Commit | Line | Data |
---|---|---|
1da177e4 | 1 | /* |
1da177e4 LT |
2 | * Copyright (C) 1994 Linus Torvalds |
3 | * | |
4 | * 29 dec 2001 - Fixed oopses caused by unchecked access to the vm86 | |
624dffcb | 5 | * stack - Manfred Spraul <manfred@colorfullife.com> |
1da177e4 LT |
6 | * |
7 | * 22 mar 2002 - Manfred detected the stackfaults, but didn't handle | |
8 | * them correctly. Now the emulation will be in a | |
9 | * consistent state after stackfaults - Kasper Dupont | |
10 | * <kasperd@daimi.au.dk> | |
11 | * | |
12 | * 22 mar 2002 - Added missing clear_IF in set_vflags_* Kasper Dupont | |
13 | * <kasperd@daimi.au.dk> | |
14 | * | |
15 | * ?? ??? 2002 - Fixed premature returns from handle_vm86_fault | |
16 | * caused by Kasper Dupont's changes - Stas Sergeev | |
17 | * | |
18 | * 4 apr 2002 - Fixed CHECK_IF_IN_TRAP broken by Stas' changes. | |
19 | * Kasper Dupont <kasperd@daimi.au.dk> | |
20 | * | |
21 | * 9 apr 2002 - Changed syntax of macros in handle_vm86_fault. | |
22 | * Kasper Dupont <kasperd@daimi.au.dk> | |
23 | * | |
24 | * 9 apr 2002 - Changed stack access macros to jump to a label | |
25 | * instead of returning to userspace. This simplifies | |
26 | * do_int, and is needed by handle_vm6_fault. Kasper | |
27 | * Dupont <kasperd@daimi.au.dk> | |
28 | * | |
29 | */ | |
30 | ||
c767a54b JP |
31 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
32 | ||
a9415644 | 33 | #include <linux/capability.h> |
1da177e4 LT |
34 | #include <linux/errno.h> |
35 | #include <linux/interrupt.h> | |
5522ddb3 | 36 | #include <linux/syscalls.h> |
1da177e4 LT |
37 | #include <linux/sched.h> |
38 | #include <linux/kernel.h> | |
39 | #include <linux/signal.h> | |
40 | #include <linux/string.h> | |
41 | #include <linux/mm.h> | |
42 | #include <linux/smp.h> | |
1da177e4 LT |
43 | #include <linux/highmem.h> |
44 | #include <linux/ptrace.h> | |
7e7f8a03 | 45 | #include <linux/audit.h> |
49d26b6e | 46 | #include <linux/stddef.h> |
9fda6a06 | 47 | #include <linux/slab.h> |
1da177e4 LT |
48 | |
49 | #include <asm/uaccess.h> | |
50 | #include <asm/io.h> | |
51 | #include <asm/tlbflush.h> | |
52 | #include <asm/irq.h> | |
53 | ||
54 | /* | |
55 | * Known problems: | |
56 | * | |
57 | * Interrupt handling is not guaranteed: | |
58 | * - a real x86 will disable all interrupts for one instruction | |
59 | * after a "mov ss,xx" to make stack handling atomic even without | |
60 | * the 'lss' instruction. We can't guarantee this in v86 mode, | |
61 | * as the next instruction might result in a page fault or similar. | |
62 | * - a real x86 will have interrupts disabled for one instruction | |
63 | * past the 'sti' that enables them. We don't bother with all the | |
64 | * details yet. | |
65 | * | |
66 | * Let's hope these problems do not actually matter for anything. | |
67 | */ | |
68 | ||
69 | ||
70 | #define KVM86 ((struct kernel_vm86_struct *)regs) | |
83e714e8 | 71 | #define VMPI KVM86->vm86plus |
1da177e4 LT |
72 | |
73 | ||
74 | /* | |
75 | * 8- and 16-bit register defines.. | |
76 | */ | |
65ea5b03 PA |
77 | #define AL(regs) (((unsigned char *)&((regs)->pt.ax))[0]) |
78 | #define AH(regs) (((unsigned char *)&((regs)->pt.ax))[1]) | |
79 | #define IP(regs) (*(unsigned short *)&((regs)->pt.ip)) | |
80 | #define SP(regs) (*(unsigned short *)&((regs)->pt.sp)) | |
1da177e4 LT |
81 | |
82 | /* | |
83 | * virtual flags (16 and 32-bit versions) | |
84 | */ | |
9fda6a06 BG |
85 | #define VFLAGS (*(unsigned short *)&(current->thread.vm86->v86flags)) |
86 | #define VEFLAGS (current->thread.vm86->v86flags) | |
1da177e4 | 87 | |
83e714e8 | 88 | #define set_flags(X, new, mask) \ |
1da177e4 LT |
89 | ((X) = ((X) & ~(mask)) | ((new) & (mask))) |
90 | ||
91 | #define SAFE_MASK (0xDD5) | |
92 | #define RETURN_MASK (0xDFF) | |
93 | ||
83e714e8 | 94 | struct pt_regs *save_v86_state(struct kernel_vm86_regs *regs) |
1da177e4 LT |
95 | { |
96 | struct tss_struct *tss; | |
97 | struct pt_regs *ret; | |
ed0b2edb BG |
98 | struct task_struct *tsk = current; |
99 | struct vm86plus_struct __user *user; | |
9fda6a06 | 100 | struct vm86 *vm86 = current->thread.vm86; |
