[deliverable/linux.git] / arch / x86 / kernel / tls.c

#include <linux/kernel.h>
#include <linux/errno.h>
#include <linux/sched.h>
#include <linux/user.h>
#include <linux/regset.h>
#include <linux/syscalls.h>

#include <asm/uaccess.h>
#include <asm/desc.h>
#include <asm/ldt.h>
#include <asm/processor.h>
#include <asm/proto.h>

#include "tls.h"

/*
 * sys_alloc_thread_area: get a yet unused TLS descriptor index.
 */
static int get_free_idx(void)
{
	struct thread_struct *t = &current->thread;
	int idx;

	for (idx = 0; idx < GDT_ENTRY_TLS_ENTRIES; idx++)
		if (desc_empty(&t->tls_array[idx]))
			return idx + GDT_ENTRY_TLS_MIN;
	return -ESRCH;
}

static bool tls_desc_okay(const struct user_desc *info)
{
	if (LDT_empty(info))
		return true;

	/*
	 * espfix is required for 16-bit data segments, but espfix
	 * only works for LDT segments.
	 */
	if (!info->seg_32bit)
		return false;

	/* Only allow data segments in the TLS array. */
	if (info->contents > 1)
		return false;

	/*
	 * Non-present segments with DPL 3 present an interesting attack
	 * surface.  The kernel should handle such segments correctly,
	 * but TLS is very difficult to protect in a sandbox, so prevent
	 * such segments from being created.
	 *
	 * If userspace needs to remove a TLS entry, it can still delete
	 * it outright.
	 */
	if (info->seg_not_present)
		return false;

#ifdef CONFIG_X86_64
	/* The L bit makes no sense for data. */
	if (info->lm)
		return false;
#endif

	return true;
}

static void set_tls_desc(struct task_struct *p, int idx,
			 const struct user_desc *info, int n)
{
	struct thread_struct *t = &p->thread;
	struct desc_struct *desc = &t->tls_array[idx - GDT_ENTRY_TLS_MIN];
	int cpu;

	/*
	 * We must not get preempted while modifying the TLS.
	 */
	cpu = get_cpu();

	while (n-- > 0) {
		if (LDT_empty(info))
			desc->a = desc->b = 0;
		else
			fill_ldt(desc, info);
		++info;
		++desc;
	}

	if (t == &current->thread)
		load_TLS(t, cpu);

	put_cpu();
}

/*
 * Set a given TLS descriptor:
 */
int do_set_thread_area(struct task_struct *p, int idx,
		       struct user_desc __user *u_info,
		       int can_allocate)
{
	struct user_desc info;

	if (copy_from_user(&info, u_info, sizeof(info)))
		return -EFAULT;

	if (!tls_desc_okay(&info))
		return -EINVAL;

	if (idx == -1)
		idx = info.entry_number;

	/*
	 * index -1 means the kernel should try to find and
	 * allocate an empty descriptor:
	 */
	if (idx == -1 && can_allocate) {
		idx = get_free_idx();
		if (idx < 0)
			return idx;
		if (put_user(idx, &u_info->entry_number))
			return -EFAULT;
	}

	if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
		return -EINVAL;

	set_tls_desc(p, idx, &info, 1);

	return 0;
}

SYSCALL_DEFINE1(set_thread_area, struct user_desc __user *, u_info)
{
	return do_set_thread_area(current, -1, u_info, 1);
}


/*
 * Get the current Thread-Local Storage area:
 */

static void fill_user_desc(struct user_desc *info, int idx,
			   const struct desc_struct *desc)

{
	memset(info, 0, sizeof(*info));
	info->entry_number = idx;
	info->base_addr = get_desc_base(desc);
	info->limit = get_desc_limit(desc);
	info->seg_32bit = desc->d;
	info->contents = desc->type >> 2;
	info->read_exec_only = !(desc->type & 2);
	info->limit_in_pages = desc->g;
	info->seg_not_present = !desc->p;
	info->useable = desc->avl;
#ifdef CONFIG_X86_64
	info->lm = desc->l;
#endif
}

int do_get_thread_area(struct task_struct *p, int idx,
		       struct user_desc __user *u_info)
{
	struct user_desc info;

	if (idx == -1 && get_user(idx, &u_info->entry_number))
		return -EFAULT;

