1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 1991, 1992 Linus Torvalds 4 * 5 * 1997-11-28 Modified for POSIX.1b signals by Richard Henderson 6 * 2000-06-20 Pentium III FXSR, SSE support by Gareth Hughes 7 * 2000-12-* x86-64 compatibility mode signal handling by Andi Kleen 8 */ 9 10 #include <linux/sched.h> 11 #include <linux/sched/task_stack.h> 12 #include <linux/mm.h> 13 #include <linux/smp.h> 14 #include <linux/kernel.h> 15 #include <linux/errno.h> 16 #include <linux/wait.h> 17 #include <linux/unistd.h> 18 #include <linux/stddef.h> 19 #include <linux/personality.h> 20 #include <linux/compat.h> 21 #include <linux/binfmts.h> 22 #include <linux/syscalls.h> 23 #include <asm/ucontext.h> 24 #include <linux/uaccess.h> 25 #include <asm/fpu/signal.h> 26 #include <asm/ptrace.h> 27 #include <asm/user32.h> 28 #include <uapi/asm/sigcontext.h> 29 #include <asm/proto.h> 30 #include <asm/vdso.h> 31 #include <asm/sigframe.h> 32 #include <asm/sighandling.h> 33 #include <asm/smap.h> 34 #include <asm/gsseg.h> 35 36 #ifdef CONFIG_IA32_EMULATION 37 #include <asm/ia32_unistd.h> 38 39 static inline void reload_segments(struct sigcontext_32 *sc) 40 { 41 unsigned int cur; 42 43 savesegment(gs, cur); 44 if ((sc->gs | 0x03) != cur) 45 load_gs_index(sc->gs | 0x03); 46 savesegment(fs, cur); 47 if ((sc->fs | 0x03) != cur) 48 loadsegment(fs, sc->fs | 0x03); 49 savesegment(ds, cur); 50 if ((sc->ds | 0x03) != cur) 51 loadsegment(ds, sc->ds | 0x03); 52 savesegment(es, cur); 53 if ((sc->es | 0x03) != cur) 54 loadsegment(es, sc->es | 0x03); 55 } 56 57 #define sigset32_t compat_sigset_t 58 #define siginfo32_t compat_siginfo_t 59 #define restore_altstack32 compat_restore_altstack 60 #define unsafe_save_altstack32 unsafe_compat_save_altstack 61 62 #else 63 64 #define sigset32_t sigset_t 65 #define siginfo32_t siginfo_t 66 #define __NR_ia32_sigreturn __NR_sigreturn 67 #define __NR_ia32_rt_sigreturn __NR_rt_sigreturn 68 #define restore_altstack32 restore_altstack 69 #define unsafe_save_altstack32 unsafe_save_altstack 70 #define __copy_siginfo_to_user32 copy_siginfo_to_user 71 72 #endif 73 74 /* 75 * Do a signal return; undo the signal stack. 76 */ 77 static bool ia32_restore_sigcontext(struct pt_regs *regs, 78 struct sigcontext_32 __user *usc) 79 { 80 struct sigcontext_32 sc; 81 82 /* Always make any pending restarted system calls return -EINTR */ 83 current->restart_block.fn = do_no_restart_syscall; 84 85 if (unlikely(copy_from_user(&sc, usc, sizeof(sc)))) 86 return false; 87 88 /* Get only the ia32 registers. */ 89 regs->bx = sc.bx; 90 regs->cx = sc.cx; 91 regs->dx = sc.dx; 92 regs->si = sc.si; 93 regs->di = sc.di; 94 regs->bp = sc.bp; 95 regs->ax = sc.ax; 96 regs->sp = sc.sp; 97 regs->ip = sc.ip; 98 99 /* Get CS/SS and force CPL3 */ 100 regs->cs = sc.cs | 0x03; 101 regs->ss = sc.ss | 0x03; 102 103 regs->flags = (regs->flags & ~FIX_EFLAGS) | (sc.flags & FIX_EFLAGS); 104 /* disable syscall checks */ 105 regs->orig_ax = -1; 106 107 #ifdef CONFIG_IA32_EMULATION 108 /* 109 * Reload fs and gs if they have changed in the signal 110 * handler. This does not handle long fs/gs base changes in 111 * the handler, but does not clobber them at least in the 112 * normal case. 113 */ 114 reload_segments(&sc); 