1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Based on arch/arm/kernel/signal.c 4 * 5 * Copyright (C) 1995-2009 Russell King 6 * Copyright (C) 2012 ARM Ltd. 7 * Modified by Will Deacon <will.deacon@arm.com> 8 */ 9 10 #include <linux/compat.h> 11 #include <linux/signal.h> 12 #include <linux/syscalls.h> 13 #include <linux/ratelimit.h> 14 15 #include <asm/esr.h> 16 #include <asm/fpsimd.h> 17 #include <asm/signal32.h> 18 #include <asm/traps.h> 19 #include <linux/uaccess.h> 20 #include <asm/unistd.h> 21 #include <asm/vdso.h> 22 23 struct compat_vfp_sigframe { 24 compat_ulong_t magic; 25 compat_ulong_t size; 26 struct compat_user_vfp { 27 compat_u64 fpregs[32]; 28 compat_ulong_t fpscr; 29 } ufp; 30 struct compat_user_vfp_exc { 31 compat_ulong_t fpexc; 32 compat_ulong_t fpinst; 33 compat_ulong_t fpinst2; 34 } ufp_exc; 35 } __attribute__((__aligned__(8))); 36 37 #define VFP_MAGIC 0x56465001 38 #define VFP_STORAGE_SIZE sizeof(struct compat_vfp_sigframe) 39 40 #define FSR_WRITE_SHIFT (11) 41 42 struct compat_aux_sigframe { 43 struct compat_vfp_sigframe vfp; 44 45 /* Something that isn't a valid magic number for any coprocessor. */ 46 unsigned long end_magic; 47 } __attribute__((__aligned__(8))); 48 49 static inline int put_sigset_t(compat_sigset_t __user *uset, sigset_t *set) 50 { 51 compat_sigset_t cset; 52 53 cset.sig[0] = set->sig[0] & 0xffffffffull; 54 cset.sig[1] = set->sig[0] >> 32; 55 56 return copy_to_user(uset, &cset, sizeof(*uset)); 57 } 58 59 static inline int get_sigset_t(sigset_t *set, 60 const compat_sigset_t __user *uset) 61 { 62 compat_sigset_t s32; 63 64 if (copy_from_user(&s32, uset, sizeof(*uset))) 65 return -EFAULT; 66 67 set->sig[0] = s32.sig[0] | (((long)s32.sig[1]) << 32); 68 return 0; 69 } 70 71 /* 72 * VFP save/restore code. 73 * 74 * We have to be careful with endianness, since the fpsimd context-switch 75 * code operates on 128-bit (Q) register values whereas the compat ABI 76 * uses an array of 64-bit (D) registers. Consequently, we need to swap 77 * the two halves of each Q register when running on a big-endian CPU. 78 */ 79 union __fpsimd_vreg { 80 __uint128_t raw; 81 struct { 82 #ifdef __AARCH64EB__ 83 u64 hi; 84 u64 lo; 85 #else 86 u64 lo; 87 u64 hi; 88 #endif 89 }; 90 }; 91 92 static int compat_preserve_vfp_context(struct compat_vfp_sigframe __user *frame) 93 { 94 struct user_fpsimd_state const *fpsimd = 95 ¤t->thread.uw.fpsimd_state; 96 compat_ulong_t magic = VFP_MAGIC; 97 compat_ulong_t size = VFP_STORAGE_SIZE; 98 compat_ulong_t fpscr, fpexc; 99 int i, err = 0; 100 101 /* 102 * Save the hardware registers to the fpsimd_state structure. 103 * Note that this also saves V16-31, which aren't visible 104 * in AArch32. 105 */ 106 fpsimd_signal_preserve_current_state(); 107 108 /* Place structure header on the stack */ 109 __put_user_error(magic, &frame->magic, err); 110 __put_user_error(size, &frame->size, err); 111 112 /* 113 * Now copy the FP registers. Since the registers are packed, 114 * we can copy the prefix we want (V0-V15) as it is. 115 */ 116 for (i = 0; i < ARRAY_SIZE(frame->ufp.fpregs); i += 2) { 117 union __fpsimd_vreg vreg = { 118 .raw = fpsimd->vregs[i >> 1], 119 }; 120 121 __put_user_error(vreg.lo, &frame->ufp.fpregs[i], err); 122 __put_user_error(vreg.hi, &frame->ufp.fpregs[i + 1], err); 123 } 124 125 /* Create an AArch32 fpscr from the fpsr and the fpcr. */ 126 fpscr = (fpsimd->fpsr & VFP_FPSCR_STAT_MASK) | 127 (fpsimd->fpcr & VFP_FPSCR_CTRL_MASK); 128 __put_user_error(fpscr, &frame->ufp.fpscr, err); 129 130 /* 131 * The exception register aren't available so we fake up a 132 * basic FPEXC and zero everything else. 133 */ 134 fpexc = (1 << 30); 135 __put_user_error(fpexc, &frame->ufp_exc.fpexc, err); 136 __put_user_error(0, &frame->ufp_exc.fpinst, err); 137 __put_user_error(0, &frame->ufp_exc.fpinst2, err); 138 139 return err ? -EFAULT : 0; 140 } 141 142 static int compat_restore_vfp_context(struct compat_vfp_sigframe __user *frame) 143 { 144 struct user_fpsimd_state fpsimd; 145 compat_ulong_t magic = VFP_MAGIC; 146 compat_ulong_t size = VFP_STORAGE_SIZE; 147 compat_ulong_t fpscr; 148 int i, err = 0; 149 150 __get_user_error(magic, &frame->magic, err); 151 __get_user_error(size, &frame->size, err); 152 153 if (err) 154 return -EFAULT; 155 if (magic != VFP_MAGIC || size != VFP_STORAGE_SIZE) 156 return -EINVAL; 157 158 /* Copy the FP registers into the start of the fpsimd_state. */ 159 for (i = 0; i < ARRAY_SIZE(frame->ufp.fpregs); i += 2) { 160 union __fpsimd_vreg vreg; 161 162 __get_user_error(vreg.lo, &frame->ufp.fpregs[i], err); 163 __get_user_error(vreg.hi, &frame->ufp.fpregs[i + 1], err); 164 fpsimd.vregs[i >> 1] = vreg.raw; 165 } 166 167 /* Extract the fpsr and the fpcr from the fpscr */ 168 __get_user_error(fpscr, &frame->ufp.fpscr, err); 169 fpsimd.fpsr = fpscr & VFP_FPSCR_STAT_MASK; 170 fpsimd.fpcr = fpscr & VFP_FPSCR_CTRL_MASK; 171 172 /* 173 * We don't need to touch the exception register, so 174 * reload the hardware state. 175 */ 176 if (!err) 177 fpsimd_update_current_state(&fpsimd); 178 179 return err ? -EFAULT : 0; 180 } 181 182 static int compat_restore_sigframe(struct pt_regs *regs, 183 struct compat_sigframe __user *sf) 184 { 185 int err; 186 sigset_t set; 187 struct compat_aux_sigframe __user *aux; 188 unsigned long psr; 189 190 err = get_sigset_t(&set, &sf->uc.uc_sigmask); 191 if (err == 0) 192 set_current_blocked(&set); 193 194 __get_user_error(regs->regs[0], &sf->uc.uc_mcontext.arm_r0, err); 195 __get_user_error(regs->regs[1], &sf->uc.uc_mcontext.arm_r1, err); 196 __get_user_error(regs->regs[2], &sf->uc.uc_mcontext.arm_r2, err); 197 __get_user_error(regs->regs[3], &sf->uc.uc_mcontext.arm_r3, err); 198 __get_user_error(regs->regs[4], &sf->uc.uc_mcontext.arm_r4, err); 199 __get_user_error(regs->regs[5], &sf->uc.uc_mcontext.arm_r5, err); 200 __get_user_error(regs->regs[6], &sf->uc.uc_mcontext.arm_r6, err); 201 __get_user_error(regs->regs[7], &sf->uc.uc_mcontext.arm_r7, err); 202 __get_user_error(regs->regs[8], &sf->uc.uc_mcontext.arm_r8, err); 203 __get_user_error(regs->regs[9], &sf->uc.uc_mcontext.arm_r9, err); 204 __get_user_error(regs->regs[10], &sf->uc.uc_mcontext.arm_r10, err); 205 __get_user_error(regs->regs[11], &sf->uc.uc_mcontext.arm_fp, err); 206 __get_user_error(regs->regs[12], &sf->uc.uc_mcontext.arm_ip, err); 207 __get_user_error(regs->compat_sp, &sf->uc.uc_mcontext.arm_sp, err); 208 __get_user_error(regs->compat_lr, &sf->uc.uc_mcontext.arm_lr, err); 209 __get_user_error(regs->pc, &sf->uc.uc_mcontext.arm_pc, err); 210 __get_user_error(psr, &sf->uc.uc_mcontext.arm_cpsr, err); 211 212 regs->pstate = compat_psr_to_pstate(psr); 213 214 /* 215 * Avoid compat_sys_sigreturn() restarting. 