	if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
		return -EINVAL;

	fill_user_desc(&info, idx,
		       &p->thread.tls_array[idx - GDT_ENTRY_TLS_MIN]);

	if (copy_to_user(u_info, &info, sizeof(info)))
		return -EFAULT;
	return 0;
}

SYSCALL_DEFINE1(get_thread_area, struct user_desc __user *, u_info)
{
	return do_get_thread_area(current, -1, u_info);
}

int regset_tls_active(struct task_struct *target,
		      const struct user_regset *regset)
{
	struct thread_struct *t = &target->thread;
	int n = GDT_ENTRY_TLS_ENTRIES;
	while (n > 0 && desc_empty(&t->tls_array[n - 1]))
		--n;
	return n;
}

int regset_tls_get(struct task_struct *target, const struct user_regset *regset,
		   unsigned int pos, unsigned int count,
		   void *kbuf, void __user *ubuf)
{
	const struct desc_struct *tls;

	if (pos >= GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) ||
	    (pos % sizeof(struct user_desc)) != 0 ||
	    (count % sizeof(struct user_desc)) != 0)
		return -EINVAL;

	pos /= sizeof(struct user_desc);
	count /= sizeof(struct user_desc);

	tls = &target->thread.tls_array[pos];

	if (kbuf) {
		struct user_desc *info = kbuf;
		while (count-- > 0)
			fill_user_desc(info++, GDT_ENTRY_TLS_MIN + pos++,
				       tls++);
	} else {
		struct user_desc __user *u_info = ubuf;
		while (count-- > 0) {
			struct user_desc info;
			fill_user_desc(&info, GDT_ENTRY_TLS_MIN + pos++, tls++);
			if (__copy_to_user(u_info++, &info, sizeof(info)))
				return -EFAULT;
		}
	}

	return 0;
}

int regset_tls_set(struct task_struct *target, const struct user_regset *regset,
		   unsigned int pos, unsigned int count,
		   const void *kbuf, const void __user *ubuf)
{
	struct user_desc infobuf[GDT_ENTRY_TLS_ENTRIES];
	const struct user_desc *info;
	int i;

	if (pos >= GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) ||
	    (pos % sizeof(struct user_desc)) != 0 ||
	    (count % sizeof(struct user_desc)) != 0)
		return -EINVAL;

	if (kbuf)
		info = kbuf;
	else if (__copy_from_user(infobuf, ubuf, count))
		return -EFAULT;
	else
		info = infobuf;

	for (i = 0; i < count / sizeof(struct user_desc); i++)
		if (!tls_desc_okay(info + i))
			return -EINVAL;

	set_tls_desc(target,
		     GDT_ENTRY_TLS_MIN + (pos / sizeof(struct user_desc)),
		     info, count / sizeof(struct user_desc));

