1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Based on arch/arm/kernel/ptrace.c 4 * 5 * By Ross Biro 1/23/92 6 * edited by Linus Torvalds 7 * ARM modifications Copyright (C) 2000 Russell King 8 * Copyright (C) 2012 ARM Ltd. 9 */ 10 11 #include <linux/audit.h> 12 #include <linux/compat.h> 13 #include <linux/kernel.h> 14 #include <linux/sched/signal.h> 15 #include <linux/sched/task_stack.h> 16 #include <linux/mm.h> 17 #include <linux/nospec.h> 18 #include <linux/smp.h> 19 #include <linux/ptrace.h> 20 #include <linux/user.h> 21 #include <linux/seccomp.h> 22 #include <linux/security.h> 23 #include <linux/init.h> 24 #include <linux/signal.h> 25 #include <linux/string.h> 26 #include <linux/uaccess.h> 27 #include <linux/perf_event.h> 28 #include <linux/hw_breakpoint.h> 29 #include <linux/regset.h> 30 #include <linux/elf.h> 31 32 #include <asm/compat.h> 33 #include <asm/cpufeature.h> 34 #include <asm/debug-monitors.h> 35 #include <asm/fpsimd.h> 36 #include <asm/mte.h> 37 #include <asm/pointer_auth.h> 38 #include <asm/stacktrace.h> 39 #include <asm/syscall.h> 40 #include <asm/traps.h> 41 #include <asm/system_misc.h> 42 43 #define CREATE_TRACE_POINTS 44 #include <trace/events/syscalls.h> 45 46 struct pt_regs_offset { 47 const char *name; 48 int offset; 49 }; 50 51 #define REG_OFFSET_NAME(r) {.name = #r, .offset = offsetof(struct pt_regs, r)} 52 #define REG_OFFSET_END {.name = NULL, .offset = 0} 53 #define GPR_OFFSET_NAME(r) \ 54 {.name = "x" #r, .offset = offsetof(struct pt_regs, regs[r])} 55 56 static const struct pt_regs_offset regoffset_table[] = { 57 GPR_OFFSET_NAME(0), 58 GPR_OFFSET_NAME(1), 59 GPR_OFFSET_NAME(2), 60 GPR_OFFSET_NAME(3), 61 GPR_OFFSET_NAME(4), 62 GPR_OFFSET_NAME(5), 63 GPR_OFFSET_NAME(6), 64 GPR_OFFSET_NAME(7), 65 GPR_OFFSET_NAME(8), 66 GPR_OFFSET_NAME(9), 67 GPR_OFFSET_NAME(10), 68 GPR_OFFSET_NAME(11), 69 GPR_OFFSET_NAME(12), 70 GPR_OFFSET_NAME(13), 71 GPR_OFFSET_NAME(14), 72 GPR_OFFSET_NAME(15), 73 GPR_OFFSET_NAME(16), 74 GPR_OFFSET_NAME(17), 75 GPR_OFFSET_NAME(18), 76 GPR_OFFSET_NAME(19), 77 GPR_OFFSET_NAME(20), 78 GPR_OFFSET_NAME(21), 79 GPR_OFFSET_NAME(22), 80 GPR_OFFSET_NAME(23), 81 GPR_OFFSET_NAME(24), 82 GPR_OFFSET_NAME(25), 83 GPR_OFFSET_NAME(26), 84 GPR_OFFSET_NAME(27), 85 GPR_OFFSET_NAME(28), 86 GPR_OFFSET_NAME(29), 87 GPR_OFFSET_NAME(30), 88 {.name = "lr", .offset = offsetof(struct pt_regs, regs[30])}, 89 REG_OFFSET_NAME(sp), 90 REG_OFFSET_NAME(pc), 91 REG_OFFSET_NAME(pstate), 92 REG_OFFSET_END, 93 }; 94 95 /** 96 * regs_query_register_offset() - query register offset from its name 97 * @name: the name of a register 98 * 99 * regs_query_register_offset() returns the offset of a register in struct 100 * pt_regs from its name. If the name is invalid, this returns -EINVAL; 101 */ regs_query_register_offset(const char * name)102 int regs_query_register_offset(const char *name) 103 { 104 const struct pt_regs_offset *roff; 105 106 for (roff = regoffset_table; roff->name != NULL; roff++) 107 if (!strcmp(roff->name, name)) 108 return roff->offset; 109 return -EINVAL; 110 } 111 112 /** 113 * regs_within_kernel_stack() - check the address in the stack 114 * @regs: pt_regs which contains kernel stack pointer. 115 * @addr: address which is checked. 116 * 117 * regs_within_kernel_stack() checks @addr is within the kernel stack page(s). 118 * If @addr is within the kernel stack, it returns true. If not, returns false. 119 */ regs_within_kernel_stack(struct pt_regs * regs,unsigned long addr)120 static bool regs_within_kernel_stack(struct pt_regs *regs, unsigned long addr) 121 { 122 return ((addr & ~(THREAD_SIZE - 1)) == 123 (kernel_stack_pointer(regs) & ~(THREAD_SIZE - 1))) || 124 on_irq_stack(addr, sizeof(unsigned long)); 125 } 126 127 /** 128 * regs_get_kernel_stack_nth() - get Nth entry of the stack 129 * @regs: pt_regs which contains kernel stack pointer. 130 * @n: stack entry number. 131 * 132 * regs_get_kernel_stack_nth() returns @n th entry of the kernel stack which 133 * is specified by @regs. If the @n th entry is NOT in the kernel stack, 134 * this returns 0. 135 */ regs_get_kernel_stack_nth(struct pt_regs * regs,unsigned int n)136 unsigned long regs_get_kernel_stack_nth(struct pt_regs *regs, unsigned int n) 137 { 138 unsigned long *addr = (unsigned long *)kernel_stack_pointer(regs); 139 140 addr += n; 141 if (regs_within_kernel_stack(regs, (unsigned long)addr)) 142 return *addr; 143 else 144 return 0; 145 } 146 147 /* 148 * TODO: does not yet catch signals sent when the child dies. 149 * in exit.c or in signal.c. 150 */ 151 152 /* 153 * Called by kernel/ptrace.c when detaching.. 154 */ ptrace_disable(struct task_struct * child)155 void ptrace_disable(struct task_struct *child) 156 { 157 /* 158 * This would be better off in core code, but PTRACE_DETACH has 159 * grown its fair share of arch-specific worts and changing it 160 * is likely to cause regressions on obscure architectures. 161 */ 162 user_disable_single_step(child); 163 } 164 165 #ifdef CONFIG_HAVE_HW_BREAKPOINT 166 /* 167 * Handle hitting a HW-breakpoint. 168 */ ptrace_hbptriggered(struct perf_event * bp,struct perf_sample_data * data,struct pt_regs * regs)169 static void ptrace_hbptriggered(struct perf_event *bp, 170 struct perf_sample_data *data, 171 struct pt_regs *regs) 172 { 173 struct arch_hw_breakpoint *bkpt = counter_arch_bp(bp); 174 const char *desc = "Hardware breakpoint trap (ptrace)"; 175 176 #ifdef CONFIG_COMPAT 177 if (is_compat_task()) { 178 int si_errno = 0; 179 int i; 180 181 for (i = 0; i < ARM_MAX_BRP; ++i) { 182 if (current->thread.debug.hbp_break[i] == bp) { 183 si_errno = (i << 1) + 1; 184 break; 185 } 186 } 187 188 for (i = 0; i < ARM_MAX_WRP; ++i) { 189 if (current->thread.debug.hbp_watch[i] == bp) { 190 si_errno = -((i << 1) + 1); 191 break; 192 } 193 } 194 arm64_force_sig_ptrace_errno_trap(si_errno, bkpt->trigger, 195 desc); 196 return; 197 } 198 #endif 199 arm64_force_sig_fault(SIGTRAP, TRAP_HWBKPT, bkpt->trigger, desc); 200 } 201 202 /* 203 * Unregister breakpoints from this task and reset the pointers in 204 * the thread_struct. 205 */ flush_ptrace_hw_breakpoint(struct task_struct * tsk)206 void flush_ptrace_hw_breakpoint(struct task_struct *tsk) 207 { 208 int i; 209 struct thread_struct *t = &tsk->thread; 210 211 for (i = 0; i < ARM_MAX_BRP; i++) { 212 if (t->debug.hbp_break[i]) { 213 unregister_hw_breakpoint(t->debug.hbp_break[i]); 214 t->debug.hbp_break[i] = NULL; 215 } 216 } 217 218 for (i = 0; i < ARM_MAX_WRP; i++) { 219 if (t->debug.hbp_watch[i]) { 220 unregister_hw_breakpoint(t->debug.hbp_watch[i]); 221 t->debug.hbp_watch[i] = NULL; 222 } 223 } 224 } 225 ptrace_hw_copy_thread(struct task_struct * tsk)226 void ptrace_hw_copy_thread(struct task_struct *tsk) 227 { 228 memset(&tsk->thread.debug, 0, sizeof(struct debug_info)); 229 } 230 ptrace_hbp_get_event(unsigned int note_type,struct task_struct * tsk,unsigned long idx)231 static struct perf_event *ptrace_hbp_get_event(unsigned int note_type, 232 struct task_struct *tsk, 233 unsigned long idx) 234 { 235 struct perf_event *bp = ERR_PTR(-EINVAL); 236 237 switch (note_type) { 238 case NT_ARM_HW_BREAK: 239 if (idx >= ARM_MAX_BRP) 240 goto out; 241 idx = array_index_nospec(idx, ARM_MAX_BRP); 242 bp = tsk->thread.debug.hbp_break[idx]; 243 break; 244 case NT_ARM_HW_WATCH: 245 if (idx >= ARM_MAX_WRP) 246 goto out; 247 idx = array_index_nospec(idx, ARM_MAX_WRP); 248 bp = tsk->thread.debug.hbp_watch[idx]; 249 break; 250 } 251 252 out: 253 return bp; 254 } 255 ptrace_hbp_set_event(unsigned int note_type,struct task_struct * tsk,unsigned long idx,struct perf_event * bp)256 static int ptrace_hbp_set_event(unsigned int note_type, 257 struct task_struct *tsk, 258 unsigned long idx, 259 struct perf_event *bp) 260 { 261 int err = -EINVAL; 262 263 switch (note_type) { 264 case NT_ARM_HW_BREAK: 265 if (idx >= ARM_MAX_BRP) 266 goto out; 267 idx = array_index_nospec(idx, ARM_MAX_BRP); 268 tsk->thread.debug.hbp_break[idx] = bp; 269 err = 0; 270 break; 271 case NT_ARM_HW_WATCH: 272 if (idx >= ARM_MAX_WRP) 273 goto out; 274 idx = array_index_nospec(idx, ARM_MAX_WRP); 275 tsk->thread.debug.hbp_watch[idx] = bp; 276 err = 0; 277 break; 278 } 279 280 out: 281 return err; 282 } 283 ptrace_hbp_create(unsigned int note_type,struct task_struct * tsk,unsigned long idx)284 static struct perf_event *ptrace_hbp_create(unsigned int note_type, 285 struct task_struct *tsk, 286 unsigned long idx) 287 { 288 struct perf_event *bp; 289 struct perf_event_attr attr; 290 int err, type; 291 292 switch (note_type) { 293 case NT_ARM_HW_BREAK: 294 type = HW_BREAKPOINT_X; 295 break; 296 case NT_ARM_HW_WATCH: 297 type = HW_BREAKPOINT_RW; 298 break; 299 default: 300 return ERR_PTR(-EINVAL); 301 } 302 303 ptrace_breakpoint_init(&attr); 304 305 /* 306 * Initialise fields to sane defaults 307 * (i.e. values that will pass validation). 