1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 2015 Thomas Meyer (thomas@m3y3r.de) 4 * Copyright (C) 2002- 2007 Jeff Dike (jdike@{addtoit,linux.intel}.com) 5 */ 6 7 #include <stdlib.h> 8 #include <unistd.h> 9 #include <sched.h> 10 #include <errno.h> 11 #include <string.h> 12 #include <sys/mman.h> 13 #include <sys/wait.h> 14 #include <asm/unistd.h> 15 #include <as-layout.h> 16 #include <init.h> 17 #include <kern_util.h> 18 #include <mem.h> 19 #include <os.h> 20 #include <ptrace_user.h> 21 #include <registers.h> 22 #include <skas.h> 23 #include <sysdep/stub.h> 24 #include <linux/threads.h> 25 26 int is_skas_winch(int pid, int fd, void *data) 27 { 28 return pid == getpgrp(); 29 } 30 31 static int ptrace_dump_regs(int pid) 32 { 33 unsigned long regs[MAX_REG_NR]; 34 int i; 35 36 if (ptrace(PTRACE_GETREGS, pid, 0, regs) < 0) 37 return -errno; 38 39 printk(UM_KERN_ERR "Stub registers -\n"); 40 for (i = 0; i < ARRAY_SIZE(regs); i++) 41 printk(UM_KERN_ERR "\t%d - %lx\n", i, regs[i]); 42 43 return 0; 44 } 45 46 /* 47 * Signals that are OK to receive in the stub - we'll just continue it. 48 * SIGWINCH will happen when UML is inside a detached screen. 49 */ 50 #define STUB_SIG_MASK ((1 << SIGALRM) | (1 << SIGWINCH)) 51 52 /* Signals that the stub will finish with - anything else is an error */ 53 #define STUB_DONE_MASK (1 << SIGTRAP) 54 55 void wait_stub_done(int pid) 56 { 57 int n, status, err; 58 59 while (1) { 60 CATCH_EINTR(n = waitpid(pid, &status, WUNTRACED | __WALL)); 61 if ((n < 0) || !WIFSTOPPED(status)) 62 goto bad_wait; 63 64 if (((1 << WSTOPSIG(status)) & STUB_SIG_MASK) == 0) 65 break; 66 67 err = ptrace(PTRACE_CONT, pid, 0, 0); 68 if (err) { 69 printk(UM_KERN_ERR "wait_stub_done : continue failed, " 70 "errno = %d\n", errno); 71 fatal_sigsegv(); 72 } 73 } 74 75 if (((1 << WSTOPSIG(status)) & STUB_DONE_MASK) != 0) 76 return; 77 78 bad_wait: 79 err = ptrace_dump_regs(pid); 80 if (err) 81 printk(UM_KERN_ERR "Failed to get registers from stub, " 82 "errno = %d\n", -err); 83 printk(UM_KERN_ERR "wait_stub_done : failed to wait for SIGTRAP, " 84 "pid = %d, n = %d, errno = %d, status = 0x%x\n", pid, n, errno, 85 status); 86 fatal_sigsegv(); 87 } 88 89 extern unsigned long current_stub_stack(void); 90 91 static void get_skas_faultinfo(int pid, struct faultinfo *fi, unsigned long *aux_fp_regs) 92 { 93 int err; 94 95 err = get_fp_registers(pid, aux_fp_regs); 96 if (err < 0) { 97 printk(UM_KERN_ERR "save_fp_registers returned %d\n", 98 err); 99 fatal_sigsegv(); 100 } 101 err = ptrace(PTRACE_CONT, pid, 0, SIGSEGV); 102 if (err) { 103 printk(UM_KERN_ERR "Failed to continue stub, pid = %d, " 104 "errno = %d\n", pid, errno); 105 fatal_sigsegv(); 106 } 107 wait_stub_done(pid); 108 109 /* 110 * faultinfo is prepared by the stub_segv_handler at start of 111 * the stub stack page. We just have to copy it. 112 */ 113 memcpy(fi, (void *)current_stub_stack(), sizeof(*fi)); 114 115 err = put_fp_registers(pid, aux_fp_regs); 116 if (err < 0) { 117 printk(UM_KERN_ERR "put_fp_registers returned %d\n", 118 err); 119 fatal_sigsegv(); 120 } 121 } 122 123 static void