EFAULT; 499 count -= sizeof(*u); 500 pos += sizeof(*u); 501 } 502 } 503 504 return 0; 505 } 506 507 static int genregs_set(struct task_struct *target, 508 const struct user_regset *regset, 509 unsigned int pos, unsigned int count, 510 const void *kbuf, const void __user *ubuf) 511 { 512 int ret = 0; 513 if (kbuf) { 514 const unsigned long *k = kbuf; 515 while (count >= sizeof(*k) && !ret) { 516 ret = putreg(target, pos, *k++); 517 count -= sizeof(*k); 518 pos += sizeof(*k); 519 } 520 } else { 521 const unsigned long __user *u = ubuf; 522 while (count >= sizeof(*u) && !ret) { 523 unsigned long word; 524 ret = __get_user(word, u++); 525 if (ret) 526 break; 527 ret = putreg(target, pos, word); 528 count -= sizeof(*u); 529 pos += sizeof(*u); 530 } 531 } 532 return ret; 533 } 534 535 static void ptrace_triggered(struct perf_event *bp, int nmi, 536 struct perf_sample_data *data, 537 struct pt_regs *regs) 538 { 539 int i; 540 struct thread_struct *thread = &(current->thread); 541 542 /* 543 * Store in the virtual DR6 register the fact that the breakpoint 544 * was hit so the thread's debugger will see it. 545 */ 546 for (i = 0; i < HBP_NUM; i++) { 547 if (thread->ptrace_bps[i] == bp) 548 break; 549 } 550 551 thread->debugreg6 |= (DR_TRAP0 << i); 552 } 553 554 /* 555 * Walk through every ptrace breakpoints for this thread and 556 * build the dr7 value on top of their attributes. 557 * 558 */ 559 static unsigned long ptrace_get_dr7(struct perf_event *bp[]) 560 { 561 int i; 562 int dr7 = 0; 563 struct arch_hw_breakpoint *info; 564 565 for (i = 0; i < HBP_NUM; i++) { 566 if (bp[i] && !bp[i]->attr.disabled) { 567 info = counter_arch_bp(bp[i]); 568 dr7 |= encode_dr7(i, info->len, info->type); 569 } 570 } 571 572 return dr7; 573 } 574 575 static int 576 ptrace_modify_breakpoint(struct perf_event *bp, int len, int type, 577 struct task_struct *tsk, int disabled) 578 { 579 int err; 580 int gen_len, gen_type; 581 struct perf_event_attr attr; 582 583 /* 584 * We shoud have at least an inactive breakpoint at this 585 * slot. It means the user is writing dr7 without having 586 * written the address register first 587 */ 588 if (!bp) 589 return -EINVAL; 590 591 err = arch_bp_generic_fields(len, type, &gen_len, &gen_type); 592 if (err) 593 return err; 594 595 attr = bp->attr; 596 attr.bp_len = gen_len; 597 attr.bp_type = gen_type; 598 attr.disabled = disabled; 599 600 return modify_user_hw_breakpoint(bp, &attr); 601 } 602 603 /* 604 * Handle ptrace writes to debug register 7. 605 */ 606 static int ptrace_write_dr7(struct task_struct *tsk, unsigned long data) 607 { 608 struct thread_struct *thread = &(tsk->thread); 609 unsigned long old_dr7; 610 int i, orig_ret = 0, rc = 0; 611 int enabled, second_pass = 0; 612 unsigned len, type; 613 struct perf_event *bp; 614 615 data &= ~DR_CONTROL_RESERVED; 616 old_dr7 = ptrace_get_dr7(thread->ptrace_bps); 617 restore: 618 /* 619 * Loop through all the hardware breakpoints, making the 620 * appropriate changes to each. 621 */ 622 for (i = 0; i < HBP_NUM; i++) { 623 enabled = decode_dr7(data, i, &len, &type); 624 bp = thread->ptrace_bps[i]; 625 626 if (!enabled) { 627 if (bp) { 628 /* 629 * Don't unregister the breakpoints right-away, 630 * unless all register_user_hw_breakpoint() 631 * requests have succeeded. This prevents 632 * any window of opportunity for debug 633 * register grabbing by other users. 634 */ 635 if (!second_pass) 636 continue; 637 638 rc = ptrace_modify_breakpoint(bp, len, type, 639 tsk, 1); 640 if (rc) 641 break; 642 } 643 continue; 644 } 645 646 rc = ptrace_modify_breakpoint(bp, len, type, tsk, 0); 647 if (rc) 648 break; 649 } 650 /* 651 * Make a second pass to free the remaining unused breakpoints 652 * or to restore the original breakpoints if an error occurred. 