308 */ 309 attr.bp_addr = 0; 310 attr.bp_len = HW_BREAKPOINT_LEN_4; 311 attr.bp_type = type; 312 attr.disabled = 1; 313 314 bp = register_user_hw_breakpoint(&attr, ptrace_hbptriggered, NULL, tsk); 315 if (IS_ERR(bp)) 316 return bp; 317 318 err = ptrace_hbp_set_event(note_type, tsk, idx, bp); 319 if (err) 320 return ERR_PTR(err); 321 322 return bp; 323 } 324 ptrace_hbp_fill_attr_ctrl(unsigned int note_type,struct arch_hw_breakpoint_ctrl ctrl,struct perf_event_attr * attr)325 static int ptrace_hbp_fill_attr_ctrl(unsigned int note_type, 326 struct arch_hw_breakpoint_ctrl ctrl, 327 struct perf_event_attr *attr) 328 { 329 int err, len, type, offset, disabled = !ctrl.enabled; 330 331 attr->disabled = disabled; 332 if (disabled) 333 return 0; 334 335 err = arch_bp_generic_fields(ctrl, &len, &type, &offset); 336 if (err) 337 return err; 338 339 switch (note_type) { 340 case NT_ARM_HW_BREAK: 341 if ((type & HW_BREAKPOINT_X) != type) 342 return -EINVAL; 343 break; 344 case NT_ARM_HW_WATCH: 345 if ((type & HW_BREAKPOINT_RW) != type) 346 return -EINVAL; 347 break; 348 default: 349 return -EINVAL; 350 } 351 352 attr->bp_len = len; 353 attr->bp_type = type; 354 attr->bp_addr += offset; 355 356 return 0; 357 } 358 ptrace_hbp_get_resource_info(unsigned int note_type,u32 * info)359 static int ptrace_hbp_get_resource_info(unsigned int note_type, u32 *info) 360 { 361 u8 num; 362 u32 reg = 0; 363 364 switch (note_type) { 365 case NT_ARM_HW_BREAK: 366 num = hw_breakpoint_slots(TYPE_INST); 367 break; 368 case NT_ARM_HW_WATCH: 369 num = hw_breakpoint_slots(TYPE_DATA); 370 break; 371 default: 372 return -EINVAL; 373 } 374 375 reg |= debug_monitors_arch(); 376 reg <<= 8; 377 reg |= num; 378 379 *info = reg; 380 return 0; 381 } 382 ptrace_hbp_get_ctrl(unsigned int note_type,struct task_struct * tsk,unsigned long idx,u32 * ctrl)383 static int ptrace_hbp_get_ctrl(unsigned int note_type, 384 struct task_struct *tsk, 385 unsigned long idx, 386 u32 *ctrl) 387 { 388 struct perf_event *bp = ptrace_hbp_get_event(note_type, tsk, idx); 389 390 if (IS_ERR(bp)) 391 return PTR_ERR(bp); 392 393 *ctrl = bp ? encode_ctrl_reg(counter_arch_bp(bp)->ctrl) : 0; 394 return 0; 395 } 396 ptrace_hbp_get_addr(unsigned int note_type,struct task_struct * tsk,unsigned long idx,u64 * addr)397 static int ptrace_hbp_get_addr(unsigned int note_type, 398 struct task_struct *tsk, 399 unsigned long idx, 400 u64 *addr) 401 { 402 struct perf_event *bp = ptrace_hbp_get_event(note_type, tsk, idx); 403 404 if (IS_ERR(bp)) 405 return PTR_ERR(bp); 406 407 *addr = bp ? counter_arch_bp(bp)->address : 0; 408 return 0; 409 } 410 ptrace_hbp_get_initialised_bp(unsigned int note_type,struct task_struct * tsk,unsigned long idx)411 static struct perf_event *ptrace_hbp_get_initialised_bp(unsigned int note_type, 412 struct task_struct *tsk, 413 unsigned long idx) 414 { 415 struct perf_event *bp = ptrace_hbp_get_event(note_type, tsk, idx); 416 417 if (!bp) 418 bp = ptrace_hbp_create(note_type, tsk, idx); 419 420 return bp; 421 } 422 ptrace_hbp_set_ctrl(unsigned int note_type,struct task_struct * tsk,unsigned long idx,u32 uctrl)423 static int ptrace_hbp_set_ctrl(unsigned int note_type, 424 struct task_struct *tsk, 425 unsigned long idx, 426 u32 uctrl) 427 { 428 int err; 429 struct perf_event *bp; 430 struct perf_event_attr attr; 431 struct arch_hw_breakpoint_ctrl ctrl; 432 433 bp = ptrace_hbp_get_initialised_bp(note_type, tsk, idx); 434 if (IS_ERR(bp)) { 435 err = PTR_ERR(bp); 436 return err; 437 } 438 439 attr = bp->attr; 440 decode_ctrl_reg(uctrl, &ctrl); 441 err = ptrace_hbp_fill_attr_ctrl(note_type, ctrl, &attr); 442 if (err) 443 return err; 444 445 return modify_user_hw_breakpoint(bp, &attr); 446 } 447 ptrace_hbp_set_addr(unsigned int note_type,struct task_struct * tsk,unsigned long idx,u64 addr)448 static int ptrace_hbp_set_addr(unsigned int note_type, 449 struct task_struct *tsk, 450 unsigned long idx, 451 u64 addr) 452 { 453 int err; 454 struct perf_event *bp; 455 struct perf_event_attr attr; 456 457 bp = ptrace_hbp_get_initialised_bp(note_type, tsk, idx); 458 if (IS_ERR(bp)) { 459 err = PTR_ERR(bp); 460 return err; 461 } 462 463 attr = bp->attr; 464 attr.bp_addr = addr; 465 err = modify_user_hw_breakpoint(bp, &attr); 466 return err; 467 } 468 469 #define PTRACE_HBP_ADDR_SZ sizeof(u64) 470 #define PTRACE_HBP_CTRL_SZ sizeof(u32) 471 #define PTRACE_HBP_PAD_SZ sizeof(u32) 472 hw_break_get(struct task_struct * target,const struct user_regset * regset,struct membuf to)473 static int hw_break_get(struct task_struct *target, 474 const struct user_regset *regset, 475 struct membuf to) 476 { 477 unsigned int note_type = regset->core_note_type; 478 int ret, idx = 0; 479 u32 info, ctrl; 480 u64 addr; 481 482 /* Resource info */ 483 ret = ptrace_hbp_get_resource_info(note_type, &info); 484 if (ret) 485 return ret; 486 487 membuf_write(&to, &info, sizeof(info)); 488 membuf_zero(&to, sizeof(u32)); 489 /* (address, ctrl) registers */ 490 while (to.left) { 491 ret = ptrace_hbp_get_addr(note_type, target, idx, &addr); 492 if (ret) 493 return ret; 494 ret = ptrace_hbp_get_ctrl(note_type, target, idx, &ctrl); 495 if (ret) 496 return ret; 497 membuf_store(&to, addr); 498 membuf_store(&to, ctrl); 499 membuf_zero(&to, sizeof(u32)); 500 idx++; 501 } 502 return 0; 503 } 504 hw_break_set(struct task_struct * target,const struct user_regset * regset,unsigned int pos,unsigned int count,const void * kbuf,const void __user * ubuf)505 static int hw_break_set(struct task_struct *target, 506 const struct user_regset *regset, 507 unsigned int pos, unsigned int count, 508 const void *kbuf, const void __user *ubuf) 509 { 510 unsigned int note_type = regset->core_note_type; 511 int ret, idx = 0, offset, limit; 512 u32 ctrl; 513 u64 addr; 514 515 /* Resource info and pad */ 516 offset = offsetof(struct user_hwdebug_state, dbg_regs); 517 user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf, 0, offset); 518 519 /* (address, ctrl) registers */ 520 limit = regset->n * regset->size; 521 while (count && offset < limit) { 522 if (count < PTRACE_HBP_ADDR_SZ) 523 return -EINVAL; 524 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &addr, 525 offset, offset + PTRACE_HBP_ADDR_SZ); 526 if (ret) 527 return ret; 528 ret = ptrace_hbp_set_addr(note_type, target, idx, addr); 529 if (ret) 530 return ret; 531 offset += PTRACE_HBP_ADDR_SZ; 532 533 if (!count) 534 break; 535 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &ctrl, 536 offset, offset + PTRACE_HBP_CTRL_SZ); 537 if (ret) 538 return ret; 539 ret = ptrace_hbp_set_ctrl(note_type, target, idx, ctrl); 540 if (ret) 541 return ret; 542 offset += PTRACE_HBP_CTRL_SZ; 543 544 user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf, 545 offset, offset + PTRACE_HBP_PAD_SZ); 546 offset += PTRACE_HBP_PAD_SZ; 547 idx++; 548 } 549 550 return 0; 551 } 552 #endif /* CONFIG_HAVE_HW_BREAKPOINT */ 553 gpr_get(struct task_struct * target,const struct user_regset * regset,struct membuf to)554 static int gpr_get(struct task_struct *target, 555 const struct user_regset *regset, 556 struct membuf to) 557 { 558 struct user_pt_regs *uregs = &task_pt_regs(target)->user_regs; 559 return membuf_write(&to, uregs, sizeof(*uregs)); 560 } 561 gpr_set(struct task_struct * target,const struct user_regset * regset,unsigned int pos,unsigned int count,const void * kbuf,const void __user * ubuf)562 static int gpr_set(struct task_struct *target, const struct user_regset *regset, 563 unsigned int pos, unsigned int count, 564 const void *kbuf, const void __user *ubuf) 565 { 566 int ret; 567 struct user_pt_regs newregs = task_pt_regs(target)->user_regs; 568 569 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &newregs, 0, -1); 570 if (ret) 571 return ret; 572 573 if (!valid_user_regs(&newregs, target)) 574 return -EINVAL; 575 576 task_pt_regs(target)->user_regs = newregs; 577 return 0; 578 } 579 fpr_active(struct task_struct * target,const struct user_regset * regset)580 static int fpr_active(struct task_struct *target, const struct user_regset *regset) 581 { 582 if (!system_supports_fpsimd()) 583 return -ENODEV; 584 return regset->n; 585 } 586 587 /* 588 * TODO: update fp accessors for lazy context switching (sync/flush hwstate) 589 */ __fpr_get(struct task_struct * target,const struct user_regset * regset,struct membuf to)590 static int __fpr_get(struct task_struct *target, 591 const struct user_regset *regset, 592 struct membuf to) 593 { 594 struct user_fpsimd_state *uregs; 595 596 sve_sync_to_fpsimd(target); 597 598 uregs = &target->thread.uw.fpsimd_state; 599 600 return membuf_write(&to, uregs, sizeof(*uregs)); 601 } 602 fpr_get(struct task_struct * target,const struct user_regset * regset,struct membuf to)603 static int fpr_get(struct task_struct *target, const struct user_regset *regset, 604 struct membuf to) 605 { 606 if (!system_supports_fpsimd()) 607 return -EINVAL; 608 609 if (target == current) 610 fpsimd_preserve_current_state(); 