handle_segv(int pid, struct uml_pt_regs *regs, unsigned long *aux_fp_regs) 124 { 125 get_skas_faultinfo(pid, ®s->faultinfo, aux_fp_regs); 126 segv(regs->faultinfo, 0, 1, NULL); 127 } 128 129 /* 130 * To use the same value of using_sysemu as the caller, ask it that value 131 * (in local_using_sysemu 132 */ 133 static void handle_trap(int pid, struct uml_pt_regs *regs, 134 int local_using_sysemu) 135 { 136 int err, status; 137 138 if ((UPT_IP(regs) >= STUB_START) && (UPT_IP(regs) < STUB_END)) 139 fatal_sigsegv(); 140 141 if (!local_using_sysemu) 142 { 143 err = ptrace(PTRACE_POKEUSER, pid, PT_SYSCALL_NR_OFFSET, 144 __NR_getpid); 145 if (err < 0) { 146 printk(UM_KERN_ERR "handle_trap - nullifying syscall " 147 "failed, errno = %d\n", errno); 148 fatal_sigsegv(); 149 } 150 151 err = ptrace(PTRACE_SYSCALL, pid, 0, 0); 152 if (err < 0) { 153 printk(UM_KERN_ERR "handle_trap - continuing to end of " 154 "syscall failed, errno = %d\n", errno); 155 fatal_sigsegv(); 156 } 157 158 CATCH_EINTR(err = waitpid(pid, &status, WUNTRACED | __WALL)); 159 if ((err < 0) || !WIFSTOPPED(status) || 160 (WSTOPSIG(status) != SIGTRAP + 0x80)) { 161 err = ptrace_dump_regs(pid); 162 if (err) 163 printk(UM_KERN_ERR "Failed to get registers " 164 "from process, errno = %d\n", -err); 165 printk(UM_KERN_ERR "handle_trap - failed to wait at " 166 "end of syscall, errno = %d, status = %d\n", 167 errno, status); 168 fatal_sigsegv(); 169 } 170 } 171 172 handle_syscall(regs); 173 } 174 175 extern char __syscall_stub_start[]; 176 177 /** 178 * userspace_tramp() - userspace trampoline 179 * @stack: pointer to the new userspace stack page, can be NULL, if? FIXME: 180 * 181 * The userspace trampoline is used to setup a new userspace process in start_userspace() after it was clone()'ed. 182 * This function will run on a temporary stack page. 183 * It ptrace()'es itself, then 184 * Two pages are mapped into the userspace address space: 185 * - STUB_CODE (with EXEC), which contains the skas stub code 186 * - STUB_DATA (with R/W), which contains a data page that is used to transfer certain data between the UML userspace process and the UML kernel. 187 * Also for the userspace process a SIGSEGV handler is installed to catch pagefaults in the userspace process. 188 * And last the process stops itself to give control to the UML kernel for this userspace process. 189 * 190 * Return: Always zero, otherwise the current userspace process is ended with non null exit() call 191 */ 192 static int userspace_tramp(void *stack) 193 { 194 void *addr; 195 int fd; 196 unsigned long long offset; 197 198 ptrace(PTRACE_TRACEME, 0, 0, 0); 199 200 signal(SIGTERM, SIG_DFL); 201 signal(SIGWINCH, SIG_IGN); 202 203 /* 204 * This has a pte, but it can't be mapped in with the usual 205 * tlb_flush mechanism because this is part of that mechanism 206 */ 207 fd = phys_mapping(to_phys(__syscall_stub_start), &offset); 208 addr = mmap64((void *) STUB_CODE, UM_KERN_PAGE_SIZE, 209 PROT_EXEC, MAP_FIXED | MAP_PRIVATE, fd, offset); 210 if (addr == MAP_FAILED) { 211 printk(UM_KERN_ERR "mapping mmap stub at 0x%lx failed, " 212 "errno = %d\n", STUB_CODE, errno); 213 exit(1); 214 } 215 216 if (stack != NULL) { 217 fd = phys_mapping(to_phys(stack), &offset); 218 addr = mmap((void *) STUB_DATA, 219 UM_KERN_PAGE_SIZE, PROT_READ | PROT_WRITE, 220 MAP_FIXED | MAP_SHARED, fd, offset); 221 if (addr == MAP_FAILED) { 222 printk(UM_KERN_ERR "mapping segfault stack " 223 "at 0x%lx failed, errno = %d\n", 224 STUB_DATA, errno); 225 exit(1); 226 } 227 } 228 if (stack != NULL) { 229 struct sigaction sa; 230 231 unsigned long v = STUB_CODE + 232 (unsigned long) stub_segv_handler - 233 (unsigned long) __syscall_stub_start; 234 235 set_sigstack((void *) STUB_DATA, UM_KERN_PAGE_SIZE); 236 sigemptyset(&sa.sa_mask); 237 sa.sa_flags = SA_ONSTACK | SA_NODEFER | SA_SIGINFO; 238 sa.sa_sigaction = (void *) v; 239 sa.sa_restorer = NULL; 240 if (sigaction(SIGSEGV, &sa, NULL) < 0) { 241 printk(UM_KERN_ERR "userspace_tramp - setting SIGSEGV " 242 "handler failed - errno = %d\n", errno); 243 exit(1); 244 } 245 } 246 247 kill(os_getpid(), SIGSTOP); 248 return 0; 249 } 250 251 int userspace_pid[NR_CPUS]; 252 253 /** 254 * start_userspace() - prepare a new userspace process 255 * @stub_stack: pointer to the stub stack. Can be NULL, if? FIXME: 256 * 257 * Setups a new temporary stack page that is used while userspace_tramp() runs 258 * Clones the kernel process into a new userspace process, with FDs only. 259 * 260 * Return: When positive: the process id of the new userspace process, 261 * when negative: an error number. 262 * FIXME: can PIDs become negative?! 263 */ 264 int start_userspace(unsigned long stub_stack) 265 { 266 void *stack; 267 unsigned long sp; 268 int pid, status, n, flags, err; 269 270 /* setup a temporary stack page */ 271 stack = mmap(NULL, UM_KERN_PAGE_SIZE, 272 PROT_READ | PROT_WRITE | PROT_EXEC, 273 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 274 if (stack == MAP_FAILED) { 275 err = -errno; 276 printk(UM_KERN_ERR "start_userspace : mmap failed, " 277 "errno = %d\n", errno); 278 return err; 279 } 280 281 /* set stack pointer to the end of the stack page, so it can grow downwards */ 282 sp = (unsigned long) stack + UM_KERN_PAGE_SIZE - sizeof(void *); 283 284 flags = CLONE_FILES | SIGCHLD; 285 286 /* clone into new userspace process */ 287 pid = clone(userspace_tramp, (void *) sp, flags, (void *) stub_stack); 288 if (pid < 0) { 289 err = -errno; 290 printk(UM_KERN_ERR "start_userspace : clone failed, " 291 "errno = %d\n", errno); 292 return err; 293 } 294 295 do { 296 CATCH_EINTR(n = waitpid(pid, &status, WUNTRACED | __WALL)); 297 if (n < 0) { 298 err = -errno; 299 printk(UM_KERN_ERR "start_userspace : wait failed, " 300 "errno = %d\n", errno); 301 goto out_kill; 302 } 303 } while (WIFSTOPPED(status) && (WSTOPSIG(status) == SIGALRM)); 304 305 if (!WIFSTOPPED(status) || (WSTOPSIG(status) != SIGSTOP)) { 306 err = -EINVAL; 307 printk(UM_KERN_ERR "start_userspace : expected SIGSTOP, got " 308 "status = %d\n", status); 309 goto out_kill; 310 } 311 312 if (ptrace(PTRACE_OLDSETOPTIONS, pid, NULL, 313 (void *) PTRACE_O_TRACESYSGOOD) < 0) { 314 err = -errno; 315 printk(UM_KERN_ERR "start_userspace : PTRACE_OLDSETOPTIONS " 316 "failed, errno = %d\n", errno); 317 goto out_kill; 318 } 319 320 if (munmap(stack, UM_KERN_PAGE_SIZE) < 0) { 321 err = -errno; 322 printk(UM_KERN_ERR "start_userspace : munmap failed, " 323 "errno = %d\n", errno); 324 goto out_kill; 325 } 326 327 return pid; 328 329 out_kill: 330 os_kill_ptraced_process(pid, 1); 331 return err; 332 } 333 334 void userspace(struct uml_pt_regs *regs, unsigned long *aux_fp_regs) 335 { 336 int err, status, op, pid = userspace_pid[0]; 337 /* To prevent races if using_sysemu changes under us.*/ 338 int local_using_sysemu; 339 siginfo_t si; 340 341 /* Handle any immediate reschedules or signals */ 342 interrupt_end(); 343 344 while (1) { 345 346 /* 347 * This can legitimately fail if the process loads a 348 * bogus value into a segment register. It will 349 * segfault and PTRACE_GETREGS will read that value 350 * out of the process. However, PTRACE_SETREGS will 351 * fail. In this case, there is nothing to do but 352 * just kill the process. 353 */ 354 if (ptrace(PTRACE_SETREGS, pid, 0, regs->gp)) { 355 printk(UM_KERN_ERR "userspace - ptrace set regs " 356 "failed, errno = %d\n", errno); 357 fatal_sigsegv(); 358 } 359 360 if (put_fp_registers(pid, regs->fp)) { 361 printk(UM_KERN_ERR "userspace - ptrace set fp regs " 362 "failed, errno = %d\n", errno); 363 fatal_sigsegv(); 364 } 365 366 /* Now we set local_using_sysemu to be used for one loop */ 367 local_using_sysemu = get_using_sysemu(); 368 369 op = SELECT_PTRACE_OPERATION(local_using_sysemu, 370 singlestepping(NULL)); 371 372 if (ptrace(op, pid, 0, 0)) { 373 printk(UM_KERN_ERR "userspace - ptrace continue " 374 "failed, op = %d, errno = %d\n", op, errno); 375 fatal_sigsegv(); 376 } 377 378 CATCH_EINTR(err = waitpid(pid, &status, WUNTRACED | __WALL)); 379 if (err < 0) { 380 printk(UM_KERN_ERR "userspace - wait failed, " 381 "errno = %d\n", errno); 382 fatal_sigsegv(); 383 } 384 385 regs->is_user = 1; 386 if (ptrace(PTRACE_GETREGS, pid, 0, regs->gp)) { 387 printk(UM_KERN_ERR "userspace - PTRACE_GETREGS failed, " 388 "errno = %d\n", errno); 389 fatal_sigsegv(); 390 } 391 392 if (get_fp_registers(pid, regs->fp)) { 393 printk(UM_KERN_ERR "userspace - get_fp_registers failed, " 394 "errno = %d\n", errno); 395 fatal_sigsegv(); 396 } 397 398 UPT_SYSCALL_NR(regs) = -1; /* Assume: It's not a syscall */ 399 400 if (WIFSTOPPED(status)) { 401 int sig = WSTOPSIG(status); 402 403 /* These signal handlers need the si argument. 404 * The SIGIO and SIGALARM handlers which constitute the 405 * majority of invocations, do not use it. 406 */ 407 switch (sig) { 408 case SIGSEGV: 409 case SIGTRAP: 410 case SIGILL: 411 case SIGBUS: 412 case SIGFPE: 413 case SIGWINCH: 414 ptrace(PTRACE_GETSIGINFO, pid, 0, (struct siginfo *)&si); 415 break; 416 } 417 418 switch (sig) { 419 case SIGSEGV: 420 if (PTRACE_FULL_FAULTINFO) { 421 get_skas_faultinfo(pid, 422 ®s->faultinfo, aux_fp_regs); 423 (*sig_info[SIGSEGV])(SIGSEGV, (struct siginfo *)&si, 424 regs); 425 } 426 else handle_segv(pid, regs, aux_fp_regs); 427 break; 428 case SIGTRAP + 0x80: 429 