216 */ 217 forget_syscall(regs); 218 219 err |= !valid_user_regs(®s->user_regs, current); 220 221 aux = (struct compat_aux_sigframe __user *) sf->uc.uc_regspace; 222 if (err == 0 && system_supports_fpsimd()) 223 err |= compat_restore_vfp_context(&aux->vfp); 224 225 return err; 226 } 227 228 COMPAT_SYSCALL_DEFINE0(sigreturn) 229 { 230 struct pt_regs *regs = current_pt_regs(); 231 struct compat_sigframe __user *frame; 232 233 /* Always make any pending restarted system calls return -EINTR */ 234 current->restart_block.fn = do_no_restart_syscall; 235 236 /* 237 * Since we stacked the signal on a 64-bit boundary, 238 * then 'sp' should be word aligned here. If it's 239 * not, then the user is trying to mess with us. 240 */ 241 if (regs->compat_sp & 7) 242 goto badframe; 243 244 frame = (struct compat_sigframe __user *)regs->compat_sp; 245 246 if (!access_ok(frame, sizeof (*frame))) 247 goto badframe; 248 249 if (compat_restore_sigframe(regs, frame)) 250 goto badframe; 251 252 return regs->regs[0]; 253 254 badframe: 255 arm64_notify_segfault(regs->compat_sp); 256 return 0; 257 } 258 259 COMPAT_SYSCALL_DEFINE0(rt_sigreturn) 260 { 261 struct pt_regs *regs = current_pt_regs(); 262 struct compat_rt_sigframe __user *frame; 263 264 /* Always make any pending restarted system calls return -EINTR */ 265 current->restart_block.fn = do_no_restart_syscall; 266 267 /* 268 * Since we stacked the signal on a 64-bit boundary, 269 * then 'sp' should be word aligned here. If it's 270 * not, then the user is trying to mess with us. 271 */ 272 if (regs->compat_sp & 7) 273 goto badframe; 274 275 frame = (struct compat_rt_sigframe __user *)regs->compat_sp; 276 277 if (!access_ok(frame, sizeof (*frame))) 278 goto badframe; 279 280 if (compat_restore_sigframe(regs, &frame->sig)) 281 goto badframe; 282 283 if (compat_restore_altstack(&frame->sig.uc.uc_stack)) 284 goto badframe; 285 286 return regs->regs[0]; 287 288 badframe: 289 arm64_notify_segfault(regs->compat_sp); 290 return 0; 291 } 292 293 static void __user *compat_get_sigframe(struct ksignal *ksig, 294 struct pt_regs *regs, 295 int framesize) 296 { 297 compat_ulong_t sp = sigsp(regs->compat_sp, ksig); 298 void __user *frame; 299 300 /* 301 * ATPCS B01 mandates 8-byte alignment 302 */ 303 frame = compat_ptr((compat_uptr_t)((sp - framesize) & ~7)); 304 305 /* 306 * Check that we can actually write to the signal frame. 307 */ 308 if (!access_ok(frame, framesize)) 309 frame = NULL; 310 311 return frame; 312 } 313 314 static void compat_setup_return(struct pt_regs *regs, struct k_sigaction *ka, 315 compat_ulong_t __user *rc, void __user *frame, 316 int usig) 317 { 318 compat_ulong_t handler = ptr_to_compat(ka->sa.sa_handler); 319 compat_ulong_t retcode; 320 compat_ulong_t spsr = regs->pstate & ~(PSR_f | PSR_AA32_E_BIT); 321 int thumb; 322 323 /* Check if the handler is written for ARM or Thumb */ 324 thumb = handler & 1; 325 326 if (thumb) 327 spsr |= PSR_AA32_T_BIT; 328 else 329 spsr &= ~PSR_AA32_T_BIT; 330 331 /* The IT state must be