1 /*
2  *  PowerPC version
3  *    Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
4  *
5  *  Derived from "arch/m68k/kernel/ptrace.c"
6  *  Copyright (C) 1994 by Hamish Macdonald
7  *  Taken from linux/kernel/ptrace.c and modified for M680x0.
8  *  linux/kernel/ptrace.c is by Ross Biro 1/23/92, edited by Linus Torvalds
9  *
10  * Modified by Cort Dougan (cort@hq.fsmlabs.com)
11  * and Paul Mackerras (paulus@samba.org).
12  *
13  * This file is subject to the terms and conditions of the GNU General
14  * Public License.  See the file README.legal in the main directory of
15  * this archive for more details.
16  */
17 
18 #include <linux/regset.h>
19 #include <linux/tracehook.h>
20 #include <linux/audit.h>
21 #include <linux/context_tracking.h>
22 #include <linux/syscalls.h>
23 
24 #include <asm/switch_to.h>
25 #include <asm/asm-prototypes.h>
26 #include <asm/debug.h>
27 
28 #define CREATE_TRACE_POINTS
29 #include <trace/events/syscalls.h>
30 
31 #include "ptrace-decl.h"
32 
33 /*
34  * Called by kernel/ptrace.c when detaching..
35  *
36  * Make sure single step bits etc are not set.
37  */
38 void ptrace_disable(struct task_struct *child)
39 {
40 	/* make sure the single step bit is not set. */
41 	user_disable_single_step(child);
42 }
43 
44 long arch_ptrace(struct task_struct *child, long request,
45 		 unsigned long addr, unsigned long data)
46 {
47 	int ret = -EPERM;
48 	void __user *datavp = (void __user *) data;
49 	unsigned long __user *datalp = datavp;
50 
51 	switch (request) {
52 	/* read the word at location addr in the USER area. */
53 	case PTRACE_PEEKUSR: {
54 		unsigned long index, tmp;
55 
56 		ret = -EIO;
57 		/* convert to index and check */
58 		index = addr / sizeof(long);
59 		if ((addr & (sizeof(long) - 1)) || !child->thread.regs)
60 			break;
61 
62 		CHECK_FULL_REGS(child->thread.regs);
63 		if (index < PT_FPR0)
64 			ret = ptrace_get_reg(child, (int) index, &tmp);
65 		else
66 			ret = ptrace_get_fpr(child, index, &tmp);
67 
68 		if (ret)
69 			break;
70 		ret = put_user(tmp, datalp);
71 		break;
72 	}
73 
74 	/* write the word at location addr in the USER area */
75 	case PTRACE_POKEUSR: {
76 		unsigned long index;
77 
78 		ret = -EIO;
79 		/* convert to index and check */
80 		index = addr / sizeof(long);
81 		if ((addr & (sizeof(long) - 1)) || !child->thread.regs)
82 			break;
83 
84 		CHECK_FULL_REGS(child->thread.regs);
85 		if (index < PT_FPR0)
86 			ret = ptrace_put_reg(child, index, data);
87 		else
88 			ret = ptrace_put_fpr(child, index, data);
89 		break;
90 	}
91 
92 	case PPC_PTRACE_GETHWDBGINFO: {
93 		struct ppc_debug_info dbginfo;
94 
95 		ppc_gethwdinfo(&dbginfo);
96 
97 		if (copy_to_user(datavp, &dbginfo,
98 				 sizeof(struct ppc_debug_info)))
99 			return -EFAULT;
100 		return 0;
101 	}
102 
103 	case PPC_PTRACE_SETHWDEBUG: {
104 		struct ppc_hw_breakpoint bp_info;
105 
106 		if (copy_from_user(&bp_info, datavp,
107 				   sizeof(struct ppc_hw_breakpoint)))
108 			return -EFAULT;
109 		return ppc_set_hwdebug(child, &bp_info);
110 	}
111 
112 	case PPC_PTRACE_DELHWDEBUG: {
113 		ret = ppc_del_hwdebug(child, data);
114 		break;
115 	}
116 
117 	case PTRACE_GET_DEBUGREG:
118 		ret = ptrace_get_debugreg(child, addr, datalp);
119 		break;
120 
121 	case PTRACE_SET_DEBUGREG:
122 		ret = ptrace_set_debugreg(child, addr, data);
123 		break;
124 
125 #ifdef CONFIG_PPC64
126 	case PTRACE_GETREGS64:
127 #endif
128 	case PTRACE_GETREGS:	/* Get all pt_regs from the child. */
129 		return copy_regset_to_user(child, &user_ppc_native_view,
130 					   REGSET_GPR,
131 					   0, sizeof(struct user_pt_regs),
132 					   datavp);
133 
134 #ifdef CONFIG_PPC64
135 	case PTRACE_SETREGS64:
136 #endif
137 	case PTRACE_SETREGS:	/* Set all gp regs in the child. */