handle_trap(pid, regs, local_using_sysemu); 430 break; 431 case SIGTRAP: 432 relay_signal(SIGTRAP, (struct siginfo *)&si, regs); 433 break; 434 case SIGALRM: 435 break; 436 case SIGIO: 437 case SIGILL: 438 case SIGBUS: 439 case SIGFPE: 440 case SIGWINCH: 441 block_signals_trace(); 442 (*sig_info[sig])(sig, (struct siginfo *)&si, regs); 443 unblock_signals_trace(); 444 break; 445 default: 446 printk(UM_KERN_ERR "userspace - child stopped " 447 "with signal %d\n", sig); 448 fatal_sigsegv(); 449 } 450 pid = userspace_pid[0]; 451 interrupt_end(); 452 453 /* Avoid -ERESTARTSYS handling in host */ 454 if (PT_SYSCALL_NR_OFFSET != PT_SYSCALL_RET_OFFSET) 455 PT_SYSCALL_NR(regs->gp) = -1; 456 } 457 } 458 } 459 460 static unsigned long thread_regs[MAX_REG_NR]; 461 static unsigned long thread_fp_regs[FP_SIZE]; 462 463 static int __init init_thread_regs(void) 464 { 465 get_safe_registers(thread_regs, thread_fp_regs); 466 /* Set parent's instruction pointer to start of clone-stub */ 467 thread_regs[REGS_IP_INDEX] = STUB_CODE + 468 (unsigned long) stub_clone_handler - 469 (unsigned long) __syscall_stub_start; 470 thread_regs[REGS_SP_INDEX] = STUB_DATA + UM_KERN_PAGE_SIZE - 471 sizeof(void *); 472 #ifdef __SIGNAL_FRAMESIZE 473 thread_regs[REGS_SP_INDEX] -= __SIGNAL_FRAMESIZE; 474 #endif 475 return 0; 476 } 477 478 __initcall(init_thread_regs); 479 480 int copy_context_skas0(unsigned long new_stack, int pid) 481 { 482 int err; 483 unsigned long current_stack = current_stub_stack(); 484 struct stub_data *data = (struct stub_data *) current_stack; 485 struct stub_data *child_data = (struct stub_data *) new_stack; 486 unsigned long long new_offset; 487 int new_fd = phys_mapping(to_phys((void *)new_stack), &new_offset); 488 489 /* 490 * prepare offset and fd of child's stack as argument for parent's 491 * and child's mmap2 calls 492 */ 493 *data = ((struct stub_data) { 494 .offset = MMAP_OFFSET(new_offset), 495 .fd = new_fd 496 }); 497 498 err = ptrace_setregs(pid, thread_regs); 499 if (err < 0) { 500 err = -errno; 501 printk(UM_KERN_ERR "copy_context_skas0 : PTRACE_SETREGS " 502 "failed, pid = %d, errno = %d\n", pid, -err); 503 return err; 504 } 505 506 err = put_fp_registers(pid, thread_fp_regs); 507 if (err < 0) { 508 printk(UM_KERN_ERR "copy_context_skas0 : put_fp_registers " 509 "failed, pid = %d, err = %d\n", pid, err); 510 return err; 511 } 512 513 /* set a well known return code for detection of child write failure */ 514 child_data->err = 12345678; 515 516 /* 517 * Wait, until parent has finished its work: read child's pid from 518 * parent's stack, and check, if bad result. 519 */ 520 err = ptrace(PTRACE_CONT, pid, 0, 0); 521 if (err) { 522 err = -errno; 523 printk(UM_KERN_ERR "Failed to continue new process, pid = %d, " 524 "errno = %d\n", pid, errno); 525 return err; 526 } 527 528 wait_stub_done(pid); 529 530 pid = data->err; 531 if (pid < 0) { 532 printk(UM_KERN_ERR "copy_context_skas0 - stub-parent reports " 533 "error %d\n", -pid); 534 return pid; 535 } 536 537 /* 538 * Wait, until child has finished too: read child's result from 539 * child's stack and check