1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * linux/arch/arm/kernel/signal.c 4 * 5 * Copyright (C) 1995-2009 Russell King 6 */ 7 #include <linux/errno.h> 8 #include <linux/random.h> 9 #include <linux/signal.h> 10 #include <linux/personality.h> 11 #include <linux/uaccess.h> 12 #include <linux/tracehook.h> 13 #include <linux/uprobes.h> 14 #include <linux/syscalls.h> 15 16 #include <asm/elf.h> 17 #include <asm/cacheflush.h> 18 #include <asm/traps.h> 19 #include <asm/unistd.h> 20 #include <asm/vfp.h> 21 22 #include "signal.h" 23 24 extern const unsigned long sigreturn_codes[17]; 25 26 static unsigned long signal_return_offset; 27 28 #ifdef CONFIG_CRUNCH 29 static int preserve_crunch_context(struct crunch_sigframe __user *frame) 30 { 31 char kbuf[sizeof(*frame) + 8]; 32 struct crunch_sigframe *kframe; 33 34 /* the crunch context must be 64 bit aligned */ 35 kframe = (struct crunch_sigframe *)((unsigned long)(kbuf + 8) & ~7); 36 kframe->magic = CRUNCH_MAGIC; 37 kframe->size = CRUNCH_STORAGE_SIZE; 38 crunch_task_copy(current_thread_info(), &kframe->storage); 39 return __copy_to_user(frame, kframe, sizeof(*frame)); 40 } 41 42 static int restore_crunch_context(char __user **auxp) 43 { 44 struct crunch_sigframe __user *frame = 45 (struct crunch_sigframe __user *)*auxp; 46 char kbuf[sizeof(*frame) + 8]; 47 struct crunch_sigframe *kframe; 48 49 /* the crunch context must be 64 bit aligned */ 50 kframe = (struct crunch_sigframe *)((unsigned long)(kbuf + 8) & ~7); 51 if (__copy_from_user(kframe, frame, sizeof(*frame))) 52 return -1; 53 if (kframe->magic != CRUNCH_MAGIC || 54 kframe->size != CRUNCH_STORAGE_SIZE) 55 return -1; 56 *auxp += CRUNCH_STORAGE_SIZE; 57 crunch_task_restore(current_thread_info(), &kframe->storage); 58 return 0; 59 } 60 #endif 61 62 #ifdef CONFIG_IWMMXT 63 64 static int preserve_iwmmxt_context(struct iwmmxt_sigframe __user *frame) 65 { 66 char kbuf[sizeof(*frame) + 8]; 67 struct iwmmxt_sigframe *kframe; 68 int err = 0; 69 70 /* the iWMMXt context must be 64 bit aligned */ 71 kframe = (struct iwmmxt_sigframe *)((unsigned long)(kbuf + 8) & ~7); 72 73 if (test_thread_flag(TIF_USING_IWMMXT)) { 74 kframe->magic = IWMMXT_MAGIC; 75 kframe->size = IWMMXT_STORAGE_SIZE; 76 iwmmxt_task_copy(current_thread_info(), &kframe->storage); 77 } else { 78 /* 79 * For bug-compatibility with older kernels, some space 80 * has to be reserved for iWMMXt even if it's not used. 81 * Set the magic and size appropriately so that properly 82 * written userspace can skip it reliably: 83 */ 84 *kframe = (struct iwmmxt_sigframe) { 85 .magic = DUMMY_MAGIC, 86 .size = IWMMXT_STORAGE_SIZE, 87 }; 88 } 89 90 err = __copy_to_user(frame, kframe, sizeof(*kframe)); 91 92 return err; 93 } 94 95 static int restore_iwmmxt_context(char __user **auxp) 96 { 97 struct iwmmxt_sigframe __user *frame = 98 (struct iwmmxt_sigframe __user *)*auxp; 99 char kbuf[sizeof(*frame) + 8]; 100 struct iwmmxt_sigframe *kframe; 101 102 /* the iWMMXt context must be 64 bit aligned */ 103 kframe = (struct iwmmxt_sigframe *)((unsigned long)(kbuf + 8) & ~7); 104 if (__copy_from_user(kframe, frame, sizeof(*frame))) 105 return -1; 106 107 /* 108 * For non-iWMMXt threads: a single iwmmxt_sigframe-sized dummy 109 * block is discarded for compatibility