653 */ 654 if (!second_pass) { 655 second_pass = 1; 656 if (rc < 0) { 657 orig_ret = rc; 658 data = old_dr7; 659 } 660 goto restore; 661 } 662 return ((orig_ret < 0) ? orig_ret : rc); 663 } 664 665 /* 666 * Handle PTRACE_PEEKUSR calls for the debug register area. 667 */ 668 static unsigned long ptrace_get_debugreg(struct task_struct *tsk, int n) 669 { 670 struct thread_struct *thread = &(tsk->thread); 671 unsigned long val = 0; 672 673 if (n < HBP_NUM) { 674 struct perf_event *bp; 675 bp = thread->ptrace_bps[n]; 676 if (!bp) 677 return 0; 678 val = bp->hw.info.address; 679 } else if (n == 6) { 680 val = thread->debugreg6; 681 } else if (n == 7) { 682 val = thread->ptrace_dr7; 683 } 684 return val; 685 } 686 687 static int ptrace_set_breakpoint_addr(struct task_struct *tsk, int nr, 688 unsigned long addr) 689 { 690 struct perf_event *bp; 691 struct thread_struct *t = &tsk->thread; 692 struct perf_event_attr attr; 693 694 if (!t->ptrace_bps[nr]) { 695 hw_breakpoint_init(&attr); 696 /* 697 * Put stub len and type to register (reserve) an inactive but 698 * correct bp 699 */ 700 attr.bp_addr = addr; 701 attr.bp_len = HW_BREAKPOINT_LEN_1; 702 attr.bp_type = HW_BREAKPOINT_W; 703 attr.disabled = 1; 704 705 bp = register_user_hw_breakpoint(&attr, ptrace_triggered, tsk); 706 707 /* 708 * CHECKME: the previous code returned -EIO if the addr wasn't 709 * a valid task virtual addr. The new one will return -EINVAL in 710 * this case. 711 * -EINVAL may be what we want for in-kernel breakpoints users, 712 * but -EIO looks better for ptrace, since we refuse a register 713 * writing for the user. And anyway this is the previous 714 * behaviour. 715 */ 716 if (IS_ERR(bp)) 717 return PTR_ERR(bp); 718 719 t->ptrace_bps[nr] = bp; 720 } else { 721 int err; 722 723 bp = t->ptrace_bps[nr]; 724 725 attr = bp->attr; 726 attr.bp_addr = addr; 727 err = modify_user_hw_breakpoint(bp, &attr); 728 if (err) 729 return err; 730 } 731 732 733 return 0; 734 } 735 736 /* 737 * Handle PTRACE_POKEUSR calls for the debug register area. 738 */ 739 int ptrace_set_debugreg(struct task_struct *tsk, int n, unsigned long val) 740 { 741 struct thread_struct *thread = &(tsk->thread); 742 int rc = 0; 743 744 /* There are no DR4 or DR5 registers */ 745 if (n == 4 || n == 5) 746 return -EIO; 747 748 if (n == 6) { 749 thread->debugreg6 = val; 750 goto ret_path; 751 } 752 if (n < HBP_NUM) { 753 rc = ptrace_set_breakpoint_addr(tsk, n, val); 754 if (rc) 755 return rc; 756 } 757 /* All that's left is DR7 */ 758 if (n == 7) { 759 rc = ptrace_write_dr7(tsk, val); 760 if (!rc) 761 thread->ptrace_dr7 = val; 762 } 763 764 ret_path: 765 return rc; 766 } 767 768 /* 769 * These access the current or another (stopped) task's io permission 770 * bitmap for debugging or core dump. 771 */ 772 static int ioperm_active(struct task_struct *target, 773 const struct user_regset *regset) 774 { 775 return target->thread.io_bitmap_max / regset->size; 776 } 777 778 static int ioperm_get(struct task_struct *target, 779 const struct user_regset *regset, 780 unsigned int pos, unsigned int count, 781 void *kbuf, void __user *ubuf) 782 { 783 if (!target->thread.io_bitmap_ptr) 784 return -ENXIO; 785 786 return user_regset_copyout(&pos, &count, &kbuf, &ubuf, 787 target->thread.io_bitmap_ptr, 788 0, IO_BITMAP_BYTES); 789 } 790 791 #ifdef CONFIG_X86_PTRACE_BTS 792 /* 793 * A branch trace store context. 794 * 795 * Contexts may only be installed by ptrace_bts_config() and only for 796 * ptraced tasks. 797 * 798 * Contexts are destroyed when the tracee is detached from the tracer. 799 * The actual destruction work requires interrupts enabled, so the 800 * work is deferred and will be scheduled during __ptrace_unlink(). 801 * 802 * Contexts hold an additional task_struct reference on the traced 803 * task, as well as a reference on the tracer's mm. 804 * 805 * Ptrace already holds a task_struct for the duration of ptrace operations, 806 * but since destruction is deferred, it may be executed after both 807 * tracer and tracee exited. 808 */ 809 struct bts_context { 810 /* The branch trace handle. */ 811 struct bts_tracer *tracer; 812 813 /* The buffer used to store the branch trace and its size. */ 814 void *buffer; 815 unsigned int size; 816 817 /* The mm that paid for the above buffer. */ 818 struct mm_struct *mm; 819 820 /* The task this context belongs to. */ 821 struct task_struct *task; 822 823 /* The signal to send on a bts buffer overflow. */ 824 unsigned int bts_ovfl_signal; 825 826 /* The work struct to destroy a context. */ 827 struct work_struct work; 828 }; 829 830 static int alloc_bts_buffer(struct bts_context *context, unsigned int size) 831 { 832 void *buffer = NULL; 833 int err = -ENOMEM; 834 835 err = account_locked_memory(current->mm, current->signal->rlim, size); 836 if (err < 0) 837 return err; 838 839 buffer = kzalloc(size, GFP_KERNEL); 840 if (!buffer) 841 goto