115 #else 116 loadsegment(gs, sc.gs); 117 regs->fs = sc.fs; 118 regs->es = sc.es; 119 regs->ds = sc.ds; 120 #endif 121 122 return fpu__restore_sig(compat_ptr(sc.fpstate), 1); 123 } 124 125 SYSCALL32_DEFINE0(sigreturn) 126 { 127 struct pt_regs *regs = current_pt_regs(); 128 struct sigframe_ia32 __user *frame = (struct sigframe_ia32 __user *)(regs->sp-8); 129 sigset_t set; 130 131 if (!access_ok(frame, sizeof(*frame))) 132 goto badframe; 133 if (__get_user(set.sig[0], &frame->sc.oldmask) 134 || __get_user(((__u32 *)&set)[1], &frame->extramask[0])) 135 goto badframe; 136 137 set_current_blocked(&set); 138 139 if (!ia32_restore_sigcontext(regs, &frame->sc)) 140 goto badframe; 141 return regs->ax; 142 143 badframe: 144 signal_fault(regs, frame, "32bit sigreturn"); 145 return 0; 146 } 147 148 SYSCALL32_DEFINE0(rt_sigreturn) 149 { 150 struct pt_regs *regs = current_pt_regs(); 151 struct rt_sigframe_ia32 __user *frame; 152 sigset_t set; 153 154 frame = (struct rt_sigframe_ia32 __user *)(regs->sp - 4); 155 156 if (!access_ok(frame, sizeof(*frame))) 157 goto badframe; 158 if (__get_user(*(__u64 *)&set, (__u64 __user *)&frame->uc.uc_sigmask)) 159 goto badframe; 160 161 set_current_blocked(&set); 162 163 if (!ia32_restore_sigcontext(regs, &frame->uc.uc_mcontext)) 164 goto badframe; 165 166 if (restore_altstack32(&frame->uc.uc_stack)) 167 goto badframe; 168 169 return regs->ax; 170 171 badframe: 172 signal_fault(regs, frame, "32bit rt sigreturn"); 173 return 0; 174 } 175 176 /* 177 * Set up a signal frame. 178 */ 179 180 #define get_user_seg(seg) ({ unsigned int v; savesegment(seg, v); v; }) 181 182 static __always_inline int 183 __unsafe_setup_sigcontext32(struct sigcontext_32 __user *sc, 184 void __user *fpstate, 185 struct pt_regs *regs, unsigned int mask) 186 { 187 unsafe_put_user(get_user_seg(gs), (unsigned int __user *)&sc->gs, Efault); 188 #ifdef CONFIG_IA32_EMULATION 189 unsafe_put_user(get_user_seg(fs), (unsigned int __user *)&sc->fs, Efault); 190 unsafe_put_user(get_user_seg(ds), (unsigned int __user *)&sc->ds, Efault); 191 unsafe_put_user(get_user_seg(es), (unsigned int __user *)&sc->es, Efault); 192 #else 193 unsafe_put_user(regs->fs, (unsigned int __user *)&sc->fs, Efault); 194 unsafe_put_user(regs->es, (unsigned int __user *)&sc->es, Efault); 195 unsafe_put_user(regs->ds, (unsigned int __user *)&sc->ds, Efault); 196 #endif 197 198 unsafe_put_user(regs->di, &sc->di, Efault); 199 unsafe_put_user(regs->si, &sc->si, Efault); 200 unsafe_put_user(regs->bp, &sc->bp, Efault); 201 unsafe_put_user(regs->sp, &sc->sp, Efault); 202 unsafe_put_user(regs->bx, &sc->bx, Efault); 203 unsafe_put_user(regs->dx, &sc->dx, Efault); 204 unsafe_put_user(regs->cx, &sc->cx, Efault); 205 unsafe_put_user(regs->ax, &sc->ax, Efault); 206 unsafe_put_user(current->thread.trap_nr, &sc->trapno, Efault); 207 unsafe_put_user(current->thread.error_code, &sc->err, Efault); 208 unsafe_put_user(regs->ip, &sc->ip, Efault); 209 unsafe_put_user(regs->cs, (unsigned int __user *)&sc->cs, Efault); 210 unsafe_put_user(regs->flags, &sc->flags, Efault); 211 unsafe_put_user(regs->sp, &sc->sp_at_signal, Efault); 212 unsafe_put_user(regs->ss, (unsigned int __user *)&sc->ss, Efault); 213 214 