xref: /openbmc/linux/arch/x86/kernel/ptrace.c (revision b8d312aa)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /* By Ross Biro 1/23/92 */
3 /*
4  * Pentium III FXSR, SSE support
5  *	Gareth Hughes <gareth@valinux.com>, May 2000
6  */
7 
8 #include <linux/kernel.h>
9 #include <linux/sched.h>
10 #include <linux/sched/task_stack.h>
11 #include <linux/mm.h>
12 #include <linux/smp.h>
13 #include <linux/errno.h>
14 #include <linux/slab.h>
15 #include <linux/ptrace.h>
16 #include <linux/tracehook.h>
17 #include <linux/user.h>
18 #include <linux/elf.h>
19 #include <linux/security.h>
20 #include <linux/audit.h>
21 #include <linux/seccomp.h>
22 #include <linux/signal.h>
23 #include <linux/perf_event.h>
24 #include <linux/hw_breakpoint.h>
25 #include <linux/rcupdate.h>
26 #include <linux/export.h>
27 #include <linux/context_tracking.h>
28 #include <linux/nospec.h>
29 
30 #include <linux/uaccess.h>
31 #include <asm/pgtable.h>
32 #include <asm/processor.h>
33 #include <asm/fpu/internal.h>
34 #include <asm/fpu/signal.h>
35 #include <asm/fpu/regset.h>
36 #include <asm/debugreg.h>
37 #include <asm/ldt.h>
38 #include <asm/desc.h>
39 #include <asm/prctl.h>
40 #include <asm/proto.h>
41 #include <asm/hw_breakpoint.h>
42 #include <asm/traps.h>
43 #include <asm/syscall.h>
44 #include <asm/fsgsbase.h>
45 
46 #include "tls.h"
47 
48 enum x86_regset {
49 	REGSET_GENERAL,
50 	REGSET_FP,
51 	REGSET_XFP,
52 	REGSET_IOPERM64 = REGSET_XFP,
53 	REGSET_XSTATE,
54 	REGSET_TLS,
55 	REGSET_IOPERM32,
56 };
57 
58 struct pt_regs_offset {
59 	const char *name;
60 	int offset;
61 };
62 
63 #define REG_OFFSET_NAME(r) {.name = #r, .offset = offsetof(struct pt_regs, r)}
64 #define REG_OFFSET_END {.name = NULL, .offset = 0}
65 
66 static const struct pt_regs_offset regoffset_table[] = {
67 #ifdef CONFIG_X86_64
68 	REG_OFFSET_NAME(r15),
69 	REG_OFFSET_NAME(r14),
70 	REG_OFFSET_NAME(r13),
71 	REG_OFFSET_NAME(r12),
72 	REG_OFFSET_NAME(r11),
73 	REG_OFFSET_NAME(r10),
74 	REG_OFFSET_NAME(r9),
75 	REG_OFFSET_NAME(r8),
76 #endif
77 	REG_OFFSET_NAME(bx),
78 	REG_OFFSET_NAME(cx),
79 	REG_OFFSET_NAME(dx),
80 	REG_OFFSET_NAME(si),
81 	REG_OFFSET_NAME(di),
82 	REG_OFFSET_NAME(bp),
83 	REG_OFFSET_NAME(ax),
84 #ifdef CONFIG_X86_32
85 	REG_OFFSET_NAME(ds),
86 	REG_OFFSET_NAME(es),
87 	REG_OFFSET_NAME(fs),
88 	REG_OFFSET_NAME(gs),
89 #endif
90 	REG_OFFSET_NAME(orig_ax),
91 	REG_OFFSET_NAME(ip),
92 	REG_OFFSET_NAME(cs),
93 	REG_OFFSET_NAME(flags),
94 	REG_OFFSET_NAME(sp),
95 	REG_OFFSET_NAME(ss),
96 	REG_OFFSET_END,
97 };
98 
99 /**
100  * regs_query_register_offset() - query register offset from its name
101  * @name:	the name of a register
102  *
103  * regs_query_register_offset() returns the offset of a register in struct
104  * pt_regs from its name. If the name is invalid, this returns -EINVAL;
105  */
106 int regs_query_register_offset(const char *name)
107 {
108 	const struct pt_regs_offset *roff;
109 	for (roff = regoffset_table; roff->name != NULL; roff++)
110 		if (!strcmp(roff->name, name))
111 			return roff->offset;
112 	return -EINVAL;
113 }
114 
115 /**
116  * regs_query_register_name() - query register name from its offset
117  * @offset:	the offset of a register in struct pt_regs.
118  *
119  * regs_query_register_name() returns the name of a register from its
120  * offset in struct pt_regs. If the @offset is invalid, this returns NULL;
121  */
122 const char *regs_query_register_name(unsigned int offset)
123 {
124 	const struct pt_regs_offset *roff;
125 	for (roff = regoffset_table; roff->name != NULL; roff++)
126 		if (roff->offset == offset)
127 			return roff->name;
128 	return NULL;
129 }
130 
131 /*
132  * does not yet catch signals sent when the child dies.
133  * in exit.c or in signal.c.
134  */
135 
136 /*
137  * Determines which flags the user has access to [1 = access, 0 = no access].
138  */
139 #define FLAG_MASK_32		((unsigned long)			\
140 				 (X86_EFLAGS_CF | X86_EFLAGS_PF |	\
141 				  X86_EFLAGS_AF | X86_EFLAGS_ZF |	\
142 				  X86_EFLAGS_SF | X86_EFLAGS_TF |	\
143 				  X86_EFLAGS_DF | X86_EFLAGS_OF |	\
144 				  X86_EFLAGS_RF | X86_EFLAGS_AC))
145 
146 /*
147  * Determines whether a value may be installed in a segment register.
148  */
149 static inline bool invalid_selector(u16 value)
150 {
151 	return unlikely(value != 0 && (value & SEGMENT_RPL_MASK) != USER_RPL);
152 }
153 
154 #ifdef CONFIG_X86_32
155 
156 #define FLAG_MASK		FLAG_MASK_32
157 
158 static unsigned long *pt_regs_access(struct pt_regs *regs, unsigned long regno)
159 {
160 	BUILD_BUG_ON(offsetof(struct pt_regs, bx) != 0);
161 	return &regs->bx + (regno >> 2);
162 }
163 
164 static u16 get_segment_reg(struct task_struct *task, unsigned long offset)
165 {
166 	/*
167 	 * Returning the value truncates it to 16 bits.
