xref: /linux/kernel/entry/syscall_user_dispatch.c (revision 22c55fb9eb92395d999b8404d73e58540d11bdd8) 
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright (C) 2020 Collabora Ltd.
4  */
5 #include <linux/sched.h>
6 #include <linux/prctl.h>
7 #include <linux/ptrace.h>
8 #include <linux/syscall_user_dispatch.h>
9 #include <linux/uaccess.h>
10 #include <linux/signal.h>
11 #include <linux/elf.h>
12 
13 #include <linux/sched/signal.h>
14 #include <linux/sched/task_stack.h>
15 
16 #include <asm/syscall.h>
17 
18 #include "common.h"
19 
20 static void trigger_sigsys(struct pt_regs *regs)
21 {
22 	struct kernel_siginfo info;
23 
24 	clear_siginfo(&info);
25 	info.si_signo = SIGSYS;
26 	info.si_code = SYS_USER_DISPATCH;
27 	info.si_call_addr = (void __user *)KSTK_EIP(current);
28 	info.si_errno = 0;
29 	info.si_arch = syscall_get_arch(current);
30 	info.si_syscall = syscall_get_nr(current, regs);
31 
32 	force_sig_info(&info);
33 }
34 
35 bool syscall_user_dispatch(struct pt_regs *regs)
36 {
37 	struct syscall_user_dispatch *sd = &current->syscall_dispatch;
38 	char state;
39 
40 	if (likely(instruction_pointer(regs) - sd->offset < sd->len))
41 		return false;
42 
43 	if (unlikely(arch_syscall_is_vdso_sigreturn(regs)))
44 		return false;
45 
46 	if (likely(sd->selector)) {
47 		/*
48 		 * access_ok() is performed once, at prctl time, when
49 		 * the selector is loaded by userspace.
50 		 */
51 		if (unlikely(__get_user(state, sd->selector))) {
52 			force_exit_sig(SIGSEGV);
53 			return true;
54 		}
55 
56 		if (likely(state == SYSCALL_DISPATCH_FILTER_ALLOW))
57 			return false;
58 
59 		if (state != SYSCALL_DISPATCH_FILTER_BLOCK) {
60 			force_exit_sig(SIGSYS);
61 			return true;
62 		}
63 	}
64 
65 	sd->on_dispatch = true;
66 	syscall_rollback(current, regs);
67 	trigger_sigsys(regs);
68 
69 	return true;
70 }
71 
72 static int task_set_syscall_user_dispatch(struct task_struct *task, unsigned long mode,
73 					  unsigned long offset, unsigned long len,
74 					  char __user *selector)
75 {
76 	switch (mode) {
77 	case PR_SYS_DISPATCH_OFF:
78 		if (offset || len || selector)
79 			return -EINVAL;
80 		break;
81 	case PR_SYS_DISPATCH_EXCLUSIVE_ON:
82 		/*
83 		 * Validate the direct dispatcher region just for basic
84 		 * sanity against overflow and a 0-sized dispatcher
85 		 * region.  If the user is able to submit a syscall from
86 		 * an address, that address is obviously valid.
87 		 */
88 		if (offset && offset + len <= offset)
89 			return -EINVAL;
90 		break;
91 	case PR_SYS_DISPATCH_INCLUSIVE_ON:
92 		if (len == 0 || offset + len <= offset)
93 			return -EINVAL;
94 		/*
95 		 * Invert the range, the check in syscall_user_dispatch()
96 		 * supports wrap-around.
97 		 */
98 		offset = offset + len;
99 		len = -len;
100 		break;
101 	default:
102 		return -EINVAL;
103 	}
104 
105 	/*
106 	 * access_ok() will clear memory tags for tagged addresses
107 	 * if current has memory tagging enabled.
108 	 *
109 	 * To enable a tracer to set a tracees selector the
110 	 * selector address must be untagged for access_ok(),
111 	 * otherwise an untagged tracer will always fail to set a
112 	 * tagged tracees selector.
113 	 */
114 	if (mode != PR_SYS_DISPATCH_OFF && selector &&
115 		!access_ok(untagged_addr(selector), sizeof(*selector)))
116 		return -EFAULT;
117 
118 	task->syscall_dispatch.selector = selector;
119 	task->syscall_dispatch.offset = offset;
120 	task->syscall_dispatch.len = len;
121 	task->syscall_dispatch.on_dispatch = false;
122 
123 	if (mode != PR_SYS_DISPATCH_OFF)
124 		set_task_syscall_work(task, SYSCALL_USER_DISPATCH);
125 	else
126 		clear_task_syscall_work(task, SYSCALL_USER_DISPATCH);
127 
128 	return 0;
129 }
130 
131 int set_syscall_user_dispatch(unsigned long mode, unsigned long offset,
132 			      unsigned long len, char __user *selector)
133 {
134 	return task_set_syscall_user_dispatch(current, mode, offset, len, selector);
135 }
136 
137 int syscall_user_dispatch_get_config(struct task_struct *task, unsigned long size,
138 				     void __user *data)
139 {
140 	struct syscall_user_dispatch *sd = &task->syscall_dispatch;
141 	struct ptrace_sud_config cfg;
142 
143 	if (size != sizeof(cfg))
144 		return -EINVAL;
145 
146 	if (test_task_syscall_work(task, SYSCALL_USER_DISPATCH))
147 		cfg.mode = PR_SYS_DISPATCH_ON;
148 	else
149 		cfg.mode = PR_SYS_DISPATCH_OFF;
150 
151 	cfg.offset = sd->offset;
152 	cfg.len = sd->len;
153 	cfg.selector = (__u64)(uintptr_t)sd->selector;
154 
155 	if (copy_to_user(data, &cfg, sizeof(cfg)))
156 		return -EFAULT;
157 
158 	return 0;
159 }
160 
161 int syscall_user_dispatch_set_config(struct task_struct *task, unsigned long size,
162 				     void __user *data)
163 {
164 	struct ptrace_sud_config cfg;
165 
166 	if (size != sizeof(cfg))
167 		return -EINVAL;
168 
169 	if (copy_from_user(&cfg, data, sizeof(cfg)))
170 		return -EFAULT;
171 
172 	return task_set_syscall_user_dispatch(task, cfg.mode, cfg.offset, cfg.len,
173 					      (char __user *)(uintptr_t)cfg.selector);
174 }
175