1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Based on arch/arm/kernel/ptrace.c 4 * 5 * By Ross Biro 1/23/92 6 * edited by Linus Torvalds 7 * ARM modifications Copyright (C) 2000 Russell King 8 * Copyright (C) 2012 ARM Ltd. 9 */ 10 11 #include <linux/audit.h> 12 #include <linux/compat.h> 13 #include <linux/kernel.h> 14 #include <linux/sched/signal.h> 15 #include <linux/sched/task_stack.h> 16 #include <linux/mm.h> 17 #include <linux/nospec.h> 18 #include <linux/smp.h> 19 #include <linux/ptrace.h> 20 #include <linux/user.h> 21 #include <linux/seccomp.h> 22 #include <linux/security.h> 23 #include <linux/init.h> 24 #include <linux/signal.h> 25 #include <linux/string.h> 26 #include <linux/uaccess.h> 27 #include <linux/perf_event.h> 28 #include <linux/hw_breakpoint.h> 29 #include <linux/regset.h> 30 #include <linux/tracehook.h> 31 #include <linux/elf.h> 32 33 #include <asm/compat.h> 34 #include <asm/cpufeature.h> 35 #include <asm/debug-monitors.h> 36 #include <asm/fpsimd.h> 37 #include <asm/pgtable.h> 38 #include <asm/pointer_auth.h> 39 #include <asm/stacktrace.h> 40 #include <asm/syscall.h> 41 #include <asm/traps.h> 42 #include <asm/system_misc.h> 43 44 #define CREATE_TRACE_POINTS 45 #include <trace/events/syscalls.h> 46 47 struct pt_regs_offset { 48 const char *name; 49 int offset; 50 }; 51 52 #define REG_OFFSET_NAME(r) {.name = #r, .offset = offsetof(struct pt_regs, r)} 53 #define REG_OFFSET_END {.name = NULL, .offset = 0} 54 #define GPR_OFFSET_NAME(r) \ 55 {.name = "x" #r, .offset = offsetof(struct pt_regs, regs[r])} 56 57 static const struct pt_regs_offset regoffset_table[] = { 58 GPR_OFFSET_NAME(0), 59 GPR_OFFSET_NAME(1), 60 GPR_OFFSET_NAME(2), 61 GPR_OFFSET_NAME(3), 62 GPR_OFFSET_NAME(4), 63 GPR_OFFSET_NAME(5), 64 GPR_OFFSET_NAME(6), 65 GPR_OFFSET_NAME(7), 66 GPR_OFFSET_NAME(8), 67 GPR_OFFSET_NAME(9), 68 GPR_OFFSET_NAME(10), 69 GPR_OFFSET_NAME(11), 70 GPR_OFFSET_NAME(12), 71 GPR_OFFSET_NAME(13), 72 GPR_OFFSET_NAME(14), 73 GPR_OFFSET_NAME(15), 74 GPR_OFFSET_NAME(16), 75 GPR_OFFSET_NAME(17), 76 GPR_OFFSET_NAME(18), 77 GPR_OFFSET_NAME(19), 78 GPR_OFFSET_NAME(20), 79 GPR_OFFSET_NAME(21), 80 GPR_OFFSET_NAME(22), 81 GPR_OFFSET_NAME(23), 82 GPR_OFFSET_NAME(24), 83 GPR_OFFSET_NAME(25), 84 GPR_OFFSET_NAME(26), 85 GPR_OFFSET_NAME(27), 86 GPR_OFFSET_NAME(28), 87 GPR_OFFSET_NAME(29), 88 GPR_OFFSET_NAME(30), 89 {.name = "lr", .offset = offsetof(struct pt_regs, regs[30])}, 90 REG_OFFSET_NAME(sp), 91 REG_OFFSET_NAME(pc), 92 REG_OFFSET_NAME(pstate), 93 REG_OFFSET_END, 94 }; 95 96 /** 97 * regs_query_register_offset() - query register offset from its name 98 * @name: the name of a register 99 * 100 * regs_query_register_offset() returns the offset of a register in struct 101 * pt_regs from its name. If the name is invalid, this returns -EINVAL; 102 */ 103 int regs_query_register_offset(const char *name) 104 { 105 const struct pt_regs_offset *roff; 106 107 for (roff = regoffset_table; roff->name != NULL; roff++) 108 if (!strcmp(roff->name, name)) 109 return roff->offset; 110 return -EINVAL; 111 } 112 113 /** 114 * regs_within_kernel_stack() - check the address in the stack 115 * @regs: pt_regs which contains kernel stack pointer. 116 * @addr: address which is checked. 117 * 118 * regs_within_kernel_stack() checks @addr is within the kernel stack page(s). 119 * If @addr is within the kernel stack, it returns true. If not, returns false. 120 */ 121 static bool regs_within_kernel_stack(struct pt_regs *regs, unsigned long addr) 122 { 123 return ((addr & ~(THREAD_SIZE - 1)) == 124 (kernel_stack_pointer(regs) & ~(THREAD_SIZE - 1))) || 125 on_irq_stack(addr, NULL); 126 } 127 128 /** 129 * regs_get_kernel_stack_nth() - get Nth entry of the stack 130 * @regs: pt_regs which contains kernel stack pointer. 131 * @n: stack entry number. 132 * 133 * regs_get_kernel_stack_nth() returns @n th entry of the kernel stack which 134 * is specified by @regs. If the @n th entry is NOT in the kernel stack, 135 * this returns 0. 136 */ 137 unsigned long regs_get_kernel_stack_nth(struct pt_regs *regs, unsigned int n) 138 { 139 unsigned long *addr = (unsigned long *)kernel_stack_pointer(regs); 140 141 addr += n; 142 if (regs_within_kernel_stack(regs, (unsigned long)addr)) 143 return *addr; 144 else 145 return 0; 146 } 147 148 /* 149 * TODO: does not yet catch signals sent when the child dies. 150 * in exit.c or in signal.c. 151 */ 152 153 /* 154 * Called by kernel/ptrace.c when detaching.. 155 */ 156 void ptrace_disable(struct task_struct *child) 157 { 158 /* 159 * This would be better off in core code, but PTRACE_DETACH has 160 * grown its fair share of arch-specific worts and changing it 161 * is likely to cause regressions on obscure architectures. 162 */ 163 user_disable_single_step(child); 164 } 165 166 #ifdef CONFIG_HAVE_HW_BREAKPOINT 167 /* 168 * Handle hitting a HW-breakpoint. 169 */ 170 static void ptrace_hbptriggered(struct perf_event *bp, 171 struct perf_sample_data *data, 172 struct pt_regs *regs) 173 { 174 struct arch_hw_breakpoint *bkpt = counter_arch_bp(bp); 175 const char *desc = "Hardware breakpoint trap (ptrace)"; 176 177 #ifdef CONFIG_COMPAT 178 if (is_compat_task()) { 179 int si_errno = 0; 180 int i; 181 182 for (i = 0; i < ARM_MAX_BRP; ++i) { 183 if (current->thread.debug.hbp_break[i] == bp) { 184 si_errno = (i << 1) + 1; 185 break; 186 } 187 } 188 189 for (i = 0; i < ARM_MAX_WRP; ++i) { 190 if (current->thread.debug.hbp_watch[i] == bp) { 191 si_errno = -((i << 1) + 1); 192 break; 193 } 194 } 195 arm64_force_sig_ptrace_errno_trap(si_errno, 196 (void __user *)bkpt->trigger, 197 desc); 198 } 199 #endif 200 arm64_force_sig_fault(SIGTRAP, TRAP_HWBKPT, 201 (void __user *)(bkpt->trigger), 202 desc); 203 } 204 205 /* 206 * Unregister breakpoints from this task and reset the pointers in 207 * the thread_struct. 