1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * Copyright (C) 1991, 1992 Linus Torvalds |
4 | * Copyright (C) 2000, 2001, 2002 Andi Kleen SuSE Labs |
5 | * |
6 | * 1997-11-28 Modified for POSIX.1b signals by Richard Henderson |
7 | * 2000-06-20 Pentium III FXSR, SSE support by Gareth Hughes |
8 | * 2000-2002 x86-64 support by Andi Kleen |
9 | */ |
10 | |
11 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
12 | |
13 | #include <linux/sched.h> |
14 | #include <linux/sched/task_stack.h> |
15 | #include <linux/mm.h> |
16 | #include <linux/smp.h> |
17 | #include <linux/kernel.h> |
18 | #include <linux/kstrtox.h> |
19 | #include <linux/errno.h> |
20 | #include <linux/wait.h> |
21 | #include <linux/unistd.h> |
22 | #include <linux/stddef.h> |
23 | #include <linux/personality.h> |
24 | #include <linux/uaccess.h> |
25 | #include <linux/user-return-notifier.h> |
26 | #include <linux/uprobes.h> |
27 | #include <linux/context_tracking.h> |
28 | #include <linux/entry-common.h> |
29 | #include <linux/syscalls.h> |
30 | |
31 | #include <asm/processor.h> |
32 | #include <asm/ucontext.h> |
33 | #include <asm/fpu/signal.h> |
34 | #include <asm/fpu/xstate.h> |
35 | #include <asm/vdso.h> |
36 | #include <asm/mce.h> |
37 | #include <asm/sighandling.h> |
38 | #include <asm/vm86.h> |
39 | |
40 | #ifdef CONFIG_X86_64 |
41 | #include <linux/compat.h> |
42 | #include <asm/proto.h> |
43 | #include <asm/ia32_unistd.h> |
44 | #include <asm/fpu/xstate.h> |
45 | #endif /* CONFIG_X86_64 */ |
46 | |
47 | #include <asm/syscall.h> |
48 | #include <asm/sigframe.h> |
49 | #include <asm/signal.h> |
50 | |
51 | #ifdef CONFIG_X86_64 |
52 | /* |
53 | * If regs->ss will cause an IRET fault, change it. Otherwise leave it |
54 | * alone. Using this generally makes no sense unless |
55 | * user_64bit_mode(regs) would return true. |
56 | */ |
57 | static void force_valid_ss(struct pt_regs *regs) |
58 | { |
59 | u32 ar; |
60 | asm volatile ("lar %[old_ss], %[ar]\n\t" |
61 | "jz 1f\n\t" /* If invalid: */ |
62 | "xorl %[ar], %[ar]\n\t" /* set ar = 0 */ |
63 | "1:" |
64 | : [ar] "=r" (ar) |
65 | : [old_ss] "rm" ((u16)regs->ss)); |
66 | |
67 | /* |
68 | * For a valid 64-bit user context, we need DPL 3, type |
69 | * read-write data or read-write exp-down data, and S and P |
70 | * set. We can't use VERW because VERW doesn't check the |
71 | * P bit. |
72 | */ |
73 | ar &= AR_DPL_MASK | AR_S | AR_P | AR_TYPE_MASK; |
74 | if (ar != (AR_DPL3 | AR_S | AR_P | AR_TYPE_RWDATA) && |
75 | ar != (AR_DPL3 | AR_S | AR_P | AR_TYPE_RWDATA_EXPDOWN)) |
76 | regs->ss = __USER_DS; |
77 | } |
78 | # define CONTEXT_COPY_SIZE offsetof(struct sigcontext, reserved1) |
79 | #else |
80 | # define CONTEXT_COPY_SIZE sizeof(struct sigcontext) |
81 | #endif |
82 | |
83 | static bool restore_sigcontext(struct pt_regs *regs, |
84 | struct sigcontext __user *usc, |
85 | unsigned long uc_flags) |
86 | { |
87 | struct sigcontext sc; |
88 | |
89 | /* Always make any pending restarted system calls return -EINTR */ |
90 | current->restart_block.fn = do_no_restart_syscall; |
91 | |
92 | if (copy_from_user(&sc, usc, CONTEXT_COPY_SIZE)) |
93 | return false; |
94 | |
95 | #ifdef CONFIG_X86_32 |
96 | loadsegment(gs, sc.gs); |
97 | regs->fs = sc.fs; |
98 | regs->es = sc.es; |
99 | regs->ds = sc.ds; |