ed0b2edb | 101 | long err = 0; |
1da177e4 LT |
102 | |
103 | /* | |
104 | * This gets called from entry.S with interrupts disabled, but | |
105 | * from process context. Enable interrupts here, before trying | |
106 | * to access user space. | |
107 | */ | |
108 | local_irq_enable(); | |
109 | ||
9fda6a06 | 110 | if (!vm86 || !vm86->vm86_info) { |
c767a54b | 111 | pr_alert("no vm86_info: BAD\n"); |
1da177e4 LT |
112 | do_exit(SIGSEGV); |
113 | } | |
9fda6a06 BG |
114 | set_flags(regs->pt.flags, VEFLAGS, X86_EFLAGS_VIF | vm86->v86mask); |
115 | user = vm86->vm86_info; | |
ed0b2edb BG |
116 | |
117 | if (!access_ok(VERIFY_WRITE, user, VMPI.is_vm86pus ? | |
118 | sizeof(struct vm86plus_struct) : | |
119 | sizeof(struct vm86_struct))) { | |
120 | pr_alert("could not access userspace vm86_info\n"); | |
121 | do_exit(SIGSEGV); | |
122 | } | |
123 | ||
124 | put_user_try { | |
125 | put_user_ex(regs->pt.bx, &user->regs.ebx); | |
126 | put_user_ex(regs->pt.cx, &user->regs.ecx); | |
127 | put_user_ex(regs->pt.dx, &user->regs.edx); | |
128 | put_user_ex(regs->pt.si, &user->regs.esi); | |
129 | put_user_ex(regs->pt.di, &user->regs.edi); | |
130 | put_user_ex(regs->pt.bp, &user->regs.ebp); | |
131 | put_user_ex(regs->pt.ax, &user->regs.eax); | |
132 | put_user_ex(regs->pt.ip, &user->regs.eip); | |
133 | put_user_ex(regs->pt.cs, &user->regs.cs); | |
134 | put_user_ex(regs->pt.flags, &user->regs.eflags); | |
135 | put_user_ex(regs->pt.sp, &user->regs.esp); | |
136 | put_user_ex(regs->pt.ss, &user->regs.ss); | |
137 | put_user_ex(regs->es, &user->regs.es); | |
138 | put_user_ex(regs->ds, &user->regs.ds); | |
139 | put_user_ex(regs->fs, &user->regs.fs); | |
140 | put_user_ex(regs->gs, &user->regs.gs); | |
141 | ||
9fda6a06 | 142 | put_user_ex(vm86->screen_bitmap, &user->screen_bitmap); |
ed0b2edb BG |
143 | } put_user_catch(err); |
144 | if (err) { | |
c767a54b | 145 | pr_alert("could not access userspace vm86_info\n"); |
1da177e4 LT |
146 | do_exit(SIGSEGV); |
147 | } | |
148 | ||
24933b82 | 149 | tss = &per_cpu(cpu_tss, get_cpu()); |
9fda6a06 | 150 | tsk->thread.sp0 = vm86->saved_sp0; |
ed0b2edb BG |
151 | tsk->thread.sysenter_cs = __KERNEL_CS; |
152 | load_sp0(tss, &tsk->thread); | |
9fda6a06 | 153 | vm86->saved_sp0 = 0; |
1da177e4 LT |
154 | put_cpu(); |
155 | ||
1da177e4 | 156 | ret = KVM86->regs32; |
49d26b6e | 157 | |
0233606c | 158 | lazy_load_gs(ret->gs); |
49d26b6e | 159 | |
1da177e4 LT |
160 | return ret; |
161 | } | |
162 | ||
60ec5585 | 163 | static void mark_screen_rdonly(struct mm_struct *mm) |
1da177e4 LT |
164 | { |
165 | pgd_t *pgd; | |
166 | pud_t *pud; | |
167 | pmd_t *pmd; | |
60ec5585 HD |
168 | pte_t *pte; |
169 | spinlock_t *ptl; | |
1da177e4 LT |
170 | int i; |
171 | ||
1a5a9906 | 172 | down_write(&mm->mmap_sem); |
60ec5585 | 173 | pgd = pgd_offset(mm, 0xA0000); |
1da177e4 LT |
174 | if (pgd_none_or_clear_bad(pgd)) |
175 | goto out; | |
176 | pud = pud_offset(pgd, 0xA0000); | |
177 | if (pud_none_or_clear_bad(pud)) | |
178 | goto out; | |
179 | pmd = pmd_offset(pud, 0xA0000); | |
e180377f | 180 | split_huge_page_pmd_mm(mm, 0xA0000, pmd); |
1da177e4 LT |
181 | if (pmd_none_or_clear_bad(pmd)) |
182 | goto out; | |
60ec5585 | 183 | pte = pte_offset_map_lock(mm, pmd, 0xA0000, &ptl); |
1da177e4 LT |
184 | for (i = 0; i < 32; i++) { |
185 | if (pte_present(*pte)) | |
186 | set_pte(pte, pte_wrprotect(*pte)); | |
187 | pte++; | |
188 | } | |
60ec5585 | 189 | pte_unmap_unlock(pte, ptl); |
1da177e4 | 190 | out: |
1a5a9906 | 191 | up_write(&mm->mmap_sem); |
1da177e4 LT |
192 | flush_tlb(); |
193 | } | |
194 | ||
195 | ||
196 | ||
197 | static int do_vm86_irq_handling(int subfunction, int irqnumber); | |
ed0b2edb BG |
198 | static long do_sys_vm86(struct vm86plus_struct __user *v86, bool plus, |
199 | struct kernel_vm86_struct *info); | |
1da177e4 | 200 | |
5522ddb3 | 201 | SYSCALL_DEFINE1(vm86old, struct vm86_struct __user *, v86) |
1da177e4 | 202 | { |
1da177e4 LT |
203 | struct kernel_vm86_struct info; /* declare this _on top_, |
204 | * this avoids wasting of stack space. | |