208 */ 209 void flush_ptrace_hw_breakpoint(struct task_struct *tsk) 210 { 211 int i; 212 struct thread_struct *t = &tsk->thread; 213 214 for (i = 0; i < ARM_MAX_BRP; i++) { 215 if (t->debug.hbp_break[i]) { 216 unregister_hw_breakpoint(t->debug.hbp_break[i]); 217 t->debug.hbp_break[i] = NULL; 218 } 219 } 220 221 for (i = 0; i < ARM_MAX_WRP; i++) { 222 if (t->debug.hbp_watch[i]) { 223 unregister_hw_breakpoint(t->debug.hbp_watch[i]); 224 t->debug.hbp_watch[i] = NULL; 225 } 226 } 227 } 228 229 void ptrace_hw_copy_thread(struct task_struct *tsk) 230 { 231 memset(&tsk->thread.debug, 0, sizeof(struct debug_info)); 232 } 233 234 static struct perf_event *ptrace_hbp_get_event(unsigned int note_type, 235 struct task_struct *tsk, 236 unsigned long idx) 237 { 238 struct perf_event *bp = ERR_PTR(-EINVAL); 239 240 switch (note_type) { 241 case NT_ARM_HW_BREAK: 242 if (idx >= ARM_MAX_BRP) 243 goto out; 244 idx = array_index_nospec(idx, ARM_MAX_BRP); 245 bp = tsk->thread.debug.hbp_break[idx]; 246 break; 247 case NT_ARM_HW_WATCH: 248 if (idx >= ARM_MAX_WRP) 249 goto out; 250 idx = array_index_nospec(idx, ARM_MAX_WRP); 251 bp = tsk->thread.debug.hbp_watch[idx]; 252 break; 253 } 254 255 out: 256 return bp; 257 } 258 259 static int ptrace_hbp_set_event(unsigned int note_type, 260 struct task_struct *tsk, 261 unsigned long idx, 262 struct perf_event *bp) 263 { 264 int err = -EINVAL; 265 266 switch (note_type) { 267 case NT_ARM_HW_BREAK: 268 if (idx >= ARM_MAX_BRP) 269 goto out; 270 idx = array_index_nospec(idx, ARM_MAX_BRP); 271 tsk->thread.debug.hbp_break[idx] = bp; 272 err = 0; 273 break; 274 case NT_ARM_HW_WATCH: 275 if (idx >= ARM_MAX_WRP) 276 goto out; 277 idx = array_index_nospec(idx, ARM_MAX_WRP); 278 tsk->thread.debug.hbp_watch[idx] = bp; 279 err = 0; 280 break; 281 } 282 283 out: 284 return err; 285 } 286 287 static struct perf_event *ptrace_hbp_create(unsigned int note_type, 288 struct task_struct *tsk, 289 unsigned long idx) 290 { 291 struct perf_event *bp; 292 struct perf_event_attr attr; 293 int err, type; 294 295 switch (note_type) { 296 case NT_ARM_HW_BREAK: 297 type = HW_BREAKPOINT_X; 298 break; 299 case NT_ARM_HW_WATCH: 300 type = HW_BREAKPOINT_RW; 301 break; 302 default: 303 return ERR_PTR(-EINVAL); 304 } 305 306 ptrace_breakpoint_init(&attr); 307 308 /* 309 * Initialise fields to sane defaults 310 * (i.e. values that will pass validation). 311 */ 312 attr.bp_addr = 0; 313 attr.bp_len = HW_BREAKPOINT_LEN_4; 314 attr.bp_type = type; 315 attr.disabled = 1; 316 317 bp = register_user_hw_breakpoint(&attr, ptrace_hbptriggered, NULL, tsk); 318 if (IS_ERR(bp)) 319 return bp; 320 321 err = ptrace_hbp_set_event(note_type, tsk, idx, bp); 322 if (err) 323 return ERR_PTR(err); 324 325 return bp; 326 } 327 328 static int ptrace_hbp_fill_attr_ctrl(unsigned int note_type, 329 struct arch_hw_breakpoint_ctrl ctrl, 330 struct perf_event_attr *attr) 331 { 332 int err, len, type, offset, disabled = !ctrl.enabled; 333 334 attr->disabled = disabled; 335 if (disabled) 336 return 0; 337 338 err = arch_bp_generic_fields(ctrl, &len, &type, &offset); 339 if (err) 340 return err; 341 342 switch (note_type) { 343 case NT_ARM_HW_BREAK: 344 if ((type & HW_BREAKPOINT_X) != type) 345 return -EINVAL; 346 break; 347 case NT_ARM_HW_WATCH: 348 if ((type & HW_BREAKPOINT_RW) != type) 349 return -EINVAL; 350 break; 351 default: 352 return -EINVAL; 353 } 354 355 attr->bp_len = len; 356 attr->bp_type = type; 357 attr->bp_addr += offset; 358 359 return 0; 360 } 361 362 static int ptrace_hbp_get_resource_info(unsigned int note_type, u32 *info) 363 { 364 u8 num; 365 u32 reg = 0; 366 367 switch (note_type) { 368 case NT_ARM_HW_BREAK: 369 num = hw_breakpoint_slots(TYPE_INST); 370 break; 371 case NT_ARM_HW_WATCH: 372 num = hw_breakpoint_slots(TYPE_DATA); 373 break; 374 default: 375 return -EINVAL; 376 } 377 378 reg |= debug_monitors_arch(); 379 reg <<= 8; 380 reg |= num; 381 382 *info = reg; 383 return 0; 384 } 385 386 static int ptrace_hbp_get_ctrl(unsigned int note_type, 387 struct task_struct *tsk, 388 unsigned long idx, 389 u32 *ctrl) 390 { 391 struct perf_event *bp = ptrace_hbp_get_event(note_type, tsk, idx); 392 393 if (IS_ERR(bp)) 394 return PTR_ERR(bp); 395 396 *ctrl = bp ? encode_ctrl_reg(counter_arch_bp(bp)->ctrl) : 0; 397 return 0; 398 } 399 400 static int ptrace_hbp_get_addr(unsigned int note_type, 401 struct task_struct *tsk, 402 unsigned long idx, 403 u64 *addr) 404 { 405 struct perf_event *bp = ptrace_hbp_get_event(note_type, tsk, idx); 406 407 if (IS_ERR(bp)) 408 return PTR_ERR(bp); 409 410 *addr = bp ? counter_arch_bp(bp)->address : 0; 411 return 0; 412 } 413 414 static struct perf_event *ptrace_hbp_get_initialised_bp(unsigned int note_type, 415 struct task_struct *tsk, 416 unsigned long idx) 417 { 418 struct perf_event *bp = ptrace_hbp_get_event(note_type, tsk, idx); 419 420 if (!bp) 421 bp = ptrace_hbp_create(note_type, tsk, idx); 422 423 return bp; 424 } 425 426 static int ptrace_hbp_set_ctrl(unsigned int note_type, 427 struct task_struct *tsk, 428 unsigned long idx, 429 u32 uctrl) 430 { 431 int err; 432 struct perf_event *bp; 433 struct perf_event_attr attr; 434 struct arch_hw_breakpoint_ctrl ctrl; 435 436 bp = ptrace_hbp_get_initialised_bp(note_type, tsk, idx); 437 if (IS_ERR(bp)) { 438 err = PTR_ERR(bp); 439 return err; 440 } 441 442 attr = bp->attr; 443 decode_ctrl_reg(uctrl, &ctrl); 444 err = ptrace_hbp_fill_attr_ctrl(note_type, ctrl, &attr); 445 if (err) 446 return err; 447 448 return modify_user_hw_breakpoint(bp, &attr); 449 } 450 451 static int ptrace_hbp_set_addr(unsigned int note_type, 452 struct task_struct *tsk, 453 unsigned long idx, 454 u64 addr) 455 { 456 int err; 457 struct perf_event *bp; 458 struct perf_event_attr attr; 459 460 bp = ptrace_hbp_get_initialised_bp(note_type, tsk, idx); 461 if (IS_ERR(bp)) { 462 err = PTR_ERR(bp); 463 return err; 464 } 465 466 attr = bp->attr; 467 attr.bp_addr = addr; 468 err = modify_user_hw_breakpoint(bp, &attr); 469 return err; 470 } 471 472 #define PTRACE_HBP_ADDR_SZ sizeof(u64) 473 #define PTRACE_HBP_CTRL_SZ sizeof(u32) 474 #define PTRACE_HBP_PAD_SZ sizeof(u32) 475 476 static int hw_break_get(struct task_struct *target, 477 const struct user_regset *regset, 478 unsigned int pos, unsigned int count, 479 void *kbuf, void __user *ubuf) 480 { 481 unsigned int note_type = regset->core_note_type; 482 int ret, idx = 0, offset, limit; 483 u32 info, ctrl; 484 u64 addr; 485 486 /* Resource info */ 487 ret = ptrace_hbp_get_resource_info(note_type, &info); 488 if (ret) 489 return ret; 490 491 ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, &info, 0, 492 sizeof(info)); 493 if (ret) 494 return ret; 495 496 /* Pad */ 497 offset = offsetof(struct user_hwdebug_state, pad); 498 ret = user_regset_copyout_zero(&pos, &count, &kbuf, &ubuf, offset, 499 offset + PTRACE_HBP_PAD_SZ); 500 if (ret) 501 return ret; 502 503 /* (address, ctrl) registers */ 504 offset = offsetof(struct user_hwdebug_state, dbg_regs); 505 limit = regset->n * regset->size; 506 while (count && offset < limit) { 507 ret = ptrace_hbp_get_addr(note_type, target, idx, &addr); 508 if (ret) 509 return ret; 510 ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, &addr, 511 offset, offset + PTRACE_HBP_ADDR_SZ); 512 if (ret) 513 return ret; 514 offset += PTRACE_HBP_ADDR_SZ; 515 516 ret = ptrace_hbp_get_ctrl(note_type, target, idx, &ctrl); 517 if (ret) 518 return ret; 519 ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, &ctrl, 520 offset, offset + PTRACE_HBP_CTRL_SZ); 521 if (ret) 522 return ret; 523 offset += PTRACE_HBP_CTRL_SZ; 524 525 ret = user_regset_copyout_zero(&pos, &count, &kbuf, &ubuf, 526 offset, 527 offset + PTRACE_HBP_PAD_SZ); 528 if (ret) 529 return ret; 530 offset += PTRACE_HBP_PAD_SZ; 531 idx++; 532 } 533 534 return 0; 535 } 536 537 static int hw_break_set(struct task_struct *target, 538 const struct user_regset *regset, 539 unsigned int pos, unsigned int count, 540 const void *kbuf, const void __user *ubuf) 541 { 542 unsigned int note_type = regset->core_note_type; 543 int ret, idx = 0, offset, limit; 544 u32 ctrl; 545 u64 addr; 546 547 /* Resource info and pad */ 548 offset = offsetof(struct user_hwdebug_state, dbg_regs); 549 ret = user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf, 0, offset); 550 if (ret) 551 return ret; 552 553 /* (address, ctrl) registers */ 554 limit = regset->n * regset->size; 555 while (count && offset < limit) { 556 if (count < PTRACE_HBP_ADDR_SZ) 557 return -EINVAL; 558 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &addr, 559 offset, offset + PTRACE_HBP_ADDR_SZ); 560 if (ret) 561 return ret; 562 ret = ptrace_hbp_set_addr(note_type, target, idx, addr); 563 if (ret) 564 return ret; 565 offset += PTRACE_HBP_ADDR_SZ; 566 567 if (!count) 568 break; 569 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &ctrl, 570 offset, offset + PTRACE_HBP_CTRL_SZ); 571 if (ret) 572 return ret; 573 ret = ptrace_hbp_set_ctrl(note_type, target, idx, ctrl); 574 if (ret) 575 return ret; 576 offset += PTRACE_HBP_CTRL_SZ; 577 578 ret = user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf, 579 offset, 580 offset + PTRACE_HBP_PAD_SZ); 581 if (ret) 582 return ret; 583 offset += PTRACE_HBP_PAD_SZ; 584 idx++; 585 } 586 587 return 0; 588 } 589 #endif /* CONFIG_HAVE_HW_BREAKPOINT */ 590 591 static int gpr_get(struct task_struct *target, 592 const struct user_regset *regset, 593 unsigned int pos, unsigned int count, 594 void *kbuf, void __user *ubuf) 595 { 596 struct user_pt_regs *uregs = &task_pt_regs(target)->user_regs; 597 return user_regset_copyout(&pos, &count, &kbuf, &ubuf, uregs, 0, -1); 598 } 599 600 static int gpr_set(struct task_struct *target, const struct user_regset *regset, 601 unsigned int pos, unsigned int count, 602 const void *kbuf, const void __user *ubuf) 603 { 604 int ret; 605 struct user_pt_regs newregs = task_pt_regs(target)->user_regs; 606 607 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &newregs, 0, -1); 608 if (ret) 609 return ret; 610 611 if (!valid_user_regs(&newregs, target)) 612 return -EINVAL; 613 614 task_pt_regs(target)->user_regs = newregs; 615 return 0; 616 } 617 618 /* 619 * TODO: update fp accessors for lazy context switching (sync/flush hwstate) 620 */ 621 static int __fpr_get(struct task_struct *target, 622 const struct user_regset *regset, 623 unsigned int pos, unsigned int count, 624 void *kbuf, void __user *ubuf, unsigned int start_pos) 625 { 626 struct user_fpsimd_state *uregs; 627 628 sve_sync_to_fpsimd(target); 629 630 uregs = &target->thread.uw.fpsimd_state; 631 632 return user_regset_copyout(&pos, &count, &kbuf, &ubuf, uregs, 633 start_pos, start_pos + sizeof(*uregs)); 634 } 635 636 static int fpr_get(struct task_struct *target, const struct user_regset *regset, 637 unsigned int pos, unsigned int count, 638 void *kbuf, void __user *ubuf) 639 { 640 if (target == current) 641 fpsimd_preserve_current_state(); 642 643 return __fpr_get(target, regset, pos, count, kbuf, ubuf, 0); 644 } 645 646 static int __fpr_set(struct task_struct *target, 647 const struct user_regset *regset, 648 unsigned int pos, unsigned int count, 649 const void *kbuf, const void __user *ubuf, 650 unsigned int start_pos) 651 { 652 int ret; 653 struct user_fpsimd_state newstate; 654 655 /* 656 * Ensure target->thread.uw.fpsimd_state is up to date, so that a 657 * short copyin can't resurrect stale data. 658 */ 659 sve_sync_to_fpsimd(target); 660 661 newstate = target->thread.uw.fpsimd_state; 662 663 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &newstate, 664 start_pos, start_pos + sizeof(newstate)); 665 if (ret) 666 return ret; 667 668 target->thread.uw.fpsimd_state = newstate; 669 670 return ret; 671 } 672 673 static int fpr_set(struct task_struct *target, const struct user_regset *regset, 674 unsigned int pos, unsigned int count, 675 const void *kbuf, const void __user *ubuf) 676 { 677 int ret; 678 679 ret = __fpr_set(target, regset, pos, count, kbuf, ubuf, 0); 680 if (ret) 681 return ret; 682 683 sve_sync_from_fpsimd_zeropad(target); 684 fpsimd_flush_task_state(target); 685 686 return ret; 687 } 688 689 static int tls_get(struct task_struct *target, const struct user_regset *regset, 690 unsigned int pos, unsigned int count, 691 void *kbuf, void __user *ubuf) 692 { 693 unsigned long *tls = &target->thread.uw.tp_value; 694 695 if (target == current) 696 tls_preserve_current_state(); 697 698 return user_regset_copyout(&pos, &count, &kbuf, &ubuf, tls, 0, -1); 699 } 700 701 static int tls_set(struct task_struct *target, const struct user_regset *regset, 702 unsigned int pos, unsigned int count, 703 const void *kbuf, const void __user *ubuf) 704 { 705 int ret; 706 unsigned long tls = target->thread.uw.tp_value; 707 708 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &tls, 0, -1); 709 if (ret) 710 return ret; 711 712 target->thread.uw.tp_value = tls; 713 return ret; 714 } 715 716 static int system_call_get(struct task_struct *target, 717 const struct user_regset *regset, 718 unsigned int pos, unsigned int count, 719 void *kbuf, void __user *ubuf) 720 { 721 int syscallno = task_pt_regs(target)->syscallno; 722 723 return user_regset_copyout(&pos, &count, &kbuf, &ubuf, 724 &syscallno, 0, -1); 725 } 726 727 static int system_call_set(struct task_struct *target, 728 const struct user_regset *regset, 729 unsigned int pos, unsigned int count, 730 const void *kbuf, const void __user *ubuf) 731 { 732 int syscallno = task_pt_regs(target)->syscallno; 733 int ret; 734 735 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &syscallno, 0, -1); 736 if (ret) 737 return ret; 738 739 task_pt_regs(target)->syscallno = syscallno; 740 return ret; 741 } 742 743 #ifdef CONFIG_ARM64_SVE 744 745 static void sve_init_header_from_task(struct user_sve_header *header, 746 struct task_struct *target) 747 { 748 unsigned int vq; 749 750 memset(header, 0, sizeof(*header)); 751 752 header->flags = test_tsk_thread_flag(target, TIF_SVE) ? 