611 612 return __fpr_get(target, regset, to); 613 } 614 __fpr_set(struct task_struct * target,const struct user_regset * regset,unsigned int pos,unsigned int count,const void * kbuf,const void __user * ubuf,unsigned int start_pos)615 static int __fpr_set(struct task_struct *target, 616 const struct user_regset *regset, 617 unsigned int pos, unsigned int count, 618 const void *kbuf, const void __user *ubuf, 619 unsigned int start_pos) 620 { 621 int ret; 622 struct user_fpsimd_state newstate; 623 624 /* 625 * Ensure target->thread.uw.fpsimd_state is up to date, so that a 626 * short copyin can't resurrect stale data. 627 */ 628 sve_sync_to_fpsimd(target); 629 630 newstate = target->thread.uw.fpsimd_state; 631 632 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &newstate, 633 start_pos, start_pos + sizeof(newstate)); 634 if (ret) 635 return ret; 636 637 target->thread.uw.fpsimd_state = newstate; 638 639 return ret; 640 } 641 fpr_set(struct task_struct * target,const struct user_regset * regset,unsigned int pos,unsigned int count,const void * kbuf,const void __user * ubuf)642 static int fpr_set(struct task_struct *target, const struct user_regset *regset, 643 unsigned int pos, unsigned int count, 644 const void *kbuf, const void __user *ubuf) 645 { 646 int ret; 647 648 if (!system_supports_fpsimd()) 649 return -EINVAL; 650 651 ret = __fpr_set(target, regset, pos, count, kbuf, ubuf, 0); 652 if (ret) 653 return ret; 654 655 sve_sync_from_fpsimd_zeropad(target); 656 fpsimd_flush_task_state(target); 657 658 return ret; 659 } 660 tls_get(struct task_struct * target,const struct user_regset * regset,struct membuf to)661 static int tls_get(struct task_struct *target, const struct user_regset *regset, 662 struct membuf to) 663 { 664 int ret; 665 666 if (target == current) 667 tls_preserve_current_state(); 668 669 ret = membuf_store(&to, target->thread.uw.tp_value); 670 if (system_supports_tpidr2()) 671 ret = membuf_store(&to, target->thread.tpidr2_el0); 672 else 673 ret = membuf_zero(&to, sizeof(u64)); 674 675 return ret; 676 } 677 tls_set(struct task_struct * target,const struct user_regset * regset,unsigned int pos,unsigned int count,const void * kbuf,const void __user * ubuf)678 static int tls_set(struct task_struct *target, const struct user_regset *regset, 679 unsigned int pos, unsigned int count, 680 const void *kbuf, const void __user *ubuf) 681 { 682 int ret; 683 unsigned long tls[2]; 684 685 tls[0] = target->thread.uw.tp_value; 686 if (system_supports_tpidr2()) 687 tls[1] = target->thread.tpidr2_el0; 688 689 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, tls, 0, count); 690 if (ret) 691 return ret; 692 693 target->thread.uw.tp_value = tls[0]; 694 if (system_supports_tpidr2()) 695 target->thread.tpidr2_el0 = tls[1]; 696 697 return ret; 698 } 699 system_call_get(struct task_struct * target,const struct user_regset * regset,struct membuf to)700 static int system_call_get(struct task_struct *target, 701 const struct user_regset *regset, 702 struct membuf to) 703 { 704 return membuf_store(&to, task_pt_regs(target)->syscallno); 705 } 706 system_call_set(struct task_struct * target,const struct user_regset * regset,unsigned int pos,unsigned int count,const void * kbuf,const void __user * ubuf)707 static int system_call_set(struct task_struct *target, 708 const struct user_regset *regset, 709 unsigned int pos, unsigned int count, 710 const void *kbuf, const void __user *ubuf) 711 { 712 int syscallno = task_pt_regs(target)->syscallno; 713 int ret; 714 715 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &syscallno, 0, -1); 716 if (ret) 717 return ret; 718 719 task_pt_regs(target)->syscallno = syscallno; 720 return ret; 721 } 722 723 #ifdef CONFIG_ARM64_SVE 724 sve_init_header_from_task(struct user_sve_header * header,struct task_struct * target,enum vec_type type)725 static void sve_init_header_from_task(struct user_sve_header *header, 726 struct task_struct *target, 727 enum vec_type type) 728 { 729 unsigned int vq; 730 bool active; 731 enum vec_type task_type; 732 733 memset(header, 0, sizeof(*header)); 734 735 /* Check if the requested registers are active for the task */ 736 if (thread_sm_enabled(&target->thread)) 737 task_type = ARM64_VEC_SME; 738 else 739 task_type = ARM64_VEC_SVE; 740 active = (task_type == type); 741 742 switch (type) { 743 case ARM64_VEC_SVE: 744 if (test_tsk_thread_flag(target, TIF_SVE_VL_INHERIT)) 745 header->flags |= SVE_PT_VL_INHERIT; 746 break; 747 case ARM64_VEC_SME: 748 if (test_tsk_thread_flag(target, TIF_SME_VL_INHERIT)) 749 header->flags |= SVE_PT_VL_INHERIT; 750 break; 751 default: 752 WARN_ON_ONCE(1); 753 return; 754 } 755 756 if (active) { 757 if (target->thread.fp_type == FP_STATE_FPSIMD) { 758 header->flags |= SVE_PT_REGS_FPSIMD; 759 } else { 760 header->flags |= SVE_PT_REGS_SVE; 761 } 762 } 763 764 header->vl = task_get_vl(target, type); 765 vq = sve_vq_from_vl(header->vl); 766 767 header->max_vl = vec_max_vl(type); 768 header->size = SVE_PT_SIZE(vq, header->flags); 769 header->max_size = SVE_PT_SIZE(sve_vq_from_vl(header->max_vl), 770 SVE_PT_REGS_SVE); 771 } 772 sve_size_from_header(struct user_sve_header const * header)773 static unsigned int sve_size_from_header(struct user_sve_header const *header) 774 { 775 return ALIGN(header->size, SVE_VQ_BYTES); 776 } 777 sve_get_common(struct task_struct * target,const struct user_regset * regset,struct membuf to,enum vec_type type)778 static int sve_get_common(struct task_struct *target, 779 const struct user_regset *regset, 780 struct membuf to, 781 enum vec_type type) 782 { 783 struct user_sve_header header; 784 unsigned int vq; 785 unsigned long start, end; 786 787 /* Header */ 788 sve_init_header_from_task(&header, target, type); 789 vq = sve_vq_from_vl(header.vl); 790 791 membuf_write(&to, &header, sizeof(header)); 792 793 if (target == current) 794 fpsimd_preserve_current_state(); 795 796 BUILD_BUG_ON(SVE_PT_FPSIMD_OFFSET != sizeof(header)); 797 BUILD_BUG_ON(SVE_PT_SVE_OFFSET != sizeof(header)); 798 799 switch ((header.flags & SVE_PT_REGS_MASK)) { 800 case SVE_PT_REGS_FPSIMD: 801 return __fpr_get(target, regset, to); 802 803 case SVE_PT_REGS_SVE: 804 start = SVE_PT_SVE_OFFSET; 805 end = SVE_PT_SVE_FFR_OFFSET(vq) + SVE_PT_SVE_FFR_SIZE(vq); 806 membuf_write(&to, target->thread.sve_state, end - start); 807 808 start = end; 809 end = SVE_PT_SVE_FPSR_OFFSET(vq); 810 membuf_zero(&to, end - start); 811 812 /* 813 * Copy fpsr, and fpcr which must follow contiguously in 814 * struct fpsimd_state: 815 */ 816 start = end; 817 end = SVE_PT_SVE_FPCR_OFFSET(vq) + SVE_PT_SVE_FPCR_SIZE; 818 membuf_write(&to, &target->thread.uw.fpsimd_state.fpsr, 819 end - start); 820 821 start = end; 822 end = sve_size_from_header(&header); 823 return membuf_zero(&to, end - start); 824 825 default: 826 return 0; 827 } 828 } 829 sve_get(struct task_struct * target,const struct user_regset * regset,struct membuf to)830 static int sve_get(struct task_struct *target, 831 const struct user_regset *regset, 832 struct membuf to) 833 { 834 if (!system_supports_sve()) 835 return -EINVAL; 836 837 return sve_get_common(target, regset, to, ARM64_VEC_SVE); 838 } 839 sve_set_common(struct task_struct * target,const struct user_regset * regset,unsigned int pos,unsigned int count,const void * kbuf,const void __user * ubuf,enum vec_type type)840 static int sve_set_common(struct task_struct *target, 841 const struct user_regset *regset, 842 unsigned int pos, unsigned int count, 843 const void *kbuf, const void __user *ubuf, 844 enum vec_type type) 845 { 846 int ret; 847 struct user_sve_header header; 848 unsigned int vq; 849 unsigned long start, end; 850 851 /* Header */ 852 if (count < sizeof(header)) 853 return -EINVAL; 854 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &header, 855 0, sizeof(header)); 856 if (ret) 857 goto out; 858 859 /* 860 * Apart from SVE_PT_REGS_MASK, all SVE_PT_* flags are consumed by 861 * vec_set_vector_length(), which will also validate them for us: 862 */ 863 ret = vec_set_vector_length(target, type, header.vl, 864 ((unsigned long)header.flags & ~SVE_PT_REGS_MASK) << 16); 865 if (ret) 866 goto out; 867 868 /* Actual VL set may be less than the user asked for: */ 869 vq = sve_vq_from_vl(task_get_vl(target, type)); 870 871 /* Enter/exit streaming mode */ 872 if (system_supports_sme()) { 873 u64 old_svcr = target->thread.svcr; 874 875 switch (type) { 876 case ARM64_VEC_SVE: 877 target->thread.svcr &= ~SVCR_SM_MASK; 878 break; 879 case ARM64_VEC_SME: 880 target->thread.svcr |= SVCR_SM_MASK; 881 882 /* 883 * Disable traps and ensure there is SME storage but 884 * preserve any currently set values in ZA/ZT. 885 */ 886 sme_alloc(target, false); 887 set_tsk_thread_flag(target, TIF_SME); 888 break; 889 default: 890 WARN_ON_ONCE(1); 891 ret = -EINVAL; 892 goto out; 893 } 894 895 /* 896 * If we switched then invalidate any existing SVE 897 * state and ensure there's storage. 