1 /* 2 * Copyright (C) 1992 Krishna Balasubramanian and Linus Torvalds 3 * Copyright (C) 1999 Ingo Molnar <mingo@redhat.com> 4 * Copyright (C) 2002 Andi Kleen 5 * 6 * This handles calls from both 32bit and 64bit mode. 7 */ 8 9 #include <linux/errno.h> 10 #include <linux/gfp.h> 11 #include <linux/sched.h> 12 #include <linux/string.h> 13 #include <linux/mm.h> 14 #include <linux/smp.h> 15 #include <linux/vmalloc.h> 16 #include <linux/uaccess.h> 17 18 #include <asm/ldt.h> 19 #include <asm/desc.h> 20 #include <asm/mmu_context.h> 21 #include <asm/syscalls.h> 22 23 #ifdef CONFIG_SMP 24 static void flush_ldt(void *current_mm) 25 { 26 if (current->active_mm == current_mm) 27 load_LDT(¤t->active_mm->context); 28 } 29 #endif 30 31 static int alloc_ldt(mm_context_t *pc, int mincount, int reload) 32 { 33 void *oldldt, *newldt; 34 int oldsize; 35 36 if (mincount <= pc->size) 37 return 0; 38 oldsize = pc->size; 39 mincount = (mincount + (PAGE_SIZE / LDT_ENTRY_SIZE - 1)) & 40 (~(PAGE_SIZE / LDT_ENTRY_SIZE - 1)); 41 if (mincount * LDT_ENTRY_SIZE > PAGE_SIZE) 42 newldt = vmalloc(mincount * LDT_ENTRY_SIZE); 43 else 44 newldt = (void *)__get_free_page(GFP_KERNEL); 45 46 if (!newldt) 47 return -ENOMEM; 48 49 if (oldsize) 50 memcpy(newldt, pc->ldt, oldsize * LDT_ENTRY_SIZE); 51 oldldt = pc->ldt; 52 memset(newldt + oldsize * LDT_ENTRY_SIZE, 0, 53 (mincount - oldsize) * LDT_ENTRY_SIZE); 54 55 paravirt_alloc_ldt(newldt, mincount); 56 57 #ifdef CONFIG_X86_64 58 /* CHECKME: Do we really need this ? */ 59 wmb(); 60 #endif 61 pc->ldt = newldt; 62 wmb(); 63 pc->size = mincount; 64 wmb(); 65 66 if (reload) { 67 #ifdef CONFIG_SMP 68 preempt_disable(); 69 load_LDT(pc); 70 if (!cpumask_equal(mm_cpumask(current->mm), 71 cpumask_of(smp_processor_id()))) 72 smp_call_function(flush_ldt, current->mm, 1); 73 preempt_enable(); 74 #else 75 load_LDT(pc); 76 #endif 77 } 78 if (oldsize) { 79 paravirt_free_ldt(oldldt, oldsize); 80 if (oldsize * LDT_ENTRY_SIZE > PAGE_SIZE) 81 vfree(oldldt); 82 else 83 put_page(virt_to_page(oldldt)); 84 } 85 return 0; 86 } 87 88 static inline int copy_ldt(mm_context_t *new, mm_context_t *old) 89 { 90 int err = alloc_ldt(new, old->size, 0); 91 int i; 92 93 if (err < 0) 94 return err; 95 96 for (i = 0; i < old->size; i++) 97 write_ldt_entry(new->ldt, i, old->ldt + i * LDT_ENTRY_SIZE); 98 return 0; 99 } 100 101 /* 102 * we do not have to muck with descriptors here, that is 103 * done in switch_mm() as needed. 104 */ 105 int init_new_context(struct task_struct *tsk, struct mm_struct *mm) 106 { 107 struct mm_struct *old_mm; 108 int retval = 0; 109 110 mutex_init(&mm->context.lock); 111 mm->context.size = 0; 112 old_mm = current->mm; 113 if (old_mm && old_mm->context.size > 0) { 114 mutex_lock(&old_mm->context.lock); 115 retval = copy_ldt(&mm->context, &old_mm->context); 116 mutex_unlock(&old_mm->context.lock); 117 } 118 return retval; 119 } 120 121 /* 122 * No need to lock the MM as we are the last user 123 * 124 * 64bit: Don't touch the LDT register - we're already in the next thread. 