205 | * This remains on the stack until we | |
206 | * return to 32 bit user space. | |
207 | */ | |
1da177e4 | 208 | |
ed0b2edb | 209 | return do_sys_vm86((struct vm86plus_struct __user *) v86, false, &info); |
1da177e4 LT |
210 | } |
211 | ||
212 | ||
5522ddb3 | 213 | SYSCALL_DEFINE2(vm86, unsigned long, cmd, unsigned long, arg) |
1da177e4 LT |
214 | { |
215 | struct kernel_vm86_struct info; /* declare this _on top_, | |
216 | * this avoids wasting of stack space. | |
217 | * This remains on the stack until we | |
218 | * return to 32 bit user space. | |
219 | */ | |
1da177e4 | 220 | |
f1382f15 | 221 | switch (cmd) { |
83e714e8 PC |
222 | case VM86_REQUEST_IRQ: |
223 | case VM86_FREE_IRQ: | |
224 | case VM86_GET_IRQ_BITS: | |
225 | case VM86_GET_AND_RESET_IRQ: | |
5522ddb3 | 226 | return do_vm86_irq_handling(cmd, (int)arg); |
83e714e8 PC |
227 | case VM86_PLUS_INSTALL_CHECK: |
228 | /* | |
229 | * NOTE: on old vm86 stuff this will return the error | |
230 | * from access_ok(), because the subfunction is | |
231 | * interpreted as (invalid) address to vm86_struct. | |
232 | * So the installation check works. | |
233 | */ | |
5522ddb3 | 234 | return 0; |
1da177e4 LT |
235 | } |
236 | ||
237 | /* we come here only for functions VM86_ENTER, VM86_ENTER_NO_BYPASS */ | |
ed0b2edb | 238 | return do_sys_vm86((struct vm86plus_struct __user *) arg, true, &info); |
1da177e4 LT |
239 | } |
240 | ||
241 | ||
ed0b2edb BG |
242 | static long do_sys_vm86(struct vm86plus_struct __user *v86, bool plus, |
243 | struct kernel_vm86_struct *info) | |
1da177e4 LT |
244 | { |
245 | struct tss_struct *tss; | |
ed0b2edb | 246 | struct task_struct *tsk = current; |
9fda6a06 | 247 | struct vm86 *vm86 = tsk->thread.vm86; |
ed0b2edb BG |
248 | unsigned long err = 0; |
249 | ||
9fda6a06 BG |
250 | if (!vm86) { |
251 | if (!(vm86 = kzalloc(sizeof(*vm86), GFP_KERNEL))) | |
252 | return -ENOMEM; | |
253 | tsk->thread.vm86 = vm86; | |
254 | } | |
255 | if (vm86->saved_sp0) | |
ed0b2edb BG |
256 | return -EPERM; |
257 | ||
258 | if (!access_ok(VERIFY_READ, v86, plus ? | |
259 | sizeof(struct vm86_struct) : | |
260 | sizeof(struct vm86plus_struct))) | |
261 | return -EFAULT; | |
262 | ||
263 | memset(info, 0, sizeof(*info)); | |
264 | get_user_try { | |
265 | unsigned short seg; | |
266 | get_user_ex(info->regs.pt.bx, &v86->regs.ebx); | |
267 | get_user_ex(info->regs.pt.cx, &v86->regs.ecx); | |
268 | get_user_ex(info->regs.pt.dx, &v86->regs.edx); | |
269 | get_user_ex(info->regs.pt.si, &v86->regs.esi); | |
270 | get_user_ex(info->regs.pt.di, &v86->regs.edi); | |
271 | get_user_ex(info->regs.pt.bp, &v86->regs.ebp); | |
272 | get_user_ex(info->regs.pt.ax, &v86->regs.eax); | |
273 | get_user_ex(info->regs.pt.ip, &v86->regs.eip); | |
274 | get_user_ex(seg, &v86->regs.cs); | |
275 | info->regs.pt.cs = seg; | |
276 | get_user_ex(info->regs.pt.flags, &v86->regs.eflags); | |
277 | get_user_ex(info->regs.pt.sp, &v86->regs.esp); | |
278 | get_user_ex(seg, &v86->regs.ss); | |
279 | info->regs.pt.ss = seg; | |
280 | get_user_ex(info->regs.es, &v86->regs.es); | |
281 | get_user_ex(info->regs.ds, &v86->regs.ds); | |
282 | get_user_ex(info->regs.fs, &v86->regs.fs); | |
283 | get_user_ex(info->regs.gs, &v86->regs.gs); | |
284 | ||
285 | get_user_ex(info->flags, &v86->flags); | |
286 | get_user_ex(info->screen_bitmap, &v86->screen_bitmap); | |
287 | get_user_ex(info->cpu_type, &v86->cpu_type); | |
288 | } get_user_catch(err); | |
289 | if (err) | |
290 | return err; | |
291 | ||
292 | if (copy_from_user(&info->int_revectored, &v86->int_revectored, | |
293 | sizeof(struct revectored_struct))) | |
294 | return -EFAULT; | |
295 | if (copy_from_user(&info->int21_revectored, &v86->int21_revectored, | |
296 | sizeof(struct revectored_struct))) | |
297 | return -EFAULT; | |
298 | if (plus) { | |
299 | if (copy_from_user(&info->vm86plus, &v86->vm86plus, | |
300 | sizeof(struct vm86plus_info_struct))) | |
301 | return -EFAULT; | |
302 | info->vm86plus.is_vm86pus = 1; | |
303 | } | |
304 | ||
305 | info->regs32 = current_pt_regs(); | |
9fda6a06 | 306 | vm86->vm86_info = v86; |