with setup_sigframe() if 110 * present, but we don't mandate its presence. If some other 111 * magic is here, it's not for us: 112 */ 113 if (!test_thread_flag(TIF_USING_IWMMXT) && 114 kframe->magic != DUMMY_MAGIC) 115 return 0; 116 117 if (kframe->size != IWMMXT_STORAGE_SIZE) 118 return -1; 119 120 if (test_thread_flag(TIF_USING_IWMMXT)) { 121 if (kframe->magic != IWMMXT_MAGIC) 122 return -1; 123 124 iwmmxt_task_restore(current_thread_info(), &kframe->storage); 125 } 126 127 *auxp += IWMMXT_STORAGE_SIZE; 128 return 0; 129 } 130 131 #endif 132 133 #ifdef CONFIG_VFP 134 135 static int preserve_vfp_context(struct vfp_sigframe __user *frame) 136 { 137 struct vfp_sigframe kframe; 138 int err = 0; 139 140 memset(&kframe, 0, sizeof(kframe)); 141 kframe.magic = VFP_MAGIC; 142 kframe.size = VFP_STORAGE_SIZE; 143 144 err = vfp_preserve_user_clear_hwstate(&kframe.ufp, &kframe.ufp_exc); 145 if (err) 146 return err; 147 148 return __copy_to_user(frame, &kframe, sizeof(kframe)); 149 } 150 151 static int restore_vfp_context(char __user **auxp) 152 { 153 struct vfp_sigframe frame; 154 int err; 155 156 err = __copy_from_user(&frame, *auxp, sizeof(frame)); 157 if (err) 158 return err; 159 160 if (frame.magic != VFP_MAGIC || frame.size != VFP_STORAGE_SIZE) 161 return -EINVAL; 162 163 *auxp += sizeof(frame); 164 return vfp_restore_user_hwstate(&frame.ufp, &frame.ufp_exc); 165 } 166 167 #endif 168 169 /* 170 * Do a signal return; undo the signal stack. These are aligned to 64-bit. 171 */ 172 173 static int restore_sigframe(struct pt_regs *regs, struct sigframe __user *sf) 174 { 175 struct sigcontext context; 176 char __user *aux; 177 sigset_t set; 178 int err; 179 180 err = __copy_from_user(&set, &sf->uc.uc_sigmask, sizeof(set)); 181 if (err == 0) 182 set_current_blocked(&set); 183 184 err |= __copy_from_user(&context, &sf->uc.uc_mcontext, sizeof(context)); 185 if (err == 0) { 186 regs->ARM_r0 = context.arm_r0; 187 regs->ARM_r1 = context.arm_r1; 188 regs->ARM_r2 = context.arm_r2; 189 regs->ARM_r3 = context.arm_r3; 190 regs->ARM_r4 = context.arm_r4; 191 regs->ARM_r5 = context.arm_r5; 192 regs->ARM_r6 = context.arm_r6; 193 regs->ARM_r7 = context.arm_r7; 194 regs->ARM_r8 = context.arm_r8; 195 regs->ARM_r9 = context.arm_r9; 196 regs->ARM_r10 = context.arm_r10; 197 regs->ARM_fp = context.arm_fp; 198 regs->ARM_ip = context.arm_ip; 199 regs->ARM_sp = context.arm_sp; 200 regs->ARM_lr = context.arm_lr; 201 regs->ARM_pc = context.arm_pc; 202 regs->ARM_cpsr = context.arm_cpsr; 203 } 204 205 err |= !valid_user_regs(regs); 206 207 aux = (char __user *) sf->uc.uc_regspace; 208 #ifdef CONFIG_CRUNCH 209 if (err == 0) 210 err |= restore_crunch_context(&aux); 211 #endif 212 #ifdef CONFIG_IWMMXT 213 if (err == 0) 214 err |= restore_iwmmxt_context(&aux); 215 #endif 216 #ifdef CONFIG_VFP 217 if (err == 0) 218 err |= restore_vfp_context(&aux); 219 #endif 220 221 return err; 222 } 223 224 asmlinkage int sys_sigreturn(struct pt_regs *regs) 225 { 226 struct sigframe __user *frame; 227 228 /* Always make any pending restarted system calls return -EINTR */ 229 current->restart_block.fn = do_no_restart_syscall; 230 231 /* 232 * Since we stacked the signal on a 64-bit boundary, 233 * then 'sp' should be word aligned here. If it's 234 * not, then