100 | #endif /* CONFIG_X86_32 */ |
101 | |
102 | regs->bx = sc.bx; |
103 | regs->cx = sc.cx; |
104 | regs->dx = sc.dx; |
105 | regs->si = sc.si; |
106 | regs->di = sc.di; |
107 | regs->bp = sc.bp; |
108 | regs->ax = sc.ax; |
109 | regs->sp = sc.sp; |
110 | regs->ip = sc.ip; |
111 | |
112 | #ifdef CONFIG_X86_64 |
113 | regs->r8 = sc.r8; |
114 | regs->r9 = sc.r9; |
115 | regs->r10 = sc.r10; |
116 | regs->r11 = sc.r11; |
117 | regs->r12 = sc.r12; |
118 | regs->r13 = sc.r13; |
119 | regs->r14 = sc.r14; |
120 | regs->r15 = sc.r15; |
121 | #endif /* CONFIG_X86_64 */ |
122 | |
123 | /* Get CS/SS and force CPL3 */ |
124 | regs->cs = sc.cs | 0x03; |
125 | regs->ss = sc.ss | 0x03; |
126 | |
127 | regs->flags = (regs->flags & ~FIX_EFLAGS) | (sc.flags & FIX_EFLAGS); |
128 | /* disable syscall checks */ |
129 | regs->orig_ax = -1; |
130 | |
131 | #ifdef CONFIG_X86_64 |
132 | /* |
133 | * Fix up SS if needed for the benefit of old DOSEMU and |
134 | * CRIU. |
135 | */ |
136 | if (unlikely(!(uc_flags & UC_STRICT_RESTORE_SS) && user_64bit_mode(regs))) |
137 | force_valid_ss(regs); |
138 | #endif |
139 | |
140 | return fpu__restore_sig((void __user *)sc.fpstate, |
141 | IS_ENABLED(CONFIG_X86_32)); |
142 | } |
143 | |
144 | static __always_inline int |
145 | __unsafe_setup_sigcontext(struct sigcontext __user *sc, void __user *fpstate, |
146 | struct pt_regs *regs, unsigned long mask) |
147 | { |
148 | #ifdef CONFIG_X86_32 |
149 | unsigned int gs; |
150 | savesegment(gs, gs); |
151 | |
152 | unsafe_put_user(gs, (unsigned int __user *)&sc->gs, Efault); |
153 | unsafe_put_user(regs->fs, (unsigned int __user *)&sc->fs, Efault); |
154 | unsafe_put_user(regs->es, (unsigned int __user *)&sc->es, Efault); |
155 | unsafe_put_user(regs->ds, (unsigned int __user *)&sc->ds, Efault); |
156 | #endif /* CONFIG_X86_32 */ |
157 | |
158 | unsafe_put_user(regs->di, &sc->di, Efault); |
159 | unsafe_put_user(regs->si, &sc->si, Efault); |
160 | unsafe_put_user(regs->bp, &sc->bp, Efault); |
161 | unsafe_put_user(regs->sp, &sc->sp, Efault); |
162 | unsafe_put_user(regs->bx, &sc->bx, Efault); |
163 | unsafe_put_user(regs->dx, &sc->dx, Efault); |
164 | unsafe_put_user(regs->cx, &sc->cx, Efault); |
165 | unsafe_put_user(regs->ax, &sc->ax, Efault); |
166 | #ifdef CONFIG_X86_64 |
167 | unsafe_put_user(regs->r8, &sc->r8, Efault); |
168 | unsafe_put_user(regs->r9, &sc->r9, Efault); |
169 | unsafe_put_user(regs->r10, &sc->r10, Efault); |
170 | unsafe_put_user(regs->r11, &sc->r11, Efault); |
171 | unsafe_put_user(regs->r12, &sc->r12, Efault); |
172 | unsafe_put_user(regs->r13, &sc->r13, Efault); |
173 | unsafe_put_user(regs->r14, &sc->r14, Efault); |
174 | unsafe_put_user(regs->r15, &sc->r15, Efault); |
175 | #endif /* CONFIG_X86_64 */ |
176 | |
177 | unsafe_put_user(current->thread.trap_nr, &sc->trapno, Efault); |
178 | unsafe_put_user(current->thread.error_code, &sc->err, Efault); |
179 | unsafe_put_user(regs->ip, &sc->ip, Efault); |
180 | #ifdef CONFIG_X86_32 |
181 | unsafe_put_user(regs->cs, (unsigned int __user *)&sc->cs, Efault); |
182 | unsafe_put_user(regs->flags, &sc->flags, Efault); |
183 | unsafe_put_user(regs->sp, &sc->sp_at_signal, Efault); |
184 | unsafe_put_user(regs->ss, (unsigned int __user *)&sc->ss, Efault); |
185 | #else /* !CONFIG_X86_32 */ |
