xref: /openbmc/linux/arch/x86/kernel/ldt.c (revision b34e08d5)
1 /*
2  * Copyright (C) 1992 Krishna Balasubramanian and Linus Torvalds
3  * Copyright (C) 1999 Ingo Molnar <mingo@redhat.com>
4  * Copyright (C) 2002 Andi Kleen
5  *
6  * This handles calls from both 32bit and 64bit mode.
7  */
8 
9 #include <linux/errno.h>
10 #include <linux/gfp.h>
11 #include <linux/sched.h>
12 #include <linux/string.h>
13 #include <linux/mm.h>
14 #include <linux/smp.h>
15 #include <linux/vmalloc.h>
16 #include <linux/uaccess.h>
17 
18 #include <asm/ldt.h>
19 #include <asm/desc.h>
20 #include <asm/mmu_context.h>
21 #include <asm/syscalls.h>
22 
23 #ifdef CONFIG_SMP
24 static void flush_ldt(void *current_mm)
25 {
26 	if (current->active_mm == current_mm)
27 		load_LDT(&current->active_mm->context);
28 }
29 #endif
30 
31 static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
32 {
33 	void *oldldt, *newldt;
34 	int oldsize;
35 
36 	if (mincount <= pc->size)
37 		return 0;
38 	oldsize = pc->size;
39 	mincount = (mincount + (PAGE_SIZE / LDT_ENTRY_SIZE - 1)) &
40 			(~(PAGE_SIZE / LDT_ENTRY_SIZE - 1));
41 	if (mincount * LDT_ENTRY_SIZE > PAGE_SIZE)
42 		newldt = vmalloc(mincount * LDT_ENTRY_SIZE);
43 	else
44 		newldt = (void *)__get_free_page(GFP_KERNEL);
45 
46 	if (!newldt)
47 		return -ENOMEM;
48 
49 	if (oldsize)
50 		memcpy(newldt, pc->ldt, oldsize * LDT_ENTRY_SIZE);
51 	oldldt = pc->ldt;
52 	memset(newldt + oldsize * LDT_ENTRY_SIZE, 0,
53 	       (mincount - oldsize) * LDT_ENTRY_SIZE);
54 
55 	paravirt_alloc_ldt(newldt, mincount);
56 
57 #ifdef CONFIG_X86_64
58 	/* CHECKME: Do we really need this ? */
59 	wmb();
60 #endif
61 	pc->ldt = newldt;
62 	wmb();
63 	pc->size = mincount;
64 	wmb();
65 
66 	if (reload) {
67 #ifdef CONFIG_SMP
68 		preempt_disable();
69 		load_LDT(pc);
70 		if (!cpumask_equal(mm_cpumask(current->mm),
71 				   cpumask_of(smp_processor_id())))
72 			smp_call_function(flush_ldt, current->mm, 1);
73 		preempt_enable();
74 #else
75 		load_LDT(pc);
76 #endif
77 	}
78 	if (oldsize) {
79 		paravirt_free_ldt(oldldt, oldsize);
80 		if (oldsize * LDT_ENTRY_SIZE > PAGE_SIZE)
81 			vfree(oldldt);
82 		else
83 			put_page(virt_to_page(oldldt));
84 	}
85 	return 0;
86 }
87 
88 static inline int copy_ldt(mm_context_t *new, mm_context_t *old)
89 {
90 	int err = alloc_ldt(new, old->size, 0);
91 	int i;
92 
93 	if (err < 0)
94 		return err;
95 
96 	for (i = 0; i < old->size; i++)
97 		write_ldt_entry(new->ldt, i, old->ldt + i * LDT_ENTRY_SIZE);
98 	return 0;
99 }
100 
101 /*
102  * we do not have to muck with descriptors here, that is
103  * done in switch_mm() as needed.
104  */
105 int init_new_context(struct task_struct *tsk, struct mm_struct *mm)
106 {
107 	struct mm_struct *old_mm;
108 	int retval = 0;
109 
110 	mutex_init(&mm->context.lock);
111 	mm->context.size = 0;
112 	old_mm = current->mm;
113 	if (old_mm && old_mm->context.size > 0) {
114 		mutex_lock(&old_mm->context.lock);
115 		retval = copy_ldt(&mm->context, &old_mm->context);
116 		mutex_unlock(&old_mm->context.lock);
117 	}
118 	return retval;
119 }
120 
121 /*
122  * No need to lock the MM as we are the last user
123  *
124  * 64bit: Don't touch the LDT register - we're already in the next thread.