138 		return copy_regset_from_user(child, &user_ppc_native_view,
139 					     REGSET_GPR,
140 					     0, sizeof(struct user_pt_regs),
141 					     datavp);
142 
143 	case PTRACE_GETFPREGS: /* Get the child FPU state (FPR0...31 + FPSCR) */
144 		return copy_regset_to_user(child, &user_ppc_native_view,
145 					   REGSET_FPR,
146 					   0, sizeof(elf_fpregset_t),
147 					   datavp);
148 
149 	case PTRACE_SETFPREGS: /* Set the child FPU state (FPR0...31 + FPSCR) */
150 		return copy_regset_from_user(child, &user_ppc_native_view,
151 					     REGSET_FPR,
152 					     0, sizeof(elf_fpregset_t),
153 					     datavp);
154 
155 #ifdef CONFIG_ALTIVEC
156 	case PTRACE_GETVRREGS:
157 		return copy_regset_to_user(child, &user_ppc_native_view,
158 					   REGSET_VMX,
159 					   0, (33 * sizeof(vector128) +
160 					       sizeof(u32)),
161 					   datavp);
162 
163 	case PTRACE_SETVRREGS:
164 		return copy_regset_from_user(child, &user_ppc_native_view,
165 					     REGSET_VMX,
166 					     0, (33 * sizeof(vector128) +
167 						 sizeof(u32)),
168 					     datavp);
169 #endif
170 #ifdef CONFIG_VSX
171 	case PTRACE_GETVSRREGS:
172 		return copy_regset_to_user(child, &user_ppc_native_view,
173 					   REGSET_VSX,
174 					   0, 32 * sizeof(double),
175 					   datavp);
176 
177 	case PTRACE_SETVSRREGS:
178 		return copy_regset_from_user(child, &user_ppc_native_view,
179 					     REGSET_VSX,
180 					     0, 32 * sizeof(double),
181 					     datavp);
182 #endif
183 #ifdef CONFIG_SPE
184 	case PTRACE_GETEVRREGS:
185 		/* Get the child spe register state. */
186 		return copy_regset_to_user(child, &user_ppc_native_view,
187 					   REGSET_SPE, 0, 35 * sizeof(u32),
188 					   datavp);
189 
190 	case PTRACE_SETEVRREGS:
191 		/* Set the child spe register state. */
192 		return copy_regset_from_user(child, &user_ppc_native_view,
193 					     REGSET_SPE, 0, 35 * sizeof(u32),
194 					     datavp);
195 #endif
196 
197 	default:
198 		ret = ptrace_request(child, request, addr, data);
199 		break;
200 	}
201 	return ret;
202 }
203 
204 #ifdef CONFIG_SECCOMP
205 static int do_seccomp(struct pt_regs *regs)
206 {
207 	if (!test_thread_flag(TIF_SECCOMP))
208 		return 0;
209 
210 	/*
211 	 * The ABI we present to seccomp tracers is that r3 contains
212 	 * the syscall return value and orig_gpr3 contains the first
213 	 * syscall parameter. This is different to the ptrace ABI where
214 	 * both r3 and orig_gpr3 contain the first syscall parameter.
215 	 */
216 	regs->gpr[3] = -ENOSYS;
217 
218 	/*
219 	 * We use the __ version here because we have already checked
220 	 * TIF_SECCOMP. If this fails, there is nothing left to do, we
221 	 * have already loaded -ENOSYS into r3, or seccomp has put
222 	 * something else in r3 (via SECCOMP_RET_ERRNO/TRACE).
223 	 */
224 	if (__secure_computing(NULL))
225 		return -1;
226 
227 	/*
228 	 * The syscall was allowed by seccomp, restore the register
229 	 * state to what audit expects.
230 	 * Note that we use orig_gpr3, which means a seccomp tracer can
231 	 * modify the first syscall parameter (in orig_gpr3) and also
232 	 * allow the syscall to proceed.
233 	 */
234 	regs->gpr[3] = regs->orig_gpr3;
235 
236 	return 0;
237 }
238 #else
239 static inline int do_seccomp(struct pt_regs *regs) { return 0; }
240 #endif /* CONFIG_SECCOMP */
241 
242 /**
243  * do_syscall_trace_enter() - Do syscall tracing on kernel entry.
244  * @regs: the pt_regs of the task to trace (current)
245  *
246  * Performs various types of tracing on syscall entry. This includes seccomp,
247  * ptrace, syscall tracepoints and audit.
248  *
249  * The pt_regs are potentially visible to userspace via ptrace, so their
250  * contents is ABI.