898 */ 899 if (target->thread.svcr != old_svcr) 900 sve_alloc(target, true); 901 } 902 903 /* Registers: FPSIMD-only case */ 904 905 BUILD_BUG_ON(SVE_PT_FPSIMD_OFFSET != sizeof(header)); 906 if ((header.flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_FPSIMD) { 907 ret = __fpr_set(target, regset, pos, count, kbuf, ubuf, 908 SVE_PT_FPSIMD_OFFSET); 909 clear_tsk_thread_flag(target, TIF_SVE); 910 target->thread.fp_type = FP_STATE_FPSIMD; 911 goto out; 912 } 913 914 /* 915 * Otherwise: no registers or full SVE case. For backwards 916 * compatibility reasons we treat empty flags as SVE registers. 917 */ 918 919 /* 920 * If setting a different VL from the requested VL and there is 921 * register data, the data layout will be wrong: don't even 922 * try to set the registers in this case. 923 */ 924 if (count && vq != sve_vq_from_vl(header.vl)) { 925 ret = -EIO; 926 goto out; 927 } 928 929 sve_alloc(target, true); 930 if (!target->thread.sve_state) { 931 ret = -ENOMEM; 932 clear_tsk_thread_flag(target, TIF_SVE); 933 target->thread.fp_type = FP_STATE_FPSIMD; 934 goto out; 935 } 936 937 /* 938 * Ensure target->thread.sve_state is up to date with target's 939 * FPSIMD regs, so that a short copyin leaves trailing 940 * registers unmodified. Only enable SVE if we are 941 * configuring normal SVE, a system with streaming SVE may not 942 * have normal SVE. 943 */ 944 fpsimd_sync_to_sve(target); 945 if (type == ARM64_VEC_SVE) 946 set_tsk_thread_flag(target, TIF_SVE); 947 target->thread.fp_type = FP_STATE_SVE; 948 949 BUILD_BUG_ON(SVE_PT_SVE_OFFSET != sizeof(header)); 950 start = SVE_PT_SVE_OFFSET; 951 end = SVE_PT_SVE_FFR_OFFSET(vq) + SVE_PT_SVE_FFR_SIZE(vq); 952 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, 953 target->thread.sve_state, 954 start, end); 955 if (ret) 956 goto out; 957 958 start = end; 959 end = SVE_PT_SVE_FPSR_OFFSET(vq); 960 user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf, start, end); 961 962 /* 963 * Copy fpsr, and fpcr which must follow contiguously in 964 * struct fpsimd_state: 965 */ 966 start = end; 967 end = SVE_PT_SVE_FPCR_OFFSET(vq) + SVE_PT_SVE_FPCR_SIZE; 968 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, 969 &target->thread.uw.fpsimd_state.fpsr, 970 start, end); 971 972 out: 973 fpsimd_flush_task_state(target); 974 return ret; 975 } 976 sve_set(struct task_struct * target,const struct user_regset * regset,unsigned int pos,unsigned int count,const void * kbuf,const void __user * ubuf)977 static int sve_set(struct task_struct *target, 978 const struct user_regset *regset, 979 unsigned int pos, unsigned int count, 980 const void *kbuf, const void __user *ubuf) 981 { 982 if (!system_supports_sve()) 983 return -EINVAL; 984 985 return sve_set_common(target, regset, pos, count, kbuf, ubuf, 986 ARM64_VEC_SVE); 987 } 988 989 #endif /* CONFIG_ARM64_SVE */ 990 991 #ifdef CONFIG_ARM64_SME 992 ssve_get(struct task_struct * target,const struct user_regset * regset,struct membuf to)993 static int ssve_get(struct task_struct *target, 994 const struct user_regset *regset, 995 struct membuf to) 996 { 997 if (!system_supports_sme()) 998 return -EINVAL; 999 1000 return sve_get_common(target, regset, to, ARM64_VEC_SME); 1001 } 1002 ssve_set(struct task_struct * target,const struct user_regset * regset,unsigned int pos,unsigned int count,const void * kbuf,const void __user * ubuf)1003 static int ssve_set(struct task_struct *target, 1004 const struct user_regset *regset, 1005 unsigned int pos, unsigned int count, 1006 const void *kbuf, const void __user *ubuf) 1007 { 1008 if (!system_supports_sme()) 1009 return -EINVAL; 1010 1011 return sve_set_common(target, regset, pos, count, kbuf, ubuf, 1012 ARM64_VEC_SME); 1013 } 1014 za_get(struct task_struct * target,const struct user_regset * regset,struct membuf to)1015 static int za_get(struct task_struct *target, 1016 const struct user_regset *regset, 1017 struct membuf to) 1018 { 1019 struct user_za_header header; 1020 unsigned int vq; 1021 unsigned long start, end; 1022 1023 if (!system_supports_sme()) 1024 return -EINVAL; 1025 1026 /* Header */ 1027 memset(&header, 0, sizeof(header)); 1028 1029 if (test_tsk_thread_flag(target, TIF_SME_VL_INHERIT)) 1030 header.flags |= ZA_PT_VL_INHERIT; 1031 1032 header.vl = task_get_sme_vl(target); 1033 vq = sve_vq_from_vl(header.vl); 1034 header.max_vl = sme_max_vl(); 1035 header.max_size = ZA_PT_SIZE(vq); 1036 1037 /* If ZA is not active there is only the header */ 1038 if (thread_za_enabled(&target->thread)) 1039 header.size = ZA_PT_SIZE(vq); 1040 else 1041 header.size = ZA_PT_ZA_OFFSET; 1042 1043 membuf_write(&to, &header, sizeof(header)); 1044 1045 BUILD_BUG_ON(ZA_PT_ZA_OFFSET != sizeof(header)); 1046 end = ZA_PT_ZA_OFFSET; 1047 1048 if (target == current) 1049 fpsimd_preserve_current_state(); 1050 1051 /* Any register data to include? */ 1052 if (thread_za_enabled(&target->thread)) { 1053 start = end; 1054 end = ZA_PT_SIZE(vq); 1055 membuf_write(&to, target->thread.sme_state, end - start); 1056 } 1057 1058 /* Zero any trailing padding */ 1059 start = end; 1060 end = ALIGN(header.size, SVE_VQ_BYTES); 1061 return membuf_zero(&to, end - start); 1062 } 1063 za_set(struct task_struct * target,const struct user_regset * regset,unsigned int pos,unsigned int count,const void * kbuf,const void __user * ubuf)1064 static int za_set(struct task_struct *target, 1065 const struct user_regset *regset, 1066 unsigned int pos, unsigned int count, 1067 const void *kbuf, const void __user *ubuf) 1068 { 1069 int ret; 1070 struct user_za_header header; 1071 unsigned int vq; 1072 unsigned long start, end; 1073 1074 if (!system_supports_sme()) 1075 return -EINVAL; 1076 1077 /* Header */ 1078 if (count < sizeof(header)) 1079 return -EINVAL; 1080 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &header, 1081 0, sizeof(header)); 1082 if (ret) 1083 goto out; 1084 1085 /* 1086 * All current ZA_PT_* flags are consumed by 1087 * vec_set_vector_length(), which will also validate them for 1088 * us: 1089 */ 1090 ret = vec_set_vector_length(target, ARM64_VEC_SME, header.vl, 1091 ((unsigned long)header.flags) << 16); 1092 if (ret) 1093 goto out; 1094 1095 /* Actual VL set may be less than the user asked for: */ 1096 vq = sve_vq_from_vl(task_get_sme_vl(target)); 1097 1098 /* Ensure there is some SVE storage for streaming mode */ 1099 if (!target->thread.sve_state) { 1100 sve_alloc(target, false); 1101 if (!target->thread.sve_state) { 1102 ret = -ENOMEM; 1103 goto out; 1104 } 1105 } 1106 1107 /* 1108 * Only flush the storage if PSTATE.ZA was not already set, 1109 * otherwise preserve any existing data. 1110 */ 1111 sme_alloc(target, !thread_za_enabled(&target->thread)); 1112 if (!target->thread.sme_state) 1113 return -ENOMEM; 1114 1115 /* If there is no data then disable ZA */ 1116 if (!count) { 1117 target->thread.svcr &= ~SVCR_ZA_MASK; 1118 goto out; 1119 } 1120 1121 /* 1122 * If setting a different VL from the requested VL and there is 1123 * register data, the data layout will be wrong: don't even 1124 * try to set the registers in this case. 1125 */ 1126 if (vq != sve_vq_from_vl(header.vl)) { 1127 ret = -EIO; 1128 goto out; 1129 } 1130 1131 BUILD_BUG_ON(ZA_PT_ZA_OFFSET != sizeof(header)); 1132 start = ZA_PT_ZA_OFFSET; 1133 end = ZA_PT_SIZE(vq); 1134 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, 1135 target->thread.sme_state, 1136 start, end); 1137 if (ret) 1138 goto out; 1139 1140 /* Mark ZA as active and let userspace use it */ 1141 set_tsk_thread_flag(target, TIF_SME); 1142 target->thread.svcr |= SVCR_ZA_MASK; 1143 1144 out: 1145 fpsimd_flush_task_state(target); 1146 return ret; 1147 } 1148 zt_get(struct task_struct * target,const struct user_regset * regset,struct membuf to)1149 static int zt_get(struct task_struct *target, 1150 const struct user_regset *regset, 1151 struct membuf to) 1152 { 1153 if (!system_supports_sme2()) 1154 return -EINVAL; 1155 1156 /* 1157 * If PSTATE.ZA is not set then ZT will be zeroed when it is 1158 * enabled so report the current register value as zero. 1159 */ 1160 if (thread_za_enabled(&target->thread)) 1161 membuf_write(&to, thread_zt_state(&target->thread), 1162 ZT_SIG_REG_BYTES); 1163 else 1164 membuf_zero(&to, ZT_SIG_REG_BYTES); 1165 1166 return 0; 1167 } 1168 zt_set(struct task_struct * target,const struct user_regset * regset,unsigned int pos,unsigned int count,const void * kbuf,const void __user * ubuf)1169 static int zt_set(struct task_struct *target, 1170 const struct user_regset *regset, 1171 unsigned int pos, unsigned int count, 1172 const void *kbuf, const void __user *ubuf) 1173 { 1174 int ret; 1175 1176 if (!system_supports_sme2()) 1177 return -EINVAL; 1178 1179 /* Ensure SVE storage in case this is first use of SME */ 1180 sve_alloc(target, false); 1181 if (!target->thread.sve_state) 1182 return -ENOMEM; 1183 1184 if (!thread_za_enabled(&target->thread)) { 1185 sme_alloc(target, true); 1186 if (!target->thread.sme_state) 1187 return -ENOMEM; 1188 } 1189 1190 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, 1191 thread_zt_state(&target->thread), 1192 0, ZT_SIG_REG_BYTES); 1193 if (ret == 0) { 1194 target->thread.svcr |= SVCR_ZA_MASK; 1195 set_tsk_thread_flag(target, TIF_SME); 1196 } 1197 1198 fpsimd_flush_task_state(target); 1199 1200 return ret; 1201 } 1202 1203 #endif /* CONFIG_ARM64_SME */ 1204 1205 #ifdef CONFIG_ARM64_PTR_AUTH pac_mask_get(struct task_struct * target,const struct user_regset * regset,struct membuf to)1206 static int pac_mask_get(struct task_struct *target, 1207 const struct user_regset *regset, 1208 struct membuf to) 1209 { 1210 /* 1211 * The PAC bits can differ across data and instruction pointers 1212 * depending on TCR_EL1.TBID*, which we may make use of in future, so 1213 * we expose separate masks. 