1da177e4 LT |
307 | |
308 | /* | |
65ea5b03 | 309 | * The flags register is also special: we cannot trust that the user |
1da177e4 LT |
310 | * has set it up safely, so this makes sure interrupt etc flags are |
311 | * inherited from protected mode. | |
312 | */ | |
65ea5b03 PA |
313 | VEFLAGS = info->regs.pt.flags; |
314 | info->regs.pt.flags &= SAFE_MASK; | |
315 | info->regs.pt.flags |= info->regs32->flags & ~SAFE_MASK; | |
6b6891f9 | 316 | info->regs.pt.flags |= X86_VM_MASK; |
1da177e4 | 317 | |
df1ae9a5 BG |
318 | info->regs.pt.orig_ax = info->regs32->orig_ax; |
319 | ||
1da177e4 | 320 | switch (info->cpu_type) { |
83e714e8 | 321 | case CPU_286: |
9fda6a06 | 322 | vm86->v86mask = 0; |
83e714e8 PC |
323 | break; |
324 | case CPU_386: | |
9fda6a06 | 325 | vm86->v86mask = X86_EFLAGS_NT | X86_EFLAGS_IOPL; |
83e714e8 PC |
326 | break; |
327 | case CPU_486: | |
9fda6a06 | 328 | vm86->v86mask = X86_EFLAGS_AC | X86_EFLAGS_NT | X86_EFLAGS_IOPL; |
83e714e8 PC |
329 | break; |
330 | default: | |
9fda6a06 | 331 | vm86->v86mask = X86_EFLAGS_ID | X86_EFLAGS_AC | X86_EFLAGS_NT | X86_EFLAGS_IOPL; |
83e714e8 | 332 | break; |
1da177e4 LT |
333 | } |
334 | ||
335 | /* | |
975e5f45 | 336 | * Save old state, set default return value (%ax) to 0 (VM86_SIGNAL) |
1da177e4 | 337 | */ |
975e5f45 | 338 | info->regs32->ax = VM86_SIGNAL; |
9fda6a06 | 339 | vm86->saved_sp0 = tsk->thread.sp0; |
0233606c | 340 | lazy_save_gs(info->regs32->gs); |
1da177e4 | 341 | |
24933b82 | 342 | tss = &per_cpu(cpu_tss, get_cpu()); |
faca6227 | 343 | tsk->thread.sp0 = (unsigned long) &info->VM86_TSS_ESP0; |
1da177e4 LT |
344 | if (cpu_has_sep) |
345 | tsk->thread.sysenter_cs = 0; | |
faca6227 | 346 | load_sp0(tss, &tsk->thread); |
1da177e4 LT |
347 | put_cpu(); |
348 | ||
9fda6a06 | 349 | vm86->screen_bitmap = info->screen_bitmap; |
1da177e4 | 350 | if (info->flags & VM86_SCREEN_BITMAP) |
60ec5585 | 351 | mark_screen_rdonly(tsk->mm); |
7e7f8a03 | 352 | |
d7e7528b | 353 | /*call __audit_syscall_exit since we do not exit via the normal paths */ |
6015ff10 | 354 | #ifdef CONFIG_AUDITSYSCALL |
7e7f8a03 | 355 | if (unlikely(current->audit_context)) |
d7e7528b | 356 | __audit_syscall_exit(1, 0); |
6015ff10 | 357 | #endif |
7e7f8a03 | 358 | |
1da177e4 | 359 | __asm__ __volatile__( |
1da177e4 LT |
360 | "movl %0,%%esp\n\t" |
361 | "movl %1,%%ebp\n\t" | |
3aa6b186 | 362 | #ifdef CONFIG_X86_32_LAZY_GS |
464d1a78 | 363 | "mov %2, %%gs\n\t" |
3aa6b186 | 364 | #endif |
1da177e4 LT |
365 | "jmp resume_userspace" |
366 | : /* no outputs */ | |
49d26b6e | 367 | :"r" (&info->regs), "r" (task_thread_info(tsk)), "r" (0)); |
ed0b2edb | 368 | unreachable(); /* we never return here */ |
1da177e4 LT |
369 | } |
370 | ||
83e714e8 | 371 | static inline void return_to_32bit(struct kernel_vm86_regs *regs16, int retval) |
1da177e4 | 372 | { |
83e714e8 | 373 | struct pt_regs *regs32; |
1da177e4 LT |
374 | |
375 | regs32 = save_v86_state(regs16); | |
65ea5b03 | 376 | regs32->ax = retval; |
1da177e4 LT |
377 | __asm__ __volatile__("movl %0,%%esp\n\t" |
378 | "movl %1,%%ebp\n\t" | |
379 | "jmp resume_userspace" | |
380 | : : "r" (regs32), "r" (current_thread_info())); | |
381 | } | |
382 | ||
83e714e8 | 383 | static inline void set_IF(struct kernel_vm86_regs *regs) |
1da177e4 | 384 | { |
a5c15d41 | 385 | VEFLAGS |= X86_EFLAGS_VIF; |
386 | if (VEFLAGS & X86_EFLAGS_VIP) | |
1da177e4 LT |
387 | return_to_32bit(regs, VM86_STI); |
388 | } | |
389 | ||
83e714e8 | 390 | static inline void clear_IF(struct kernel_vm86_regs *regs) |
1da177e4 | 391 | { |
a5c15d41 | 392 | VEFLAGS &= ~X86_EFLAGS_VIF; |
1da177e4 LT |
393 | } |
394 | ||
83e714e8 | 395 | static inline void clear_TF(struct kernel_vm86_regs *regs) |
1da177e4 | 396 | { |
a5c15d41 | 397 | regs->pt.flags &= ~X86_EFLAGS_TF; |
1da177e4 LT |
398 | } |
399 | ||
83e714e8 | 400 | static inline void clear_AC(struct kernel_vm86_regs *regs) |
1da177e4 | 401 | { |
a5c15d41 | 402 | regs->pt.flags &= ~X86_EFLAGS_AC; |
1da177e4 LT |
403 | } |
404 | ||
83e714e8 PC |
405 | /* |
406 | * It is correct to call set_IF(regs) from the set_vflags_* | |
1da177e4 LT |