out_refund; 842 843 context->buffer = buffer; 844 context->size = size; 845 context->mm = get_task_mm(current); 846 847 return 0; 848 849 out_refund: 850 refund_locked_memory(current->mm, size); 851 return err; 852 } 853 854 static inline void free_bts_buffer(struct bts_context *context) 855 { 856 if (!context->buffer) 857 return; 858 859 kfree(context->buffer); 860 context->buffer = NULL; 861 862 refund_locked_memory(context->mm, context->size); 863 context->size = 0; 864 865 mmput(context->mm); 866 context->mm = NULL; 867 } 868 869 static void free_bts_context_work(struct work_struct *w) 870 { 871 struct bts_context *context; 872 873 context = container_of(w, struct bts_context, work); 874 875 ds_release_bts(context->tracer); 876 put_task_struct(context->task); 877 free_bts_buffer(context); 878 kfree(context); 879 } 880 881 static inline void free_bts_context(struct bts_context *context) 882 { 883 INIT_WORK(&context->work, free_bts_context_work); 884 schedule_work(&context->work); 885 } 886 887 static inline struct bts_context *alloc_bts_context(struct task_struct *task) 888 { 889 struct bts_context *context = kzalloc(sizeof(*context), GFP_KERNEL); 890 if (context) { 891 context->task = task; 892 task->bts = context; 893 894 get_task_struct(task); 895 } 896 897 return context; 898 } 899 900 static int ptrace_bts_read_record(struct task_struct *child, size_t index, 901 struct bts_struct __user *out) 902 { 903 struct bts_context *context; 904 const struct bts_trace *trace; 905 struct bts_struct bts; 906 const unsigned char *at; 907 int error; 908 909 context = child->bts; 910 if (!context) 911 return -ESRCH; 912 913 trace = ds_read_bts(context->tracer); 914 if (!trace) 915 return -ESRCH; 916 917 at = trace->ds.top - ((index + 1) * trace->ds.size); 918 if ((void *)at < trace->ds.begin) 919 at += (trace->ds.n * trace->ds.size); 920 921 if (!trace->read) 922 return -EOPNOTSUPP; 923 924 error = trace->read(context->tracer, at, &bts); 925 if (error < 0) 926 return error; 927 928 if (copy_to_user(out, &bts, sizeof(bts))) 929 return -EFAULT; 930 931 return sizeof(bts); 932 } 933 934 static int ptrace_bts_drain(struct task_struct *child, 935 long size, 936 struct bts_struct __user *out) 937 { 938 struct bts_context *context; 939 const struct bts_trace *trace; 940 const unsigned char *at; 941 int error, drained = 0; 942 943 context = child->bts; 944 if (!context) 945 return -ESRCH; 946 947 trace = ds_read_bts(context->tracer); 948 if (!trace) 949 return -ESRCH; 950 951 if (!trace->read) 952 return -EOPNOTSUPP; 953 954 if (size < (trace->ds.top - trace->ds.begin)) 955 return -EIO; 956 957 for (at = trace->ds.begin; (void *)at < trace->ds.top; 958 out++, drained++, at += trace->ds.size) { 959 struct bts_struct bts; 960 961 error = trace->read(context->tracer, at, &bts); 962 if (error < 0) 963 return error; 964 965 if (copy_to_user(out, &bts, sizeof(bts))) 966 return -EFAULT; 967 } 968 969 memset(trace->ds.begin, 0, trace->ds.n * trace->ds.size); 970 971 error = ds_reset_bts(context->tracer); 972 if (error < 0) 973 return error; 974 975 return drained; 976 } 977 978 static int ptrace_bts_config(struct task_struct *child, 979 long cfg_size, 980 const struct ptrace_bts_config __user *ucfg) 981 { 982 struct bts_context *context; 983 struct ptrace_bts_config cfg; 984 unsigned int flags = 0; 985 986 if (cfg_size < sizeof(cfg)) 987 return -EIO; 988 989 if (copy_from_user(&cfg, ucfg, sizeof(cfg))) 990 return -EFAULT; 991 992 context = child->bts; 993 if (!context) 994 context = alloc_bts_context(child); 995 if (!context) 996 return -ENOMEM; 997 998 if (cfg.flags & PTRACE_BTS_O_SIGNAL) { 999 if (!cfg.signal) 1000 return -EINVAL; 1001 1002 return -EOPNOTSUPP; 1003 context->bts_ovfl_signal = cfg.signal; 1004 } 1005 1006 ds_release_bts(context->tracer); 1007 context->tracer = NULL; 1008 1009 if ((cfg.flags & PTRACE_BTS_O_ALLOC) && (cfg.size != context->size)) { 1010 int err; 1011 1012 free_bts_buffer(context); 1013 if (!cfg.size) 1014 return 0; 1015 1016 err = alloc_bts_buffer(context, cfg.size); 1017 if (err < 0) 1018 return err; 1019 } 1020 1021 if (cfg.flags & PTRACE_BTS_O_TRACE) 1022 flags |= BTS_USER; 1023 1024 if (cfg.flags & PTRACE_BTS_O_SCHED) 1025 flags |= BTS_TIMESTAMPS; 1026 1027 context->tracer = 1028 ds_request_bts_task(child, context->buffer, context->size, 