1214 */ 1215 unsigned long mask = ptrauth_user_pac_mask(); 1216 struct user_pac_mask uregs = { 1217 .data_mask = mask, 1218 .insn_mask = mask, 1219 }; 1220 1221 if (!system_supports_address_auth()) 1222 return -EINVAL; 1223 1224 return membuf_write(&to, &uregs, sizeof(uregs)); 1225 } 1226 pac_enabled_keys_get(struct task_struct * target,const struct user_regset * regset,struct membuf to)1227 static int pac_enabled_keys_get(struct task_struct *target, 1228 const struct user_regset *regset, 1229 struct membuf to) 1230 { 1231 long enabled_keys = ptrauth_get_enabled_keys(target); 1232 1233 if (IS_ERR_VALUE(enabled_keys)) 1234 return enabled_keys; 1235 1236 return membuf_write(&to, &enabled_keys, sizeof(enabled_keys)); 1237 } 1238 pac_enabled_keys_set(struct task_struct * target,const struct user_regset * regset,unsigned int pos,unsigned int count,const void * kbuf,const void __user * ubuf)1239 static int pac_enabled_keys_set(struct task_struct *target, 1240 const struct user_regset *regset, 1241 unsigned int pos, unsigned int count, 1242 const void *kbuf, const void __user *ubuf) 1243 { 1244 int ret; 1245 long enabled_keys = ptrauth_get_enabled_keys(target); 1246 1247 if (IS_ERR_VALUE(enabled_keys)) 1248 return enabled_keys; 1249 1250 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &enabled_keys, 0, 1251 sizeof(long)); 1252 if (ret) 1253 return ret; 1254 1255 return ptrauth_set_enabled_keys(target, PR_PAC_ENABLED_KEYS_MASK, 1256 enabled_keys); 1257 } 1258 1259 #ifdef CONFIG_CHECKPOINT_RESTORE pac_key_to_user(const struct ptrauth_key * key)1260 static __uint128_t pac_key_to_user(const struct ptrauth_key *key) 1261 { 1262 return (__uint128_t)key->hi << 64 | key->lo; 1263 } 1264 pac_key_from_user(__uint128_t ukey)1265 static struct ptrauth_key pac_key_from_user(__uint128_t ukey) 1266 { 1267 struct ptrauth_key key = { 1268 .lo = (unsigned long)ukey, 1269 .hi = (unsigned long)(ukey >> 64), 1270 }; 1271 1272 return key; 1273 } 1274 pac_address_keys_to_user(struct user_pac_address_keys * ukeys,const struct ptrauth_keys_user * keys)1275 static void pac_address_keys_to_user(struct user_pac_address_keys *ukeys, 1276 const struct ptrauth_keys_user *keys) 1277 { 1278 ukeys->apiakey = pac_key_to_user(&keys->apia); 1279 ukeys->apibkey = pac_key_to_user(&keys->apib); 1280 ukeys->apdakey = pac_key_to_user(&keys->apda); 1281 ukeys->apdbkey = pac_key_to_user(&keys->apdb); 1282 } 1283 pac_address_keys_from_user(struct ptrauth_keys_user * keys,const struct user_pac_address_keys * ukeys)1284 static void pac_address_keys_from_user(struct ptrauth_keys_user *keys, 1285 const struct user_pac_address_keys *ukeys) 1286 { 1287 keys->apia = pac_key_from_user(ukeys->apiakey); 1288 keys->apib = pac_key_from_user(ukeys->apibkey); 1289 keys->apda = pac_key_from_user(ukeys->apdakey); 1290 keys->apdb = pac_key_from_user(ukeys->apdbkey); 1291 } 1292 pac_address_keys_get(struct task_struct * target,const struct user_regset * regset,struct membuf to)1293 static int pac_address_keys_get(struct task_struct *target, 1294 const struct user_regset *regset, 1295 struct membuf to) 1296 { 1297 struct ptrauth_keys_user *keys = &target->thread.keys_user; 1298 struct user_pac_address_keys user_keys; 1299 1300 if (!system_supports_address_auth()) 1301 return -EINVAL; 1302 1303 pac_address_keys_to_user(&user_keys, keys); 1304 1305 return membuf_write(&to, &user_keys, sizeof(user_keys)); 1306 } 1307 pac_address_keys_set(struct task_struct * target,const struct user_regset * regset,unsigned int pos,unsigned int count,const void * kbuf,const void __user * ubuf)1308 static int pac_address_keys_set(struct task_struct *target, 1309 const struct user_regset *regset, 1310 unsigned int pos, unsigned int count, 1311 const void *kbuf, const void __user *ubuf) 1312 { 1313 struct ptrauth_keys_user *keys = &target->thread.keys_user; 1314 struct user_pac_address_keys user_keys; 1315 int ret; 1316 1317 if (!system_supports_address_auth()) 1318 return -EINVAL; 1319 1320 pac_address_keys_to_user(&user_keys, keys); 1321 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, 1322 &user_keys, 0, -1); 1323 if (ret) 1324 return ret; 1325 pac_address_keys_from_user(keys, &user_keys); 1326 1327 return 0; 1328 } 1329 pac_generic_keys_to_user(struct user_pac_generic_keys * ukeys,const struct ptrauth_keys_user * keys)1330 static void pac_generic_keys_to_user(struct user_pac_generic_keys *ukeys, 1331 const struct ptrauth_keys_user *keys) 1332 { 1333 ukeys->apgakey = pac_key_to_user(&keys->apga); 1334 } 1335 pac_generic_keys_from_user(struct ptrauth_keys_user * keys,const struct user_pac_generic_keys * ukeys)1336 static void pac_generic_keys_from_user(struct ptrauth_keys_user *keys, 1337 const struct user_pac_generic_keys *ukeys) 1338 { 1339 keys->apga = pac_key_from_user(ukeys->apgakey); 1340 } 1341 pac_generic_keys_get(struct task_struct * target,const struct user_regset * regset,struct membuf to)1342 static int pac_generic_keys_get(struct task_struct *target, 1343 const struct user_regset *regset, 1344 struct membuf to) 1345 { 1346 struct ptrauth_keys_user *keys = &target->thread.keys_user; 1347 struct user_pac_generic_keys user_keys; 1348 1349 if (!system_supports_generic_auth()) 1350 return -EINVAL; 1351 1352 pac_generic_keys_to_user(&user_keys, keys); 1353 1354 return membuf_write(&to, &user_keys, sizeof(user_keys)); 1355 } 1356 pac_generic_keys_set(struct task_struct * target,const struct user_regset * regset,unsigned int pos,unsigned int count,const void * kbuf,const void __user * ubuf)1357 static int pac_generic_keys_set(struct task_struct *target, 1358 const struct user_regset *regset, 1359 unsigned int pos, unsigned int count, 1360 const void *kbuf, const void __user *ubuf) 1361 { 1362 struct ptrauth_keys_user *keys = &target->thread.keys_user; 1363 struct user_pac_generic_keys user_keys; 1364 int ret; 1365 1366 if (!system_supports_generic_auth()) 1367 return -EINVAL; 1368 1369 pac_generic_keys_to_user(&user_keys, keys); 1370 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, 1371 &user_keys, 0, -1); 1372 if (ret) 1373 return ret; 1374 pac_generic_keys_from_user(keys, &user_keys); 1375 1376 return 0; 1377 } 1378 #endif /* CONFIG_CHECKPOINT_RESTORE */ 1379 #endif /* CONFIG_ARM64_PTR_AUTH */ 1380 1381 #ifdef CONFIG_ARM64_TAGGED_ADDR_ABI tagged_addr_ctrl_get(struct task_struct * target,const struct user_regset * regset,struct membuf to)1382 static int tagged_addr_ctrl_get(struct task_struct *target, 1383 const struct user_regset *regset, 1384 struct membuf to) 1385 { 1386 long ctrl = get_tagged_addr_ctrl(target); 1387 1388 if (WARN_ON_ONCE(IS_ERR_VALUE(ctrl))) 1389 return ctrl; 1390 1391 return membuf_write(&to, &ctrl, sizeof(ctrl)); 1392 } 1393 tagged_addr_ctrl_set(struct task_struct * target,const struct user_regset * regset,unsigned int pos,unsigned int count,const void * kbuf,const void __user * ubuf)1394 static int tagged_addr_ctrl_set(struct task_struct *target, const struct 1395 user_regset *regset, unsigned int pos, 1396 unsigned int count, const void *kbuf, const 1397 void __user *ubuf) 1398 { 1399 int ret; 1400 long ctrl; 1401 1402 ctrl = get_tagged_addr_ctrl(target); 1403 if (WARN_ON_ONCE(IS_ERR_VALUE(ctrl))) 1404 return ctrl; 1405 1406 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &ctrl, 0, -1); 1407 if (ret) 1408 return ret; 1409 1410 return set_tagged_addr_ctrl(target, ctrl); 1411 } 1412 #endif 1413 1414 enum aarch64_regset { 1415 REGSET_GPR, 1416 REGSET_FPR, 1417 REGSET_TLS, 1418 #ifdef CONFIG_HAVE_HW_BREAKPOINT 1419 REGSET_HW_BREAK, 1420 REGSET_HW_WATCH, 1421 #endif 1422 REGSET_SYSTEM_CALL, 1423 #ifdef CONFIG_ARM64_SVE 1424 REGSET_SVE, 1425 #endif 1426 #ifdef CONFIG_ARM64_SME 1427 REGSET_SSVE, 1428 REGSET_ZA, 1429 REGSET_ZT, 1430 #endif 1431 #ifdef CONFIG_ARM64_PTR_AUTH 1432 REGSET_PAC_MASK, 1433 REGSET_PAC_ENABLED_KEYS, 1434 #ifdef CONFIG_CHECKPOINT_RESTORE 1435 REGSET_PACA_KEYS, 1436 REGSET_PACG_KEYS, 1437 #endif 1438 #endif 