407 | * functions. However someone forgot to call clear_IF(regs) |
408 | * in the opposite case. | |
409 | * After the command sequence CLI PUSHF STI POPF you should | |
ab4a574e | 410 | * end up with interrupts disabled, but you ended up with |
1da177e4 LT |
411 | * interrupts enabled. |
412 | * ( I was testing my own changes, but the only bug I | |
413 | * could find was in a function I had not changed. ) | |
414 | * [KD] | |
415 | */ | |
416 | ||
83e714e8 | 417 | static inline void set_vflags_long(unsigned long flags, struct kernel_vm86_regs *regs) |
1da177e4 | 418 | { |
9fda6a06 | 419 | set_flags(VEFLAGS, flags, current->thread.vm86->v86mask); |
65ea5b03 | 420 | set_flags(regs->pt.flags, flags, SAFE_MASK); |
a5c15d41 | 421 | if (flags & X86_EFLAGS_IF) |
1da177e4 LT |
422 | set_IF(regs); |
423 | else | |
424 | clear_IF(regs); | |
425 | } | |
426 | ||
83e714e8 | 427 | static inline void set_vflags_short(unsigned short flags, struct kernel_vm86_regs *regs) |
1da177e4 | 428 | { |
9fda6a06 | 429 | set_flags(VFLAGS, flags, current->thread.vm86->v86mask); |
65ea5b03 | 430 | set_flags(regs->pt.flags, flags, SAFE_MASK); |
a5c15d41 | 431 | if (flags & X86_EFLAGS_IF) |
1da177e4 LT |
432 | set_IF(regs); |
433 | else | |
434 | clear_IF(regs); | |
435 | } | |
436 | ||
83e714e8 | 437 | static inline unsigned long get_vflags(struct kernel_vm86_regs *regs) |
1da177e4 | 438 | { |
65ea5b03 | 439 | unsigned long flags = regs->pt.flags & RETURN_MASK; |
1da177e4 | 440 | |
a5c15d41 | 441 | if (VEFLAGS & X86_EFLAGS_VIF) |
442 | flags |= X86_EFLAGS_IF; | |
443 | flags |= X86_EFLAGS_IOPL; | |
9fda6a06 | 444 | return flags | (VEFLAGS & current->thread.vm86->v86mask); |
1da177e4 LT |
445 | } |
446 | ||
83e714e8 | 447 | static inline int is_revectored(int nr, struct revectored_struct *bitmap) |
1da177e4 LT |
448 | { |
449 | __asm__ __volatile__("btl %2,%1\n\tsbbl %0,%0" | |
450 | :"=r" (nr) | |
83e714e8 | 451 | :"m" (*bitmap), "r" (nr)); |
1da177e4 LT |
452 | return nr; |
453 | } | |
454 | ||
455 | #define val_byte(val, n) (((__u8 *)&val)[n]) | |
456 | ||
457 | #define pushb(base, ptr, val, err_label) \ | |
458 | do { \ | |
459 | __u8 __val = val; \ | |
460 | ptr--; \ | |
461 | if (put_user(__val, base + ptr) < 0) \ | |
462 | goto err_label; \ | |
83e714e8 | 463 | } while (0) |
1da177e4 LT |
464 | |
465 | #define pushw(base, ptr, val, err_label) \ | |
466 | do { \ | |
467 | __u16 __val = val; \ | |
468 | ptr--; \ | |
469 | if (put_user(val_byte(__val, 1), base + ptr) < 0) \ | |
470 | goto err_label; \ | |
471 | ptr--; \ | |
472 | if (put_user(val_byte(__val, 0), base + ptr) < 0) \ | |
473 | goto err_label; \ | |
83e714e8 | 474 | } while (0) |
1da177e4 LT |
475 | |
476 | #define pushl(base, ptr, val, err_label) \ | |
477 | do { \ | |
478 | __u32 __val = val; \ | |
479 | ptr--; \ | |
480 | if (put_user(val_byte(__val, 3), base + ptr) < 0) \ | |
481 | goto err_label; \ | |
482 | ptr--; \ | |
483 | if (put_user(val_byte(__val, 2), base + ptr) < 0) \ | |
484 | goto err_label; \ | |
485 | ptr--; \ | |
486 | if (put_user(val_byte(__val, 1), base + ptr) < 0) \ | |
487 | goto err_label; \ | |
488 | ptr--; \ | |
489 | if (put_user(val_byte(__val, 0), base + ptr) < 0) \ | |
490 | goto err_label; \ | |
83e714e8 | 491 | } while (0) |
1da177e4 LT |
492 | |
493 | #define popb(base, ptr, err_label) \ | |
494 | ({ \ | |
495 | __u8 __res; \ | |
496 | if (get_user(__res, base + ptr) < 0) \ | |
497 | goto err_label; \ | |
498 | ptr++; \ | |
499 | __res; \ | |
500 | }) | |
501 | ||
502 | #define popw(base, ptr, err_label) \ | |
503 | ({ \ | |
504 | __u16 __res; \ | |
505 | if (get_user(val_byte(__res, 0), base + ptr) < 0) \ | |
506 | goto err_label; \ | |
507 | ptr++; \ | |
508 | if (get_user(val_byte(__res, 1), base + ptr) < 0) \ | |
509 | goto err_label; \ | |
510 | ptr++; \ | |
511 | __res; \ | |
512 | }) | |
513 | ||
514 | #define popl(base, ptr, err_label) \ | |
515 | ({ \ | |
516 | __u32 __res; \ | |
517 | if (get_user(val_byte(__res, 0), base + ptr) < 0) \ | |
518 | goto err_label; \ | |
519 | ptr++; \ | |
520 | if (get_user(val_byte(__res, 1), base + ptr) < 0) \ | |