1029 NULL, (size_t)-1, flags); 1030 if (unlikely(IS_ERR(context->tracer))) { 1031 int error = PTR_ERR(context->tracer); 1032 1033 free_bts_buffer(context); 1034 context->tracer = NULL; 1035 return error; 1036 } 1037 1038 return sizeof(cfg); 1039 } 1040 1041 static int ptrace_bts_status(struct task_struct *child, 1042 long cfg_size, 1043 struct ptrace_bts_config __user *ucfg) 1044 { 1045 struct bts_context *context; 1046 const struct bts_trace *trace; 1047 struct ptrace_bts_config cfg; 1048 1049 context = child->bts; 1050 if (!context) 1051 return -ESRCH; 1052 1053 if (cfg_size < sizeof(cfg)) 1054 return -EIO; 1055 1056 trace = ds_read_bts(context->tracer); 1057 if (!trace) 1058 return -ESRCH; 1059 1060 memset(&cfg, 0, sizeof(cfg)); 1061 cfg.size = trace->ds.end - trace->ds.begin; 1062 cfg.signal = context->bts_ovfl_signal; 1063 cfg.bts_size = sizeof(struct bts_struct); 1064 1065 if (cfg.signal) 1066 cfg.flags |= PTRACE_BTS_O_SIGNAL; 1067 1068 if (trace->ds.flags & BTS_USER) 1069 cfg.flags |= PTRACE_BTS_O_TRACE; 1070 1071 if (trace->ds.flags & BTS_TIMESTAMPS) 1072 cfg.flags |= PTRACE_BTS_O_SCHED; 1073 1074 if (copy_to_user(ucfg, &cfg, sizeof(cfg))) 1075 return -EFAULT; 1076 1077 return sizeof(cfg); 1078 } 1079 1080 static int ptrace_bts_clear(struct task_struct *child) 1081 { 1082 struct bts_context *context; 1083 const struct bts_trace *trace; 1084 1085 context = child->bts; 1086 if (!context) 1087 return -ESRCH; 1088 1089 trace = ds_read_bts(context->tracer); 1090 if (!trace) 1091 return -ESRCH; 1092 1093 memset(trace->ds.begin, 0, trace->ds.n * trace->ds.size); 1094 1095 return ds_reset_bts(context->tracer); 1096 } 1097 1098 static int ptrace_bts_size(struct task_struct *child) 1099 { 1100 struct bts_context *context; 1101 const struct bts_trace *trace; 1102 1103 context = child->bts; 1104 if (!context) 1105 return -ESRCH; 1106 1107 trace = ds_read_bts(context->tracer); 1108 if (!trace) 1109 return -ESRCH; 1110 1111 return (trace->ds.top - trace->ds.begin) / trace->ds.size; 1112 } 1113 1114 /* 1115 * Called from __ptrace_unlink() after the child has been moved back 1116 * to its original parent. 1117 */ 1118 void ptrace_bts_untrace(struct task_struct *child) 1119 { 1120 if (unlikely(child->bts)) { 1121 free_bts_context(child->bts); 1122 child->bts = NULL; 1123 } 1124 } 1125 #endif /* CONFIG_X86_PTRACE_BTS */ 1126 1127 /* 1128 * Called by kernel/ptrace.c when detaching.. 1129 * 1130 * Make sure the single step bit is not set. 1131 */ 1132 void ptrace_disable(struct task_struct *child) 1133 { 1134 user_disable_single_step(child); 1135 #ifdef TIF_SYSCALL_EMU 1136 clear_tsk_thread_flag(child, TIF_SYSCALL_EMU); 1137 #endif 1138 } 1139 1140 #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION 1141 static const struct user_regset_view user_x86_32_view; /* Initialized below. */ 1142 #endif 1143 1144 long arch_ptrace(struct task_struct *child, long request, long addr, long data) 1145 { 1146 int ret; 1147 unsigned long __user *datap = (unsigned long __user *)data; 1148 1149 switch (request) { 1150 /* read the word at location addr in the USER area. */ 1151 case PTRACE_PEEKUSR: { 1152 unsigned long tmp; 1153 1154 ret = -EIO; 1155 if ((addr & (sizeof(data) - 1)) || addr < 0 || 1156 addr >= sizeof(struct user)) 1157 break; 1158 1159 tmp = 0; /* Default return condition */ 1160 if (addr < sizeof(struct user_regs_struct)) 1161 tmp = getreg(child, addr); 1162 else if (addr >= offsetof(struct user, u_debugreg[0]) && 1163 addr <= offsetof(struct user, u_debugreg[7])) { 1164 addr -= offsetof(struct user, u_debugreg[0]); 1165 tmp = ptrace_get_debugreg(child, addr / sizeof(data)); 1166 } 1167 ret = put_user(tmp, datap); 1168 break; 1169 } 1170 1171 case PTRACE_POKEUSR: /* write the word at location addr in the USER area */ 1172 ret = -EIO; 1173 if ((addr & (sizeof(data) - 1)) || addr < 0 || 1174 addr >= sizeof(struct user)) 1175 break; 1176 1177 if (addr < sizeof(struct user_regs_struct)) 1178 ret = putreg(child, addr, data); 1179 else if (addr >= offsetof(struct user, u_debugreg[0]) && 1180 addr <= offsetof(struct user, u_debugreg[7])) { 1181 addr -= offsetof(struct user, u_debugreg[0]); 1182 ret = ptrace_set_debugreg(child, 1183 addr / sizeof(data), data); 1184 } 1185 break; 1186 1187 case PTRACE_GETREGS: /* Get all gp regs from the child. */ 1188 return