753 SVE_PT_REGS_SVE : SVE_PT_REGS_FPSIMD; 754 if (test_tsk_thread_flag(target, TIF_SVE_VL_INHERIT)) 755 header->flags |= SVE_PT_VL_INHERIT; 756 757 header->vl = target->thread.sve_vl; 758 vq = sve_vq_from_vl(header->vl); 759 760 header->max_vl = sve_max_vl; 761 header->size = SVE_PT_SIZE(vq, header->flags); 762 header->max_size = SVE_PT_SIZE(sve_vq_from_vl(header->max_vl), 763 SVE_PT_REGS_SVE); 764 } 765 766 static unsigned int sve_size_from_header(struct user_sve_header const *header) 767 { 768 return ALIGN(header->size, SVE_VQ_BYTES); 769 } 770 771 static unsigned int sve_get_size(struct task_struct *target, 772 const struct user_regset *regset) 773 { 774 struct user_sve_header header; 775 776 if (!system_supports_sve()) 777 return 0; 778 779 sve_init_header_from_task(&header, target); 780 return sve_size_from_header(&header); 781 } 782 783 static int sve_get(struct task_struct *target, 784 const struct user_regset *regset, 785 unsigned int pos, unsigned int count, 786 void *kbuf, void __user *ubuf) 787 { 788 int ret; 789 struct user_sve_header header; 790 unsigned int vq; 791 unsigned long start, end; 792 793 if (!system_supports_sve()) 794 return -EINVAL; 795 796 /* Header */ 797 sve_init_header_from_task(&header, target); 798 vq = sve_vq_from_vl(header.vl); 799 800 ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, &header, 801 0, sizeof(header)); 802 if (ret) 803 return ret; 804 805 if (target == current) 806 fpsimd_preserve_current_state(); 807 808 /* Registers: FPSIMD-only case */ 809 810 BUILD_BUG_ON(SVE_PT_FPSIMD_OFFSET != sizeof(header)); 811 if ((header.flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_FPSIMD) 812 return __fpr_get(target, regset, pos, count, kbuf, ubuf, 813 SVE_PT_FPSIMD_OFFSET); 814 815 /* Otherwise: full SVE case */ 816 817 BUILD_BUG_ON(SVE_PT_SVE_OFFSET != sizeof(header)); 818 start = SVE_PT_SVE_OFFSET; 819 end = SVE_PT_SVE_FFR_OFFSET(vq) + SVE_PT_SVE_FFR_SIZE(vq); 820 ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, 821 target->thread.sve_state, 822 start, end); 823 if (ret) 824 return ret; 825 826 start = end; 827 end = SVE_PT_SVE_FPSR_OFFSET(vq); 828 ret = user_regset_copyout_zero(&pos, &count, &kbuf, &ubuf, 829 start, end); 830 if (ret) 831 return ret; 832 833 /* 834 * Copy fpsr, and fpcr which must follow contiguously in 835 * struct fpsimd_state: 836 */ 837 start = end; 838 end = SVE_PT_SVE_FPCR_OFFSET(vq) + SVE_PT_SVE_FPCR_SIZE; 839 ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, 840 &target->thread.uw.fpsimd_state.fpsr, 841 start, end); 842 if (ret) 843 return ret; 844 845 start = end; 846 end = sve_size_from_header(&header); 847 return user_regset_copyout_zero(&pos, &count, &kbuf, &ubuf, 848 start, end); 849 } 850 851 static int sve_set(struct task_struct *target, 852 const struct user_regset *regset, 853 unsigned int pos, unsigned int count, 854 const void *kbuf, const void __user *ubuf) 855 { 856 int ret; 857 struct user_sve_header header; 858 unsigned int vq; 859 unsigned long start, end; 860 861 if (!system_supports_sve()) 862 return -EINVAL; 863 864 /* Header */ 865 if (count < sizeof(header)) 866 return -EINVAL; 867 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &header, 868 0, sizeof(header)); 869 if (ret) 870 goto out; 871 872 /* 873 * Apart from SVE_PT_REGS_MASK, all SVE_PT_* flags are consumed by 874 * sve_set_vector_length(), which will also validate them for us: 875 */ 876 ret = sve_set_vector_length(target, header.vl, 877 ((unsigned long)header.flags & ~SVE_PT_REGS_MASK) << 16); 878 if (ret) 879 goto out; 880 881 /* Actual VL set may be less than the user asked for: */ 882 vq = sve_vq_from_vl(target->thread.sve_vl); 883 884 /* Registers: FPSIMD-only case */ 885 886 BUILD_BUG_ON(SVE_PT_FPSIMD_OFFSET != sizeof(header)); 887 if ((header.flags & SVE_PT_REGS_MASK) == SVE_PT_REGS_FPSIMD) { 888 ret = __fpr_set(target, regset, pos, count, kbuf, ubuf, 889 SVE_PT_FPSIMD_OFFSET); 890 clear_tsk_thread_flag(target, TIF_SVE); 891 goto out; 892 } 893 894 /* Otherwise: full SVE case */ 895 896 /* 897 * If setting a different VL from the requested VL and there is 898 * register data, the data layout will be wrong: don't even 899 * try to set the registers in this case. 900 */ 901 if (count && vq != sve_vq_from_vl(header.vl)) { 902 ret = -EIO; 903 goto out; 904 } 905 906 sve_alloc(target); 907 908 /* 909 * Ensure target->thread.sve_state is up to date with target's 910 * FPSIMD regs, so that a short copyin leaves trailing registers 911 * unmodified. 912 */ 913 fpsimd_sync_to_sve(target); 914 set_tsk_thread_flag(target, TIF_SVE); 915 916 BUILD_BUG_ON(SVE_PT_SVE_OFFSET != sizeof(header)); 917 start = SVE_PT_SVE_OFFSET; 918 end = SVE_PT_SVE_FFR_OFFSET(vq) + SVE_PT_SVE_FFR_SIZE(vq); 919 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, 920 target->thread.sve_state, 921 start, end); 922 if (ret) 923 goto out; 924 925 start = end; 926 end = SVE_PT_SVE_FPSR_OFFSET(vq); 927 ret = user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf, 928 start, end); 929 if (ret) 930 goto out; 931 932 /* 933 * Copy fpsr, and fpcr which must follow contiguously in 934 * struct fpsimd_state: 935 */ 936 start = end; 937 end = SVE_PT_SVE_FPCR_OFFSET(vq) + SVE_PT_SVE_FPCR_SIZE; 938 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, 939 &target->thread.uw.fpsimd_state.fpsr, 940 start, end); 941 942 out: 943 fpsimd_flush_task_state(target); 944 return ret; 945 } 946 947 #endif /* CONFIG_ARM64_SVE */ 948 949 #ifdef CONFIG_ARM64_PTR_AUTH 950 static int pac_mask_get(struct task_struct *target, 951 const struct user_regset *regset, 952 unsigned int pos, unsigned int count, 953 void *kbuf, void __user *ubuf) 954 { 955 /* 956 * The PAC bits can differ across data and instruction pointers 957 * depending on TCR_EL1.TBID*, which we may make use of in future, so 958 * we expose separate masks. 