168 	 */
169 	unsigned int retval;
170 	if (offset != offsetof(struct user_regs_struct, gs))
171 		retval = *pt_regs_access(task_pt_regs(task), offset);
172 	else {
173 		if (task == current)
174 			retval = get_user_gs(task_pt_regs(task));
175 		else
176 			retval = task_user_gs(task);
177 	}
178 	return retval;
179 }
180 
181 static int set_segment_reg(struct task_struct *task,
182 			   unsigned long offset, u16 value)
183 {
184 	/*
185 	 * The value argument was already truncated to 16 bits.
186 	 */
187 	if (invalid_selector(value))
188 		return -EIO;
189 
190 	/*
191 	 * For %cs and %ss we cannot permit a null selector.
192 	 * We can permit a bogus selector as long as it has USER_RPL.
193 	 * Null selectors are fine for other segment registers, but
194 	 * we will never get back to user mode with invalid %cs or %ss
195 	 * and will take the trap in iret instead.  Much code relies
196 	 * on user_mode() to distinguish a user trap frame (which can
197 	 * safely use invalid selectors) from a kernel trap frame.
198 	 */
199 	switch (offset) {
200 	case offsetof(struct user_regs_struct, cs):
201 	case offsetof(struct user_regs_struct, ss):
202 		if (unlikely(value == 0))
203 			return -EIO;
204 
205 	default:
206 		*pt_regs_access(task_pt_regs(task), offset) = value;
207 		break;
208 
209 	case offsetof(struct user_regs_struct, gs):
210 		if (task == current)
211 			set_user_gs(task_pt_regs(task), value);
212 		else
213 			task_user_gs(task) = value;
214 	}
215 
216 	return 0;
217 }
218 
219 #else  /* CONFIG_X86_64 */
220 
221 #define FLAG_MASK		(FLAG_MASK_32 | X86_EFLAGS_NT)
222 
223 static unsigned long *pt_regs_access(struct pt_regs *regs, unsigned long offset)
224 {
225 	BUILD_BUG_ON(offsetof(struct pt_regs, r15) != 0);
226 	return &regs->r15 + (offset / sizeof(regs->r15));
227 }
228 
229 static u16 get_segment_reg(struct task_struct *task, unsigned long offset)
230 {
231 	/*
232 	 * Returning the value truncates it to 16 bits.
233 	 */
234 	unsigned int seg;
235 
236 	switch (offset) {
237 	case offsetof(struct user_regs_struct, fs):
238 		if (task == current) {
239 			/* Older gas can't assemble movq %?s,%r?? */
240 			asm("movl %%fs,%0" : "=r" (seg));
241 			return seg;
242 		}
243 		return task->thread.fsindex;
244 	case offsetof(struct user_regs_struct, gs):
245 		if (task == current) {
246 			asm("movl %%gs,%0" : "=r" (seg));
247 			return seg;
248 		}
249 		return task->thread.gsindex;
250 	case offsetof(struct user_regs_struct, ds):
251 		if (task == current) {
252 			asm("movl %%ds,%0" : "=r" (seg));
253 			return seg;
254 		}
255 		return task->thread.ds;
256 	case offsetof(struct user_regs_struct, es):
257 		if (task == current) {
258 			asm("movl %%es,%0" : "=r" (seg));
259 			return seg;
260 		}
261 		return task->thread.es;
262 
263 	case offsetof(struct user_regs_struct, cs):
264 	case offsetof(struct user_regs_struct, ss):
265 		break;
266 	}
267 	return *pt_regs_access(task_pt_regs(task), offset);
268 }
269 
270 static int set_segment_reg(struct task_struct *task,
271 			   unsigned long offset, u16 value)
272 {
273 	/*
274 	 * The value argument was already truncated to 16 bits.
275 	 */
276 	if (invalid_selector(value))
277 		return -EIO;
278 
279 	switch (offset) {
280 	case offsetof(struct user_regs_struct,fs):
281 		task->thread.fsindex = value;
282 		if (task == current)
283 			loadsegment(fs, task->thread.fsindex);
284 		break;
285 	case offsetof(struct user_regs_struct,gs):
286 		task->thread.gsindex = value;
287 		if (task == current)
288 			load_gs_index(task->thread.gsindex);
289 		break;
290 	case offsetof(struct user_regs_struct,ds):
291 		task->thread.ds = value;
292 		if (task == current)
293 			loadsegment(ds, task->thread.ds);
294 		break;
295 	case offsetof(struct user_regs_struct,es):
296 		task->thread.es = value;
297 		if (task == current)
298 			loadsegment(es, task->thread.es);
299 		break;
300 
301 		/*
302 		 * Can't actually change these in 64-bit mode.
303 		 */
304 	case offsetof(struct user_regs_struct,cs):
305 		if (unlikely(value == 0))
306 			return -EIO;
307 		task_pt_regs(task)->cs = value;
308 		break;
309 	case offsetof(struct user_regs_struct,ss):
310 		if (unlikely(value == 0))
311 			return -EIO;
312 		task_pt_regs(task)->ss = value;
313 		break;
314 	}
315 
316 	return 0;
317 }
318 
319 #endif	/* CONFIG_X86_32 */
320 
321 static unsigned long get_flags(struct task_struct *task)
322 {
323 	unsigned long retval = task_pt_regs(task)->flags;
324 
325 	/*
326 	 * If the debugger set TF, hide it from the readout.
327 	 */
328 	if (test_tsk_thread_flag(task, TIF_FORCED_TF))
329 		retval &= ~X86_EFLAGS_TF;
330 
331 	return retval;
332 }
333 
334 static int set_flags(struct task_struct *task, unsigned long value)
335 {
336 	struct pt_regs *regs = task_pt_regs(task);
337 
338 	/*
339 	 * If the user value contains TF, mark that
340 	 * it was not "us" (the debugger) that set it.
341 	 * If not, make sure it stays set if we had.