the user is trying to mess with us. 235 */ 236 if (regs->ARM_sp & 7) 237 goto badframe; 238 239 frame = (struct sigframe __user *)regs->ARM_sp; 240 241 if (!access_ok(frame, sizeof (*frame))) 242 goto badframe; 243 244 if (restore_sigframe(regs, frame)) 245 goto badframe; 246 247 return regs->ARM_r0; 248 249 badframe: 250 force_sig(SIGSEGV); 251 return 0; 252 } 253 254 asmlinkage int sys_rt_sigreturn(struct pt_regs *regs) 255 { 256 struct rt_sigframe __user *frame; 257 258 /* Always make any pending restarted system calls return -EINTR */ 259 current->restart_block.fn = do_no_restart_syscall; 260 261 /* 262 * Since we stacked the signal on a 64-bit boundary, 263 * then 'sp' should be word aligned here. If it's 264 * not, then the user is trying to mess with us. 265 */ 266 if (regs->ARM_sp & 7) 267 goto badframe; 268 269 frame = (struct rt_sigframe __user *)regs->ARM_sp; 270 271 if (!access_ok(frame, sizeof (*frame))) 272 goto badframe; 273 274 if (restore_sigframe(regs, &frame->sig)) 275 goto badframe; 276 277 if (restore_altstack(&frame->sig.uc.uc_stack)) 278 goto badframe; 279 280 return regs->ARM_r0; 281 282 badframe: 283 force_sig(SIGSEGV); 284 return 0; 285 } 286 287 static int 288 setup_sigframe(struct sigframe __user *sf, struct pt_regs *regs, sigset_t *set) 289 { 290 struct aux_sigframe __user *aux; 291 struct sigcontext context; 292 int err = 0; 293 294 context = (struct sigcontext) { 295 .arm_r0 = regs->ARM_r0, 296 .arm_r1 = regs->ARM_r1, 297 .arm_r2 = regs->ARM_r2, 298 .arm_r3 = regs->ARM_r3, 299 .arm_r4 = regs->ARM_r4, 300 .arm_r5 = regs->ARM_r5, 301 .arm_r6 = regs->ARM_r6, 302 .arm_r7 = regs->ARM_r7, 303 .arm_r8 = regs->ARM_r8, 304 .arm_r9 = regs->ARM_r9, 305 .arm_r10 = regs->ARM_r10, 306 .arm_fp = regs->ARM_fp, 307 .arm_ip = regs->ARM_ip, 308 .arm_sp = regs->ARM_sp, 309 .arm_lr = regs->ARM_lr, 310 .arm_pc = regs->ARM_pc, 311 .arm_cpsr = regs->ARM_cpsr, 312 313 .trap_no = current->thread.trap_no, 314 .error_code = current->thread.error_code, 315 .fault_address = current->thread.address, 316 .oldmask = set->sig[0], 317 }; 318 319 err |= __copy_to_user(&sf->uc.uc_mcontext, &context, sizeof(context)); 320 321 err |= __copy_to_user(&sf->uc.uc_sigmask, set, sizeof(*set)); 322 323 aux = (struct aux_sigframe __user *) sf->uc.uc_regspace; 324 #ifdef CONFIG_CRUNCH 325 if (err == 0) 326 err |= preserve_crunch_context(&aux->crunch); 327 #endif 328 #ifdef CONFIG_IWMMXT 329 if (err == 0) 330 err |= preserve_iwmmxt_context(&aux->iwmmxt); 331 #endif 332 #ifdef CONFIG_VFP 333 if (err == 0) 334 err |= preserve_vfp_context(&aux->vfp); 335 #endif 336 err |= __put_user(0, &aux->end_magic); 337 338 return err; 339 } 340 341 static inline void __user * 342 get_sigframe(struct ksignal *ksig, struct pt_regs *regs, int framesize) 343 { 344 unsigned long sp = sigsp(regs->ARM_sp, ksig); 345 void __user *frame; 346 347 /* 348 * ATPCS B01 mandates 8-byte alignment 349 */ 350 frame = (void __user *)((sp - framesize) & ~7); 351 352 /* 353 * Check that we can actually write to the signal frame. 