186 | unsafe_put_user(regs->flags, &sc->flags, Efault); |
187 | unsafe_put_user(regs->cs, &sc->cs, Efault); |
188 | unsafe_put_user(0, &sc->gs, Efault); |
189 | unsafe_put_user(0, &sc->fs, Efault); |
190 | unsafe_put_user(regs->ss, &sc->ss, Efault); |
191 | #endif /* CONFIG_X86_32 */ |
192 | |
193 | unsafe_put_user(fpstate, (unsigned long __user *)&sc->fpstate, Efault); |
194 | |
195 | /* non-iBCS2 extensions.. */ |
196 | unsafe_put_user(mask, &sc->oldmask, Efault); |
197 | unsafe_put_user(current->thread.cr2, &sc->cr2, Efault); |
198 | return 0; |
199 | Efault: |
200 | return -EFAULT; |
201 | } |
202 | |
203 | #define unsafe_put_sigcontext(sc, fp, regs, set, label) \ |
204 | do { \ |
205 | if (__unsafe_setup_sigcontext(sc, fp, regs, set->sig[0])) \ |
206 | goto label; \ |
207 | } while(0); |
208 | |
209 | #define unsafe_put_sigmask(set, frame, label) \ |
210 | unsafe_put_user(*(__u64 *)(set), \ |
211 | (__u64 __user *)&(frame)->uc.uc_sigmask, \ |
212 | label) |
213 | |
214 | /* |
215 | * Set up a signal frame. |
216 | */ |
217 | |
218 | /* x86 ABI requires 16-byte alignment */ |
219 | #define FRAME_ALIGNMENT 16UL |
220 | |
221 | #define MAX_FRAME_PADDING (FRAME_ALIGNMENT - 1) |
222 | |
223 | /* |
224 | * Determine which stack to use.. |
225 | */ |
226 | static unsigned long align_sigframe(unsigned long sp) |
227 | { |
228 | #ifdef CONFIG_X86_32 |
229 | /* |
230 | * Align the stack pointer according to the i386 ABI, |
231 | * i.e. so that on function entry ((sp + 4) & 15) == 0. |
232 | */ |
233 | sp = ((sp + 4) & -FRAME_ALIGNMENT) - 4; |
234 | #else /* !CONFIG_X86_32 */ |
235 | sp = round_down(sp, FRAME_ALIGNMENT) - 8; |
236 | #endif |
237 | return sp; |
238 | } |
239 | |
240 | static void __user * |
241 | get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, size_t frame_size, |
242 | void __user **fpstate) |
243 | { |
244 | /* Default to using normal stack */ |
245 | bool nested_altstack = on_sig_stack(regs->sp); |
246 | bool entering_altstack = false; |
247 | unsigned long math_size = 0; |
248 | unsigned long sp = regs->sp; |
249 | unsigned long buf_fx = 0; |
250 | |
251 | /* redzone */ |
252 | if (IS_ENABLED(CONFIG_X86_64)) |
253 | sp -= 128; |
254 | |
255 | /* This is the X/Open sanctioned signal stack switching. */ |
256 | if (ka->sa.sa_flags & SA_ONSTACK) { |
257 | /* |
258 | * This checks nested_altstack via sas_ss_flags(). Sensible |
259 | * programs use SS_AUTODISARM, which disables that check, and |
260 | * programs that don't use SS_AUTODISARM get compatible. |
261 | */ |
262 | if (sas_ss_flags(sp) == 0) { |
263 | sp = current->sas_ss_sp + current->sas_ss_size; |
264 | entering_altstack = true; |
265 | } |
266 | } else if (IS_ENABLED(CONFIG_X86_32) && |
267 | !nested_altstack && |
268 | regs->ss != __USER_DS && |
269 | !(ka->sa.sa_flags & SA_RESTORER) && |
270 | ka->sa.sa_restorer) { |
271 | /* This is the legacy signal stack switching. */ |
272 | sp = (unsigned long) ka->sa.sa_restorer; |
273 | entering_altstack = true; |
274 | } |
275 | |
276 | sp = fpu__alloc_mathframe(sp, IS_ENABLED(CONFIG_X86_32), |
277 | &buf_fx, &math_size); |
278 | *fpstate = (void __user *)sp; |
279 | |
280 | sp = align_sigframe(sp - frame_size); |
281 | |
282 | /* |
283 | * If we are on the alternate signal stack and would overflow it, don't. |