251  *
252  * One or more of the tracers may modify the contents of pt_regs, in particular
253  * to modify arguments or even the syscall number itself.
254  *
255  * It's also possible that a tracer can choose to reject the system call. In
256  * that case this function will return an illegal syscall number, and will put
257  * an appropriate return value in regs->r3.
258  *
259  * Return: the (possibly changed) syscall number.
260  */
261 long do_syscall_trace_enter(struct pt_regs *regs)
262 {
263 	u32 flags;
264 
265 	user_exit();
266 
267 	flags = READ_ONCE(current_thread_info()->flags) &
268 		(_TIF_SYSCALL_EMU | _TIF_SYSCALL_TRACE);
269 
270 	if (flags) {
271 		int rc = tracehook_report_syscall_entry(regs);
272 
273 		if (unlikely(flags & _TIF_SYSCALL_EMU)) {
274 			/*
275 			 * A nonzero return code from
276 			 * tracehook_report_syscall_entry() tells us to prevent
277 			 * the syscall execution, but we are not going to
278 			 * execute it anyway.
279 			 *
280 			 * Returning -1 will skip the syscall execution. We want
281 			 * to avoid clobbering any registers, so we don't goto
282 			 * the skip label below.
283 			 */
284 			return -1;
285 		}
286 
287 		if (rc) {
288 			/*
289 			 * The tracer decided to abort the syscall. Note that
290 			 * the tracer may also just change regs->gpr[0] to an
291 			 * invalid syscall number, that is handled below on the
292 			 * exit path.
293 			 */
294 			goto skip;
295 		}
296 	}
297 
298 	/* Run seccomp after ptrace; allow it to set gpr[3]. */
299 	if (do_seccomp(regs))
300 		return -1;
301 
302 	/* Avoid trace and audit when syscall is invalid. */
303 	if (regs->gpr[0] >= NR_syscalls)
304 		goto skip;
305 
306 	if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
307 		trace_sys_enter(regs, regs->gpr[0]);
308 
309 	if (!is_32bit_task())
310 		audit_syscall_entry(regs->gpr[0], regs->gpr[3], regs->gpr[4],
311 				    regs->gpr[5], regs->gpr[6]);
312 	else
313 		audit_syscall_entry(regs->gpr[0],
314 				    regs->gpr[3] & 0xffffffff,
315 				    regs->gpr[4] & 0xffffffff,
316 				    regs->gpr[5] & 0xffffffff,
317 				    regs->gpr[6] & 0xffffffff);
318 
319 	/* Return the possibly modified but valid syscall number */
320 	return regs->gpr[0];
321 
322 skip:
323 	/*
324 	 * If we are aborting explicitly, or if the syscall number is
325 	 * now invalid, set the return value to -ENOSYS.
326 	 */
327 	regs->gpr[3] = -ENOSYS;
328 	return -1;
329 }
330 
331 void do_syscall_trace_leave(struct pt_regs *regs)
332 {
333 	int step;
334 
335 	audit_syscall_exit(regs);
336 
337 	if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
338 		trace_sys_exit(regs, regs->result);
339 
340 	step = test_thread_flag(TIF_SINGLESTEP);
341 	if (step || test_thread_flag(TIF_SYSCALL_TRACE))
342 		tracehook_report_syscall_exit(regs, step);
343 
344 	user_enter();
345 }
346 
347 void __init pt_regs_check(void);
348 
349 /*
350  * Dummy function, its purpose is to break the build if struct pt_regs and
351  * struct user_pt_regs don't match.