copy_regset_to_user(child, 1189 task_user_regset_view(current), 1190 REGSET_GENERAL, 1191 0, sizeof(struct user_regs_struct), 1192 datap); 1193 1194 case PTRACE_SETREGS: /* Set all gp regs in the child. */ 1195 return copy_regset_from_user(child, 1196 task_user_regset_view(current), 1197 REGSET_GENERAL, 1198 0, sizeof(struct user_regs_struct), 1199 datap); 1200 1201 case PTRACE_GETFPREGS: /* Get the child FPU state. */ 1202 return copy_regset_to_user(child, 1203 task_user_regset_view(current), 1204 REGSET_FP, 1205 0, sizeof(struct user_i387_struct), 1206 datap); 1207 1208 case PTRACE_SETFPREGS: /* Set the child FPU state. */ 1209 return copy_regset_from_user(child, 1210 task_user_regset_view(current), 1211 REGSET_FP, 1212 0, sizeof(struct user_i387_struct), 1213 datap); 1214 1215 #ifdef CONFIG_X86_32 1216 case PTRACE_GETFPXREGS: /* Get the child extended FPU state. */ 1217 return copy_regset_to_user(child, &user_x86_32_view, 1218 REGSET_XFP, 1219 0, sizeof(struct user_fxsr_struct), 1220 datap) ? -EIO : 0; 1221 1222 case PTRACE_SETFPXREGS: /* Set the child extended FPU state. */ 1223 return copy_regset_from_user(child, &user_x86_32_view, 1224 REGSET_XFP, 1225 0, sizeof(struct user_fxsr_struct), 1226 datap) ? -EIO : 0; 1227 #endif 1228 1229 #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION 1230 case PTRACE_GET_THREAD_AREA: 1231 if (addr < 0) 1232 return -EIO; 1233 ret = do_get_thread_area(child, addr, 1234 (struct user_desc __user *) data); 1235 break; 1236 1237 case PTRACE_SET_THREAD_AREA: 1238 if (addr < 0) 1239 return -EIO; 1240 ret = do_set_thread_area(child, addr, 1241 (struct user_desc __user *) data, 0); 1242 break; 1243 #endif 1244 1245 #ifdef CONFIG_X86_64 1246 /* normal 64bit interface to access TLS data. 1247 Works just like arch_prctl, except that the arguments 1248 are reversed. */ 1249 case PTRACE_ARCH_PRCTL: 1250 ret = do_arch_prctl(child, data, addr); 1251 break; 1252 #endif 1253 1254 /* 1255 * These bits need more cooking - not enabled yet: 1256 */ 1257 #ifdef CONFIG_X86_PTRACE_BTS 1258 case PTRACE_BTS_CONFIG: 1259 ret = ptrace_bts_config 1260 (child, data, (struct ptrace_bts_config __user *)addr); 1261 break; 1262 1263 case PTRACE_BTS_STATUS: 1264 ret = ptrace_bts_status 1265 (child, data, (struct ptrace_bts_config __user *)addr); 1266 break; 1267 1268 case PTRACE_BTS_SIZE: 1269 ret = ptrace_bts_size(child); 1270 break; 1271 1272 case PTRACE_BTS_GET: 1273 ret = ptrace_bts_read_record 1274 (child, data, (struct bts_struct __user *) addr); 1275 break; 1276 1277 case PTRACE_BTS_CLEAR: 1278 ret = ptrace_bts_clear(child); 1279 break; 1280 1281 case PTRACE_BTS_DRAIN: 1282 ret = ptrace_bts_drain 1283 (child, data, (struct bts_struct __user *) addr); 1284 break; 1285 #endif /* CONFIG_X86_PTRACE_BTS */ 1286 1287 default: 1288 ret = ptrace_request(child, request, addr, data); 1289 break; 1290 } 1291 1292 return ret; 1293 } 1294 1295 #ifdef CONFIG_IA32_EMULATION 1296 1297 #include <linux/compat.h> 1298 #include <linux/syscalls.h> 1299 #include <asm/ia32.h> 1300 #include <asm/user32.h> 1301 1302 #define R32(l,q) \ 1303 case offsetof(struct user32, regs.l): \ 1304 regs->q = value; break 1305 1306 #define SEG32(rs) \ 1307 case offsetof(struct user32, regs.rs): \ 1308 return set_segment_reg(child, \ 1309 offsetof(struct user_regs_struct, rs), \ 1310 value); \ 1311 break 1312 1313 static int putreg32(struct task_struct *child, unsigned regno, u32 value) 1314 { 1315 struct pt_regs *regs = task_pt_regs(child); 1316 1317 switch (regno) { 1318 1319 SEG32(cs); 1320 SEG32(ds); 1321 SEG32(es); 1322 SEG32(fs); 1323 SEG32(gs); 1324 SEG32(ss); 1325 1326 R32(ebx, bx); 1327 R32(ecx, cx); 1328 R32(edx, dx); 1329 R32(edi, di); 1330 R32(esi, si); 1331 R32(ebp, bp); 1332 R32(eax, ax); 1333 R32(eip, ip); 1334 R32(esp, sp); 1335 1336 case offsetof(struct user32, regs.orig_eax): 1337 /* 1338 * A 32-bit debugger setting orig_eax means to restore 1339 * the state of the task restarting a 32-bit syscall. 1340 * Make sure we interpret the -ERESTART* codes correctly 1341 * in case the task is not actually still sitting at the 1342 * exit from a 32-bit syscall with TS_COMPAT still set. 1343 */ 1344 regs->orig_ax = value; 1345 if (syscall_get_nr(child, regs) >= 0) 1346 task_thread_info(child)->status |= TS_COMPAT; 1347 break; 1348 1349 case offsetof(struct user32, regs.eflags): 1350 return set_flags(child, value); 1351 1352 case offsetof(struct user32, u_debugreg[0]) ... 