cleared for both ARM and Thumb-2 */ 332 spsr &= ~PSR_AA32_IT_MASK; 333 334 /* Restore the original endianness */ 335 spsr |= PSR_AA32_ENDSTATE; 336 337 if (ka->sa.sa_flags & SA_RESTORER) { 338 retcode = ptr_to_compat(ka->sa.sa_restorer); 339 } else { 340 /* Set up sigreturn pointer */ 341 unsigned int idx = thumb << 1; 342 343 if (ka->sa.sa_flags & SA_SIGINFO) 344 idx += 3; 345 346 retcode = (unsigned long)current->mm->context.sigpage + 347 (idx << 2) + thumb; 348 } 349 350 regs->regs[0] = usig; 351 regs->compat_sp = ptr_to_compat(frame); 352 regs->compat_lr = retcode; 353 regs->pc = handler; 354 regs->pstate = spsr; 355 } 356 357 static int compat_setup_sigframe(struct compat_sigframe __user *sf, 358 struct pt_regs *regs, sigset_t *set) 359 { 360 struct compat_aux_sigframe __user *aux; 361 unsigned long psr = pstate_to_compat_psr(regs->pstate); 362 int err = 0; 363 364 __put_user_error(regs->regs[0], &sf->uc.uc_mcontext.arm_r0, err); 365 __put_user_error(regs->regs[1], &sf->uc.uc_mcontext.arm_r1, err); 366 __put_user_error(regs->regs[2], &sf->uc.uc_mcontext.arm_r2, err); 367 __put_user_error(regs->regs[3], &sf->uc.uc_mcontext.arm_r3, err); 368 __put_user_error(regs->regs[4], &sf->uc.uc_mcontext.arm_r4, err); 369 __put_user_error(regs->regs[5], &sf->uc.uc_mcontext.arm_r5, err); 370 __put_user_error(regs->regs[6], &sf->uc.uc_mcontext.arm_r6, err); 371 __put_user_error(regs->regs[7], &sf->uc.uc_mcontext.arm_r7, err); 372 __put_user_error(regs->regs[8], &sf->uc.uc_mcontext.arm_r8, err); 373 __put_user_error(regs->regs[9], &sf->uc.uc_mcontext.arm_r9, err); 374 __put_user_error(regs->regs[10], &sf->uc.uc_mcontext.arm_r10, err); 375 __put_user_error(regs->regs[11], &sf->uc.uc_mcontext.arm_fp, err); 376 __put_user_error(regs->regs[12], &sf->uc.uc_mcontext.arm_ip, err); 377 __put_user_error(regs->compat_sp, &sf->uc.uc_mcontext.arm_sp, err); 378 __put_user_error(regs->compat_lr, &sf->uc.uc_mcontext.arm_lr, err); 379 __put_user_error(regs->pc, &sf->uc.uc_mcontext.arm_pc, err); 380 __put_user_error(psr, &sf->uc.uc_mcontext.arm_cpsr, err); 381 382 __put_user_error((compat_ulong_t)0, &sf->uc.uc_mcontext.trap_no, err); 383 /* set the compat FSR WnR */ 384 __put_user_error(!!(current->thread.fault_code & ESR_ELx_WNR) << 385 FSR_WRITE_SHIFT, &sf->uc.uc_mcontext.error_code, err); 386 __put_user_error(current->thread.fault_address, &sf->uc.uc_mcontext.fault_address, err); 387 __put_user_error(set->sig[0], &sf->uc.uc_mcontext.oldmask, err); 388 389 err |= put_sigset_t(&sf->uc.uc_sigmask, set); 390 391 aux = (struct compat_aux_sigframe __user *) sf->uc.uc_regspace; 392 393 if (err == 0 && system_supports_fpsimd()) 394 err |= compat_preserve_vfp_context(&aux->vfp); 395 __put_user_error(0, &aux->end_magic, err); 396 397 return err; 398 } 399 400 /* 401 * 32-bit signal handling routines called from signal.c 402 */ 403 int compat_setup_rt_frame(int usig, struct ksignal *ksig, 404 sigset_t *set, struct pt_regs *regs) 405 { 406 struct compat_rt_sigframe __user *frame; 407 int err = 0; 408 409 frame = compat_get_sigframe(ksig, regs, sizeof(*frame)); 410 411 if (!frame) 412 return 1; 413 414 err |= copy_siginfo_to_user32(&frame->info, &ksig->info); 415 416 __put_user_error(0, &frame->sig.uc.uc_flags, err); 