354 */ 355 if (!access_ok(frame, framesize)) 356 frame = NULL; 357 358 return frame; 359 } 360 361 static int 362 setup_return(struct pt_regs *regs, struct ksignal *ksig, 363 unsigned long __user *rc, void __user *frame) 364 { 365 unsigned long handler = (unsigned long)ksig->ka.sa.sa_handler; 366 unsigned long handler_fdpic_GOT = 0; 367 unsigned long retcode; 368 unsigned int idx, thumb = 0; 369 unsigned long cpsr = regs->ARM_cpsr & ~(PSR_f | PSR_E_BIT); 370 bool fdpic = IS_ENABLED(CONFIG_BINFMT_ELF_FDPIC) && 371 (current->personality & FDPIC_FUNCPTRS); 372 373 if (fdpic) { 374 unsigned long __user *fdpic_func_desc = 375 (unsigned long __user *)handler; 376 if (__get_user(handler, &fdpic_func_desc[0]) || 377 __get_user(handler_fdpic_GOT, &fdpic_func_desc[1])) 378 return 1; 379 } 380 381 cpsr |= PSR_ENDSTATE; 382 383 /* 384 * Maybe we need to deliver a 32-bit signal to a 26-bit task. 385 */ 386 if (ksig->ka.sa.sa_flags & SA_THIRTYTWO) 387 cpsr = (cpsr & ~MODE_MASK) | USR_MODE; 388 389 #ifdef CONFIG_ARM_THUMB 390 if (elf_hwcap & HWCAP_THUMB) { 391 /* 392 * The LSB of the handler determines if we're going to 393 * be using THUMB or ARM mode for this signal handler. 394 */ 395 thumb = handler & 1; 396 397 /* 398 * Clear the If-Then Thumb-2 execution state. ARM spec 399 * requires this to be all 000s in ARM mode. Snapdragon 400 * S4/Krait misbehaves on a Thumb=>ARM signal transition 401 * without this. 402 * 403 * We must do this whenever we are running on a Thumb-2 404 * capable CPU, which includes ARMv6T2. However, we elect 405 * to always do this to simplify the code; this field is 406 * marked UNK/SBZP for older architectures. 407 */ 408 cpsr &= ~PSR_IT_MASK; 409 410 if (thumb) { 411 cpsr |= PSR_T_BIT; 412 } else 413 cpsr &= ~PSR_T_BIT; 414 } 415 #endif 416 417 if (ksig->ka.sa.sa_flags & SA_RESTORER) { 418 retcode = (unsigned long)ksig->ka.sa.sa_restorer; 419 if (fdpic) { 420 /* 421 * We need code to load the function descriptor. 422 * That code follows the standard sigreturn code 423 * (6 words), and is made of 3 + 2 words for each 424 * variant. The 4th copied word is the actual FD 425 * address that the assembly code expects. 426 */ 427 idx = 6 + thumb * 3; 428 if (ksig->ka.sa.sa_flags & SA_SIGINFO) 429 idx += 5; 430 if (__put_user(sigreturn_codes[idx], rc ) || 431 __put_user(sigreturn_codes[idx+1], rc+1) || 432 __put_user(sigreturn_codes[idx+2], rc+2) || 433 __put_user(retcode, rc+3)) 434 return 1; 435 goto rc_finish; 436 } 437 } else { 438 idx = thumb << 1; 439 if (ksig->ka.sa.sa_flags & SA_SIGINFO) 440 idx += 3; 441 442 /* 443 * Put the sigreturn code on the stack no matter which return 444 * mechanism we use in order to remain ABI compliant 445 */ 446 if (__put_user(sigreturn_codes[idx], rc) || 447 __put_user(sigreturn_codes[idx+1], rc+1)) 448 return 1; 449 450 rc_finish: 451 #ifdef CONFIG_MMU 452 if (cpsr & MODE32_BIT) { 453 struct mm_struct *mm = current->mm; 454 455 /* 456 * 32-bit code can use the signal return page 457 * except when the MPU has protected the vectors 458 * page from PL0 459 */ 460 retcode = mm->context.sigpage + signal_return_offset + 461 (idx << 2) + thumb; 462 } else 463 #endif 464 { 465 /* 466 * Ensure that the instruction cache sees 467 * the return code written onto the stack. 