1353 offsetof(struct user32, u_debugreg[7]): 1354 regno -= offsetof(struct user32, u_debugreg[0]); 1355 return ptrace_set_debugreg(child, regno / 4, value); 1356 1357 default: 1358 if (regno > sizeof(struct user32) || (regno & 3)) 1359 return -EIO; 1360 1361 /* 1362 * Other dummy fields in the virtual user structure 1363 * are ignored 1364 */ 1365 break; 1366 } 1367 return 0; 1368 } 1369 1370 #undef R32 1371 #undef SEG32 1372 1373 #define R32(l,q) \ 1374 case offsetof(struct user32, regs.l): \ 1375 *val = regs->q; break 1376 1377 #define SEG32(rs) \ 1378 case offsetof(struct user32, regs.rs): \ 1379 *val = get_segment_reg(child, \ 1380 offsetof(struct user_regs_struct, rs)); \ 1381 break 1382 1383 static int getreg32(struct task_struct *child, unsigned regno, u32 *val) 1384 { 1385 struct pt_regs *regs = task_pt_regs(child); 1386 1387 switch (regno) { 1388 1389 SEG32(ds); 1390 SEG32(es); 1391 SEG32(fs); 1392 SEG32(gs); 1393 1394 R32(cs, cs); 1395 R32(ss, ss); 1396 R32(ebx, bx); 1397 R32(ecx, cx); 1398 R32(edx, dx); 1399 R32(edi, di); 1400 R32(esi, si); 1401 R32(ebp, bp); 1402 R32(eax, ax); 1403 R32(orig_eax, orig_ax); 1404 R32(eip, ip); 1405 R32(esp, sp); 1406 1407 case offsetof(struct user32, regs.eflags): 1408 *val = get_flags(child); 1409 break; 1410 1411 case offsetof(struct user32, u_debugreg[0]) ... 1412 offsetof(struct user32, u_debugreg[7]): 1413 regno -= offsetof(struct user32, u_debugreg[0]); 1414 *val = ptrace_get_debugreg(child, regno / 4); 1415 break; 1416 1417 default: 1418 if (regno > sizeof(struct user32) || (regno & 3)) 1419 return -EIO; 1420 1421 /* 1422 * Other dummy fields in the virtual user structure 1423 * are ignored 1424 */ 1425 *val = 0; 1426 break; 1427 } 1428 return 0; 1429 } 1430 1431 #undef R32 1432 #undef SEG32 1433 1434 static int genregs32_get(struct task_struct *target, 1435 const struct user_regset *regset, 1436 unsigned int pos, unsigned int count, 1437 void *kbuf, void __user *ubuf) 1438 { 1439 if (kbuf) { 1440 compat_ulong_t *k = kbuf; 1441 while (count >= sizeof(*k)) { 1442 getreg32(target, pos, k++); 1443 count -= sizeof(*k); 1444 pos += sizeof(*k); 1445 } 1446 } else { 1447 compat_ulong_t __user *u = ubuf; 1448 while (count >= sizeof(*u)) { 1449 compat_ulong_t word; 1450 getreg32(target, pos, &word); 1451 if (__put_user(word, u++)) 1452 return -EFAULT; 1453 count -= sizeof(*u); 1454 pos += sizeof(*u); 1455 } 1456 } 1457 1458 return 0; 1459 } 1460 1461 static int genregs32_set(struct task_struct *target, 1462 const struct user_regset *regset, 1463 unsigned int pos, unsigned int count, 1464 const void *kbuf, const void __user *ubuf) 1465 { 1466 int ret = 0; 1467 if (kbuf) { 1468 const compat_ulong_t *k = kbuf; 1469 while (count >= sizeof(*k) && !ret) { 1470 ret = putreg32(target, pos, *k++); 1471 count -= sizeof(*k); 1472 pos += sizeof(*k); 1473 } 1474 } else { 1475 const compat_ulong_t __user *u = ubuf; 1476 while (count >= sizeof(*u) && !ret) { 1477 compat_ulong_t word; 1478 ret = __get_user(word, u++); 1479 if (ret) 1480 break; 1481 ret = putreg32(target, pos, word); 1482 count -= sizeof(*u); 1483 pos += sizeof(*u); 1484 } 1485 } 1486 return ret; 1487 } 1488 1489 long compat_arch_ptrace(struct task_struct *child, compat_long_t request, 1490 compat_ulong_t caddr, compat_ulong_t cdata) 1491 { 1492 unsigned long addr = caddr; 1493 unsigned long data = cdata; 1494 void __user *datap = compat_ptr(data); 1495 int ret; 1496 __u32 val; 1497 1498 switch (request) { 1499 case PTRACE_PEEKUSR: 1500 ret = getreg32(child, addr, &val); 1501 if (ret == 0) 1502 ret = put_user(val, (__u32 __user *)datap); 1503 break; 1504 1505 case PTRACE_POKEUSR: 1506 ret = putreg32(child, addr, data); 1507 break; 1508 1509 case PTRACE_GETREGS: /* Get all gp regs from the child. */ 1510 return copy_regset_to_user(child, &user_x86_32_view, 1511 REGSET_GENERAL, 1512 0, sizeof(struct user_regs_struct32), 1513 datap); 1514 1515 case PTRACE_SETREGS: /* Set all gp regs in the child. */ 1516 return copy_regset_from_user(child, &user_x86_32_view, 1517 REGSET_GENERAL, 0, 1518 sizeof(struct user_regs_struct32), 1519 datap); 1520 1521 case PTRACE_GETFPREGS: /* Get the child FPU state. */ 1522 return copy_regset_to_user(child, &user_x86_32_view, 1523 