it. 540 */ 541 wait_stub_done(pid); 542 if (child_data->err != STUB_DATA) { 543 printk(UM_KERN_ERR "copy_context_skas0 - stub-child reports " 544 "error %ld\n", child_data->err); 545 err = child_data->err; 546 goto out_kill; 547 } 548 549 if (ptrace(PTRACE_OLDSETOPTIONS, pid, NULL, 550 (void *)PTRACE_O_TRACESYSGOOD) < 0) { 551 err = -errno; 552 printk(UM_KERN_ERR "copy_context_skas0 : PTRACE_OLDSETOPTIONS " 553 "failed, errno = %d\n", errno); 554 goto out_kill; 555 } 556 557 return pid; 558 559 out_kill: 560 os_kill_ptraced_process(pid, 1); 561 return err; 562 } 563 564 void new_thread(void *stack, jmp_buf *buf, void (*handler)(void)) 565 { 566 (*buf)[0].JB_IP = (unsigned long) handler; 567 (*buf)[0].JB_SP = (unsigned long) stack + UM_THREAD_SIZE - 568 sizeof(void *); 569 } 570 571 #define INIT_JMP_NEW_THREAD 0 572 #define INIT_JMP_CALLBACK 1 573 #define INIT_JMP_HALT 2 574 #define INIT_JMP_REBOOT 3 575 576 void switch_threads(jmp_buf *me, jmp_buf *you) 577 { 578 if (UML_SETJMP(me) == 0) 579 UML_LONGJMP(you, 1); 580 } 581 582 static jmp_buf initial_jmpbuf; 583 584 /* XXX Make these percpu */ 585 static void (*cb_proc)(void *arg); 586 static void *cb_arg; 587 static jmp_buf *cb_back; 588 589 int start_idle_thread(void *stack, jmp_buf *switch_buf) 590 { 591 int n; 592 593 set_handler(SIGWINCH); 594 595 /* 596 * Can't use UML_SETJMP or UML_LONGJMP here because they save 597 * and restore signals, with the possible side-effect of 598 * trying to handle any signals which came when they were 599 * blocked, which can't be done on this stack. 600 * Signals must be blocked when jumping back here and restored 601 * after returning to the jumper. 602 */ 603 n = setjmp(initial_jmpbuf); 604 switch (n) { 605 case INIT_JMP_NEW_THREAD: 606 (*switch_buf)[0].JB_IP = (unsigned long) uml_finishsetup; 607 (*switch_buf)[0].JB_SP = (unsigned long) stack + 608 UM_THREAD_SIZE - sizeof(void *); 609 break; 610 case INIT_JMP_CALLBACK: 611 (*cb_proc)(cb_arg); 612 longjmp(*cb_back, 1); 613 break; 614 case INIT_JMP_HALT: 615 kmalloc_ok = 0; 616 return 0; 617 case INIT_JMP_REBOOT: 618 kmalloc_ok = 0; 619 return 1; 620 default: 621 printk(UM_KERN_ERR "Bad sigsetjmp return in " 622 "start_idle_thread - %d\n", n); 623 fatal_sigsegv(); 624 } 625 longjmp(*switch_buf, 1); 626 627 /* unreachable */ 628 printk(UM_KERN_ERR "impossible long jump!"); 629 fatal_sigsegv(); 630 return 0; 631 } 632 633 void initial_thread_cb_skas(void (*proc)(void *), void *arg) 634 { 635 jmp_buf here; 636 637 cb_proc = proc; 638 cb_arg = arg; 639 cb_back = &here; 640 641 block_signals_trace(); 642 if (UML_SETJMP(&here) == 0) 643 UML_LONGJMP(&initial_jmpbuf, INIT_JMP_CALLBACK); 644 unblock_signals_trace(); 645 646 cb_proc = NULL; 647 cb_arg = NULL; 648 cb_back = NULL; 649 } 650 651 void halt_skas(void) 652 { 653 block_signals_trace(); 654 UML_LONGJMP(&initial_jmpbuf, INIT_JMP_HALT); 655 } 656 657 void reboot_skas(void) 658 { 659 block_signals_trace(); 660 UML_LONGJMP(&initial_jmpbuf, INIT_JMP_REBOOT); 661 } 662 663 void __switch_mm(struct mm_id *mm_idp) 664 { 665 userspace_pid[0] = mm_idp->u.pid; 666 } 667