unsafe_put_user(ptr_to_compat(fpstate), &sc->fpstate, Efault); 215 216 /* non-iBCS2 extensions.. */ 217 unsafe_put_user(mask, &sc->oldmask, Efault); 218 unsafe_put_user(current->thread.cr2, &sc->cr2, Efault); 219 return 0; 220 221 Efault: 222 return -EFAULT; 223 } 224 225 #define unsafe_put_sigcontext32(sc, fp, regs, set, label) \ 226 do { \ 227 if (__unsafe_setup_sigcontext32(sc, fp, regs, set->sig[0])) \ 228 goto label; \ 229 } while(0) 230 231 int ia32_setup_frame(struct ksignal *ksig, struct pt_regs *regs) 232 { 233 sigset32_t *set = (sigset32_t *) sigmask_to_save(); 234 struct sigframe_ia32 __user *frame; 235 void __user *restorer; 236 void __user *fp = NULL; 237 238 /* copy_to_user optimizes that into a single 8 byte store */ 239 static const struct { 240 u16 poplmovl; 241 u32 val; 242 u16 int80; 243 } __attribute__((packed)) code = { 244 0xb858, /* popl %eax ; movl $...,%eax */ 245 __NR_ia32_sigreturn, 246 0x80cd, /* int $0x80 */ 247 }; 248 249 frame = get_sigframe(ksig, regs, sizeof(*frame), &fp); 250 251 if (ksig->ka.sa.sa_flags & SA_RESTORER) { 252 restorer = ksig->ka.sa.sa_restorer; 253 } else { 254 /* Return stub is in 32bit vsyscall page */ 255 if (current->mm->context.vdso) 256 restorer = current->mm->context.vdso + 257 vdso_image_32.sym___kernel_sigreturn; 258 else 259 restorer = &frame->retcode; 260 } 261 262 if (!user_access_begin(frame, sizeof(*frame))) 263 return -EFAULT; 264 265 unsafe_put_user(ksig->sig, &frame->sig, Efault); 266 unsafe_put_sigcontext32(&frame->sc, fp, regs, set, Efault); 267 unsafe_put_user(set->sig[1], &frame->extramask[0], Efault); 268 unsafe_put_user(ptr_to_compat(restorer), &frame->pretcode, Efault); 269 /* 270 * These are actually not used anymore, but left because some 271 * gdb versions depend on them as a marker. 272 */ 273 unsafe_put_user(*((u64 *)&code), (u64 __user *)frame->retcode, Efault); 274 user_access_end(); 275 276 /* Set up registers for signal handler */ 277 regs->sp = (unsigned long) frame; 278 regs->ip = (unsigned long) ksig->ka.sa.sa_handler; 279 280 /* Make -mregparm=3 work */ 281 regs->ax = ksig->sig; 282 regs->dx = 0; 283 regs->cx = 0; 284 285 #ifdef CONFIG_IA32_EMULATION 286 loadsegment(ds, __USER_DS); 287 loadsegment(es, __USER_DS); 288 #else 289 regs->ds = __USER_DS; 290 regs->es = __USER_DS; 291 #endif 292 293 regs->cs = __USER32_CS; 294 regs->ss = __USER_DS; 295 296 return 0; 297 Efault: 298 user_access_end(); 299 return -EFAULT; 300 } 301 302 int ia32_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs) 303 { 304 sigset32_t *set = (sigset32_t *) sigmask_to_save(); 305 struct rt_sigframe_ia32 __user *frame; 306 void __user *restorer; 307 void __user *fp = NULL; 308 309 /* unsafe_put_user optimizes that into a single 8 byte store */ 310 static const struct { 311 u8 movl; 312 u32 val; 313 u16 int80; 314 u8 pad; 315 } __attribute__((packed)) code = { 316 0xb8, 317 __NR_ia32_rt_sigreturn, 318 0x80cd, 319 0, 320 }; 321 322 frame = get_sigframe(ksig, regs, sizeof(*frame), &fp); 323 324 if (!user_access_begin(frame, sizeof(*frame))) 325 return -EFAULT; 326 327 unsafe_put_user(ksig->sig, &frame->sig, Efault); 328 unsafe_put_user(ptr_to_compat(&frame->info), &frame->pinfo, Efault); 329 unsafe_put_user(ptr_to_compat(&frame->uc), &frame->puc, Efault); 