342 	 */
343 	if (value & X86_EFLAGS_TF)
344 		clear_tsk_thread_flag(task, TIF_FORCED_TF);
345 	else if (test_tsk_thread_flag(task, TIF_FORCED_TF))
346 		value |= X86_EFLAGS_TF;
347 
348 	regs->flags = (regs->flags & ~FLAG_MASK) | (value & FLAG_MASK);
349 
350 	return 0;
351 }
352 
353 static int putreg(struct task_struct *child,
354 		  unsigned long offset, unsigned long value)
355 {
356 	switch (offset) {
357 	case offsetof(struct user_regs_struct, cs):
358 	case offsetof(struct user_regs_struct, ds):
359 	case offsetof(struct user_regs_struct, es):
360 	case offsetof(struct user_regs_struct, fs):
361 	case offsetof(struct user_regs_struct, gs):
362 	case offsetof(struct user_regs_struct, ss):
363 		return set_segment_reg(child, offset, value);
364 
365 	case offsetof(struct user_regs_struct, flags):
366 		return set_flags(child, value);
367 
368 #ifdef CONFIG_X86_64
369 	case offsetof(struct user_regs_struct,fs_base):
370 		if (value >= TASK_SIZE_MAX)
371 			return -EIO;
372 		/*
373 		 * When changing the FS base, use do_arch_prctl_64()
374 		 * to set the index to zero and to set the base
375 		 * as requested.
376 		 */
377 		if (child->thread.fsbase != value)
378 			return do_arch_prctl_64(child, ARCH_SET_FS, value);
379 		return 0;
380 	case offsetof(struct user_regs_struct,gs_base):
381 		/*
382 		 * Exactly the same here as the %fs handling above.
383 		 */
384 		if (value >= TASK_SIZE_MAX)
385 			return -EIO;
386 		if (child->thread.gsbase != value)
387 			return do_arch_prctl_64(child, ARCH_SET_GS, value);
388 		return 0;
389 #endif
390 	}
391 
392 	*pt_regs_access(task_pt_regs(child), offset) = value;
393 	return 0;
394 }
395 
396 static unsigned long getreg(struct task_struct *task, unsigned long offset)
397 {
398 	switch (offset) {
399 	case offsetof(struct user_regs_struct, cs):
400 	case offsetof(struct user_regs_struct, ds):
401 	case offsetof(struct user_regs_struct, es):
402 	case offsetof(struct user_regs_struct, fs):
403 	case offsetof(struct user_regs_struct, gs):
404 	case offsetof(struct user_regs_struct, ss):
405 		return get_segment_reg(task, offset);
406 
407 	case offsetof(struct user_regs_struct, flags):
408 		return get_flags(task);
409 
410 #ifdef CONFIG_X86_64
411 	case offsetof(struct user_regs_struct, fs_base):
412 		return x86_fsbase_read_task(task);
413 	case offsetof(struct user_regs_struct, gs_base):
414 		return x86_gsbase_read_task(task);
415 #endif
416 	}
417 
418 	return *pt_regs_access(task_pt_regs(task), offset);
419 }
420 
421 static int genregs_get(struct task_struct *target,
422 		       const struct user_regset *regset,
423 		       unsigned int pos, unsigned int count,
424 		       void *kbuf, void __user *ubuf)
425 {
426 	if (kbuf) {
427 		unsigned long *k = kbuf;
428 		while (count >= sizeof(*k)) {
429 			*k++ = getreg(target, pos);
430 			count -= sizeof(*k);
431 			pos += sizeof(*k);
432 		}
433 	} else {
434 		unsigned long __user *u = ubuf;
435 		while (count >= sizeof(*u)) {
436 			if (__put_user(getreg(target, pos), u++))
437 				return -EFAULT;
438 			count -= sizeof(*u);
439 			pos += sizeof(*u);
440 		}
441 	}
442 
443 	return 0;
444 }
445 
446 static int genregs_set(struct task_struct *target,
447 		       const struct user_regset *regset,
448 		       unsigned int pos, unsigned int count,
449 		       const void *kbuf, const void __user *ubuf)
450 {
451 	int ret = 0;
452 	if (kbuf) {
453 		const unsigned long *k = kbuf;
454 		while (count >= sizeof(*k) && !ret) {
455 			ret = putreg(target, pos, *k++);
456 			count -= sizeof(*k);
457 			pos += sizeof(*k);
458 		}
459 	} else {
460 		const unsigned long  __user *u = ubuf;
461 		while (count >= sizeof(*u) && !ret) {
462 			unsigned long word;
463 			ret = __get_user(word, u++);
464 			if (ret)
465 				break;
466 			ret = putreg(target, pos, word);
467 			count -= sizeof(*u);
468 			pos += sizeof(*u);
469 		}
470 	}
471 	return ret;
472 }
473 
474 static void ptrace_triggered(struct perf_event *bp,
475 			     struct perf_sample_data *data,
476 			     struct pt_regs *regs)
477 {
478 	int i;
479 	struct thread_struct *thread = &(current->thread);
480 
481 	/*
482 	 * Store in the virtual DR6 register the fact that the breakpoint
483 	 * was hit so the thread's debugger will see it.
484 	 */
485 	for (i = 0; i < HBP_NUM; i++) {
486 		if (thread->ptrace_bps[i] == bp)
487 			break;
488 	}
489 
490 	thread->debugreg6 |= (DR_TRAP0 << i);
491 }
492 
493 /*
494  * Walk through every ptrace breakpoints for this thread and
495  * build the dr7 value on top of their attributes.