521 | goto err_label; \ | |
522 | ptr++; \ | |
523 | if (get_user(val_byte(__res, 2), base + ptr) < 0) \ | |
524 | goto err_label; \ | |
525 | ptr++; \ | |
526 | if (get_user(val_byte(__res, 3), base + ptr) < 0) \ | |
527 | goto err_label; \ | |
528 | ptr++; \ | |
529 | __res; \ | |
530 | }) | |
531 | ||
532 | /* There are so many possible reasons for this function to return | |
533 | * VM86_INTx, so adding another doesn't bother me. We can expect | |
534 | * userspace programs to be able to handle it. (Getting a problem | |
535 | * in userspace is always better than an Oops anyway.) [KD] | |
536 | */ | |
537 | static void do_int(struct kernel_vm86_regs *regs, int i, | |
83e714e8 | 538 | unsigned char __user *ssp, unsigned short sp) |
1da177e4 LT |
539 | { |
540 | unsigned long __user *intr_ptr; | |
541 | unsigned long segoffs; | |
542 | ||
65ea5b03 | 543 | if (regs->pt.cs == BIOSSEG) |
1da177e4 LT |
544 | goto cannot_handle; |
545 | if (is_revectored(i, &KVM86->int_revectored)) | |
546 | goto cannot_handle; | |
83e714e8 | 547 | if (i == 0x21 && is_revectored(AH(regs), &KVM86->int21_revectored)) |
1da177e4 LT |
548 | goto cannot_handle; |
549 | intr_ptr = (unsigned long __user *) (i << 2); | |
550 | if (get_user(segoffs, intr_ptr)) | |
551 | goto cannot_handle; | |
552 | if ((segoffs >> 16) == BIOSSEG) | |
553 | goto cannot_handle; | |
554 | pushw(ssp, sp, get_vflags(regs), cannot_handle); | |
65ea5b03 | 555 | pushw(ssp, sp, regs->pt.cs, cannot_handle); |
1da177e4 | 556 | pushw(ssp, sp, IP(regs), cannot_handle); |
65ea5b03 | 557 | regs->pt.cs = segoffs >> 16; |
1da177e4 LT |
558 | SP(regs) -= 6; |
559 | IP(regs) = segoffs & 0xffff; | |
560 | clear_TF(regs); | |
561 | clear_IF(regs); | |
562 | clear_AC(regs); | |
563 | return; | |
564 | ||
565 | cannot_handle: | |
566 | return_to_32bit(regs, VM86_INTx + (i << 8)); | |
567 | } | |
568 | ||
83e714e8 | 569 | int handle_vm86_trap(struct kernel_vm86_regs *regs, long error_code, int trapno) |
1da177e4 LT |
570 | { |
571 | if (VMPI.is_vm86pus) { | |
6554287b BO |
572 | if ((trapno == 3) || (trapno == 1)) { |
573 | KVM86->regs32->ax = VM86_TRAP + (trapno << 8); | |
574 | /* setting this flag forces the code in entry_32.S to | |
e76623d6 AV |
575 | the path where we call save_v86_state() and change |
576 | the stack pointer to KVM86->regs32 */ | |
577 | set_thread_flag(TIF_NOTIFY_RESUME); | |
6554287b BO |
578 | return 0; |
579 | } | |
65ea5b03 | 580 | do_int(regs, trapno, (unsigned char __user *) (regs->pt.ss << 4), SP(regs)); |
1da177e4 LT |
581 | return 0; |
582 | } | |
83e714e8 | 583 | if (trapno != 1) |
1da177e4 | 584 | return 1; /* we let this handle by the calling routine */ |
51e7dc70 | 585 | current->thread.trap_nr = trapno; |
1da177e4 | 586 | current->thread.error_code = error_code; |
0f540910 | 587 | force_sig(SIGTRAP, current); |
1da177e4 LT |
588 | return 0; |
589 | } | |
590 | ||
83e714e8 | 591 | void handle_vm86_fault(struct kernel_vm86_regs *regs, long error_code) |
1da177e4 LT |
592 | { |
593 | unsigned char opcode; | |
594 | unsigned char __user *csp; | |
595 | unsigned char __user *ssp; | |
5fd75ebb | 596 | unsigned short ip, sp, orig_flags; |
1da177e4 LT |
597 | int data32, pref_done; |
598 | ||
599 | #define CHECK_IF_IN_TRAP \ | |
600 | if (VMPI.vm86dbg_active && VMPI.vm86dbg_TFpendig) \ | |
a5c15d41 | 601 | newflags |= X86_EFLAGS_TF |
1da177e4 | 602 | #define VM86_FAULT_RETURN do { \ |
a5c15d41 | 603 | if (VMPI.force_return_for_pic && (VEFLAGS & (X86_EFLAGS_IF | X86_EFLAGS_VIF))) \ |
1da177e4 | 604 | return_to_32bit(regs, VM86_PICRETURN); \ |
a5c15d41 | 605 | if (orig_flags & X86_EFLAGS_TF) \ |
5fd75ebb | 606 | handle_vm86_trap(regs, 0, 1); \ |
1da177e4 LT |
607 | return; } while (0) |
608 | ||
65ea5b03 | 609 | orig_flags = *(unsigned short *)®s->pt.flags; |
5fd75ebb | 610 | |
65ea5b03 PA |
611 | csp = (unsigned char __user *) (regs->pt.cs << 4); |
612 | ssp = (unsigned char __user *) (regs->pt.ss << 4); | |
1da177e4 LT |
613 | sp = SP(regs); |
614 | ip = IP(regs); | |
615 | ||
616 | data32 = 0; | |
617 | pref_done = 0; | |