	return 0;
}
Commit	Line	Data
1da177e4 LT	1	#include <linux/kernel.h>
	2	#include <linux/errno.h>
	3	#include <linux/sched.h>
	4	#include <linux/user.h>
4c79a2d8	5	#include <linux/regset.h>
2cf09666	6	#include <linux/syscalls.h>
1da177e4 LT	7
	8	#include <asm/uaccess.h>
	9	#include <asm/desc.h>
1da177e4 LT	10	#include <asm/ldt.h>
	11	#include <asm/processor.h>
	12	#include <asm/proto.h>
	13
4c79a2d8 RM	14	#include "tls.h"
4c79a2d8 RM	15
1da177e4 LT	16	/*
	17	* sys_alloc_thread_area: get a yet unused TLS descriptor index.
	18	*/
	19	static int get_free_idx(void)
	20	{
	21	struct thread_struct *t = &current->thread;
	22	int idx;
	23
	24	for (idx = 0; idx < GDT_ENTRY_TLS_ENTRIES; idx++)
efd1ca52	25	if (desc_empty(&t->tls_array[idx]))
1da177e4 LT	26	return idx + GDT_ENTRY_TLS_MIN;
	27	return -ESRCH;
	28	}
	29
41bdc785 AL	30	static bool tls_desc_okay(const struct user_desc *info)
	31	{
	32	if (LDT_empty(info))
	33	return true;
	34
	35	/*
	36	* espfix is required for 16-bit data segments, but espfix
	37	* only works for LDT segments.
	38	*/
	39	if (!info->seg_32bit)
	40	return false;
	41
0e58af4e AL	42	/* Only allow data segments in the TLS array. */
	43	if (info->contents > 1)
	44	return false;
	45
	46	/*
	47	* Non-present segments with DPL 3 present an interesting attack
	48	* surface. The kernel should handle such segments correctly,
	49	* but TLS is very difficult to protect in a sandbox, so prevent
	50	* such segments from being created.
	51	*
	52	* If userspace needs to remove a TLS entry, it can still delete
	53	* it outright.
	54	*/
	55	if (info->seg_not_present)
	56	return false;
	57
	58	#ifdef CONFIG_X86_64
	59	/* The L bit makes no sense for data. */
	60	if (info->lm)
	61	return false;
	62	#endif
	63
41bdc785 AL	64	return true;
	65	}
	66
1bd5718c	67	static void set_tls_desc(struct task_struct *p, int idx,
4c79a2d8	68	const struct user_desc *info, int n)
1bd5718c RM	69	{
	70	struct thread_struct *t = &p->thread;
	71	struct desc_struct *desc = &t->tls_array[idx - GDT_ENTRY_TLS_MIN];
	72	int cpu;
	73
	74	/*
	75	* We must not get preempted while modifying the TLS.
	76	*/
	77	cpu = get_cpu();
	78
4c79a2d8 RM	79	while (n-- > 0) {
	80	if (LDT_empty(info))
	81	desc->a = desc->b = 0;
	82	else
	83	fill_ldt(desc, info);
	84	++info;
	85	++desc;
	86	}
1bd5718c RM	87
	88	if (t == &current->thread)
	89	load_TLS(t, cpu);
	90
	91	put_cpu();
	92	}
	93
1da177e4 LT	94	/*
1da177e4 LT	95	* Set a given TLS descriptor:
1da177e4	96	*/
efd1ca52 RM	97	int do_set_thread_area(struct task_struct *p, int idx,
	98	struct user_desc __user *u_info,
	99	int can_allocate)
1da177e4 LT	100	{
1da177e4 LT	101	struct user_desc info;
1da177e4 LT	102
	103	if (copy_from_user(&info, u_info, sizeof(info)))
	104	return -EFAULT;
	105
41bdc785 AL	106	if (!tls_desc_okay(&info))
	107	return -EINVAL;
	108
efd1ca52 RM	109	if (idx == -1)
efd1ca52 RM	110	idx = info.entry_number;
1da177e4 LT	111
	112	/*
	113	* index -1 means the kernel should try to find and
	114	* allocate an empty descriptor:
	115	*/
efd1ca52	116	if (idx == -1 && can_allocate) {
1da177e4 LT	117	idx = get_free_idx();
	118	if (idx < 0)
	119	return idx;
	120	if (put_user(idx, &u_info->entry_number))
	121	return -EFAULT;
	122	}
	123
	124	if (idx < GDT_ENTRY_TLS_MIN \|\| idx > GDT_ENTRY_TLS_MAX)
	125	return -EINVAL;
	126
4c79a2d8	127	set_tls_desc(p, idx, &info, 1);
1da177e4	128
1da177e4 LT	129	return 0;
	130	}
	131
2cf09666	132	SYSCALL_DEFINE1(set_thread_area, struct user_desc __user *, u_info)
13abd0e5	133	{
2cf09666	134	return do_set_thread_area(current, -1, u_info, 1);
13abd0e5	135	}
1da177e4 LT	136
	137
	138	/*
	139	* Get the current Thread-Local Storage area:
	140	*/
	141
1bd5718c RM	142	static void fill_user_desc(struct user_desc *info, int idx,
	143	const struct desc_struct *desc)
	144
	145	{
	146	memset(info, 0, sizeof(*info));
	147	info->entry_number = idx;
	148	info->base_addr = get_desc_base(desc);
	149	info->limit = get_desc_limit(desc);
	150	info->seg_32bit = desc->d;
	151	info->contents = desc->type >> 2;
	152	info->read_exec_only = !(desc->type & 2);
	153	info->limit_in_pages = desc->g;
	154	info->seg_not_present = !desc->p;
	155	info->useable = desc->avl;
	156	#ifdef CONFIG_X86_64
	157	info->lm = desc->l;
	158	#endif
	159	}
efd1ca52 RM	160
	161	int do_get_thread_area(struct task_struct *p, int idx,
	162	struct user_desc __user *u_info)
1da177e4 LT	163	{
1da177e4 LT	164	struct user_desc info;
1da177e4	165
efd1ca52	166	if (idx == -1 && get_user(idx, &u_info->entry_number))
1da177e4	167	return -EFAULT;
1bd5718c	168
1da177e4 LT	169	if (idx < GDT_ENTRY_TLS_MIN \|\| idx > GDT_ENTRY_TLS_MAX)
	170	return -EINVAL;
	171
1bd5718c RM	172	fill_user_desc(&info, idx,
1bd5718c RM	173	&p->thread.tls_array[idx - GDT_ENTRY_TLS_MIN]);
1da177e4 LT	174
	175	if (copy_to_user(u_info, &info, sizeof(info)))
	176	return -EFAULT;
	177	return 0;
	178	}
	179
2cf09666	180	SYSCALL_DEFINE1(get_thread_area, struct user_desc __user *, u_info)
1da177e4	181	{
2cf09666	182	return do_get_thread_area(current, -1, u_info);
1da177e4	183	}
4c79a2d8 RM	184
	185	int regset_tls_active(struct task_struct *target,
	186	const struct user_regset *regset)
	187	{
	188	struct thread_struct *t = &target->thread;
	189	int n = GDT_ENTRY_TLS_ENTRIES;
	190	while (n > 0 && desc_empty(&t->tls_array[n - 1]))
	191	--n;
	192	return n;
	193	}
	194
	195	int regset_tls_get(struct task_struct target, const struct user_regset regset,
	196	unsigned int pos, unsigned int count,
	197	void kbuf, void __user ubuf)
	198	{
	199	const struct desc_struct *tls;
	200
8f0750f1	201	if (pos >= GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) \|\|
4c79a2d8 RM	202	(pos % sizeof(struct user_desc)) != 0 \|\|
	203	(count % sizeof(struct user_desc)) != 0)
	204	return -EINVAL;
	205
	206	pos /= sizeof(struct user_desc);
	207	count /= sizeof(struct user_desc);
	208
	209	tls = &target->thread.tls_array[pos];
	210
	211	if (kbuf) {
	212	struct user_desc *info = kbuf;
	213	while (count-- > 0)
	214	fill_user_desc(info++, GDT_ENTRY_TLS_MIN + pos++,
	215	tls++);
	216	} else {
	217	struct user_desc __user *u_info = ubuf;
	218	while (count-- > 0) {
	219	struct user_desc info;
	220	fill_user_desc(&info, GDT_ENTRY_TLS_MIN + pos++, tls++);
	221	if (__copy_to_user(u_info++, &info, sizeof(info)))
	222	return -EFAULT;
	223	}
	224	}
	225
	226	return 0;
	227	}
	228
	229	int regset_tls_set(struct task_struct target, const struct user_regset regset,
	230	unsigned int pos, unsigned int count,
	231	const void kbuf, const void __user ubuf)
	232	{
	233	struct user_desc infobuf[GDT_ENTRY_TLS_ENTRIES];
	234	const struct user_desc *info;
41bdc785	235	int i;
4c79a2d8	236
8f0750f1	237	if (pos >= GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) \|\|
4c79a2d8 RM	238	(pos % sizeof(struct user_desc)) != 0 \|\|
	239	(count % sizeof(struct user_desc)) != 0)
	240	return -EINVAL;
	241
	242	if (kbuf)
	243	info = kbuf;
	244	else if (__copy_from_user(infobuf, ubuf, count))
	245	return -EFAULT;
	246	else
	247	info = infobuf;
	248
41bdc785 AL	249	for (i = 0; i < count / sizeof(struct user_desc); i++)
	250	if (!tls_desc_okay(info + i))
	251	return -EINVAL;
	252
4c79a2d8 RM	253	set_tls_desc(target,
	254	GDT_ENTRY_TLS_MIN + (pos / sizeof(struct user_desc)),
	255	info, count / sizeof(struct user_desc));
	256
	257	return 0;
	258	}