1439 #ifdef CONFIG_ARM64_TAGGED_ADDR_ABI 1440 REGSET_TAGGED_ADDR_CTRL, 1441 #endif 1442 }; 1443 1444 static const struct user_regset aarch64_regsets[] = { 1445 [REGSET_GPR] = { 1446 .core_note_type = NT_PRSTATUS, 1447 .n = sizeof(struct user_pt_regs) / sizeof(u64), 1448 .size = sizeof(u64), 1449 .align = sizeof(u64), 1450 .regset_get = gpr_get, 1451 .set = gpr_set 1452 }, 1453 [REGSET_FPR] = { 1454 .core_note_type = NT_PRFPREG, 1455 .n = sizeof(struct user_fpsimd_state) / sizeof(u32), 1456 /* 1457 * We pretend we have 32-bit registers because the fpsr and 1458 * fpcr are 32-bits wide. 1459 */ 1460 .size = sizeof(u32), 1461 .align = sizeof(u32), 1462 .active = fpr_active, 1463 .regset_get = fpr_get, 1464 .set = fpr_set 1465 }, 1466 [REGSET_TLS] = { 1467 .core_note_type = NT_ARM_TLS, 1468 .n = 2, 1469 .size = sizeof(void *), 1470 .align = sizeof(void *), 1471 .regset_get = tls_get, 1472 .set = tls_set, 1473 }, 1474 #ifdef CONFIG_HAVE_HW_BREAKPOINT 1475 [REGSET_HW_BREAK] = { 1476 .core_note_type = NT_ARM_HW_BREAK, 1477 .n = sizeof(struct user_hwdebug_state) / sizeof(u32), 1478 .size = sizeof(u32), 1479 .align = sizeof(u32), 1480 .regset_get = hw_break_get, 1481 .set = hw_break_set, 1482 }, 1483 [REGSET_HW_WATCH] = { 1484 .core_note_type = NT_ARM_HW_WATCH, 1485 .n = sizeof(struct user_hwdebug_state) / sizeof(u32), 1486 .size = sizeof(u32), 1487 .align = sizeof(u32), 1488 .regset_get = hw_break_get, 1489 .set = hw_break_set, 1490 }, 1491 #endif 1492 [REGSET_SYSTEM_CALL] = { 1493 .core_note_type = NT_ARM_SYSTEM_CALL, 1494 .n = 1, 1495 .size = sizeof(int), 1496 .align = sizeof(int), 1497 .regset_get = system_call_get, 1498 .set = system_call_set, 1499 }, 1500 #ifdef CONFIG_ARM64_SVE 1501 [REGSET_SVE] = { /* Scalable Vector Extension */ 1502 .core_note_type = NT_ARM_SVE, 1503 .n = DIV_ROUND_UP(SVE_PT_SIZE(ARCH_SVE_VQ_MAX, 1504 SVE_PT_REGS_SVE), 1505 SVE_VQ_BYTES), 1506 .size = SVE_VQ_BYTES, 1507 .align = SVE_VQ_BYTES, 1508 .regset_get = sve_get, 1509 .set = sve_set, 1510 }, 1511 #endif 1512 #ifdef CONFIG_ARM64_SME 1513 [REGSET_SSVE] = { /* Streaming mode SVE */ 1514 .core_note_type = NT_ARM_SSVE, 1515 .n = DIV_ROUND_UP(SVE_PT_SIZE(SME_VQ_MAX, SVE_PT_REGS_SVE), 1516 SVE_VQ_BYTES), 1517 .size = SVE_VQ_BYTES, 1518 .align = SVE_VQ_BYTES, 1519 .regset_get = ssve_get, 1520 .set = ssve_set, 1521 }, 1522 [REGSET_ZA] = { /* SME ZA */ 1523 .core_note_type = NT_ARM_ZA, 1524 /* 1525 * ZA is a single register but it's variably sized and 1526 * the ptrace core requires that the size of any data 1527 * be an exact multiple of the configured register 1528 * size so report as though we had SVE_VQ_BYTES 1529 * registers. These values aren't exposed to 1530 * userspace. 1531 */ 1532 .n = DIV_ROUND_UP(ZA_PT_SIZE(SME_VQ_MAX), SVE_VQ_BYTES), 1533 .size = SVE_VQ_BYTES, 1534 .align = SVE_VQ_BYTES, 1535 .regset_get = za_get, 1536 .set = za_set, 1537 }, 1538 [REGSET_ZT] = { /* SME ZT */ 1539 .core_note_type = NT_ARM_ZT, 1540 .n = 1, 1541 .size = ZT_SIG_REG_BYTES, 1542 .align = sizeof(u64), 1543 .regset_get = zt_get, 1544 .set = zt_set, 1545 }, 1546 #endif 1547 #ifdef CONFIG_ARM64_PTR_AUTH 1548 [REGSET_PAC_MASK] = { 1549 .core_note_type = NT_ARM_PAC_MASK, 1550 .n = sizeof(struct user_pac_mask) / sizeof(u64), 1551 .size = sizeof(u64), 1552 .align = sizeof(u64), 1553 .regset_get = pac_mask_get, 1554 /* this cannot be set dynamically */ 1555 }, 1556 [REGSET_PAC_ENABLED_KEYS] = { 1557 .core_note_type = NT_ARM_PAC_ENABLED_KEYS, 1558 .n = 1, 1559 .size = sizeof(long), 1560 .align = sizeof(long), 1561 .regset_get = pac_enabled_keys_get, 1562 .set = pac_enabled_keys_set, 1563 }, 1564 #ifdef CONFIG_CHECKPOINT_RESTORE 1565 [REGSET_PACA_KEYS] = { 1566 .core_note_type = NT_ARM_PACA_KEYS, 1567 .n = sizeof(struct user_pac_address_keys) / sizeof(__uint128_t), 1568 .size = sizeof(__uint128_t), 1569 .align = sizeof(__uint128_t), 1570 .regset_get = pac_address_keys_get, 1571 .set = pac_address_keys_set, 1572 }, 1573 [REGSET_PACG_KEYS] = { 1574 .core_note_type = NT_ARM_PACG_KEYS, 1575 .n = sizeof(struct user_pac_generic_keys) / sizeof(__uint128_t), 1576 .size = sizeof(__uint128_t), 1577 .align = sizeof(__uint128_t), 1578 .regset_get = pac_generic_keys_get, 1579 .set = pac_generic_keys_set, 1580 }, 1581 #endif 1582 #endif 1583 #ifdef CONFIG_ARM64_TAGGED_ADDR_ABI 1584 [REGSET_TAGGED_ADDR_CTRL] = { 1585 .core_note_type = NT_ARM_TAGGED_ADDR_CTRL, 1586 .n = 1, 1587 .size = sizeof(long), 1588 .align = sizeof(long), 1589 .regset_get = tagged_addr_ctrl_get, 1590 .set = tagged_addr_ctrl_set, 1591 }, 1592 #endif 1593 }; 1594 1595 static const struct user_regset_view user_aarch64_view = { 1596 .name = "aarch64", .e_machine = EM_AARCH64, 1597 .regsets = aarch64_regsets, .n = ARRAY_SIZE(aarch64_regsets) 1598 }; 1599 1600 #ifdef CONFIG_COMPAT 1601 enum compat_regset { 1602 REGSET_COMPAT_GPR, 1603 REGSET_COMPAT_VFP, 1604 }; 1605 compat_get_user_reg(struct task_struct * task,int idx)1606 static inline compat_ulong_t compat_get_user_reg(struct task_struct *task, int idx) 1607 { 1608 struct pt_regs *regs = task_pt_regs(task); 1609 1610 switch (idx) { 1611 case 15: 1612 return regs->pc; 1613 case 16: 1614 return pstate_to_compat_psr(regs->pstate); 1615 case 17: 1616 return regs->orig_x0; 1617 default: 1618 return regs->regs[idx]; 1619 } 1620 } 1621 compat_gpr_get(struct task_struct * target,const struct user_regset * regset,struct membuf to)1622 static int compat_gpr_get(struct task_struct *target, 1623 const struct user_regset *regset, 1624 struct membuf to) 1625 { 1626 int i = 0; 1627 1628 while (to.left) 1629 membuf_store(&to, compat_get_user_reg(target, i++)); 1630 return 0; 1631 } 1632 compat_gpr_set(struct task_struct * target,const struct user_regset * regset,unsigned int pos,unsigned int count,const void * kbuf,const void __user * ubuf)1633 static int compat_gpr_set(struct task_struct *target, 1634 const struct user_regset *regset, 1635 unsigned int pos, unsigned int count, 1636 const void *kbuf, const void __user *ubuf) 1637 { 1638 struct pt_regs newregs; 1639 int ret = 0; 1640 unsigned int i, start, num_regs; 1641 1642 /* Calculate the number of AArch32 registers contained in count */ 1643 num_regs = count / regset->size; 1644 1645 /* Convert pos into an register number */ 1646 start = pos / regset->size; 1647 1648 if (start + num_regs > regset->n) 1649 return -EIO; 1650 1651 newregs = *task_pt_regs(target); 1652 1653 for (i = 0; i < num_regs; ++i) { 1654 unsigned int idx = start + i; 1655 compat_ulong_t reg; 1656 1657 if (kbuf) { 1658 memcpy(®, kbuf, sizeof(reg)); 1659 kbuf += sizeof(reg); 1660 } else { 1661 ret = copy_from_user(®, ubuf, sizeof(reg)); 1662 if (ret) { 1663 ret = -EFAULT; 1664 break; 1665 } 1666 1667 ubuf += sizeof(reg); 1668 } 1669 1670 switch (idx) { 1671 case 15: 1672 newregs.pc = reg; 1673 break; 1674 case 16: 1675 reg = compat_psr_to_pstate(reg); 1676 newregs.pstate = reg; 1677 break; 1678 case 17: 1679 newregs.orig_x0 = reg; 1680 break; 1681 default: 1682 newregs.regs[idx] = reg; 1683 } 1684 1685 } 1686 1687 if (valid_user_regs(&newregs.user_regs, target)) 1688 *task_pt_regs(target) = newregs; 1689 else 1690 ret = -EINVAL; 1691 1692 return ret; 1693 } 1694 compat_vfp_get(struct task_struct * target,const struct user_regset * regset,struct membuf to)1695 static int compat_vfp_get(struct task_struct *target, 1696 const struct user_regset *regset, 1697 struct membuf to) 1698 { 1699 struct user_fpsimd_state *uregs; 1700 compat_ulong_t fpscr; 1701 1702 if (!system_supports_fpsimd()) 1703 return -EINVAL; 1704 1705 uregs = &target->thread.uw.fpsimd_state; 1706 1707 if (target == current) 1708 fpsimd_preserve_current_state(); 1709 1710 /* 1711 * The VFP registers are packed into the fpsimd_state, so they all sit 1712 * nicely together for us. We just need to create the fpscr separately. 