618 | do { | |
619 | switch (opcode = popb(csp, ip, simulate_sigsegv)) { | |
83e714e8 PC |
620 | case 0x66: /* 32-bit data */ data32 = 1; break; |
621 | case 0x67: /* 32-bit address */ break; | |
622 | case 0x2e: /* CS */ break; | |
623 | case 0x3e: /* DS */ break; | |
624 | case 0x26: /* ES */ break; | |
625 | case 0x36: /* SS */ break; | |
626 | case 0x65: /* GS */ break; | |
627 | case 0x64: /* FS */ break; | |
628 | case 0xf2: /* repnz */ break; | |
629 | case 0xf3: /* rep */ break; | |
630 | default: pref_done = 1; | |
1da177e4 LT |
631 | } |
632 | } while (!pref_done); | |
633 | ||
634 | switch (opcode) { | |
635 | ||
636 | /* pushf */ | |
637 | case 0x9c: | |
638 | if (data32) { | |
639 | pushl(ssp, sp, get_vflags(regs), simulate_sigsegv); | |
640 | SP(regs) -= 4; | |
641 | } else { | |
642 | pushw(ssp, sp, get_vflags(regs), simulate_sigsegv); | |
643 | SP(regs) -= 2; | |
644 | } | |
645 | IP(regs) = ip; | |
646 | VM86_FAULT_RETURN; | |
647 | ||
648 | /* popf */ | |
649 | case 0x9d: | |
650 | { | |
651 | unsigned long newflags; | |
652 | if (data32) { | |
83e714e8 | 653 | newflags = popl(ssp, sp, simulate_sigsegv); |
1da177e4 LT |
654 | SP(regs) += 4; |
655 | } else { | |
656 | newflags = popw(ssp, sp, simulate_sigsegv); | |
657 | SP(regs) += 2; | |
658 | } | |
659 | IP(regs) = ip; | |
660 | CHECK_IF_IN_TRAP; | |
83e714e8 | 661 | if (data32) |
1da177e4 | 662 | set_vflags_long(newflags, regs); |
83e714e8 | 663 | else |
1da177e4 | 664 | set_vflags_short(newflags, regs); |
83e714e8 | 665 | |
1da177e4 LT |
666 | VM86_FAULT_RETURN; |
667 | } | |
668 | ||
669 | /* int xx */ | |
670 | case 0xcd: { | |
83e714e8 | 671 | int intno = popb(csp, ip, simulate_sigsegv); |
1da177e4 LT |
672 | IP(regs) = ip; |
673 | if (VMPI.vm86dbg_active) { | |
83e714e8 | 674 | if ((1 << (intno & 7)) & VMPI.vm86dbg_intxxtab[intno >> 3]) |
1da177e4 LT |
675 | return_to_32bit(regs, VM86_INTx + (intno << 8)); |
676 | } | |
677 | do_int(regs, intno, ssp, sp); | |
678 | return; | |
679 | } | |
680 | ||
681 | /* iret */ | |
682 | case 0xcf: | |
683 | { | |
684 | unsigned long newip; | |
685 | unsigned long newcs; | |
686 | unsigned long newflags; | |
687 | if (data32) { | |
83e714e8 PC |
688 | newip = popl(ssp, sp, simulate_sigsegv); |
689 | newcs = popl(ssp, sp, simulate_sigsegv); | |
690 | newflags = popl(ssp, sp, simulate_sigsegv); | |
1da177e4 LT |
691 | SP(regs) += 12; |
692 | } else { | |
693 | newip = popw(ssp, sp, simulate_sigsegv); | |
694 | newcs = popw(ssp, sp, simulate_sigsegv); | |
695 | newflags = popw(ssp, sp, simulate_sigsegv); | |
696 | SP(regs) += 6; | |
697 | } | |
698 | IP(regs) = newip; | |
65ea5b03 | 699 | regs->pt.cs = newcs; |
1da177e4 LT |
700 | CHECK_IF_IN_TRAP; |
701 | if (data32) { | |
702 | set_vflags_long(newflags, regs); | |
703 | } else { | |
704 | set_vflags_short(newflags, regs); | |
705 | } | |
706 | VM86_FAULT_RETURN; | |
707 | } | |
708 | ||
709 | /* cli */ | |
710 | case 0xfa: | |
711 | IP(regs) = ip; | |
712 | clear_IF(regs); | |
713 | VM86_FAULT_RETURN; | |
714 | ||
715 | /* sti */ | |
716 | /* | |
717 | * Damn. This is incorrect: the 'sti' instruction should actually | |
718 | * enable interrupts after the /next/ instruction. Not good. | |
719 | * | |
720 | * Probably needs some horsing around with the TF flag. Aiee.. | |
721 | */ | |
722 | case 0xfb: | |
723 | IP(regs) = ip; | |
724 | set_IF(regs); | |
725 | VM86_FAULT_RETURN; | |
726 | ||
727 | default: | |
728 | return_to_32bit(regs, VM86_UNKNOWN); | |
729 | } | |
730 | ||
731 | return; | |
732 | ||
733 | simulate_sigsegv: | |
734 | /* FIXME: After a long discussion with Stas we finally | |
735 | * agreed, that this is wrong. Here we should | |
736 | * really send a SIGSEGV to the user program. | |
737 | * But how do we create the correct context? We | |
738 | * are inside a general protection fault handler | |
739 | * and has just returned from a page fault handler. | |
740 | * The correct context for the signal handler | |
741 | * should be a mixture of the two, but how do we | |
742 | * get the information? [KD] | |
743 | */ | |