125 */ 126 void destroy_context(struct mm_struct *mm) 127 { 128 if (mm->context.size) { 129 #ifdef CONFIG_X86_32 130 /* CHECKME: Can this ever happen ? */ 131 if (mm == current->active_mm) 132 clear_LDT(); 133 #endif 134 paravirt_free_ldt(mm->context.ldt, mm->context.size); 135 if (mm->context.size * LDT_ENTRY_SIZE > PAGE_SIZE) 136 vfree(mm->context.ldt); 137 else 138 put_page(virt_to_page(mm->context.ldt)); 139 mm->context.size = 0; 140 } 141 } 142 143 static int read_ldt(void __user *ptr, unsigned long bytecount) 144 { 145 int err; 146 unsigned long size; 147 struct mm_struct *mm = current->mm; 148 149 if (!mm->context.size) 150 return 0; 151 if (bytecount > LDT_ENTRY_SIZE * LDT_ENTRIES) 152 bytecount = LDT_ENTRY_SIZE * LDT_ENTRIES; 153 154 mutex_lock(&mm->context.lock); 155 size = mm->context.size * LDT_ENTRY_SIZE; 156 if (size > bytecount) 157 size = bytecount; 158 159 err = 0; 160 if (copy_to_user(ptr, mm->context.ldt, size)) 161 err = -EFAULT; 162 mutex_unlock(&mm->context.lock); 163 if (err < 0) 164 goto error_return; 165 if (size != bytecount) { 166 /* zero-fill the rest */ 167 if (clear_user(ptr + size, bytecount - size) != 0) { 168 err = -EFAULT; 169 goto error_return; 170 } 171 } 172 return bytecount; 173 error_return: 174 return err; 175 } 176 177 static int read_default_ldt(void __user *ptr, unsigned long bytecount) 178 { 179 /* CHECKME: Can we use _one_ random number ? */ 180 #ifdef CONFIG_X86_32 181 unsigned long size = 5 * sizeof(struct desc_struct); 182 #else 183 unsigned long size = 128; 184 #endif 185 if (bytecount > size) 186 bytecount = size; 187 if (clear_user(ptr, bytecount)) 188 return -EFAULT; 189 return bytecount; 190 } 191 192 static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) 193 { 194 struct mm_struct *mm = current->mm; 195 struct desc_struct ldt; 196 int error; 197 struct user_desc ldt_info; 198 199 error = -EINVAL; 200 if (bytecount != sizeof(ldt_info)) 201 goto out; 202 error = -EFAULT; 203 if (copy_from_user(&ldt_info, ptr, sizeof(ldt_info))) 204 goto out; 205 206 error = -EINVAL; 207 if (ldt_info.entry_number >= LDT_ENTRIES) 208 goto out; 209 if (ldt_info.contents == 3) { 210 if (oldmode) 211 goto out; 212 if (ldt_info.seg_not_present == 0) 213 goto out; 214 } 215 216 mutex_lock(&mm->context.lock); 217 if (ldt_info.entry_number >= mm->context.size) { 218 error = alloc_ldt(¤t->mm->context, 219 ldt_info.entry_number + 1, 1); 220 if (error < 0) 221 goto out_unlock; 222 } 223 224 /* Allow LDTs to be cleared by the user. */ 225 if (ldt_info.base_addr == 0 && ldt_info.limit == 0) { 226 if (oldmode || LDT_empty(&ldt_info)) { 227 memset(&ldt, 0, sizeof(ldt)); 228 goto install; 229 } 230 } 231 232 /* 233 * On x86-64 we do not support 16-bit segments due to 234 * IRET leaking the high bits of the kernel stack address. 235 */ 236 #ifdef CONFIG_X86_64 237 if (!ldt_info.seg_32bit) { 238 error = -EINVAL; 239 goto out_unlock; 240 } 241 #endif 242 243 fill_ldt(&ldt, &ldt_info); 244 if (oldmode) 245 ldt.avl = 0; 246 247 /* Install the new entry ... */ 248 install: 249 write_ldt_entry(mm->context.ldt, ldt_info.entry_number, &ldt); 250 error = 0; 251 252 out_unlock: 253 mutex_unlock(&mm->context.lock); 254 out: 255 return error; 256 } 257 258 asmlinkage int sys_modify_ldt(int func, void __user *ptr, 259 unsigned long bytecount) 260 { 261 int ret = -ENOSYS; 262 263 switch (func) { 264 case 0: 265 ret = read_ldt(ptr, bytecount); 266 break; 267 case 1: 268 ret = write_ldt(ptr, bytecount, 1); 269 break; 270 case 2: 271 ret = read_default_ldt(ptr, bytecount); 272 break; 273 case 0x11: 274 ret = write_ldt(ptr, bytecount, 0); 275 break; 276 } 277 return ret; 278 } 279