959 */ 960 unsigned long mask = ptrauth_user_pac_mask(); 961 struct user_pac_mask uregs = { 962 .data_mask = mask, 963 .insn_mask = mask, 964 }; 965 966 if (!system_supports_address_auth()) 967 return -EINVAL; 968 969 return user_regset_copyout(&pos, &count, &kbuf, &ubuf, &uregs, 0, -1); 970 } 971 972 #ifdef CONFIG_CHECKPOINT_RESTORE 973 static __uint128_t pac_key_to_user(const struct ptrauth_key *key) 974 { 975 return (__uint128_t)key->hi << 64 | key->lo; 976 } 977 978 static struct ptrauth_key pac_key_from_user(__uint128_t ukey) 979 { 980 struct ptrauth_key key = { 981 .lo = (unsigned long)ukey, 982 .hi = (unsigned long)(ukey >> 64), 983 }; 984 985 return key; 986 } 987 988 static void pac_address_keys_to_user(struct user_pac_address_keys *ukeys, 989 const struct ptrauth_keys *keys) 990 { 991 ukeys->apiakey = pac_key_to_user(&keys->apia); 992 ukeys->apibkey = pac_key_to_user(&keys->apib); 993 ukeys->apdakey = pac_key_to_user(&keys->apda); 994 ukeys->apdbkey = pac_key_to_user(&keys->apdb); 995 } 996 997 static void pac_address_keys_from_user(struct ptrauth_keys *keys, 998 const struct user_pac_address_keys *ukeys) 999 { 1000 keys->apia = pac_key_from_user(ukeys->apiakey); 1001 keys->apib = pac_key_from_user(ukeys->apibkey); 1002 keys->apda = pac_key_from_user(ukeys->apdakey); 1003 keys->apdb = pac_key_from_user(ukeys->apdbkey); 1004 } 1005 1006 static int pac_address_keys_get(struct task_struct *target, 1007 const struct user_regset *regset, 1008 unsigned int pos, unsigned int count, 1009 void *kbuf, void __user *ubuf) 1010 { 1011 struct ptrauth_keys *keys = &target->thread.keys_user; 1012 struct user_pac_address_keys user_keys; 1013 1014 if (!system_supports_address_auth()) 1015 return -EINVAL; 1016 1017 pac_address_keys_to_user(&user_keys, keys); 1018 1019 return user_regset_copyout(&pos, &count, &kbuf, &ubuf, 1020 &user_keys, 0, -1); 1021 } 1022 1023 static int pac_address_keys_set(struct task_struct *target, 1024 const struct user_regset *regset, 1025 unsigned int pos, unsigned int count, 1026 const void *kbuf, const void __user *ubuf) 1027 { 1028 struct ptrauth_keys *keys = &target->thread.keys_user; 1029 struct user_pac_address_keys user_keys; 1030 int ret; 1031 1032 if (!system_supports_address_auth()) 1033 return -EINVAL; 1034 1035 pac_address_keys_to_user(&user_keys, keys); 1036 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, 1037 &user_keys, 0, -1); 1038 if (ret) 1039 return ret; 1040 pac_address_keys_from_user(keys, &user_keys); 1041 1042 return 0; 1043 } 1044 1045 static void pac_generic_keys_to_user(struct user_pac_generic_keys *ukeys, 1046 const struct ptrauth_keys *keys) 1047 { 1048 ukeys->apgakey = pac_key_to_user(&keys->apga); 1049 } 1050 1051 static void pac_generic_keys_from_user(struct ptrauth_keys *keys, 1052 const struct user_pac_generic_keys *ukeys) 1053 { 1054 keys->apga = pac_key_from_user(ukeys->apgakey); 1055 } 1056 1057 static int pac_generic_keys_get(struct task_struct *target, 1058 const struct user_regset *regset, 1059 unsigned int pos, unsigned int count, 1060 void *kbuf, void __user *ubuf) 1061 { 1062 struct ptrauth_keys *keys = &target->thread.keys_user; 1063 struct user_pac_generic_keys user_keys; 1064 1065 if (!system_supports_generic_auth()) 1066 return -EINVAL; 1067 1068 pac_generic_keys_to_user(&user_keys, keys); 1069 1070 return user_regset_copyout(&pos, &count, &kbuf, &ubuf, 1071 &user_keys, 0, -1); 1072 } 1073 1074 static int pac_generic_keys_set(struct task_struct *target, 1075 const struct user_regset *regset, 1076 unsigned int pos, unsigned int count, 1077 const void *kbuf, const void __user *ubuf) 1078 { 1079 struct ptrauth_keys *keys = &target->thread.keys_user; 1080 struct user_pac_generic_keys user_keys; 1081 int ret; 1082 1083 if (!system_supports_generic_auth()) 1084 return -EINVAL; 1085 1086 pac_generic_keys_to_user(&user_keys, keys); 1087 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, 1088 &user_keys, 0, -1); 1089 if (ret) 1090 return ret; 1091 pac_generic_keys_from_user(keys, &user_keys); 1092 1093 return 0; 1094 } 1095 #endif /* CONFIG_CHECKPOINT_RESTORE */ 1096 #endif /* CONFIG_ARM64_PTR_AUTH */ 1097 1098 enum aarch64_regset { 1099 REGSET_GPR, 1100 REGSET_FPR, 1101 REGSET_TLS, 1102 #ifdef CONFIG_HAVE_HW_BREAKPOINT 1103 REGSET_HW_BREAK, 1104 REGSET_HW_WATCH, 1105 #endif 1106 REGSET_SYSTEM_CALL, 1107 #ifdef CONFIG_ARM64_SVE 1108 REGSET_SVE, 1109 #endif 1110 #ifdef CONFIG_ARM64_PTR_AUTH 1111 REGSET_PAC_MASK, 1112 #ifdef CONFIG_CHECKPOINT_RESTORE 1113 REGSET_PACA_KEYS, 1114 REGSET_PACG_KEYS, 1115 #endif 1116 #endif 1117 }; 1118 1119 static const struct user_regset aarch64_regsets[] = { 1120 [REGSET_GPR] = { 1121 .core_note_type = NT_PRSTATUS, 1122 .n = sizeof(struct user_pt_regs) / sizeof(u64), 1123 .size = sizeof(u64), 1124 .align = sizeof(u64), 1125 .get = gpr_get, 1126 .set = gpr_set 1127 }, 1128 [REGSET_FPR] = { 1129 .core_note_type = NT_PRFPREG, 1130 .n = sizeof(struct user_fpsimd_state) / sizeof(u32), 1131 /* 1132 * We pretend we have 32-bit registers because the fpsr and 1133 * fpcr are 32-bits wide. 1134 */ 1135 .size = sizeof(u32), 1136 .align = sizeof(u32), 1137 .get = fpr_get, 1138 .set = fpr_set 1139 }, 1140 [REGSET_TLS] = { 1141 .core_note_type = NT_ARM_TLS, 1142 .n = 1, 1143 .size = sizeof(void *), 1144 .align = sizeof(void *), 1145 .get = tls_get, 1146 .set = tls_set, 1147 }, 1148 #ifdef CONFIG_HAVE_HW_BREAKPOINT 1149 [REGSET_HW_BREAK] = { 1150 .core_note_type = NT_ARM_HW_BREAK, 1151 .n = sizeof(struct user_hwdebug_state) / sizeof(u32), 1152 .size = sizeof(u32), 1153 .align = sizeof(u32), 1154 .get = hw_break_get, 1155 .set = hw_break_set, 1156 }, 1157 [REGSET_HW_WATCH] = { 1158 .core_note_type = NT_ARM_HW_WATCH, 1159 .n = sizeof(struct user_hwdebug_state) / sizeof(u32), 1160 .size = sizeof(u32), 1161 .align = sizeof(u32), 1162 .get = hw_break_get, 1163 .set = hw_break_set, 1164 }, 1165 #endif 1166 [REGSET_SYSTEM_CALL] = { 1167 .core_note_type = NT_ARM_SYSTEM_CALL, 1168 .n = 1, 1169 .size = sizeof(int), 1170 .align = sizeof(int), 1171 .get = system_call_get, 1172 .set = system_call_set, 1173 }, 1174 #ifdef CONFIG_ARM64_SVE 1175 [REGSET_SVE] = { /* Scalable Vector Extension */ 1176 .core_note_type = NT_ARM_SVE, 1177 .n = DIV_ROUND_UP(SVE_PT_SIZE(SVE_VQ_MAX, SVE_PT_REGS_SVE), 1178 SVE_VQ_BYTES), 1179 .size = SVE_VQ_BYTES, 1180 .align = SVE_VQ_BYTES, 1181 .get = sve_get, 1182 .set = sve_set, 1183 .get_size = sve_get_size, 1184 }, 1185 #endif 1186 #ifdef CONFIG_ARM64_PTR_AUTH 1187 [REGSET_PAC_MASK] = { 1188 .core_note_type = NT_ARM_PAC_MASK, 1189 .n = sizeof(struct user_pac_mask) / sizeof(u64), 1190 .size = sizeof(u64), 1191 .align = sizeof(u64), 1192 .get = pac_mask_get, 1193 /* this cannot be set dynamically */ 1194 }, 1195 #ifdef CONFIG_CHECKPOINT_RESTORE 1196 [REGSET_PACA_KEYS] = { 1197 .core_note_type = NT_ARM_PACA_KEYS, 1198 .n = sizeof(struct user_pac_address_keys) / sizeof(__uint128_t), 1199 .size = sizeof(__uint128_t), 1200 .align = sizeof(__uint128_t), 1201 .get = pac_address_keys_get, 1202 .set = pac_address_keys_set, 1203 }, 1204 [REGSET_PACG_KEYS] = { 1205 .core_note_type = NT_ARM_PACG_KEYS, 1206 .n = sizeof(struct user_pac_generic_keys) / sizeof(__uint128_t), 1207 .size = sizeof(__uint128_t), 1208 .align = sizeof(__uint128_t), 1209 .get = pac_generic_keys_get, 1210 .set = pac_generic_keys_set, 1211 }, 1212 #endif 1213 #endif 1214 }; 1215 1216 static const struct user_regset_view user_aarch64_view = { 1217 .name = "aarch64", .e_machine = EM_AARCH64, 1218 .regsets = aarch64_regsets, .n = ARRAY_SIZE(aarch64_regsets) 1219 }; 1220 1221 #ifdef CONFIG_COMPAT 1222 enum compat_regset { 1223 REGSET_COMPAT_GPR, 1224 REGSET_COMPAT_VFP, 1225 }; 1226 1227 static int compat_gpr_get(struct task_struct *target, 1228 const struct user_regset *regset, 1229 unsigned int pos, unsigned int count, 1230 void *kbuf, void __user *ubuf) 1231 { 1232 int ret = 0; 1233 unsigned int i, start, num_regs; 1234 1235 /* Calculate the number of AArch32 registers contained in count */ 1236 num_regs = count / regset->size; 1237 1238 /* Convert pos into an register number */ 1239 start = pos / regset->size; 1240 1241 if (start + num_regs > regset->n) 1242 return -EIO; 1243 1244 for (i = 0; i < num_regs; ++i) { 1245 unsigned int idx = start + i; 1246 compat_ulong_t reg; 1247 1248 switch (idx) { 1249 case 15: 1250 reg = task_pt_regs(target)->pc; 1251 break; 1252 case 16: 1253 reg = task_pt_regs(target)->pstate; 1254 reg = pstate_to_compat_psr(reg); 1255 break; 1256 case 17: 1257 reg = task_pt_regs(target)->orig_x0; 1258 break; 1259 default: 1260 reg = task_pt_regs(target)->regs[idx]; 1261 } 1262 1263 if (kbuf) { 1264 memcpy(kbuf, ®, sizeof(reg)); 1265 kbuf += sizeof(reg); 1266 } else { 1267 ret = copy_to_user(ubuf, ®, sizeof(reg)); 1268 if (ret) { 1269 ret = -EFAULT; 1270 break; 1271 } 1272 1273 ubuf += sizeof(reg); 1274 } 1275 } 1276 1277 return ret; 1278 } 1279 1280 static int compat_gpr_set(struct task_struct *target, 1281 const struct user_regset *regset, 1282 unsigned int pos, unsigned int count, 1283 const void *kbuf, const void __user *ubuf) 1284 { 1285 struct pt_regs newregs; 1286 int ret = 0; 1287 unsigned int i, start, num_regs; 1288 1289 /* Calculate the number of AArch32 registers contained in count */ 1290 num_regs = count / regset->size; 1291 1292 /* Convert pos into an register number */ 1293 start = pos / regset->size; 1294 1295 if (start + num_regs > regset->n) 1296 return -EIO; 1297 1298 newregs = *task_pt_regs(target); 1299 1300 for (i = 0; i < num_regs; ++i) { 1301 unsigned int idx = start + i; 1302 compat_ulong_t reg; 1303 1304 if (kbuf) { 1305 memcpy(®, kbuf, sizeof(reg)); 1306 kbuf += sizeof(reg); 1307 } else { 1308 ret = copy_from_user(®, ubuf, sizeof(reg)); 1309 if (ret) { 1310 ret = -EFAULT; 1311 break; 1312 } 1313 1314 ubuf += sizeof(reg); 1315 } 1316 1317 switch (idx) { 1318 case 15: 1319 newregs.pc = reg; 1320 break; 1321 case 16: 1322 reg = compat_psr_to_pstate(reg); 1323 newregs.pstate = reg; 1324 break; 1325 case 17: 1326 newregs.orig_x0 = reg; 1327 break; 1328 default: 1329 newregs.regs[idx] = reg; 1330 } 1331 1332 } 1333 1334 if (valid_user_regs(&newregs.user_regs, target)) 1335 *task_pt_regs(target) = newregs; 1336 else 1337 ret = -EINVAL; 1338 1339 return ret; 1340 } 1341 1342 static int compat_vfp_get(struct task_struct *target, 1343 const struct user_regset *regset, 1344 unsigned int pos, unsigned int count, 1345 void *kbuf, void __user *ubuf) 1346 { 1347 struct user_fpsimd_state *uregs; 1348 compat_ulong_t fpscr; 1349 int ret, vregs_end_pos; 1350 1351 uregs = &target->thread.uw.fpsimd_state; 1352 1353 if (target == current) 1354 fpsimd_preserve_current_state(); 1355 1356 /* 1357 * The VFP registers are packed into the fpsimd_state, so they all sit 1358 * nicely together for us. We just need to create the fpscr separately. 1359 */ 1360 vregs_end_pos = VFP_STATE_SIZE - sizeof(compat_ulong_t); 1361 ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, uregs, 1362 0, vregs_end_pos); 1363 1364 if (count && !ret) { 1365 fpscr = (uregs->fpsr & VFP_FPSCR_STAT_MASK) | 1366 (uregs->fpcr & VFP_FPSCR_CTRL_MASK); 1367 1368 ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, &fpscr, 1369 vregs_end_pos, VFP_STATE_SIZE); 1370 } 1371 1372 return ret; 1373 } 1374 1375 static int compat_vfp_set(struct task_struct *target, 1376 const struct user_regset *regset, 1377 unsigned int pos, unsigned int count, 1378 const void *kbuf, const void __user *ubuf) 1379 { 1380 struct user_fpsimd_state *uregs; 1381 compat_ulong_t fpscr; 1382 int ret, vregs_end_pos; 1383 1384 uregs = &target->thread.uw.fpsimd_state; 1385 1386 vregs_end_pos = VFP_STATE_SIZE - sizeof(compat_ulong_t); 1387 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, uregs, 0, 1388 vregs_end_pos); 1389 1390 if (count && !ret) { 1391 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &fpscr, 1392 vregs_end_pos, VFP_STATE_SIZE); 1393 if (!ret) { 1394 uregs->fpsr = fpscr & VFP_FPSCR_STAT_MASK; 1395 uregs->fpcr = fpscr & VFP_FPSCR_CTRL_MASK; 1396 } 1397 } 1398 1399 fpsimd_flush_task_state(target); 1400 return ret; 1401 } 1402 1403 static int compat_tls_get(struct task_struct *target, 1404 const struct user_regset *regset, unsigned int pos, 1405 unsigned int count, void *kbuf, void __user *ubuf) 1406 { 1407 compat_ulong_t tls = (compat_ulong_t)target->thread.uw.tp_value; 1408 return user_regset_copyout(&pos, &count, &kbuf, &ubuf, &tls, 0, -1); 1409 } 1410 1411 static int compat_tls_set(struct task_struct *target, 1412 const struct user_regset *regset, unsigned int pos, 1413 unsigned int count, const void *kbuf, 1414 const void __user *ubuf) 1415 { 1416 int ret; 1417 compat_ulong_t tls = target->thread.uw.tp_value; 1418 1419 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &tls, 0, -1); 1420 if (ret) 1421 return ret; 1422 1423 target->thread.uw.tp_value = tls; 1424 return ret; 1425 } 1426 1427 static const struct user_regset aarch32_regsets[] = { 1428 [REGSET_COMPAT_GPR] = { 1429 .core_note_type = NT_PRSTATUS, 1430 .n = COMPAT_ELF_NGREG, 1431 .size = sizeof(compat_elf_greg_t), 1432 .align = sizeof(compat_elf_greg_t), 1433 .get = compat_gpr_get, 1434 .set = compat_gpr_set 1435 }, 1436 [REGSET_COMPAT_VFP] = { 1437 .core_note_type = NT_ARM_VFP, 1438 .n = VFP_STATE_SIZE / sizeof(compat_ulong_t), 1439 .size = sizeof(compat_ulong_t), 1440 .align = sizeof(compat_ulong_t), 1441 .get = compat_vfp_get, 1442 .set = compat_vfp_set 1443 }, 1444 }; 1445 1446 static const struct user_regset_view user_aarch32_view = { 1447 .name = "aarch32", .e_machine = EM_ARM, 1448 .regsets = aarch32_regsets, .n = ARRAY_SIZE(aarch32_regsets) 1449 }; 1450 1451 static const struct user_regset aarch32_ptrace_regsets[] = { 1452 [REGSET_GPR] = { 1453 .core_note_type = NT_PRSTATUS, 1454 .n = COMPAT_ELF_NGREG, 1455 .size = sizeof(compat_elf_greg_t), 1456 .align = sizeof(compat_elf_greg_t), 1457 .get = compat_gpr_get, 1458 .set = compat_gpr_set 1459 }, 1460 [REGSET_FPR] = { 1461 .core_note_type = NT_ARM_VFP, 1462 .n = VFP_STATE_SIZE / sizeof(compat_ulong_t), 1463 .size = sizeof(compat_ulong_t), 1464 .align = sizeof(compat_ulong_t), 1465 .get = compat_vfp_get, 1466 .set = compat_vfp_set 1467 }, 1468 [REGSET_TLS] = { 1469 .core_note_type = NT_ARM_TLS, 1470 .n = 1, 1471 .size = sizeof(compat_ulong_t), 1472 .align = sizeof(compat_ulong_t), 1473 .get = compat_tls_get, 1474 .set = compat_tls_set, 1475 }, 1476 #ifdef CONFIG_HAVE_HW_BREAKPOINT 1477 [REGSET_HW_BREAK] = { 1478 .core_note_type = NT_ARM_HW_BREAK, 1479 .n = sizeof(struct user_hwdebug_state) / sizeof(u32), 1480 .size = sizeof(u32), 1481 .align = sizeof(u32), 1482 .get = hw_break_get, 1483 .set = hw_break_set, 1484 }, 1485 [REGSET_HW_WATCH] = { 1486 .core_note_type = NT_ARM_HW_WATCH, 1487 .n = sizeof(struct user_hwdebug_state) / sizeof(u32), 1488 .size = sizeof(u32), 1489 .align = sizeof(u32), 1490 .get = hw_break_get, 1491 .set = hw_break_set, 1492 }, 1493 #endif 1494 [REGSET_SYSTEM_CALL] = { 1495 .core_note_type = NT_ARM_SYSTEM_CALL, 1496 .n = 1, 1497 .size = sizeof(int), 1498 .align = sizeof(int), 1499 .get = system_call_get, 1500 .set = system_call_set, 1501 }, 1502 }; 1503 1504 static const struct user_regset_view user_aarch32_ptrace_view = { 1505 .name = "aarch32", .e_machine = EM_ARM, 1506 .regsets = aarch32_ptrace_regsets, .n = ARRAY_SIZE(aarch32_ptrace_regsets) 1507 }; 1508 1509 static int compat_ptrace_read_user(struct task_struct *tsk, compat_ulong_t off, 1510 compat_ulong_t __user *ret) 1511 { 1512 compat_ulong_t tmp; 1513 1514 if (off & 3) 1515 return -EIO; 1516 1517 if (off == COMPAT_PT_TEXT_ADDR) 1518 tmp = tsk->mm->start_code; 1519 else if (off == COMPAT_PT_DATA_ADDR) 1520 tmp = tsk->mm->start_data; 1521 else if (off == COMPAT_PT_TEXT_END_ADDR) 1522 tmp = tsk->mm->end_code; 1523 else if (off < sizeof(compat_elf_gregset_t)) 1524 return copy_regset_to_user(tsk, &user_aarch32_view, 1525 REGSET_COMPAT_GPR, off, 1526 sizeof(compat_ulong_t), ret); 1527 else if (off >= COMPAT_USER_SZ) 1528 return -EIO; 1529 else 1530 tmp = 0; 1531 1532 return put_user(tmp, ret); 1533 } 1534 1535 static int compat_ptrace_write_user(struct task_struct *tsk, compat_ulong_t off, 1536 compat_ulong_t val) 1537 { 1538 int ret; 1539 mm_segment_t old_fs = get_fs(); 1540 1541 if (off & 3 || off >= COMPAT_USER_SZ) 1542 return -EIO; 1543 1544 if (off >= sizeof(compat_elf_gregset_t)) 1545 return 0; 1546 1547 set_fs(KERNEL_DS); 1548 ret = copy_regset_from_user(tsk, &user_aarch32_view, 1549 REGSET_COMPAT_GPR, off, 1550 sizeof(compat_ulong_t), 1551 &val); 1552 set_fs(old_fs); 1553 1554 return ret; 1555 } 1556 1557 #ifdef CONFIG_HAVE_HW_BREAKPOINT 1558 1559 /* 1560 * Convert a virtual register number into an index for a thread_info 1561 * breakpoint array. Breakpoints are identified using positive numbers 1562 * whilst watchpoints are negative. The registers are laid out as pairs 1563 * of (address, control), each pair mapping to a unique hw_breakpoint struct. 1564 * Register 0 is reserved for describing resource information. 1565 */ 1566 static int compat_ptrace_hbp_num_to_idx(compat_long_t num) 1567 { 1568 return (abs(num) - 1) >> 1; 1569 } 1570 1571 static int compat_ptrace_hbp_get_resource_info(u32 *kdata) 1572 { 1573 u8 num_brps, num_wrps, debug_arch, wp_len; 1574 u32 reg = 0; 1575 1576 num_brps = hw_breakpoint_slots(TYPE_INST); 1577 num_wrps = hw_breakpoint_slots(TYPE_DATA); 1578 1579 debug_arch = debug_monitors_arch(); 1580 wp_len = 8; 1581 reg |= debug_arch; 1582 reg <<= 8; 1583 reg |= wp_len; 1584 reg <<= 8; 1585 reg |= num_wrps; 1586 reg <<= 8; 1587 reg |= num_brps; 1588 1589 *kdata = reg; 1590 return 0; 1591 } 1592 1593 static int compat_ptrace_hbp_get(unsigned int note_type, 1594 struct task_struct *tsk, 1595 compat_long_t num, 1596 u32 *kdata) 1597 { 1598 u64 addr = 0; 1599 u32 ctrl = 0; 1600 1601 int err, idx = compat_ptrace_hbp_num_to_idx(num); 1602 1603 if (num & 1) { 1604 err = ptrace_hbp_get_addr(note_type, tsk, idx, &addr); 1605 *kdata = (u32)addr; 1606 } else { 1607 err = ptrace_hbp_get_ctrl(note_type, tsk, idx, &ctrl); 1608 *kdata = ctrl; 1609 } 1610 1611 return err; 1612 } 1613 1614 static int compat_ptrace_hbp_set(unsigned int note_type, 1615 struct task_struct *tsk, 1616 compat_long_t num, 1617 u32 *kdata) 1618 { 1619 u64 addr; 1620 u32 ctrl; 1621 1622 int err, idx = compat_ptrace_hbp_num_to_idx(num); 1623 1624 if (num & 1) { 1625 addr = *kdata; 1626 err = ptrace_hbp_set_addr(note_type, tsk, idx, addr); 1627 } else { 1628 ctrl = *kdata; 1629 err = ptrace_hbp_set_ctrl(note_type, tsk, idx, ctrl); 1630 } 1631 1632 return err; 1633 } 1634 1635 static int compat_ptrace_gethbpregs(struct task_struct *tsk, compat_long_t num, 1636 compat_ulong_t __user *data) 1637 { 1638 int ret; 1639 u32 kdata; 1640 1641 /* Watchpoint */ 1642 if (num < 0) { 1643 ret = compat_ptrace_hbp_get(NT_ARM_HW_WATCH, tsk, num, &kdata); 1644 /* Resource info */ 1645 } else if (num == 0) { 1646 ret = compat_ptrace_hbp_get_resource_info(&kdata); 1647 /* Breakpoint */ 1648 } else { 1649 ret = compat_ptrace_hbp_get(NT_ARM_HW_BREAK, tsk, num, &kdata); 1650 } 1651 1652 if (!ret) 1653 ret = put_user(kdata, data); 1654 1655 return ret; 1656 } 1657 1658 static int compat_ptrace_sethbpregs(struct task_struct *tsk, compat_long_t num, 1659 compat_ulong_t __user *data) 1660 { 1661 int ret; 1662 u32 kdata = 0; 1663 1664 if (num == 0) 1665 return 0; 1666 1667 ret = get_user(kdata, data); 1668 if (ret) 1669 return ret; 1670 1671 if (num < 0) 1672 ret = compat_ptrace_hbp_set(NT_ARM_HW_WATCH, tsk, num, &kdata); 1673 else 1674 ret = compat_ptrace_hbp_set(NT_ARM_HW_BREAK, tsk, num, &kdata); 1675 1676 return ret; 1677 } 1678 #endif /* CONFIG_HAVE_HW_BREAKPOINT */ 1679 1680 long compat_arch_ptrace(struct task_struct *child, compat_long_t request, 1681 compat_ulong_t caddr, compat_ulong_t cdata) 1682 { 1683 unsigned long addr = caddr; 1684 unsigned long data = cdata; 1685 void __user *datap = compat_ptr(data); 1686 int ret; 1687 1688 switch (request) { 1689 case PTRACE_PEEKUSR: 1690 ret = compat_ptrace_read_user(child, addr, datap); 1691 break; 1692 1693 case PTRACE_POKEUSR: 1694 ret = compat_ptrace_write_user(child, addr, data); 1695 break; 1696 1697 case COMPAT_PTRACE_GETREGS: 1698 ret = copy_regset_to_user(child, 1699 &user_aarch32_view, 1700 REGSET_COMPAT_GPR, 1701 0, sizeof(compat_elf_gregset_t), 1702 datap); 