REGSET_FP, 0, 1524 sizeof(struct user_i387_ia32_struct), 1525 datap); 1526 1527 case PTRACE_SETFPREGS: /* Set the child FPU state. */ 1528 return copy_regset_from_user( 1529 child, &user_x86_32_view, REGSET_FP, 1530 0, sizeof(struct user_i387_ia32_struct), datap); 1531 1532 case PTRACE_GETFPXREGS: /* Get the child extended FPU state. */ 1533 return copy_regset_to_user(child, &user_x86_32_view, 1534 REGSET_XFP, 0, 1535 sizeof(struct user32_fxsr_struct), 1536 datap); 1537 1538 case PTRACE_SETFPXREGS: /* Set the child extended FPU state. */ 1539 return copy_regset_from_user(child, &user_x86_32_view, 1540 REGSET_XFP, 0, 1541 sizeof(struct user32_fxsr_struct), 1542 datap); 1543 1544 case PTRACE_GET_THREAD_AREA: 1545 case PTRACE_SET_THREAD_AREA: 1546 #ifdef CONFIG_X86_PTRACE_BTS 1547 case PTRACE_BTS_CONFIG: 1548 case PTRACE_BTS_STATUS: 1549 case PTRACE_BTS_SIZE: 1550 case PTRACE_BTS_GET: 1551 case PTRACE_BTS_CLEAR: 1552 case PTRACE_BTS_DRAIN: 1553 #endif /* CONFIG_X86_PTRACE_BTS */ 1554 return arch_ptrace(child, request, addr, data); 1555 1556 default: 1557 return compat_ptrace_request(child, request, addr, data); 1558 } 1559 1560 return ret; 1561 } 1562 1563 #endif /* CONFIG_IA32_EMULATION */ 1564 1565 #ifdef CONFIG_X86_64 1566 1567 static struct user_regset x86_64_regsets[] __read_mostly = { 1568 [REGSET_GENERAL] = { 1569 .core_note_type = NT_PRSTATUS, 1570 .n = sizeof(struct user_regs_struct) / sizeof(long), 1571 .size = sizeof(long), .align = sizeof(long), 1572 .get = genregs_get, .set = genregs_set 1573 }, 1574 [REGSET_FP] = { 1575 .core_note_type = NT_PRFPREG, 1576 .n = sizeof(struct user_i387_struct) / sizeof(long), 1577 .size = sizeof(long), .align = sizeof(long), 1578 .active = xfpregs_active, .get = xfpregs_get, .set = xfpregs_set 1579 }, 1580 [REGSET_XSTATE] = { 1581 .core_note_type = NT_X86_XSTATE, 1582 .size = sizeof(u64), .align = sizeof(u64), 1583 .active = xstateregs_active, .get = xstateregs_get, 1584 .set = xstateregs_set 1585 }, 1586 [REGSET_IOPERM64] = { 1587 .core_note_type = NT_386_IOPERM, 1588 .n = IO_BITMAP_LONGS, 1589 .size = sizeof(long), .align = sizeof(long), 1590 .active = ioperm_active, .get = ioperm_get 1591 }, 1592 }; 1593 1594 static const struct user_regset_view user_x86_64_view = { 1595 .name = "x86_64", .e_machine = EM_X86_64, 1596 .regsets = x86_64_regsets, .n = ARRAY_SIZE(x86_64_regsets) 1597 }; 1598 1599 #else /* CONFIG_X86_32 */ 1600 1601 #define user_regs_struct32 user_regs_struct 1602 #define genregs32_get genregs_get 1603 #define genregs32_set genregs_set 1604 1605 #define user_i387_ia32_struct user_i387_struct 1606 #define user32_fxsr_struct user_fxsr_struct 1607 1608 #endif /* CONFIG_X86_64 */ 1609 1610 #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION 1611 static struct user_regset x86_32_regsets[] __read_mostly = { 1612 [REGSET_GENERAL] = { 1613 .core_note_type = NT_PRSTATUS, 1614 .n = sizeof(struct user_regs_struct32) / sizeof(u32), 1615 .size = sizeof(u32), .align = sizeof(u32), 1616 .get = genregs32_get, .set = genregs32_set 1617 }, 1618 [REGSET_FP] = { 1619 .core_note_type = NT_PRFPREG, 1620 .n = sizeof(struct user_i387_ia32_struct) / sizeof(u32), 1621 .size = sizeof(u32), .align = sizeof(u32), 1622 .active = fpregs_active, .get = fpregs_get, .set = fpregs_set 1623 }, 1624 [REGSET_XFP] = { 1625 .core_note_type = NT_PRXFPREG, 1626 .n = sizeof(struct user32_fxsr_struct) / sizeof(u32), 1627 .size = sizeof(u32), .align = sizeof(u32), 1628 .active = xfpregs_active, .get = xfpregs_get, .set = xfpregs_set 1629 }, 1630 [REGSET_XSTATE] = { 1631 .core_note_type = NT_X86_XSTATE, 1632 .size = sizeof(u64), .align = sizeof(u64), 1633 .active = xstateregs_active, .get = xstateregs_get, 1634 .set = xstateregs_set 1635 }, 1636 [REGSET_TLS] = { 1637 .core_note_type = NT_386_TLS, 1638 .n = GDT_ENTRY_TLS_ENTRIES, .bias = GDT_ENTRY_TLS_MIN, 1639 .size = sizeof(struct user_desc), 1640 .align = sizeof(struct user_desc), 1641 .active = regset_tls_active, 1642 .get = regset_tls_get, .set = regset_tls_set 1643 }, 1644 [REGSET_IOPERM32] = { 1645 .core_note_type = NT_386_IOPERM, 1646 .n = IO_BITMAP_BYTES / sizeof(u32), 1647 .size = sizeof(u32), .align = sizeof(u32), 1648 .active = ioperm_active, .get = ioperm_get 1649 }, 1650 }; 1651 1652 static const struct user_regset_view user_x86_32_view = { 1653 .name = "i386", .e_machine = EM_386, 1654 .regsets = x86_32_regsets, .n = ARRAY_SIZE(x86_32_regsets) 1655 }; 1656 #endif 1657 1658 /* 1659 * This represents bytes 464..511 in the memory layout exported through 1660 * the REGSET_XSTATE interface. 