330 331 /* Create the ucontext. */ 332 if (static_cpu_has(X86_FEATURE_XSAVE)) 333 unsafe_put_user(UC_FP_XSTATE, &frame->uc.uc_flags, Efault); 334 else 335 unsafe_put_user(0, &frame->uc.uc_flags, Efault); 336 unsafe_put_user(0, &frame->uc.uc_link, Efault); 337 unsafe_save_altstack32(&frame->uc.uc_stack, regs->sp, Efault); 338 339 if (ksig->ka.sa.sa_flags & SA_RESTORER) 340 restorer = ksig->ka.sa.sa_restorer; 341 else 342 restorer = current->mm->context.vdso + 343 vdso_image_32.sym___kernel_rt_sigreturn; 344 unsafe_put_user(ptr_to_compat(restorer), &frame->pretcode, Efault); 345 346 /* 347 * Not actually used anymore, but left because some gdb 348 * versions need it. 349 */ 350 unsafe_put_user(*((u64 *)&code), (u64 __user *)frame->retcode, Efault); 351 unsafe_put_sigcontext32(&frame->uc.uc_mcontext, fp, regs, set, Efault); 352 unsafe_put_user(*(__u64 *)set, (__u64 __user *)&frame->uc.uc_sigmask, Efault); 353 user_access_end(); 354 355 if (__copy_siginfo_to_user32(&frame->info, &ksig->info)) 356 return -EFAULT; 357 358 /* Set up registers for signal handler */ 359 regs->sp = (unsigned long) frame; 360 regs->ip = (unsigned long) ksig->ka.sa.sa_handler; 361 362 /* Make -mregparm=3 work */ 363 regs->ax = ksig->sig; 364 regs->dx = (unsigned long) &frame->info; 365 regs->cx = (unsigned long) &frame->uc; 366 367 #ifdef CONFIG_IA32_EMULATION 368 loadsegment(ds, __USER_DS); 369 loadsegment(es, __USER_DS); 370 #else 371 regs->ds = __USER_DS; 372 regs->es = __USER_DS; 373 #endif 374 375 regs->cs = __USER32_CS; 376 regs->ss = __USER_DS; 377 378 return 0; 379 Efault: 380 user_access_end(); 381 return -EFAULT; 382 } 383 384 /* 385 * The siginfo_t structure and handing code is very easy 386 * to break in several ways. It must always be updated when new 387 * updates are made to the main siginfo_t, and 388 * copy_siginfo_to_user32() must be updated when the 389 * (arch-independent) copy_siginfo_to_user() is updated. 390 * 391 * It is also easy to put a new member in the siginfo_t 392 * which has implicit alignment which can move internal structure 393 * alignment around breaking the ABI. This can happen if you, 394 * for instance, put a plain 64-bit value in there. 395 */ 396 397 /* 398 * If adding a new si_code, there is probably new data in 399 * the siginfo. Make sure folks bumping the si_code 400 * limits also have to look at this code. Make sure any 401 * new fields are handled in copy_siginfo_to_user32()! 402 */ 403 static_assert(NSIGILL == 11); 404 static_assert(NSIGFPE == 15); 405 static_assert(NSIGSEGV == 10); 406 static_assert(NSIGBUS == 5); 407 static_assert(NSIGTRAP == 6); 408 static_assert(NSIGCHLD == 6); 409 static_assert(NSIGSYS == 2); 410 411 /* This is part of the ABI and can never change in size: */ 412 static_assert(sizeof(siginfo32_t) == 128); 413 414 /* This is a part of the ABI and can never change in alignment */ 415 static_assert(__alignof__(siginfo32_t) == 4); 416 417 /* 418 * The offsets of all the (unioned) si_fields are fixed 419 * in the ABI, of course. Make sure none of them ever 420 * move and are always at the beginning: 421 */ 422 static_assert(offsetof(siginfo32_t, _sifields) == 3 * sizeof(int)); 423 424 static_assert(offsetof(siginfo32_t, si_signo) == 0); 425 static_assert(offsetof(siginfo32_t, si_errno) == 4); 426 static_assert(offsetof(siginfo32_t, si_code) == 8); 427 428 /* 429 * Ensure that the size of each si_field never changes. 