744 | return_to_32bit(regs, VM86_UNKNOWN); | |
745 | } | |
746 | ||
747 | /* ---------------- vm86 special IRQ passing stuff ----------------- */ | |
748 | ||
749 | #define VM86_IRQNAME "vm86irq" | |
750 | ||
751 | static struct vm86_irqs { | |
752 | struct task_struct *tsk; | |
753 | int sig; | |
754 | } vm86_irqs[16]; | |
755 | ||
756 | static DEFINE_SPINLOCK(irqbits_lock); | |
757 | static int irqbits; | |
758 | ||
83e714e8 | 759 | #define ALLOWED_SIGS (1 /* 0 = don't send a signal */ \ |
1da177e4 | 760 | | (1 << SIGUSR1) | (1 << SIGUSR2) | (1 << SIGIO) | (1 << SIGURG) \ |
83e714e8 PC |
761 | | (1 << SIGUNUSED)) |
762 | ||
7d12e780 | 763 | static irqreturn_t irq_handler(int intno, void *dev_id) |
1da177e4 LT |
764 | { |
765 | int irq_bit; | |
766 | unsigned long flags; | |
767 | ||
83e714e8 | 768 | spin_lock_irqsave(&irqbits_lock, flags); |
1da177e4 | 769 | irq_bit = 1 << intno; |
83e714e8 | 770 | if ((irqbits & irq_bit) || !vm86_irqs[intno].tsk) |
1da177e4 LT |
771 | goto out; |
772 | irqbits |= irq_bit; | |
773 | if (vm86_irqs[intno].sig) | |
774 | send_sig(vm86_irqs[intno].sig, vm86_irqs[intno].tsk, 1); | |
1da177e4 LT |
775 | /* |
776 | * IRQ will be re-enabled when user asks for the irq (whether | |
777 | * polling or as a result of the signal) | |
778 | */ | |
ad671423 PP |
779 | disable_irq_nosync(intno); |
780 | spin_unlock_irqrestore(&irqbits_lock, flags); | |
1da177e4 LT |
781 | return IRQ_HANDLED; |
782 | ||
783 | out: | |
83e714e8 | 784 | spin_unlock_irqrestore(&irqbits_lock, flags); |
1da177e4 LT |
785 | return IRQ_NONE; |
786 | } | |
787 | ||
788 | static inline void free_vm86_irq(int irqnumber) | |
789 | { | |
790 | unsigned long flags; | |
791 | ||
792 | free_irq(irqnumber, NULL); | |
793 | vm86_irqs[irqnumber].tsk = NULL; | |
794 | ||
83e714e8 | 795 | spin_lock_irqsave(&irqbits_lock, flags); |
1da177e4 | 796 | irqbits &= ~(1 << irqnumber); |
83e714e8 | 797 | spin_unlock_irqrestore(&irqbits_lock, flags); |
1da177e4 LT |
798 | } |
799 | ||
800 | void release_vm86_irqs(struct task_struct *task) | |
801 | { | |
802 | int i; | |
803 | for (i = FIRST_VM86_IRQ ; i <= LAST_VM86_IRQ; i++) | |
804 | if (vm86_irqs[i].tsk == task) | |
805 | free_vm86_irq(i); | |
806 | } | |
807 | ||
808 | static inline int get_and_reset_irq(int irqnumber) | |
809 | { | |
810 | int bit; | |
811 | unsigned long flags; | |
ad671423 | 812 | int ret = 0; |
83e714e8 | 813 | |
1da177e4 LT |
814 | if (invalid_vm86_irq(irqnumber)) return 0; |
815 | if (vm86_irqs[irqnumber].tsk != current) return 0; | |
83e714e8 | 816 | spin_lock_irqsave(&irqbits_lock, flags); |
1da177e4 LT |
817 | bit = irqbits & (1 << irqnumber); |
818 | irqbits &= ~bit; | |
ad671423 PP |
819 | if (bit) { |
820 | enable_irq(irqnumber); | |
821 | ret = 1; | |
822 | } | |
823 | ||
83e714e8 | 824 | spin_unlock_irqrestore(&irqbits_lock, flags); |
ad671423 | 825 | return ret; |
1da177e4 LT |
826 | } |
827 | ||
828 | ||
829 | static int do_vm86_irq_handling(int subfunction, int irqnumber) | |
830 | { | |
831 | int ret; | |
832 | switch (subfunction) { | |
833 | case VM86_GET_AND_RESET_IRQ: { | |
834 | return get_and_reset_irq(irqnumber); | |
835 | } | |
836 | case VM86_GET_IRQ_BITS: { | |
837 | return irqbits; | |
838 | } | |
839 | case VM86_REQUEST_IRQ: { | |
840 | int sig = irqnumber >> 8; | |
841 | int irq = irqnumber & 255; | |
842 | if (!capable(CAP_SYS_ADMIN)) return -EPERM; | |
843 | if (!((1 << sig) & ALLOWED_SIGS)) return -EPERM; | |
844 | if (invalid_vm86_irq(irq)) return -EPERM; | |
845 | if (vm86_irqs[irq].tsk) return -EPERM; | |
846 | ret = request_irq(irq, &irq_handler, 0, VM86_IRQNAME, NULL); | |
847 | if (ret) return ret; | |
848 | vm86_irqs[irq].sig = sig; | |
849 | vm86_irqs[irq].tsk = current; | |
850 | return irq; | |
851 | } | |
852 | case VM86_FREE_IRQ: { | |
853 | if (invalid_vm86_irq(irqnumber)) return -EPERM; | |
854 | if (!vm86_irqs[irqnumber].tsk) return 0; | |
855 | if (vm86_irqs[irqnumber].tsk != current) return -EPERM; | |
856 | free_vm86_irq(irqnumber); | |
857 | return 0; | |
858 | } | |
859 | } | |
860 | return -EINVAL; | |
861 | } | |
862 |