1713 */ 1714 membuf_write(&to, uregs, VFP_STATE_SIZE - sizeof(compat_ulong_t)); 1715 fpscr = (uregs->fpsr & VFP_FPSCR_STAT_MASK) | 1716 (uregs->fpcr & VFP_FPSCR_CTRL_MASK); 1717 return membuf_store(&to, fpscr); 1718 } 1719 compat_vfp_set(struct task_struct * target,const struct user_regset * regset,unsigned int pos,unsigned int count,const void * kbuf,const void __user * ubuf)1720 static int compat_vfp_set(struct task_struct *target, 1721 const struct user_regset *regset, 1722 unsigned int pos, unsigned int count, 1723 const void *kbuf, const void __user *ubuf) 1724 { 1725 struct user_fpsimd_state *uregs; 1726 compat_ulong_t fpscr; 1727 int ret, vregs_end_pos; 1728 1729 if (!system_supports_fpsimd()) 1730 return -EINVAL; 1731 1732 uregs = &target->thread.uw.fpsimd_state; 1733 1734 vregs_end_pos = VFP_STATE_SIZE - sizeof(compat_ulong_t); 1735 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, uregs, 0, 1736 vregs_end_pos); 1737 1738 if (count && !ret) { 1739 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &fpscr, 1740 vregs_end_pos, VFP_STATE_SIZE); 1741 if (!ret) { 1742 uregs->fpsr = fpscr & VFP_FPSCR_STAT_MASK; 1743 uregs->fpcr = fpscr & VFP_FPSCR_CTRL_MASK; 1744 } 1745 } 1746 1747 fpsimd_flush_task_state(target); 1748 return ret; 1749 } 1750 compat_tls_get(struct task_struct * target,const struct user_regset * regset,struct membuf to)1751 static int compat_tls_get(struct task_struct *target, 1752 const struct user_regset *regset, 1753 struct membuf to) 1754 { 1755 return membuf_store(&to, (compat_ulong_t)target->thread.uw.tp_value); 1756 } 1757 compat_tls_set(struct task_struct * target,const struct user_regset * regset,unsigned int pos,unsigned int count,const void * kbuf,const void __user * ubuf)1758 static int compat_tls_set(struct task_struct *target, 1759 const struct user_regset *regset, unsigned int pos, 1760 unsigned int count, const void *kbuf, 1761 const void __user *ubuf) 1762 { 1763 int ret; 1764 compat_ulong_t tls = target->thread.uw.tp_value; 1765 1766 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &tls, 0, -1); 1767 if (ret) 1768 return ret; 1769 1770 target->thread.uw.tp_value = tls; 1771 return ret; 1772 } 1773 1774 static const struct user_regset aarch32_regsets[] = { 1775 [REGSET_COMPAT_GPR] = { 1776 .core_note_type = NT_PRSTATUS, 1777 .n = COMPAT_ELF_NGREG, 1778 .size = sizeof(compat_elf_greg_t), 1779 .align = sizeof(compat_elf_greg_t), 1780 .regset_get = compat_gpr_get, 1781 .set = compat_gpr_set 1782 }, 1783 [REGSET_COMPAT_VFP] = { 1784 .core_note_type = NT_ARM_VFP, 1785 .n = VFP_STATE_SIZE / sizeof(compat_ulong_t), 1786 .size = sizeof(compat_ulong_t), 1787 .align = sizeof(compat_ulong_t), 1788 .active = fpr_active, 1789 .regset_get = compat_vfp_get, 1790 .set = compat_vfp_set 1791 }, 1792 }; 1793 1794 static const struct user_regset_view user_aarch32_view = { 1795 .name = "aarch32", .e_machine = EM_ARM, 1796 .regsets = aarch32_regsets, .n = ARRAY_SIZE(aarch32_regsets) 1797 }; 1798 1799 static const struct user_regset aarch32_ptrace_regsets[] = { 1800 [REGSET_GPR] = { 1801 .core_note_type = NT_PRSTATUS, 1802 .n = COMPAT_ELF_NGREG, 1803 .size = sizeof(compat_elf_greg_t), 1804 .align = sizeof(compat_elf_greg_t), 1805 .regset_get = compat_gpr_get, 1806 .set = compat_gpr_set 1807 }, 1808 [REGSET_FPR] = { 1809 .core_note_type = NT_ARM_VFP, 1810 .n = VFP_STATE_SIZE / sizeof(compat_ulong_t), 1811 .size = sizeof(compat_ulong_t), 1812 .align = sizeof(compat_ulong_t), 1813 .regset_get = compat_vfp_get, 1814 .set = compat_vfp_set 1815 }, 1816 [REGSET_TLS] = { 1817 .core_note_type = NT_ARM_TLS, 1818 .n = 1, 1819 .size = sizeof(compat_ulong_t), 1820 .align = sizeof(compat_ulong_t), 1821 .regset_get = compat_tls_get, 1822 .set = compat_tls_set, 1823 }, 1824 #ifdef CONFIG_HAVE_HW_BREAKPOINT 1825 [REGSET_HW_BREAK] = { 1826 .core_note_type = NT_ARM_HW_BREAK, 1827 .n = sizeof(struct user_hwdebug_state) / sizeof(u32), 1828 .size = sizeof(u32), 1829 .align = sizeof(u32), 1830 .regset_get = hw_break_get, 1831 .set = hw_break_set, 1832 }, 1833 [REGSET_HW_WATCH] = { 1834 .core_note_type = NT_ARM_HW_WATCH, 1835 .n = sizeof(struct user_hwdebug_state) / sizeof(u32), 1836 .size = sizeof(u32), 1837 .align = sizeof(u32), 1838 .regset_get = hw_break_get, 1839 .set = hw_break_set, 1840 }, 1841 #endif 1842 [REGSET_SYSTEM_CALL] = { 1843 .core_note_type = NT_ARM_SYSTEM_CALL, 1844 .n = 1, 1845 .size = sizeof(int), 1846 .align = sizeof(int), 1847 .regset_get = system_call_get, 1848 .set = system_call_set, 1849 }, 1850 }; 1851 1852 static const struct user_regset_view user_aarch32_ptrace_view = { 1853 .name = "aarch32", .e_machine = EM_ARM, 1854 .regsets = aarch32_ptrace_regsets, .n = ARRAY_SIZE(aarch32_ptrace_regsets) 1855 }; 1856 compat_ptrace_read_user(struct task_struct * tsk,compat_ulong_t off,compat_ulong_t __user * ret)1857 static int compat_ptrace_read_user(struct task_struct *tsk, compat_ulong_t off, 1858 compat_ulong_t __user *ret) 1859 { 1860 compat_ulong_t tmp; 1861 1862 if (off & 3) 1863 return -EIO; 1864 1865 if (off == COMPAT_PT_TEXT_ADDR) 1866 tmp = tsk->mm->start_code; 1867 else if (off == COMPAT_PT_DATA_ADDR) 1868 tmp = tsk->mm->start_data; 1869 else if (off == COMPAT_PT_TEXT_END_ADDR) 1870 tmp = tsk->mm->end_code; 1871 else if (off < sizeof(compat_elf_gregset_t)) 1872 tmp = compat_get_user_reg(tsk, off >> 2); 1873 else if (off >= COMPAT_USER_SZ) 1874 return -EIO; 1875 else 1876 tmp = 0; 1877 1878 return put_user(tmp, ret); 1879 } 1880 compat_ptrace_write_user(struct task_struct * tsk,compat_ulong_t off,compat_ulong_t val)1881 static int compat_ptrace_write_user(struct task_struct *tsk, compat_ulong_t off, 1882 compat_ulong_t val) 1883 { 1884 struct pt_regs newregs = *task_pt_regs(tsk); 1885 unsigned int idx = off / 4; 1886 1887 if (off & 3 || off >= COMPAT_USER_SZ) 1888 return -EIO; 1889 1890 if (off >= sizeof(compat_elf_gregset_t)) 1891 return 0; 1892 1893 switch (idx) { 1894 case 15: 1895 newregs.pc = val; 1896 break; 1897 case 16: 1898 newregs.pstate = compat_psr_to_pstate(val); 1899 break; 1900 case 17: 1901 newregs.orig_x0 = val; 1902 break; 1903 default: 1904 newregs.regs[idx] = val; 1905 } 1906 1907 if (!valid_user_regs(&newregs.user_regs, tsk)) 1908 return -EINVAL; 1909 1910 *task_pt_regs(tsk) = newregs; 1911 return 0; 1912 } 1913 1914 #ifdef CONFIG_HAVE_HW_BREAKPOINT 1915 1916 /* 1917 * Convert a virtual register number into an index for a thread_info 1918 * breakpoint array. Breakpoints are identified using positive numbers 1919 * whilst watchpoints are negative. The registers are laid out as pairs 1920 * of (address, control), each pair mapping to a unique hw_breakpoint struct. 1921 * Register 0 is reserved for describing resource information. 1922 */ compat_ptrace_hbp_num_to_idx(compat_long_t num)1923 static int compat_ptrace_hbp_num_to_idx(compat_long_t num) 1924 { 1925 return (abs(num) - 1) >> 1; 1926 } 1927 compat_ptrace_hbp_get_resource_info(u32 * kdata)1928 static int compat_ptrace_hbp_get_resource_info(u32 *kdata) 1929 { 1930 u8 num_brps, num_wrps, debug_arch, wp_len; 1931 u32 reg = 0; 1932 1933 num_brps = hw_breakpoint_slots(TYPE_INST); 1934 num_wrps = hw_breakpoint_slots(TYPE_DATA); 1935 1936 debug_arch = debug_monitors_arch(); 1937 wp_len = 8; 1938 reg |= debug_arch; 1939 reg <<= 8; 1940 reg |= wp_len; 1941 reg <<= 8; 1942 reg |= num_wrps; 1943 reg <<= 8; 1944 reg |= num_brps; 1945 1946 *kdata = reg; 1947 return 0; 1948 } 1949 compat_ptrace_hbp_get(unsigned int note_type,struct task_struct * tsk,compat_long_t num,u32 * kdata)1950 static int compat_ptrace_hbp_get(unsigned int note_type, 1951 struct task_struct *tsk, 1952 compat_long_t num, 1953 u32 *kdata) 1954 { 1955 u64 addr = 0; 1956 u32 ctrl = 0; 1957 1958 int err, idx = compat_ptrace_hbp_num_to_idx(num); 1959 1960 if (num & 1) { 1961 err = ptrace_hbp_get_addr(note_type, tsk, idx, &addr); 1962 *kdata = (u32)addr; 1963 } else { 1964 err = ptrace_hbp_get_ctrl(note_type, tsk, idx, &ctrl); 1965 *kdata = ctrl; 1966 } 1967 1968 return err; 1969 } 1970 compat_ptrace_hbp_set(unsigned int note_type,struct task_struct * tsk,compat_long_t num,u32 * kdata)1971 static int compat_ptrace_hbp_set(unsigned int note_type, 1972 struct task_struct *tsk, 1973 compat_long_t num, 1974 u32 *kdata) 1975 { 1976 u64 addr; 1977 u32 ctrl; 1978 1979 int err, idx = compat_ptrace_hbp_num_to_idx(num); 1980 1981 if (num & 1) { 1982 addr = *kdata; 1983 err = ptrace_hbp_set_addr(note_type, tsk, idx, addr); 1984 } else { 1985 ctrl = *kdata; 1986 err = ptrace_hbp_set_ctrl(note_type, tsk, idx, ctrl); 1987 } 1988 1989 return err; 1990 } 1991 compat_ptrace_gethbpregs(struct task_struct * tsk,compat_long_t num,compat_ulong_t __user * data)1992 static int compat_ptrace_gethbpregs(struct task_struct *tsk, compat_long_t num, 1993 compat_ulong_t __user *data) 1994 { 1995 int ret; 1996 u32 kdata; 1997 1998 /* Watchpoint */ 1999 if (num < 0) { 2000 ret = compat_ptrace_hbp_get(NT_ARM_HW_WATCH, tsk, num, &kdata); 2001 /* Resource info */ 2002 } else if (num == 0) { 2003 ret = compat_ptrace_hbp_get_resource_info(&kdata); 2004 /* Breakpoint */ 2005 } else { 2006 ret = compat_ptrace_hbp_get(NT_ARM_HW_BREAK, tsk, num, &kdata); 2007 } 2008 2009 if (!ret) 2010 ret = put_user(kdata, data); 2011 2012 return ret; 2013 } 2014 compat_ptrace_sethbpregs(struct task_struct * tsk,compat_long_t num,compat_ulong_t __user * data)2015 static int compat_ptrace_sethbpregs(struct task_struct *tsk, compat_long_t num, 2016 compat_ulong_t __user *data) 2017 { 2018 int ret; 2019 u32 kdata = 0; 2020 2021 if (num == 0) 2022 return 0; 2023 2024 ret = get_user(kdata, data); 2025 if (ret) 2026 return ret; 2027 2028 if (num < 0) 2029 ret = compat_ptrace_hbp_set(NT_ARM_HW_WATCH, tsk, num, &kdata); 2030 else 2031 ret = compat_ptrace_hbp_set(NT_ARM_HW_BREAK, tsk, num, &kdata); 2032 2033 return ret; 2034 } 2035 #endif /* CONFIG_HAVE_HW_BREAKPOINT */ 2036 compat_arch_ptrace(struct task_struct * child,compat_long_t request,compat_ulong_t caddr,compat_ulong_t