496  *
497  */
498 static unsigned long ptrace_get_dr7(struct perf_event *bp[])
499 {
500 	int i;
501 	int dr7 = 0;
502 	struct arch_hw_breakpoint *info;
503 
504 	for (i = 0; i < HBP_NUM; i++) {
505 		if (bp[i] && !bp[i]->attr.disabled) {
506 			info = counter_arch_bp(bp[i]);
507 			dr7 |= encode_dr7(i, info->len, info->type);
508 		}
509 	}
510 
511 	return dr7;
512 }
513 
514 static int ptrace_fill_bp_fields(struct perf_event_attr *attr,
515 					int len, int type, bool disabled)
516 {
517 	int err, bp_len, bp_type;
518 
519 	err = arch_bp_generic_fields(len, type, &bp_len, &bp_type);
520 	if (!err) {
521 		attr->bp_len = bp_len;
522 		attr->bp_type = bp_type;
523 		attr->disabled = disabled;
524 	}
525 
526 	return err;
527 }
528 
529 static struct perf_event *
530 ptrace_register_breakpoint(struct task_struct *tsk, int len, int type,
531 				unsigned long addr, bool disabled)
532 {
533 	struct perf_event_attr attr;
534 	int err;
535 
536 	ptrace_breakpoint_init(&attr);
537 	attr.bp_addr = addr;
538 
539 	err = ptrace_fill_bp_fields(&attr, len, type, disabled);
540 	if (err)
541 		return ERR_PTR(err);
542 
543 	return register_user_hw_breakpoint(&attr, ptrace_triggered,
544 						 NULL, tsk);
545 }
546 
547 static int ptrace_modify_breakpoint(struct perf_event *bp, int len, int type,
548 					int disabled)
549 {
550 	struct perf_event_attr attr = bp->attr;
551 	int err;
552 
553 	err = ptrace_fill_bp_fields(&attr, len, type, disabled);
554 	if (err)
555 		return err;
556 
557 	return modify_user_hw_breakpoint(bp, &attr);
558 }
559 
560 /*
561  * Handle ptrace writes to debug register 7.
562  */
563 static int ptrace_write_dr7(struct task_struct *tsk, unsigned long data)
564 {
565 	struct thread_struct *thread = &tsk->thread;
566 	unsigned long old_dr7;
567 	bool second_pass = false;
568 	int i, rc, ret = 0;
569 
570 	data &= ~DR_CONTROL_RESERVED;
571 	old_dr7 = ptrace_get_dr7(thread->ptrace_bps);
572 
573 restore:
574 	rc = 0;
575 	for (i = 0; i < HBP_NUM; i++) {
576 		unsigned len, type;
577 		bool disabled = !decode_dr7(data, i, &len, &type);
578 		struct perf_event *bp = thread->ptrace_bps[i];
579 
580 		if (!bp) {
581 			if (disabled)
582 				continue;
583 
584 			bp = ptrace_register_breakpoint(tsk,
585 					len, type, 0, disabled);
586 			if (IS_ERR(bp)) {
587 				rc = PTR_ERR(bp);
588 				break;
589 			}
590 
591 			thread->ptrace_bps[i] = bp;
592 			continue;
593 		}
594 
595 		rc = ptrace_modify_breakpoint(bp, len, type, disabled);
596 		if (rc)
597 			break;
598 	}
599 
600 	/* Restore if the first pass failed, second_pass shouldn't fail. */
601 	if (rc && !WARN_ON(second_pass)) {
602 		ret = rc;
603 		data = old_dr7;
604 		second_pass = true;
605 		goto restore;
606 	}
607 
608 	return ret;
609 }
610 
611 /*
612  * Handle PTRACE_PEEKUSR calls for the debug register area.
613  */
614 static unsigned long ptrace_get_debugreg(struct task_struct *tsk, int n)
615 {
616 	struct thread_struct *thread = &tsk->thread;
617 	unsigned long val = 0;
618 
619 	if (n < HBP_NUM) {
620 		int index = array_index_nospec(n, HBP_NUM);
621 		struct perf_event *bp = thread->ptrace_bps[index];
622 
623 		if (bp)
624 			val = bp->hw.info.address;
625 	} else if (n == 6) {
626 		val = thread->debugreg6;
627 	} else if (n == 7) {
628 		val = thread->ptrace_dr7;
629 	}
630 	return val;
631 }
632 
633 static int ptrace_set_breakpoint_addr(struct task_struct *tsk, int nr,
634 				      unsigned long addr)
635 {
636 	struct thread_struct *t = &tsk->thread;
637 	struct perf_event *bp = t->ptrace_bps[nr];
638 	int err = 0;
639 
640 	if (!bp) {
641 		/*
642 		 * Put stub len and type to create an inactive but correct bp.
643 		 *
644 		 * CHECKME: the previous code returned -EIO if the addr wasn't
645 		 * a valid task virtual addr. The new one will return -EINVAL in
646 		 *  this case.
647 		 * -EINVAL may be what we want for in-kernel breakpoints users,
648 		 * but -EIO looks better for ptrace, since we refuse a register
649 		 * writing for the user. And anyway this is the previous
650 		 * behaviour.
651 		 */
652 		bp = ptrace_register_breakpoint(tsk,
653 				X86_BREAKPOINT_LEN_1, X86_BREAKPOINT_WRITE,
654 				addr, true);
655 		if (IS_ERR(bp))
656 			err = PTR_ERR(bp);
657 		else
658 			t->ptrace_bps[nr] = bp;
659 	} else {
660 		struct perf_event_attr attr = bp->attr;
661 
662 		attr.bp_addr = addr;
663 		err = modify_user_hw_breakpoint(bp, &attr);
664 	}
665 
666 	return err;
667 }
668 
669 /*
670  * Handle PTRACE_POKEUSR calls for the debug register area.
671  */
672 static int ptrace_set_debugreg(struct task_struct *tsk, int n,
673 			       unsigned long val)
674 {
675 	struct thread_struct *thread = &tsk->thread;
676 	/* There are no DR4 or DR5 registers */
677 	int rc = -EIO;
678 
679 	if (n < HBP_NUM) {
680 		rc = ptrace_set_breakpoint_addr(tsk, n, val);
681 	} else if (n == 6) {
682 		thread->debugreg6 = val;
683 		rc = 0;
684 	} else if (n == 7) {
685 		rc = ptrace_write_dr7(tsk, val);
686 		if (!rc)
687 			thread->ptrace_dr7 = val;
688 	}
689 	return rc;
690 }
691 
692 /*
693  * These access the current or another (stopped) task's io permission
694  * bitmap for debugging or core dump.
695  */
696 static int ioperm_active(struct task_struct *target,
697 			 const struct user_regset *regset)
698 {
699 	return target->thread.io_bitmap_max / regset->size;
700 }
701 
702 static int ioperm_get(struct task_struct *target,
703 		      const struct user_regset *regset,
704 		      unsigned int pos, unsigned int count,
705 		      void *kbuf, void __user *ubuf)
706 {
707 	if (!target->thread.io_bitmap_ptr)
708 		return -ENXIO;
709 
710 	return user_regset_copyout(&pos, &count, &kbuf, &ubuf,
711 				   target->thread.io_bitmap_ptr,
712 				   0, IO_BITMAP_BYTES);
713 }
714 
715 /*
716  * Called by kernel/ptrace.c when detaching..