1703 break; 1704 1705 case COMPAT_PTRACE_SETREGS: 1706 ret = copy_regset_from_user(child, 1707 &user_aarch32_view, 1708 REGSET_COMPAT_GPR, 1709 0, sizeof(compat_elf_gregset_t), 1710 datap); 1711 break; 1712 1713 case COMPAT_PTRACE_GET_THREAD_AREA: 1714 ret = put_user((compat_ulong_t)child->thread.uw.tp_value, 1715 (compat_ulong_t __user *)datap); 1716 break; 1717 1718 case COMPAT_PTRACE_SET_SYSCALL: 1719 task_pt_regs(child)->syscallno = data; 1720 ret = 0; 1721 break; 1722 1723 case COMPAT_PTRACE_GETVFPREGS: 1724 ret = copy_regset_to_user(child, 1725 &user_aarch32_view, 1726 REGSET_COMPAT_VFP, 1727 0, VFP_STATE_SIZE, 1728 datap); 1729 break; 1730 1731 case COMPAT_PTRACE_SETVFPREGS: 1732 ret = copy_regset_from_user(child, 1733 &user_aarch32_view, 1734 REGSET_COMPAT_VFP, 1735 0, VFP_STATE_SIZE, 1736 datap); 1737 break; 1738 1739 #ifdef CONFIG_HAVE_HW_BREAKPOINT 1740 case COMPAT_PTRACE_GETHBPREGS: 1741 ret = compat_ptrace_gethbpregs(child, addr, datap); 1742 break; 1743 1744 case COMPAT_PTRACE_SETHBPREGS: 1745 ret = compat_ptrace_sethbpregs(child, addr, datap); 1746 break; 1747 #endif 1748 1749 default: 1750 ret = compat_ptrace_request(child, request, addr, 1751 data); 1752 break; 1753 } 1754 1755 return ret; 1756 } 1757 #endif /* CONFIG_COMPAT */ 1758 1759 const struct user_regset_view *task_user_regset_view(struct task_struct *task) 1760 { 1761 #ifdef CONFIG_COMPAT 1762 /* 1763 * Core dumping of 32-bit tasks or compat ptrace requests must use the 1764 * user_aarch32_view compatible with arm32. Native ptrace requests on 1765 * 32-bit children use an extended user_aarch32_ptrace_view to allow 1766 * access to the TLS register. 1767 */ 1768 if (is_compat_task()) 1769 return &user_aarch32_view; 1770 else if (is_compat_thread(task_thread_info(task))) 1771 return &user_aarch32_ptrace_view; 1772 #endif 1773 return &user_aarch64_view; 1774 } 1775 1776 long arch_ptrace(struct task_struct *child, long request, 1777 unsigned long addr, unsigned long data) 1778 { 1779 return ptrace_request(child, request, addr, data); 1780 } 1781 1782 enum ptrace_syscall_dir { 1783 PTRACE_SYSCALL_ENTER = 0, 1784 PTRACE_SYSCALL_EXIT, 1785 }; 1786 1787 static void tracehook_report_syscall(struct pt_regs *regs, 1788 enum ptrace_syscall_dir dir) 1789 { 1790 int regno; 1791 unsigned long saved_reg; 1792 1793 /* 1794 * A scratch register (ip(r12) on AArch32, x7 on AArch64) is 1795 * used to denote syscall entry/exit: 1796 */ 1797 regno = (is_compat_task() ? 12 : 7); 1798 saved_reg = regs->regs[regno]; 1799 regs->regs[regno] = dir; 1800 1801 if (dir == PTRACE_SYSCALL_EXIT) 1802 tracehook_report_syscall_exit(regs, 0); 1803 else if (tracehook_report_syscall_entry(regs)) 1804 forget_syscall(regs); 1805 1806 regs->regs[regno] = saved_reg; 1807 } 1808 1809 int syscall_trace_enter(struct pt_regs *regs) 1810 { 1811 if (test_thread_flag(TIF_SYSCALL_TRACE) || 1812 test_thread_flag(TIF_SYSCALL_EMU)) { 1813 tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER); 1814 if (!in_syscall(regs) || test_thread_flag(TIF_SYSCALL_EMU)) 1815 return -1; 1816 } 1817 1818 /* Do the secure computing after ptrace; failures should be fast. */ 1819 if (secure_computing(NULL) == -1) 1820 return -1; 1821 1822 if (test_thread_flag(TIF_SYSCALL_TRACEPOINT)) 1823 trace_sys_enter(regs, regs->syscallno); 1824 1825 audit_syscall_entry(regs->syscallno, regs->orig_x0, regs->regs[1], 1826 regs->regs[2], regs->regs[3]); 1827 1828 return regs->syscallno; 1829 } 1830 1831 void syscall_trace_exit(struct pt_regs *regs) 1832 { 1833 audit_syscall_exit(regs); 1834 1835 if (test_thread_flag(TIF_SYSCALL_TRACEPOINT)) 1836 trace_sys_exit(regs, regs_return_value(regs)); 1837 1838 if (test_thread_flag(TIF_SYSCALL_TRACE)) 1839 tracehook_report_syscall(regs, PTRACE_SYSCALL_EXIT); 1840 1841 rseq_syscall(regs); 1842 } 1843 1844 /* 1845 * SPSR_ELx bits which are always architecturally RES0 per ARM DDI 0487D.a. 1846 * We permit userspace to set SSBS (AArch64 bit 12, AArch32 bit 23) which is 1847 * not described in ARM DDI 0487D.a. 1848 * We treat PAN and UAO as RES0 bits, as they are meaningless at EL0, and may 1849 * be allocated an EL0 meaning in future. 1850 * Userspace cannot use these until they have an architectural meaning. 1851 * Note that this follows the SPSR_ELx format, not the AArch32 PSR format. 1852 * We also reserve IL for the kernel; SS is handled dynamically. 1853 */ 1854 #define SPSR_EL1_AARCH64_RES0_BITS \ 1855 (GENMASK_ULL(63, 32) | GENMASK_ULL(27, 25) | GENMASK_ULL(23, 22) | \ 1856 GENMASK_ULL(20, 13) | GENMASK_ULL(11, 10) | GENMASK_ULL(5, 5)) 1857 #define SPSR_EL1_AARCH32_RES0_BITS \ 1858 (GENMASK_ULL(63, 32) | GENMASK_ULL(22, 22) | GENMASK_ULL(20, 20)) 1859 1860 static int valid_compat_regs(struct user_pt_regs *regs) 1861 { 1862 regs->pstate &= ~SPSR_EL1_AARCH32_RES0_BITS; 1863 1864 if (!system_supports_mixed_endian_el0()) { 1865 if (IS_ENABLED(CONFIG_CPU_BIG_ENDIAN)) 1866 regs->pstate |= PSR_AA32_E_BIT; 1867 else 1868 regs->pstate &= ~PSR_AA32_E_BIT; 1869 } 1870 1871 if (user_mode(regs) && (regs->pstate & PSR_MODE32_BIT) && 1872 (regs->pstate & PSR_AA32_A_BIT) == 0 && 1873 (regs->pstate & PSR_AA32_I_BIT) == 0 && 1874 (regs->pstate & PSR_AA32_F_BIT) == 0) { 1875 return 1; 1876 } 1877 1878 /* 1879 * Force PSR to a valid 32-bit EL0t, preserving the same bits as 1880 * arch/arm. 1881 */ 1882 regs->pstate &= PSR_AA32_N_BIT | PSR_AA32_Z_BIT | 1883 PSR_AA32_C_BIT | PSR_AA32_V_BIT | 1884 PSR_AA32_Q_BIT | PSR_AA32_IT_MASK | 1885 PSR_AA32_GE_MASK | PSR_AA32_E_BIT | 1886 PSR_AA32_T_BIT; 1887 regs->pstate |= PSR_MODE32_BIT; 1888 1889 return 0; 1890 } 1891 1892 static int valid_native_regs(struct user_pt_regs *regs) 1893 { 1894 regs->pstate &= ~SPSR_EL1_AARCH64_RES0_BITS; 1895 1896 if (user_mode(regs) && !(regs->pstate & PSR_MODE32_BIT) && 1897 (regs->pstate & PSR_D_BIT) == 0 && 1898 (regs->pstate & PSR_A_BIT) == 0 && 1899 (regs->pstate & PSR_I_BIT) == 0 && 1900 (regs->pstate & PSR_F_BIT) == 0) { 1901 return 1; 1902 } 1903 1904 /* Force PSR to a valid 64-bit EL0t */ 1905 regs->pstate &= PSR_N_BIT | PSR_Z_BIT | PSR_C_BIT | PSR_V_BIT; 1906 1907 return 0; 1908 } 1909 1910 /* 1911 * Are the current registers suitable for user mode? (used to maintain 1912 * security in signal handlers) 1913 */ 1914 int valid_user_regs(struct user_pt_regs *regs, struct task_struct *task) 1915 { 1916 if (!test_tsk_thread_flag(task, TIF_SINGLESTEP)) 1917 regs->pstate &= ~DBG_SPSR_SS; 1918 1919 if (is_compat_thread(task_thread_info(task))) 1920 return valid_compat_regs(regs); 1921 else 1922 return valid_native_regs(regs); 1923 } 1924