468 */ 469 flush_icache_range((unsigned long)rc, 470 (unsigned long)(rc + 3)); 471 472 retcode = ((unsigned long)rc) + thumb; 473 } 474 } 475 476 regs->ARM_r0 = ksig->sig; 477 regs->ARM_sp = (unsigned long)frame; 478 regs->ARM_lr = retcode; 479 regs->ARM_pc = handler; 480 if (fdpic) 481 regs->ARM_r9 = handler_fdpic_GOT; 482 regs->ARM_cpsr = cpsr; 483 484 return 0; 485 } 486 487 static int 488 setup_frame(struct ksignal *ksig, sigset_t *set, struct pt_regs *regs) 489 { 490 struct sigframe __user *frame = get_sigframe(ksig, regs, sizeof(*frame)); 491 int err = 0; 492 493 if (!frame) 494 return 1; 495 496 /* 497 * Set uc.uc_flags to a value which sc.trap_no would never have. 498 */ 499 err = __put_user(0x5ac3c35a, &frame->uc.uc_flags); 500 501 err |= setup_sigframe(frame, regs, set); 502 if (err == 0) 503 err = setup_return(regs, ksig, frame->retcode, frame); 504 505 return err; 506 } 507 508 static int 509 setup_rt_frame(struct ksignal *ksig, sigset_t *set, struct pt_regs *regs) 510 { 511 struct rt_sigframe __user *frame = get_sigframe(ksig, regs, sizeof(*frame)); 512 int err = 0; 513 514 if (!frame) 515 return 1; 516 517 err |= copy_siginfo_to_user(&frame->info, &ksig->info); 518 519 err |= __put_user(0, &frame->sig.uc.uc_flags); 520 err |= __put_user(NULL, &frame->sig.uc.uc_link); 521 522 err |= __save_altstack(&frame->sig.uc.uc_stack, regs->ARM_sp); 523 err |= setup_sigframe(&frame->sig, regs, set); 524 if (err == 0) 525 err = setup_return(regs, ksig, frame->sig.retcode, frame); 526 527 if (err == 0) { 528 /* 529 * For realtime signals we must also set the second and third 530 * arguments for the signal handler. 531 * -- Peter Maydell <pmaydell@chiark.greenend.org.uk> 2000-12-06 532 */ 533 regs->ARM_r1 = (unsigned long)&frame->info; 534 regs->ARM_r2 = (unsigned long)&frame->sig.uc; 535 } 536 537 return err; 538 } 539 540 /* 541 * OK, we're invoking a handler 542 */ 543 static void handle_signal(struct ksignal *ksig, struct pt_regs *regs) 544 { 545 sigset_t *oldset = sigmask_to_save(); 546 int ret; 547 548 /* 549 * Perform fixup for the pre-signal frame. 550 */ 551 rseq_signal_deliver(ksig, regs); 552 553 /* 554 * Set up the stack frame 555 */ 556 if (ksig->ka.sa.sa_flags & SA_SIGINFO) 557 ret = setup_rt_frame(ksig, oldset, regs); 558 else 559 ret = setup_frame(ksig, oldset, regs); 560 561 /* 562 * Check that the resulting registers are actually sane. 563 */ 564 ret |= !valid_user_regs(regs); 565 566 signal_setup_done(ret, ksig, 0); 567 } 568 569 /* 570 * Note that 'init' is a special process: it doesn't get signals it doesn't 571 * want to handle. Thus you cannot kill init even with a SIGKILL even by 572 * mistake. 573 * 574 * Note that we go through the signals twice: once to check the signals that 575 * the kernel can handle, and then we build all the user-level signal handling 576 * stack-frames in one go after that. 577 */ 578 static int do_signal(struct pt_regs *regs, int syscall) 579 { 580 unsigned int retval = 0, continue_addr = 0, restart_addr = 0; 581 struct ksignal ksig; 582 int restart = 0; 583 584 /* 585 * If we were from a system call, check for system call restarting... 586 */ 587 if (syscall) { 588 continue_addr = regs->ARM_pc; 589 restart_addr = continue_addr - (thumb_mode(regs) ? 