417 __put_user_error(0, &frame->sig.uc.uc_link, err); 418 419 err |= __compat_save_altstack(&frame->sig.uc.uc_stack, regs->compat_sp); 420 421 err |= compat_setup_sigframe(&frame->sig, regs, set); 422 423 if (err == 0) { 424 compat_setup_return(regs, &ksig->ka, frame->sig.retcode, frame, usig); 425 regs->regs[1] = (compat_ulong_t)(unsigned long)&frame->info; 426 regs->regs[2] = (compat_ulong_t)(unsigned long)&frame->sig.uc; 427 } 428 429 return err; 430 } 431 432 int compat_setup_frame(int usig, struct ksignal *ksig, sigset_t *set, 433 struct pt_regs *regs) 434 { 435 struct compat_sigframe __user *frame; 436 int err = 0; 437 438 frame = compat_get_sigframe(ksig, regs, sizeof(*frame)); 439 440 if (!frame) 441 return 1; 442 443 __put_user_error(0x5ac3c35a, &frame->uc.uc_flags, err); 444 445 err |= compat_setup_sigframe(frame, regs, set); 446 if (err == 0) 447 compat_setup_return(regs, &ksig->ka, frame->retcode, frame, usig); 448 449 return err; 450 } 451 452 void compat_setup_restart_syscall(struct pt_regs *regs) 453 { 454 regs->regs[7] = __NR_compat_restart_syscall; 455 } 456 457 /* 458 * Compile-time assertions for siginfo_t offsets. Check NSIG* as well, as 459 * changes likely come with new fields that should be added below. 460 */ 461 static_assert(NSIGILL == 11); 462 static_assert(NSIGFPE == 15); 463 static_assert(NSIGSEGV == 9); 464 static_assert(NSIGBUS == 5); 465 static_assert(NSIGTRAP == 6); 466 static_assert(NSIGCHLD == 6); 467 static_assert(NSIGSYS == 2); 468 static_assert(sizeof(compat_siginfo_t) == 128); 469 static_assert(__alignof__(compat_siginfo_t) == 4); 470 static_assert(offsetof(compat_siginfo_t, si_signo) == 0x00); 471 static_assert(offsetof(compat_siginfo_t, si_errno) == 0x04); 472 static_assert(offsetof(compat_siginfo_t, si_code) == 0x08); 473 static_assert(offsetof(compat_siginfo_t, si_pid) == 0x0c); 474 static_assert(offsetof(compat_siginfo_t, si_uid) == 0x10); 475 static_assert(offsetof(compat_siginfo_t, si_tid) == 0x0c); 476 static_assert(offsetof(compat_siginfo_t, si_overrun) == 0x10); 477 static_assert(offsetof(compat_siginfo_t, si_status) == 0x14); 478 static_assert(offsetof(compat_siginfo_t, si_utime) == 0x18); 479 static_assert(offsetof(compat_siginfo_t, si_stime) == 0x1c); 480 static_assert(offsetof(compat_siginfo_t, si_value) == 0x14); 481 static_assert(offsetof(compat_siginfo_t, si_int) == 0x14); 482 static_assert(offsetof(compat_siginfo_t, si_ptr) == 0x14); 483 static_assert(offsetof(compat_siginfo_t, si_addr) == 0x0c); 484 static_assert(offsetof(compat_siginfo_t, si_addr_lsb) == 0x10); 485 static_assert(offsetof(compat_siginfo_t, si_lower) == 0x14); 486 static_assert(offsetof(compat_siginfo_t, si_upper) == 0x18); 487 static_assert(offsetof(compat_siginfo_t, si_pkey) == 0x14); 488 static_assert(offsetof(compat_siginfo_t, si_perf_data) == 0x10); 489 static_assert(offsetof(compat_siginfo_t, si_perf_type) == 0x14); 490 static_assert(offsetof(compat_siginfo_t, si_band) == 0x0c); 491 static_assert(offsetof(compat_siginfo_t, si_fd) == 0x10); 492 static_assert(offsetof(compat_siginfo_t, si_call_addr) == 0x0c); 493 static_assert(offsetof(compat_siginfo_t, si_syscall) == 0x10); 494 static_assert(offsetof(compat_siginfo_t, si_arch) == 0x14); 495