717  *
718  * Make sure the single step bit is not set.
719  */
720 void ptrace_disable(struct task_struct *child)
721 {
722 	user_disable_single_step(child);
723 }
724 
725 #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION
726 static const struct user_regset_view user_x86_32_view; /* Initialized below. */
727 #endif
728 
729 long arch_ptrace(struct task_struct *child, long request,
730 		 unsigned long addr, unsigned long data)
731 {
732 	int ret;
733 	unsigned long __user *datap = (unsigned long __user *)data;
734 
735 	switch (request) {
736 	/* read the word at location addr in the USER area. */
737 	case PTRACE_PEEKUSR: {
738 		unsigned long tmp;
739 
740 		ret = -EIO;
741 		if ((addr & (sizeof(data) - 1)) || addr >= sizeof(struct user))
742 			break;
743 
744 		tmp = 0;  /* Default return condition */
745 		if (addr < sizeof(struct user_regs_struct))
746 			tmp = getreg(child, addr);
747 		else if (addr >= offsetof(struct user, u_debugreg[0]) &&
748 			 addr <= offsetof(struct user, u_debugreg[7])) {
749 			addr -= offsetof(struct user, u_debugreg[0]);
750 			tmp = ptrace_get_debugreg(child, addr / sizeof(data));
751 		}
752 		ret = put_user(tmp, datap);
753 		break;
754 	}
755 
756 	case PTRACE_POKEUSR: /* write the word at location addr in the USER area */
757 		ret = -EIO;
758 		if ((addr & (sizeof(data) - 1)) || addr >= sizeof(struct user))
759 			break;
760 
761 		if (addr < sizeof(struct user_regs_struct))
762 			ret = putreg(child, addr, data);
763 		else if (addr >= offsetof(struct user, u_debugreg[0]) &&
764 			 addr <= offsetof(struct user, u_debugreg[7])) {
765 			addr -= offsetof(struct user, u_debugreg[0]);
766 			ret = ptrace_set_debugreg(child,
767 						  addr / sizeof(data), data);
768 		}
769 		break;
770 
771 	case PTRACE_GETREGS:	/* Get all gp regs from the child. */
772 		return copy_regset_to_user(child,
773 					   task_user_regset_view(current),
774 					   REGSET_GENERAL,
775 					   0, sizeof(struct user_regs_struct),
776 					   datap);
777 
778 	case PTRACE_SETREGS:	/* Set all gp regs in the child. */
779 		return copy_regset_from_user(child,
780 					     task_user_regset_view(current),
781 					     REGSET_GENERAL,
782 					     0, sizeof(struct user_regs_struct),
783 					     datap);
784 
785 	case PTRACE_GETFPREGS:	/* Get the child FPU state. */
786 		return copy_regset_to_user(child,
787 					   task_user_regset_view(current),
788 					   REGSET_FP,
789 					   0, sizeof(struct user_i387_struct),
790 					   datap);
791 
792 	case PTRACE_SETFPREGS:	/* Set the child FPU state. */
793 		return copy_regset_from_user(child,
794 					     task_user_regset_view(current),
795 					     REGSET_FP,
796 					     0, sizeof(struct user_i387_struct),
797 					     datap);
798 
799 #ifdef CONFIG_X86_32
800 	case PTRACE_GETFPXREGS:	/* Get the child extended FPU state. */
801 		return copy_regset_to_user(child, &user_x86_32_view,
802 					   REGSET_XFP,
803 					   0, sizeof(struct user_fxsr_struct),
804 					   datap) ? -EIO : 0;
805 
806 	case PTRACE_SETFPXREGS:	/* Set the child extended FPU state. */
807 		return copy_regset_from_user(child, &user_x86_32_view,
808 					     REGSET_XFP,
809 					     0, sizeof(struct user_fxsr_struct),
810 					     datap) ? -EIO : 0;
811 #endif
812 
813 #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION
814 	case PTRACE_GET_THREAD_AREA:
815 		if ((int) addr < 0)
816 			return -EIO;
817 		ret = do_get_thread_area(child, addr,
818 					(struct user_desc __user *)data);
819 		break;
820 
821 	case PTRACE_SET_THREAD_AREA:
822 		if ((int) addr < 0)
823 			return -EIO;
824 		ret = do_set_thread_area(child, addr,
825 					(struct user_desc __user *)data, 0);
826 		break;
827 #endif
828 
829 #ifdef CONFIG_X86_64
830 		/* normal 64bit interface to access TLS data.
831 		   Works just like arch_prctl, except that the arguments
832 		   are reversed. */
833 	case PTRACE_ARCH_PRCTL:
834 		ret = do_arch_prctl_64(child, data, addr);
835 		break;
836 #endif
837 
838 	default:
839 		ret = ptrace_request(child, request, addr, data);
840 		break;
841 	}
842 
843 	return ret;
844 }
845 
846 #ifdef CONFIG_IA32_EMULATION
847 
848 #include <linux/compat.h>
849 #include <linux/syscalls.h>
850 #include <asm/ia32.h>
851 #include <asm/user32.h>
852 
853 #define R32(l,q)							\
854 	case offsetof(struct user32, regs.l):				\
855 		regs->q = value; break
856 
857 #define SEG32(rs)							\
858 	case offsetof(struct user32, regs.rs):				\
859 		return set_segment_reg(child,				\
860 				       offsetof(struct user_regs_struct, rs), \
861 				       value);				\
862 		break
863 
864 static int putreg32(struct task_struct *child, unsigned regno, u32 value)
865 {
866 	struct pt_regs *regs = task_pt_regs(child);
867 
868 	switch (regno) {
869 
870 	SEG32(cs);
871 	SEG32(ds);
872 	SEG32(es);
873 	SEG32(fs);
874 	SEG32(gs);
875 	SEG32(ss);
876 
877 	R32(ebx, bx);
878 	R32(ecx, cx);
879 	R32(edx, dx);
880 	R32(edi, di);
881 	R32(esi, si);
882 	R32(ebp, bp);
883 	R32(eax, ax);
884 	R32(eip, ip);
885 	R32(esp, sp);
886 
887 	case offsetof(struct user32, regs.orig_eax):
888 		/*
889 		 * Warning: bizarre corner case fixup here.  A 32-bit
890 		 * debugger setting orig_eax to -1 wants to disable
891 		 * syscall restart.  Make sure that the syscall
892 		 * restart code sign-extends orig_ax.  Also make sure
893 		 * we interpret the -ERESTART* codes correctly if
894 		 * loaded into regs->ax in case the task is not
895 		 * actually still sitting at the exit from a 32-bit
896 		 * syscall with TS_COMPAT still set.