2 : 4); 590 retval = regs->ARM_r0; 591 592 /* 593 * Prepare for system call restart. We do this here so that a 594 * debugger will see the already changed PSW. 595 */ 596 switch (retval) { 597 case -ERESTART_RESTARTBLOCK: 598 restart -= 2; 599 fallthrough; 600 case -ERESTARTNOHAND: 601 case -ERESTARTSYS: 602 case -ERESTARTNOINTR: 603 restart++; 604 regs->ARM_r0 = regs->ARM_ORIG_r0; 605 regs->ARM_pc = restart_addr; 606 break; 607 } 608 } 609 610 /* 611 * Get the signal to deliver. When running under ptrace, at this 612 * point the debugger may change all our registers ... 613 */ 614 /* 615 * Depending on the signal settings we may need to revert the 616 * decision to restart the system call. But skip this if a 617 * debugger has chosen to restart at a different PC. 618 */ 619 if (get_signal(&ksig)) { 620 /* handler */ 621 if (unlikely(restart) && regs->ARM_pc == restart_addr) { 622 if (retval == -ERESTARTNOHAND || 623 retval == -ERESTART_RESTARTBLOCK 624 || (retval == -ERESTARTSYS 625 && !(ksig.ka.sa.sa_flags & SA_RESTART))) { 626 regs->ARM_r0 = -EINTR; 627 regs->ARM_pc = continue_addr; 628 } 629 } 630 handle_signal(&ksig, regs); 631 } else { 632 /* no handler */ 633 restore_saved_sigmask(); 634 if (unlikely(restart) && regs->ARM_pc == restart_addr) { 635 regs->ARM_pc = continue_addr; 636 return restart; 637 } 638 } 639 return 0; 640 } 641 642 asmlinkage int 643 do_work_pending(struct pt_regs *regs, unsigned int thread_flags, int syscall) 644 { 645 /* 646 * The assembly code enters us with IRQs off, but it hasn't 647 * informed the tracing code of that for efficiency reasons. 648 * Update the trace code with the current status. 649 */ 650 trace_hardirqs_off(); 651 do { 652 if (likely(thread_flags & _TIF_NEED_RESCHED)) { 653 schedule(); 654 } else { 655 if (unlikely(!user_mode(regs))) 656 return 0; 657 local_irq_enable(); 658 if (thread_flags & (_TIF_SIGPENDING | _TIF_NOTIFY_SIGNAL)) { 659 int restart = do_signal(regs, syscall); 660 if (unlikely(restart)) { 661 /* 662 * Restart without handlers. 663 * Deal with it without leaving 664 * the kernel space. 665 */ 666 return restart; 667 } 668 syscall = 0; 669 } else if (thread_flags & _TIF_UPROBE) { 670 uprobe_notify_resume(regs); 671 } else { 672 tracehook_notify_resume(regs); 673 rseq_handle_notify_resume(NULL, regs); 674 } 675 } 676 local_irq_disable(); 677 thread_flags = current_thread_info()->flags; 678 } while (thread_flags & _TIF_WORK_MASK); 679 return 0; 680 } 681 682 struct page *get_signal_page(void) 683 { 684 unsigned long ptr; 685 unsigned offset; 686 struct page *page; 687 void *addr; 688 689 page = alloc_pages(GFP_KERNEL, 0); 690 691 if (!page) 692 return NULL; 693 694 addr = page_address(page); 695 696 /* Give the signal return code some randomness */ 697 offset = 0x200 + (get_random_int() & 0x7fc); 698 signal_return_offset = offset; 699 700 /* 701 * Copy signal return handlers into the vector page, and 702 * set sigreturn to be a pointer to these. 703 */ 704 memcpy(addr + offset, sigreturn_codes, sizeof(sigreturn_codes)); 705 706 ptr = (unsigned long)addr + offset; 707 flush_icache_range(ptr, ptr + sizeof(sigreturn_codes)); 708 709 return page; 710 } 711 712 /* Defer to generic check */ 713 asmlinkage void addr_limit_check_failed(void) 714 { 715 #ifdef CONFIG_MMU 716 addr_limit_user_check(); 717 #endif 718 } 719 720 #ifdef CONFIG_DEBUG_RSEQ 721 asmlinkage void do_rseq_syscall(struct pt_regs *regs) 722 { 723 rseq_syscall(regs); 724 } 725 #endif 726