430 * If it does, it is a sign that the 431 * copy_siginfo_to_user32() code below needs to updated 432 * along with the size in the CHECK_SI_SIZE(). 433 * 434 * We repeat this check for both the generic and compat 435 * siginfos. 436 * 437 * Note: it is OK for these to grow as long as the whole 438 * structure stays within the padding size (checked 439 * above). 440 */ 441 442 #define CHECK_SI_OFFSET(name) \ 443 static_assert(offsetof(siginfo32_t, _sifields) == \ 444 offsetof(siginfo32_t, _sifields.name)) 445 446 #define CHECK_SI_SIZE(name, size) \ 447 static_assert(sizeof_field(siginfo32_t, _sifields.name) == size) 448 449 CHECK_SI_OFFSET(_kill); 450 CHECK_SI_SIZE (_kill, 2*sizeof(int)); 451 static_assert(offsetof(siginfo32_t, si_pid) == 0xC); 452 static_assert(offsetof(siginfo32_t, si_uid) == 0x10); 453 454 CHECK_SI_OFFSET(_timer); 455 #ifdef CONFIG_COMPAT 456 /* compat_siginfo_t doesn't have si_sys_private */ 457 CHECK_SI_SIZE (_timer, 3*sizeof(int)); 458 #else 459 CHECK_SI_SIZE (_timer, 4*sizeof(int)); 460 #endif 461 static_assert(offsetof(siginfo32_t, si_tid) == 0x0C); 462 static_assert(offsetof(siginfo32_t, si_overrun) == 0x10); 463 static_assert(offsetof(siginfo32_t, si_value) == 0x14); 464 465 CHECK_SI_OFFSET(_rt); 466 CHECK_SI_SIZE (_rt, 3*sizeof(int)); 467 static_assert(offsetof(siginfo32_t, si_pid) == 0x0C); 468 static_assert(offsetof(siginfo32_t, si_uid) == 0x10); 469 static_assert(offsetof(siginfo32_t, si_value) == 0x14); 470 471 CHECK_SI_OFFSET(_sigchld); 472 CHECK_SI_SIZE (_sigchld, 5*sizeof(int)); 473 static_assert(offsetof(siginfo32_t, si_pid) == 0x0C); 474 static_assert(offsetof(siginfo32_t, si_uid) == 0x10); 475 static_assert(offsetof(siginfo32_t, si_status) == 0x14); 476 static_assert(offsetof(siginfo32_t, si_utime) == 0x18); 477 static_assert(offsetof(siginfo32_t, si_stime) == 0x1C); 478 479 CHECK_SI_OFFSET(_sigfault); 480 CHECK_SI_SIZE (_sigfault, 4*sizeof(int)); 481 static_assert(offsetof(siginfo32_t, si_addr) == 0x0C); 482 483 static_assert(offsetof(siginfo32_t, si_trapno) == 0x10); 484 485 static_assert(offsetof(siginfo32_t, si_addr_lsb) == 0x10); 486 487 static_assert(offsetof(siginfo32_t, si_lower) == 0x14); 488 static_assert(offsetof(siginfo32_t, si_upper) == 0x18); 489 490 static_assert(offsetof(siginfo32_t, si_pkey) == 0x14); 491 492 static_assert(offsetof(siginfo32_t, si_perf_data) == 0x10); 493 static_assert(offsetof(siginfo32_t, si_perf_type) == 0x14); 494 static_assert(offsetof(siginfo32_t, si_perf_flags) == 0x18); 495 496 CHECK_SI_OFFSET(_sigpoll); 497 CHECK_SI_SIZE (_sigpoll, 2*sizeof(int)); 498 static_assert(offsetof(siginfo32_t, si_band) == 0x0C); 499 static_assert(offsetof(siginfo32_t, si_fd) == 0x10); 500 501 CHECK_SI_OFFSET(_sigsys); 502 CHECK_SI_SIZE (_sigsys, 3*sizeof(int)); 503 static_assert(offsetof(siginfo32_t, si_call_addr) == 0x0C); 504 static_assert(offsetof(siginfo32_t, si_syscall) == 0x10); 505 static_assert(offsetof(siginfo32_t, si_arch) == 0x14); 506 507 /* any new si_fields should be added here */ 508