352  */
353 void __init pt_regs_check(void)
354 {
355 	BUILD_BUG_ON(offsetof(struct pt_regs, gpr) !=
356 		     offsetof(struct user_pt_regs, gpr));
357 	BUILD_BUG_ON(offsetof(struct pt_regs, nip) !=
358 		     offsetof(struct user_pt_regs, nip));
359 	BUILD_BUG_ON(offsetof(struct pt_regs, msr) !=
360 		     offsetof(struct user_pt_regs, msr));
361 	BUILD_BUG_ON(offsetof(struct pt_regs, msr) !=
362 		     offsetof(struct user_pt_regs, msr));
363 	BUILD_BUG_ON(offsetof(struct pt_regs, orig_gpr3) !=
364 		     offsetof(struct user_pt_regs, orig_gpr3));
365 	BUILD_BUG_ON(offsetof(struct pt_regs, ctr) !=
366 		     offsetof(struct user_pt_regs, ctr));
367 	BUILD_BUG_ON(offsetof(struct pt_regs, link) !=
368 		     offsetof(struct user_pt_regs, link));
369 	BUILD_BUG_ON(offsetof(struct pt_regs, xer) !=
370 		     offsetof(struct user_pt_regs, xer));
371 	BUILD_BUG_ON(offsetof(struct pt_regs, ccr) !=
372 		     offsetof(struct user_pt_regs, ccr));
373 #ifdef __powerpc64__
374 	BUILD_BUG_ON(offsetof(struct pt_regs, softe) !=
375 		     offsetof(struct user_pt_regs, softe));
376 #else
377 	BUILD_BUG_ON(offsetof(struct pt_regs, mq) !=
378 		     offsetof(struct user_pt_regs, mq));
379 #endif
380 	BUILD_BUG_ON(offsetof(struct pt_regs, trap) !=
381 		     offsetof(struct user_pt_regs, trap));
382 	BUILD_BUG_ON(offsetof(struct pt_regs, dar) !=
383 		     offsetof(struct user_pt_regs, dar));
384 	BUILD_BUG_ON(offsetof(struct pt_regs, dsisr) !=
385 		     offsetof(struct user_pt_regs, dsisr));
386 	BUILD_BUG_ON(offsetof(struct pt_regs, result) !=
387 		     offsetof(struct user_pt_regs, result));
388 
389 	BUILD_BUG_ON(sizeof(struct user_pt_regs) > sizeof(struct pt_regs));
390 
391 	// Now check that the pt_regs offsets match the uapi #defines
392 	#define CHECK_REG(_pt, _reg) \
393 		BUILD_BUG_ON(_pt != (offsetof(struct user_pt_regs, _reg) / \
394 				     sizeof(unsigned long)));
395 
396 	CHECK_REG(PT_R0,  gpr[0]);
397 	CHECK_REG(PT_R1,  gpr[1]);
398 	CHECK_REG(PT_R2,  gpr[2]);
399 	CHECK_REG(PT_R3,  gpr[3]);
400 	CHECK_REG(PT_R4,  gpr[4]);
401 	CHECK_REG(PT_R5,  gpr[5]);
402 	CHECK_REG(PT_R6,  gpr[6]);
403 	CHECK_REG(PT_R7,  gpr[7]);
404 	CHECK_REG(PT_R8,  gpr[8]);
405 	CHECK_REG(PT_R9,  gpr[9]);
406 	CHECK_REG(PT_R10, gpr[10]);
407 	CHECK_REG(PT_R11, gpr[11]);
408 	CHECK_REG(PT_R12, gpr[12]);
409 	CHECK_REG(PT_R13, gpr[13]);
410 	CHECK_REG(PT_R14, gpr[14]);
411 	CHECK_REG(PT_R15, gpr[15]);
412 	CHECK_REG(PT_R16, gpr[16]);
413 	CHECK_REG(PT_R17, gpr[17]);
414 	CHECK_REG(PT_R18, gpr[18]);
415 	CHECK_REG(PT_R19, gpr[19]);
416 	CHECK_REG(PT_R20, gpr[20]);
417 	CHECK_REG(PT_R21, gpr[21]);
418 	CHECK_REG(PT_R22, gpr[22]);
419 	CHECK_REG(PT_R23, gpr[23]);
420 	CHECK_REG(PT_R24, gpr[24]);
421 	CHECK_REG(PT_R25, gpr[25]);
422 	CHECK_REG(PT_R26, gpr[26]);
423 	CHECK_REG(PT_R27, gpr[27]);
424 	CHECK_REG(PT_R28, gpr[28]);
425 	CHECK_REG(PT_R29, gpr[29]);
426 	CHECK_REG(PT_R30, gpr[30]);
427 	CHECK_REG(PT_R31, gpr[31]);
428 	CHECK_REG(PT_NIP, nip);
429 	CHECK_REG(PT_MSR, msr);
430 	CHECK_REG(PT_ORIG_R3, orig_gpr3);
431 	CHECK_REG(PT_CTR, ctr);
432 	CHECK_REG(PT_LNK, link);
433 	CHECK_REG(PT_XER, xer);
434 	CHECK_REG(PT_CCR, ccr);
435 #ifdef CONFIG_PPC64
436 	CHECK_REG(PT_SOFTE, softe);
437 #else
438 	CHECK_REG(PT_MQ, mq);
439 #endif
440 	CHECK_REG(PT_TRAP, trap);
441 	CHECK_REG(PT_DAR, dar);
442 	CHECK_REG(PT_DSISR, dsisr);
443 	CHECK_REG(PT_RESULT, result);
444 	#undef CHECK_REG
445 
446 	BUILD_BUG_ON(PT_REGS_COUNT != sizeof(struct user_pt_regs) / sizeof(unsigned long));
447 
448 	/*
449 	 * PT_DSCR isn't a real reg, but it's important that it doesn't overlap the
450 	 * real registers.
451 	 */
452 	BUILD_BUG_ON(PT_DSCR < sizeof(struct user_pt_regs) / sizeof(unsigned long));
453 }
454