1661 */ 1662 u64 xstate_fx_sw_bytes[USER_XSTATE_FX_SW_WORDS]; 1663 1664 void update_regset_xstate_info(unsigned int size, u64 xstate_mask) 1665 { 1666 #ifdef CONFIG_X86_64 1667 x86_64_regsets[REGSET_XSTATE].n = size / sizeof(u64); 1668 #endif 1669 #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION 1670 x86_32_regsets[REGSET_XSTATE].n = size / sizeof(u64); 1671 #endif 1672 xstate_fx_sw_bytes[USER_XSTATE_XCR0_WORD] = xstate_mask; 1673 } 1674 1675 const struct user_regset_view *task_user_regset_view(struct task_struct *task) 1676 { 1677 #ifdef CONFIG_IA32_EMULATION 1678 if (test_tsk_thread_flag(task, TIF_IA32)) 1679 #endif 1680 #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION 1681 return &user_x86_32_view; 1682 #endif 1683 #ifdef CONFIG_X86_64 1684 return &user_x86_64_view; 1685 #endif 1686 } 1687 1688 static void fill_sigtrap_info(struct task_struct *tsk, 1689 struct pt_regs *regs, 1690 int error_code, int si_code, 1691 struct siginfo *info) 1692 { 1693 tsk->thread.trap_no = 1; 1694 tsk->thread.error_code = error_code; 1695 1696 memset(info, 0, sizeof(*info)); 1697 info->si_signo = SIGTRAP; 1698 info->si_code = si_code; 1699 info->si_addr = user_mode_vm(regs) ? (void __user *)regs->ip : NULL; 1700 } 1701 1702 void user_single_step_siginfo(struct task_struct *tsk, 1703 struct pt_regs *regs, 1704 struct siginfo *info) 1705 { 1706 fill_sigtrap_info(tsk, regs, 0, TRAP_BRKPT, info); 1707 } 1708 1709 void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, 1710 int error_code, int si_code) 1711 { 1712 struct siginfo info; 1713 1714 fill_sigtrap_info(tsk, regs, error_code, si_code, &info); 1715 /* Send us the fake SIGTRAP */ 1716 force_sig_info(SIGTRAP, &info, tsk); 1717 } 1718 1719 1720 #ifdef CONFIG_X86_32 1721 # define IS_IA32 1 1722 #elif defined CONFIG_IA32_EMULATION 1723 # define IS_IA32 is_compat_task() 1724 #else 1725 # define IS_IA32 0 1726 #endif 1727 1728 /* 1729 * We must return the syscall number to actually look up in the table. 1730 * This can be -1L to skip running any syscall at all. 1731 */ 1732 asmregparm long syscall_trace_enter(struct pt_regs *regs) 1733 { 1734 long ret = 0; 1735 1736 /* 1737 * If we stepped into a sysenter/syscall insn, it trapped in 1738 * kernel mode; do_debug() cleared TF and set TIF_SINGLESTEP. 1739 * If user-mode had set TF itself, then it's still clear from 1740 * do_debug() and we need to set it again to restore the user 1741 * state. If we entered on the slow path, TF was already set. 1742 */ 1743 if (test_thread_flag(TIF_SINGLESTEP)) 1744 regs->flags |= X86_EFLAGS_TF; 1745 1746 /* do the secure computing check first */ 1747 secure_computing(regs->orig_ax); 1748 1749 if (unlikely(test_thread_flag(TIF_SYSCALL_EMU))) 1750 ret = -1L; 1751 1752 if ((ret || test_thread_flag(TIF_SYSCALL_TRACE)) && 1753 tracehook_report_syscall_entry(regs)) 1754 ret = -1L; 1755 1756 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) 1757 trace_sys_enter(regs, regs->orig_ax); 1758 1759 if (unlikely(current->audit_context)) { 1760 if (IS_IA32) 1761 audit_syscall_entry(AUDIT_ARCH_I386, 1762 regs->orig_ax, 1763 regs->bx, regs->cx, 1764 regs->dx, regs->si); 1765 #ifdef CONFIG_X86_64 1766 else 1767 audit_syscall_entry(AUDIT_ARCH_X86_64, 1768 regs->orig_ax, 1769 regs->di, regs->si, 1770 regs->dx, regs->r10); 1771 #endif 1772 } 1773 1774 return ret ?: regs->orig_ax; 1775 } 1776 1777 asmregparm void syscall_trace_leave(struct pt_regs *regs) 1778 { 1779 bool step; 1780 1781 if (unlikely(current->audit_context)) 1782 audit_syscall_exit(AUDITSC_RESULT(regs->ax), regs->ax); 1783 1784 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) 1785 trace_sys_exit(regs, regs->ax); 1786 1787 /* 1788 * If TIF_SYSCALL_EMU is set, we only get here because of 1789 * TIF_SINGLESTEP (i.e. this is PTRACE_SYSEMU_SINGLESTEP). 1790 * We already reported this syscall instruction in 1791 * syscall_trace_enter(). 1792 */ 1793 step = unlikely(test_thread_flag(TIF_SINGLESTEP)) && 1794 !test_thread_flag(TIF_SYSCALL_EMU); 1795 if (step || test_thread_flag(TIF_SYSCALL_TRACE)) 1796 tracehook_report_syscall_exit(regs, step); 1797 } 1798