897 		 */
898 		regs->orig_ax = value;
899 		if (syscall_get_nr(child, regs) >= 0)
900 			child->thread_info.status |= TS_I386_REGS_POKED;
901 		break;
902 
903 	case offsetof(struct user32, regs.eflags):
904 		return set_flags(child, value);
905 
906 	case offsetof(struct user32, u_debugreg[0]) ...
907 		offsetof(struct user32, u_debugreg[7]):
908 		regno -= offsetof(struct user32, u_debugreg[0]);
909 		return ptrace_set_debugreg(child, regno / 4, value);
910 
911 	default:
912 		if (regno > sizeof(struct user32) || (regno & 3))
913 			return -EIO;
914 
915 		/*
916 		 * Other dummy fields in the virtual user structure
917 		 * are ignored
918 		 */
919 		break;
920 	}
921 	return 0;
922 }
923 
924 #undef R32
925 #undef SEG32
926 
927 #define R32(l,q)							\
928 	case offsetof(struct user32, regs.l):				\
929 		*val = regs->q; break
930 
931 #define SEG32(rs)							\
932 	case offsetof(struct user32, regs.rs):				\
933 		*val = get_segment_reg(child,				\
934 				       offsetof(struct user_regs_struct, rs)); \
935 		break
936 
937 static int getreg32(struct task_struct *child, unsigned regno, u32 *val)
938 {
939 	struct pt_regs *regs = task_pt_regs(child);
940 
941 	switch (regno) {
942 
943 	SEG32(ds);
944 	SEG32(es);
945 	SEG32(fs);
946 	SEG32(gs);
947 
948 	R32(cs, cs);
949 	R32(ss, ss);
950 	R32(ebx, bx);
951 	R32(ecx, cx);
952 	R32(edx, dx);
953 	R32(edi, di);
954 	R32(esi, si);
955 	R32(ebp, bp);
956 	R32(eax, ax);
957 	R32(orig_eax, orig_ax);
958 	R32(eip, ip);
959 	R32(esp, sp);
960 
961 	case offsetof(struct user32, regs.eflags):
962 		*val = get_flags(child);
963 		break;
964 
965 	case offsetof(struct user32, u_debugreg[0]) ...
966 		offsetof(struct user32, u_debugreg[7]):
967 		regno -= offsetof(struct user32, u_debugreg[0]);
968 		*val = ptrace_get_debugreg(child, regno / 4);
969 		break;
970 
971 	default:
972 		if (regno > sizeof(struct user32) || (regno & 3))
973 			return -EIO;
974 
975 		/*
976 		 * Other dummy fields in the virtual user structure
977 		 * are ignored
978 		 */
979 		*val = 0;
980 		break;
981 	}
982 	return 0;
983 }
984 
985 #undef R32
986 #undef SEG32
987 
988 static int genregs32_get(struct task_struct *target,
989 			 const struct user_regset *regset,
990 			 unsigned int pos, unsigned int count,
991 			 void *kbuf, void __user *ubuf)
992 {
993 	if (kbuf) {
994 		compat_ulong_t *k = kbuf;
995 		while (count >= sizeof(*k)) {
996 			getreg32(target, pos, k++);
997 			count -= sizeof(*k);
998 			pos += sizeof(*k);
999 		}
1000 	} else {
1001 		compat_ulong_t __user *u = ubuf;
1002 		while (count >= sizeof(*u)) {
1003 			compat_ulong_t word;
1004 			getreg32(target, pos, &word);
1005 			if (__put_user(word, u++))
1006 				return -EFAULT;
1007 			count -= sizeof(*u);
1008 			pos += sizeof(*u);
1009 		}
1010 	}
1011 
1012 	return 0;
1013 }
1014 
1015 static int genregs32_set(struct task_struct *target,
1016 			 const struct user_regset *regset,
1017 			 unsigned int pos, unsigned int count,
1018 			 const void *kbuf, const void __user *ubuf)
1019 {
1020 	int ret = 0;
1021 	if (kbuf) {
1022 		const compat_ulong_t *k = kbuf;
1023 		while (count >= sizeof(*k) && !ret) {
1024 			ret = putreg32(target, pos, *k++);
1025 			count -= sizeof(*k);
1026 			pos += sizeof(*k);
1027 		}
1028 	} else {
1029 		const compat_ulong_t __user *u = ubuf;
1030 		while (count >= sizeof(*u) && !ret) {
1031 			compat_ulong_t word;
1032 			ret = __get_user(word, u++);
1033 			if (ret)
1034 				break;
1035 			ret = putreg32(target, pos, word);
1036 			count -= sizeof(*u);
1037 			pos += sizeof(*u);
1038 		}
1039 	}
1040 	return ret;
1041 }
1042 
1043 static long ia32_arch_ptrace(struct task_struct *child, compat_long_t request,
1044 			     compat_ulong_t caddr, compat_ulong_t cdata)
1045 {
1046 	unsigned long addr = caddr;
1047 	unsigned long data = cdata;
1048 	void __user *datap = compat_ptr(data);
1049 	int ret;
1050 	__u32 val;
1051 
1052 	switch (request) {
1053 	case PTRACE_PEEKUSR:
1054 		ret = getreg32(child, addr, &val);
1055 		if (ret == 0)
1056 			ret = put_user(val, (__u32 __user *)datap);
1057 		break;
1058 
1059 	case PTRACE_POKEUSR:
1060 		ret = putreg32(child, addr, data);
1061 		break;
1062 
1063 	case PTRACE_GETREGS:	/* Get all gp regs from the child. */
1064 		return copy_regset_to_user(child, &user_x86_32_view,
1065 					   REGSET_GENERAL,
1066 					   0, sizeof(struct user_regs_struct32),
1067 					   datap);
1068 
1069 	case PTRACE_SETREGS:	/* Set all gp regs in the child. */
1070 		return copy_regset_from_user(child, &user_x86_32_view,
1071 					     REGSET_GENERAL, 0,
1072 					     sizeof(struct user_regs_struct32),
1073 					     datap);
1074 
1075 	case PTRACE_GETFPREGS:	/* Get the child FPU state. */