cdata)2037 long compat_arch_ptrace(struct task_struct *child, compat_long_t request, 2038 compat_ulong_t caddr, compat_ulong_t cdata) 2039 { 2040 unsigned long addr = caddr; 2041 unsigned long data = cdata; 2042 void __user *datap = compat_ptr(data); 2043 int ret; 2044 2045 switch (request) { 2046 case PTRACE_PEEKUSR: 2047 ret = compat_ptrace_read_user(child, addr, datap); 2048 break; 2049 2050 case PTRACE_POKEUSR: 2051 ret = compat_ptrace_write_user(child, addr, data); 2052 break; 2053 2054 case COMPAT_PTRACE_GETREGS: 2055 ret = copy_regset_to_user(child, 2056 &user_aarch32_view, 2057 REGSET_COMPAT_GPR, 2058 0, sizeof(compat_elf_gregset_t), 2059 datap); 2060 break; 2061 2062 case COMPAT_PTRACE_SETREGS: 2063 ret = copy_regset_from_user(child, 2064 &user_aarch32_view, 2065 REGSET_COMPAT_GPR, 2066 0, sizeof(compat_elf_gregset_t), 2067 datap); 2068 break; 2069 2070 case COMPAT_PTRACE_GET_THREAD_AREA: 2071 ret = put_user((compat_ulong_t)child->thread.uw.tp_value, 2072 (compat_ulong_t __user *)datap); 2073 break; 2074 2075 case COMPAT_PTRACE_SET_SYSCALL: 2076 task_pt_regs(child)->syscallno = data; 2077 ret = 0; 2078 break; 2079 2080 case COMPAT_PTRACE_GETVFPREGS: 2081 ret = copy_regset_to_user(child, 2082 &user_aarch32_view, 2083 REGSET_COMPAT_VFP, 2084 0, VFP_STATE_SIZE, 2085 datap); 2086 break; 2087 2088 case COMPAT_PTRACE_SETVFPREGS: 2089 ret = copy_regset_from_user(child, 2090 &user_aarch32_view, 2091 REGSET_COMPAT_VFP, 2092 0, VFP_STATE_SIZE, 2093 datap); 2094 break; 2095 2096 #ifdef CONFIG_HAVE_HW_BREAKPOINT 2097 case COMPAT_PTRACE_GETHBPREGS: 2098 ret = compat_ptrace_gethbpregs(child, addr, datap); 2099 break; 2100 2101 case COMPAT_PTRACE_SETHBPREGS: 2102 ret = compat_ptrace_sethbpregs(child, addr, datap); 2103 break; 2104 #endif 2105 2106 default: 2107 ret = compat_ptrace_request(child, request, addr, 2108 data); 2109 break; 2110 } 2111 2112 return ret; 2113 } 2114 #endif /* CONFIG_COMPAT */ 2115 task_user_regset_view(struct task_struct * task)2116 const struct user_regset_view *task_user_regset_view(struct task_struct *task) 2117 { 2118 #ifdef CONFIG_COMPAT 2119 /* 2120 * Core dumping of 32-bit tasks or compat ptrace requests must use the 2121 * user_aarch32_view compatible with arm32. Native ptrace requests on 2122 * 32-bit children use an extended user_aarch32_ptrace_view to allow 2123 * access to the TLS register. 2124 */ 2125 if (is_compat_task()) 2126 return &user_aarch32_view; 2127 else if (is_compat_thread(task_thread_info(task))) 2128 return &user_aarch32_ptrace_view; 2129 #endif 2130 return &user_aarch64_view; 2131 } 2132 arch_ptrace(struct task_struct * child,long request,unsigned long addr,unsigned long data)2133 long arch_ptrace(struct task_struct *child, long request, 2134 unsigned long addr, unsigned long data) 2135 { 2136 switch (request) { 2137 case PTRACE_PEEKMTETAGS: 2138 case PTRACE_POKEMTETAGS: 2139 return mte_ptrace_copy_tags(child, request, addr, data); 2140 } 2141 2142 return ptrace_request(child, request, addr, data); 2143 } 2144 2145 enum ptrace_syscall_dir { 2146 PTRACE_SYSCALL_ENTER = 0, 2147 PTRACE_SYSCALL_EXIT, 2148 }; 2149 report_syscall(struct pt_regs * regs,enum ptrace_syscall_dir dir)2150 static void report_syscall(struct pt_regs *regs, enum ptrace_syscall_dir dir) 2151 { 2152 int regno; 2153 unsigned long saved_reg; 2154 2155 /* 2156 * We have some ABI weirdness here in the way that we handle syscall 2157 * exit stops because we indicate whether or not the stop has been 2158 * signalled from syscall entry or syscall exit by clobbering a general 2159 * purpose register (ip/r12 for AArch32, x7 for AArch64) in the tracee 2160 * and restoring its old value after the stop. This means that: 2161 * 2162 * - Any writes by the tracer to this register during the stop are 2163 * ignored/discarded. 2164 * 2165 * - The actual value of the register is not available during the stop, 2166 * so the tracer cannot save it and restore it later. 2167 * 2168 * - Syscall stops behave differently to seccomp and pseudo-step traps 2169 * (the latter do not nobble any registers). 2170 */ 2171 regno = (is_compat_task() ? 12 : 7); 2172 saved_reg = regs->regs[regno]; 2173 regs->regs[regno] = dir; 2174 2175 if (dir == PTRACE_SYSCALL_ENTER) { 2176 if (ptrace_report_syscall_entry(regs)) 2177 forget_syscall(regs); 2178 regs->regs[regno] = saved_reg; 2179 } else if (!test_thread_flag(TIF_SINGLESTEP)) { 2180 ptrace_report_syscall_exit(regs, 0); 2181 regs->regs[regno] = saved_reg; 2182 } else { 2183 regs->regs[regno] = saved_reg; 2184 2185 /* 2186 * Signal a pseudo-step exception since we are stepping but 2187 * tracer modifications to the registers may have rewound the 2188 * state machine. 2189 */ 2190 ptrace_report_syscall_exit(regs, 1); 2191 } 2192 } 2193 syscall_trace_enter(struct pt_regs * regs)2194 int syscall_trace_enter(struct pt_regs *regs) 2195 { 2196 unsigned long flags = read_thread_flags(); 2197 2198 if (flags & (_TIF_SYSCALL_EMU | _TIF_SYSCALL_TRACE)) { 2199 report_syscall(regs, PTRACE_SYSCALL_ENTER); 2200 if (flags & _TIF_SYSCALL_EMU) 2201 return NO_SYSCALL; 2202 } 2203 2204 /* Do the secure computing after ptrace; failures should be fast. */ 2205 if (secure_computing() == -1) 2206 return NO_SYSCALL; 2207 2208 if (test_thread_flag(TIF_SYSCALL_TRACEPOINT)) 2209 trace_sys_enter(regs, regs->syscallno); 2210 2211 audit_syscall_entry(regs->syscallno, regs->orig_x0, regs->regs[1], 2212 regs->regs[2], regs->regs[3]); 2213 2214 return regs->syscallno; 2215 } 2216 syscall_trace_exit(struct pt_regs * regs)2217 void syscall_trace_exit(struct pt_regs *regs) 2218 { 2219 unsigned long flags = read_thread_flags(); 2220 2221 audit_syscall_exit(regs); 2222 2223 if (flags & _TIF_SYSCALL_TRACEPOINT) 2224 trace_sys_exit(regs, syscall_get_return_value(current, regs)); 2225 2226 if (flags & (_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP)) 2227 report_syscall(regs, PTRACE_SYSCALL_EXIT); 2228 2229 rseq_syscall(regs); 2230 } 2231 2232 /* 2233 * SPSR_ELx bits which are always architecturally RES0 per ARM DDI 0487D.a. 2234 * We permit userspace to set SSBS (AArch64 bit 12, AArch32 bit 23) which is 2235 * not described in ARM DDI 0487D.a. 2236 * We treat PAN and UAO as RES0 bits, as they are meaningless at EL0, and may 2237 * be allocated an EL0 meaning in future. 2238 * Userspace cannot use these until they have an architectural meaning. 2239 * Note that this follows the SPSR_ELx format, not the AArch32 PSR format. 2240 * We also reserve IL for the kernel; SS is handled dynamically. 2241 */ 2242 #define SPSR_EL1_AARCH64_RES0_BITS \ 2243 (GENMASK_ULL(63, 32) | GENMASK_ULL(27, 26) | GENMASK_ULL(23, 22) | \ 2244 GENMASK_ULL(20, 13) | GENMASK_ULL(5, 5)) 2245 #define SPSR_EL1_AARCH32_RES0_BITS \ 2246 (GENMASK_ULL(63, 32) | GENMASK_ULL(22, 22) | GENMASK_ULL(20, 20)) 2247 valid_compat_regs(struct user_pt_regs * regs)2248 static int valid_compat_regs(struct user_pt_regs *regs) 2249 { 2250 regs->pstate &= ~SPSR_EL1_AARCH32_RES0_BITS; 2251 2252 if (!system_supports_mixed_endian_el0()) { 2253 if (IS_ENABLED(CONFIG_CPU_BIG_ENDIAN)) 2254 regs->pstate |= PSR_AA32_E_BIT; 2255 else 2256 regs->pstate &= ~PSR_AA32_E_BIT; 2257 } 2258 2259 if (user_mode(regs) && (regs->pstate & PSR_MODE32_BIT) && 2260 (regs->pstate & PSR_AA32_A_BIT) == 0 && 2261 (regs->pstate & PSR_AA32_I_BIT) == 0 && 2262 (regs->pstate & PSR_AA32_F_BIT) == 0) { 2263 return 1; 2264 } 2265 2266 /* 2267 * Force PSR to a valid 32-bit EL0t, preserving the same bits as 2268 * arch/arm. 2269 */ 2270 regs->pstate &= PSR_AA32_N_BIT | PSR_AA32_Z_BIT | 2271 PSR_AA32_C_BIT | PSR_AA32_V_BIT | 2272 PSR_AA32_Q_BIT | PSR_AA32_IT_MASK | 2273 PSR_AA32_GE_MASK | PSR_AA32_E_BIT | 2274 PSR_AA32_T_BIT; 2275 regs->pstate |= PSR_MODE32_BIT; 2276 2277 return 0; 2278 } 2279 valid_native_regs(struct user_pt_regs * regs)2280 static int valid_native_regs(struct user_pt_regs *regs) 2281 { 2282 regs->pstate &= ~SPSR_EL1_AARCH64_RES0_BITS; 2283 2284 if (user_mode(regs) && !(regs->pstate & PSR_MODE32_BIT) && 2285 (regs->pstate & PSR_D_BIT) == 0 && 2286 (regs->pstate & PSR_A_BIT) == 0 && 2287 (regs->pstate & PSR_I_BIT) == 0 && 2288 (regs->pstate & PSR_F_BIT) == 0) { 2289 return 1; 2290 } 2291 2292 /* Force PSR to a valid 64-bit EL0t */ 2293 regs->pstate &= PSR_N_BIT | PSR_Z_BIT | PSR_C_BIT | PSR_V_BIT; 2294 2295 return 0; 2296 } 2297 2298 /* 2299 * Are the current registers suitable for user mode? (used to maintain 2300 * security in signal handlers) 2301 */ valid_user_regs(struct user_pt_regs * regs,struct task_struct * task)2302 int valid_user_regs(struct user_pt_regs *regs, struct task_struct *task) 2303 { 2304 /* https://lore.kernel.org/lkml/20191118131525.GA4180@willie-the-truck */ 2305 user_regs_reset_single_step(regs, task); 2306 2307 if (is_compat_thread(task_thread_info(task))) 2308 return valid_compat_regs(regs); 2309 else 2310 return valid_native_regs(regs); 2311 } 2312