284 | * Return an always-bogus address instead so we will die with SIGSEGV. |
285 | */ |
286 | if (unlikely((nested_altstack || entering_altstack) && |
287 | !__on_sig_stack(sp))) { |
288 | |
289 | if (show_unhandled_signals && printk_ratelimit()) |
290 | pr_info("%s[%d] overflowed sigaltstack\n" , |
291 | current->comm, task_pid_nr(current)); |
292 | |
293 | return (void __user *)-1L; |
294 | } |
295 | |
296 | /* save i387 and extended state */ |
297 | if (!copy_fpstate_to_sigframe(*fpstate, (void __user *)buf_fx, math_size)) |
298 | return (void __user *)-1L; |
299 | |
300 | return (void __user *)sp; |
301 | } |
302 | |
303 | #ifdef CONFIG_X86_32 |
304 | static const struct { |
305 | u16 poplmovl; |
306 | u32 val; |
307 | u16 int80; |
308 | } __attribute__((packed)) retcode = { |
309 | 0xb858, /* popl %eax; movl $..., %eax */ |
310 | __NR_sigreturn, |
311 | 0x80cd, /* int $0x80 */ |
312 | }; |
313 | |
314 | static const struct { |
315 | u8 movl; |
316 | u32 val; |
317 | u16 int80; |
318 | u8 pad; |
319 | } __attribute__((packed)) rt_retcode = { |
320 | 0xb8, /* movl $..., %eax */ |
321 | __NR_rt_sigreturn, |
322 | 0x80cd, /* int $0x80 */ |
323 | 0 |
324 | }; |
325 | |
326 | static int |
327 | __setup_frame(int sig, struct ksignal *ksig, sigset_t *set, |
328 | struct pt_regs *regs) |
329 | { |
330 | struct sigframe __user *frame; |
331 | void __user *restorer; |
332 | void __user *fp = NULL; |
333 | |
334 | frame = get_sigframe(&ksig->ka, regs, sizeof(*frame), &fp); |
335 | |
336 | if (!user_access_begin(frame, sizeof(*frame))) |
337 | return -EFAULT; |
338 | |
339 | unsafe_put_user(sig, &frame->sig, Efault); |
340 | unsafe_put_sigcontext(&frame->sc, fp, regs, set, Efault); |
341 | unsafe_put_user(set->sig[1], &frame->extramask[0], Efault); |
342 | if (current->mm->context.vdso) |
343 | restorer = current->mm->context.vdso + |
344 | vdso_image_32.sym___kernel_sigreturn; |
345 | else |
346 | restorer = &frame->retcode; |
347 | if (ksig->ka.sa.sa_flags & SA_RESTORER) |
348 | restorer = ksig->ka.sa.sa_restorer; |
349 | |
350 | /* Set up to return from userspace. */ |
351 | unsafe_put_user(restorer, &frame->pretcode, Efault); |
352 | |
353 | /* |
354 | * This is popl %eax ; movl $__NR_sigreturn, %eax ; int $0x80 |
355 | * |
356 | * WE DO NOT USE IT ANY MORE! It's only left here for historical |
357 | * reasons and because gdb uses it as a signature to notice |
358 | * signal handler stack frames. |
359 | */ |
360 | unsafe_put_user(*((u64 *)&retcode), (u64 *)frame->retcode, Efault); |
361 | user_access_end(); |
362 | |
363 | /* Set up registers for signal handler */ |
364 | regs->sp = (unsigned long)frame; |
365 | regs->ip = (unsigned long)ksig->ka.sa.sa_handler; |
366 | regs->ax = (unsigned long)sig; |
367 | regs->dx = 0; |
368 | regs->cx = 0; |
369 | |
370 | regs->ds = __USER_DS; |
371 | regs->es = __USER_DS; |
372 | regs->ss = __USER_DS; |
373 | regs->cs = __USER_CS; |
374 | |
375 | return 0; |
376 | |
377 | Efault: |
378 | user_access_end(); |
379 | return -EFAULT; |
380 | } |
381 | |
382 | static int __setup_rt_frame(int sig, struct ksignal *ksig, |
383 | sigset_t *set, struct pt_regs *regs) |
384 | { |
385 | struct rt_sigframe __user *frame; |
386 | void __user *restorer; |