1076 		return copy_regset_to_user(child, &user_x86_32_view,
1077 					   REGSET_FP, 0,
1078 					   sizeof(struct user_i387_ia32_struct),
1079 					   datap);
1080 
1081 	case PTRACE_SETFPREGS:	/* Set the child FPU state. */
1082 		return copy_regset_from_user(
1083 			child, &user_x86_32_view, REGSET_FP,
1084 			0, sizeof(struct user_i387_ia32_struct), datap);
1085 
1086 	case PTRACE_GETFPXREGS:	/* Get the child extended FPU state. */
1087 		return copy_regset_to_user(child, &user_x86_32_view,
1088 					   REGSET_XFP, 0,
1089 					   sizeof(struct user32_fxsr_struct),
1090 					   datap);
1091 
1092 	case PTRACE_SETFPXREGS:	/* Set the child extended FPU state. */
1093 		return copy_regset_from_user(child, &user_x86_32_view,
1094 					     REGSET_XFP, 0,
1095 					     sizeof(struct user32_fxsr_struct),
1096 					     datap);
1097 
1098 	case PTRACE_GET_THREAD_AREA:
1099 	case PTRACE_SET_THREAD_AREA:
1100 		return arch_ptrace(child, request, addr, data);
1101 
1102 	default:
1103 		return compat_ptrace_request(child, request, addr, data);
1104 	}
1105 
1106 	return ret;
1107 }
1108 #endif /* CONFIG_IA32_EMULATION */
1109 
1110 #ifdef CONFIG_X86_X32_ABI
1111 static long x32_arch_ptrace(struct task_struct *child,
1112 			    compat_long_t request, compat_ulong_t caddr,
1113 			    compat_ulong_t cdata)
1114 {
1115 	unsigned long addr = caddr;
1116 	unsigned long data = cdata;
1117 	void __user *datap = compat_ptr(data);
1118 	int ret;
1119 
1120 	switch (request) {
1121 	/* Read 32bits at location addr in the USER area.  Only allow
1122 	   to return the lower 32bits of segment and debug registers.  */
1123 	case PTRACE_PEEKUSR: {
1124 		u32 tmp;
1125 
1126 		ret = -EIO;
1127 		if ((addr & (sizeof(data) - 1)) || addr >= sizeof(struct user) ||
1128 		    addr < offsetof(struct user_regs_struct, cs))
1129 			break;
1130 
1131 		tmp = 0;  /* Default return condition */
1132 		if (addr < sizeof(struct user_regs_struct))
1133 			tmp = getreg(child, addr);
1134 		else if (addr >= offsetof(struct user, u_debugreg[0]) &&
1135 			 addr <= offsetof(struct user, u_debugreg[7])) {
1136 			addr -= offsetof(struct user, u_debugreg[0]);
1137 			tmp = ptrace_get_debugreg(child, addr / sizeof(data));
1138 		}
1139 		ret = put_user(tmp, (__u32 __user *)datap);
1140 		break;
1141 	}
1142 
1143 	/* Write the word at location addr in the USER area.  Only allow
1144 	   to update segment and debug registers with the upper 32bits
1145 	   zero-extended. */
1146 	case PTRACE_POKEUSR:
1147 		ret = -EIO;
1148 		if ((addr & (sizeof(data) - 1)) || addr >= sizeof(struct user) ||
1149 		    addr < offsetof(struct user_regs_struct, cs))
1150 			break;
1151 
1152 		if (addr < sizeof(struct user_regs_struct))
1153 			ret = putreg(child, addr, data);
1154 		else if (addr >= offsetof(struct user, u_debugreg[0]) &&
1155 			 addr <= offsetof(struct user, u_debugreg[7])) {
1156 			addr -= offsetof(struct user, u_debugreg[0]);
1157 			ret = ptrace_set_debugreg(child,
1158 						  addr / sizeof(data), data);
1159 		}
1160 		break;
1161 
1162 	case PTRACE_GETREGS:	/* Get all gp regs from the child. */
1163 		return copy_regset_to_user(child,
1164 					   task_user_regset_view(current),
1165 					   REGSET_GENERAL,
1166 					   0, sizeof(struct user_regs_struct),
1167 					   datap);
1168 
1169 	case PTRACE_SETREGS:	/* Set all gp regs in the child. */
1170 		return copy_regset_from_user(child,
1171 					     task_user_regset_view(current),
1172 					     REGSET_GENERAL,
1173 					     0, sizeof(struct user_regs_struct),
1174 					     datap);
1175 
1176 	case PTRACE_GETFPREGS:	/* Get the child FPU state. */
1177 		return copy_regset_to_user(child,
1178 					   task_user_regset_view(current),
1179 					   REGSET_FP,
1180 					   0, sizeof(struct user_i387_struct),
1181 					   datap);
1182 
1183 	case PTRACE_SETFPREGS:	/* Set the child FPU state. */
1184 		return copy_regset_from_user(child,
1185 					     task_user_regset_view(current),
1186 					     REGSET_FP,
1187 					     0, sizeof(struct user_i387_struct),
1188 					     datap);
1189 
1190 	default:
1191 		return compat_ptrace_request(child, request, addr, data);
1192 	}
1193 
1194 	return ret;
1195 }
1196 #endif
1197 
1198 #ifdef CONFIG_COMPAT
1199 long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
1200 			compat_ulong_t caddr, compat_ulong_t cdata)
1201 {
1202 #ifdef CONFIG_X86_X32_ABI
1203 	if (!in_ia32_syscall())
1204 		return x32_arch_ptrace(child, request, caddr, cdata);
1205 #endif
1206 #ifdef CONFIG_IA32_EMULATION
1207 	return ia32_arch_ptrace(child, request, caddr, cdata);
1208 #else
1209 	return 0;
1210 #endif
1211 }
1212 #endif	/* CONFIG_COMPAT */
1213 