125  */
126 void destroy_context(struct mm_struct *mm)
127 {
128 	if (mm->context.size) {
129 #ifdef CONFIG_X86_32
130 		/* CHECKME: Can this ever happen ? */
131 		if (mm == current->active_mm)
132 			clear_LDT();
133 #endif
134 		paravirt_free_ldt(mm->context.ldt, mm->context.size);
135 		if (mm->context.size * LDT_ENTRY_SIZE > PAGE_SIZE)
136 			vfree(mm->context.ldt);
137 		else
138 			put_page(virt_to_page(mm->context.ldt));
139 		mm->context.size = 0;
140 	}
141 }
142 
143 static int read_ldt(void __user *ptr, unsigned long bytecount)
144 {
145 	int err;
146 	unsigned long size;
147 	struct mm_struct *mm = current->mm;
148 
149 	if (!mm->context.size)
150 		return 0;
151 	if (bytecount > LDT_ENTRY_SIZE * LDT_ENTRIES)
152 		bytecount = LDT_ENTRY_SIZE * LDT_ENTRIES;
153 
154 	mutex_lock(&mm->context.lock);
155 	size = mm->context.size * LDT_ENTRY_SIZE;
156 	if (size > bytecount)
157 		size = bytecount;
158 
159 	err = 0;
160 	if (copy_to_user(ptr, mm->context.ldt, size))
161 		err = -EFAULT;
162 	mutex_unlock(&mm->context.lock);
163 	if (err < 0)
164 		goto error_return;
165 	if (size != bytecount) {
166 		/* zero-fill the rest */
167 		if (clear_user(ptr + size, bytecount - size) != 0) {
168 			err = -EFAULT;
169 			goto error_return;
170 		}
171 	}
172 	return bytecount;
173 error_return:
174 	return err;
175 }
176 
177 static int read_default_ldt(void __user *ptr, unsigned long bytecount)
178 {
179 	/* CHECKME: Can we use _one_ random number ? */
180 #ifdef CONFIG_X86_32
181 	unsigned long size = 5 * sizeof(struct desc_struct);
182 #else
183 	unsigned long size = 128;
184 #endif
185 	if (bytecount > size)
186 		bytecount = size;
187 	if (clear_user(ptr, bytecount))
188 		return -EFAULT;
189 	return bytecount;
190 }
191 
192 static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
193 {
194 	struct mm_struct *mm = current->mm;
195 	struct desc_struct ldt;
196 	int error;
197 	struct user_desc ldt_info;
198 
199 	error = -EINVAL;
200 	if (bytecount != sizeof(ldt_info))
201 		goto out;
202 	error = -EFAULT;
203 	if (copy_from_user(&ldt_info, ptr, sizeof(ldt_info)))
204 		goto out;
205 
206 	error = -EINVAL;
207 	if (ldt_info.entry_number >= LDT_ENTRIES)
208 		goto out;
209 	if (ldt_info.contents == 3) {
210 		if (oldmode)
211 			goto out;
212 		if (ldt_info.seg_not_present == 0)
213 			goto out;
214 	}
215 
216 	mutex_lock(&mm->context.lock);
217 	if (ldt_info.entry_number >= mm->context.size) {
218 		error = alloc_ldt(&current->mm->context,
219 				  ldt_info.entry_number + 1, 1);
220 		if (error < 0)
221 			goto out_unlock;
222 	}
223 
224 	/* Allow LDTs to be cleared by the user. */
225 	if (ldt_info.base_addr == 0 && ldt_info.limit == 0) {
226 		if (oldmode || LDT_empty(&ldt_info)) {
227 			memset(&ldt, 0, sizeof(ldt));
228 			goto install;
229 		}
230 	}
231 
232 	/*
233 	 * On x86-64 we do not support 16-bit segments due to
234 	 * IRET leaking the high bits of the kernel stack address.
235 	 */
236 #ifdef CONFIG_X86_64
237 	if (!ldt_info.seg_32bit) {
238 		error = -EINVAL;
239 		goto out_unlock;
240 	}
241 #endif
242 
243 	fill_ldt(&ldt, &ldt_info);
244 	if (oldmode)
245 		ldt.avl = 0;
246 
247 	/* Install the new entry ...  */
248 install:
249 	write_ldt_entry(mm->context.ldt, ldt_info.entry_number, &ldt);
250 	error = 0;
251 
252 out_unlock:
253 	mutex_unlock(&mm->context.lock);
254 out:
255 	return error;
256 }
257 
258 asmlinkage int sys_modify_ldt(int func, void __user *ptr,
259 			      unsigned long bytecount)
260 {
261 	int ret = -ENOSYS;
262 
263 	switch (func) {
264 	case 0:
265 		ret = read_ldt(ptr, bytecount);
266 		break;
267 	case 1:
268 		ret = write_ldt(ptr, bytecount, 1);
269 		break;
270 	case 2:
271 		ret = read_default_ldt(ptr, bytecount);
272 		break;
273 	case 0x11:
274 		ret = write_ldt(ptr, bytecount, 0);
275 		break;
276 	}
277 	return ret;
278 }
279