1214 #ifdef CONFIG_X86_64
1215 
1216 static struct user_regset x86_64_regsets[] __ro_after_init = {
1217 	[REGSET_GENERAL] = {
1218 		.core_note_type = NT_PRSTATUS,
1219 		.n = sizeof(struct user_regs_struct) / sizeof(long),
1220 		.size = sizeof(long), .align = sizeof(long),
1221 		.get = genregs_get, .set = genregs_set
1222 	},
1223 	[REGSET_FP] = {
1224 		.core_note_type = NT_PRFPREG,
1225 		.n = sizeof(struct user_i387_struct) / sizeof(long),
1226 		.size = sizeof(long), .align = sizeof(long),
1227 		.active = regset_xregset_fpregs_active, .get = xfpregs_get, .set = xfpregs_set
1228 	},
1229 	[REGSET_XSTATE] = {
1230 		.core_note_type = NT_X86_XSTATE,
1231 		.size = sizeof(u64), .align = sizeof(u64),
1232 		.active = xstateregs_active, .get = xstateregs_get,
1233 		.set = xstateregs_set
1234 	},
1235 	[REGSET_IOPERM64] = {
1236 		.core_note_type = NT_386_IOPERM,
1237 		.n = IO_BITMAP_LONGS,
1238 		.size = sizeof(long), .align = sizeof(long),
1239 		.active = ioperm_active, .get = ioperm_get
1240 	},
1241 };
1242 
1243 static const struct user_regset_view user_x86_64_view = {
1244 	.name = "x86_64", .e_machine = EM_X86_64,
1245 	.regsets = x86_64_regsets, .n = ARRAY_SIZE(x86_64_regsets)
1246 };
1247 
1248 #else  /* CONFIG_X86_32 */
1249 
1250 #define user_regs_struct32	user_regs_struct
1251 #define genregs32_get		genregs_get
1252 #define genregs32_set		genregs_set
1253 
1254 #endif	/* CONFIG_X86_64 */
1255 
1256 #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION
1257 static struct user_regset x86_32_regsets[] __ro_after_init = {
1258 	[REGSET_GENERAL] = {
1259 		.core_note_type = NT_PRSTATUS,
1260 		.n = sizeof(struct user_regs_struct32) / sizeof(u32),
1261 		.size = sizeof(u32), .align = sizeof(u32),
1262 		.get = genregs32_get, .set = genregs32_set
1263 	},
1264 	[REGSET_FP] = {
1265 		.core_note_type = NT_PRFPREG,
1266 		.n = sizeof(struct user_i387_ia32_struct) / sizeof(u32),
1267 		.size = sizeof(u32), .align = sizeof(u32),
1268 		.active = regset_fpregs_active, .get = fpregs_get, .set = fpregs_set
1269 	},
1270 	[REGSET_XFP] = {
1271 		.core_note_type = NT_PRXFPREG,
1272 		.n = sizeof(struct user32_fxsr_struct) / sizeof(u32),
1273 		.size = sizeof(u32), .align = sizeof(u32),
1274 		.active = regset_xregset_fpregs_active, .get = xfpregs_get, .set = xfpregs_set
1275 	},
1276 	[REGSET_XSTATE] = {
1277 		.core_note_type = NT_X86_XSTATE,
1278 		.size = sizeof(u64), .align = sizeof(u64),
1279 		.active = xstateregs_active, .get = xstateregs_get,
1280 		.set = xstateregs_set
1281 	},
1282 	[REGSET_TLS] = {
1283 		.core_note_type = NT_386_TLS,
1284 		.n = GDT_ENTRY_TLS_ENTRIES, .bias = GDT_ENTRY_TLS_MIN,
1285 		.size = sizeof(struct user_desc),
1286 		.align = sizeof(struct user_desc),
1287 		.active = regset_tls_active,
1288 		.get = regset_tls_get, .set = regset_tls_set
1289 	},
1290 	[REGSET_IOPERM32] = {
1291 		.core_note_type = NT_386_IOPERM,
1292 		.n = IO_BITMAP_BYTES / sizeof(u32),
1293 		.size = sizeof(u32), .align = sizeof(u32),
1294 		.active = ioperm_active, .get = ioperm_get
1295 	},
1296 };
1297 
1298 static const struct user_regset_view user_x86_32_view = {
1299 	.name = "i386", .e_machine = EM_386,
1300 	.regsets = x86_32_regsets, .n = ARRAY_SIZE(x86_32_regsets)
1301 };
1302 #endif
1303 
1304 /*
1305  * This represents bytes 464..511 in the memory layout exported through
1306  * the REGSET_XSTATE interface.
1307  */
1308 u64 xstate_fx_sw_bytes[USER_XSTATE_FX_SW_WORDS];
1309 
1310 void __init update_regset_xstate_info(unsigned int size, u64 xstate_mask)
1311 {
1312 #ifdef CONFIG_X86_64
1313 	x86_64_regsets[REGSET_XSTATE].n = size / sizeof(u64);
1314 #endif
1315 #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION
1316 	x86_32_regsets[REGSET_XSTATE].n = size / sizeof(u64);
1317 #endif
1318 	xstate_fx_sw_bytes[USER_XSTATE_XCR0_WORD] = xstate_mask;
1319 }
1320 
1321 const struct user_regset_view *task_user_regset_view(struct task_struct *task)
1322 {
1323 #ifdef CONFIG_IA32_EMULATION
1324 	if (!user_64bit_mode(task_pt_regs(task)))
1325 #endif
1326 #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION
1327 		return &user_x86_32_view;
1328 #endif
1329 #ifdef CONFIG_X86_64
1330 	return &user_x86_64_view;
1331 #endif
1332 }
1333 
1334 void send_sigtrap(struct pt_regs *regs, int error_code, int si_code)
1335 {
1336 	struct task_struct *tsk = current;
1337 
1338 	tsk->thread.trap_nr = X86_TRAP_DB;
1339 	tsk->thread.error_code = error_code;
1340 
1341 	/* Send us the fake SIGTRAP */
1342 	force_sig_fault(SIGTRAP, si_code,
1343 			user_mode(regs) ? (void __user *)regs->ip : NULL);
1344 }
1345 
1346 void user_single_step_report(struct pt_regs *regs)
1347 {
1348 	send_sigtrap(regs, 0, TRAP_BRKPT);
1349 }
1350