387 | void __user *fp = NULL; |
388 | |
389 | frame = get_sigframe(&ksig->ka, regs, sizeof(*frame), &fp); |
390 | |
391 | if (!user_access_begin(frame, sizeof(*frame))) |
392 | return -EFAULT; |
393 | |
394 | unsafe_put_user(sig, &frame->sig, Efault); |
395 | unsafe_put_user(&frame->info, &frame->pinfo, Efault); |
396 | unsafe_put_user(&frame->uc, &frame->puc, Efault); |
397 | |
398 | /* Create the ucontext. */ |
399 | if (static_cpu_has(X86_FEATURE_XSAVE)) |
400 | unsafe_put_user(UC_FP_XSTATE, &frame->uc.uc_flags, Efault); |
401 | else |
402 | unsafe_put_user(0, &frame->uc.uc_flags, Efault); |
403 | unsafe_put_user(0, &frame->uc.uc_link, Efault); |
404 | unsafe_save_altstack(&frame->uc.uc_stack, regs->sp, Efault); |
405 | |
406 | /* Set up to return from userspace. */ |
407 | restorer = current->mm->context.vdso + |
408 | vdso_image_32.sym___kernel_rt_sigreturn; |
409 | if (ksig->ka.sa.sa_flags & SA_RESTORER) |
410 | restorer = ksig->ka.sa.sa_restorer; |
411 | unsafe_put_user(restorer, &frame->pretcode, Efault); |
412 | |
413 | /* |
414 | * This is movl $__NR_rt_sigreturn, %ax ; int $0x80 |
415 | * |
416 | * WE DO NOT USE IT ANY MORE! It's only left here for historical |
417 | * reasons and because gdb uses it as a signature to notice |
418 | * signal handler stack frames. |
419 | */ |
420 | unsafe_put_user(*((u64 *)&rt_retcode), (u64 *)frame->retcode, Efault); |
421 | unsafe_put_sigcontext(&frame->uc.uc_mcontext, fp, regs, set, Efault); |
422 | unsafe_put_sigmask(set, frame, Efault); |
423 | user_access_end(); |
424 | |
425 | if (copy_siginfo_to_user(&frame->info, &ksig->info)) |
426 | return -EFAULT; |
427 | |
428 | /* Set up registers for signal handler */ |
429 | regs->sp = (unsigned long)frame; |
430 | regs->ip = (unsigned long)ksig->ka.sa.sa_handler; |
431 | regs->ax = (unsigned long)sig; |
432 | regs->dx = (unsigned long)&frame->info; |
433 | regs->cx = (unsigned long)&frame->uc; |
434 | |
435 | regs->ds = __USER_DS; |
436 | regs->es = __USER_DS; |
437 | regs->ss = __USER_DS; |
438 | regs->cs = __USER_CS; |
439 | |
440 | return 0; |
441 | Efault: |
442 | user_access_end(); |
443 | return -EFAULT; |
444 | } |
445 | #else /* !CONFIG_X86_32 */ |
446 | static unsigned long frame_uc_flags(struct pt_regs *regs) |
447 | { |
448 | unsigned long flags; |
449 | |
450 | if (boot_cpu_has(X86_FEATURE_XSAVE)) |
451 | flags = UC_FP_XSTATE | UC_SIGCONTEXT_SS; |
452 | else |
453 | flags = UC_SIGCONTEXT_SS; |
454 | |
455 | if (likely(user_64bit_mode(regs))) |
456 | flags |= UC_STRICT_RESTORE_SS; |
457 | |
458 | return flags; |
459 | } |
460 | |
461 | static int __setup_rt_frame(int sig, struct ksignal *ksig, |
462 | sigset_t *set, struct pt_regs *regs) |
463 | { |
464 | struct rt_sigframe __user *frame; |
465 | void __user *fp = NULL; |
466 | unsigned long uc_flags; |
467 | |
468 | /* x86-64 should always use SA_RESTORER. */ |
469 | if (!(ksig->ka.sa.sa_flags & SA_RESTORER)) |
470 | return -EFAULT; |
471 | |
472 | frame = get_sigframe(&ksig->ka, regs, sizeof(struct rt_sigframe), &fp); |
473 | uc_flags = frame_uc_flags(regs); |
474 | |
475 | if (!user_access_begin(frame, sizeof(*frame))) |
476 | return -EFAULT; |
477 | |
478 | /* Create the ucontext. */ |
479 | unsafe_put_user(uc_flags, &frame->uc.uc_flags, Efault); |
480 | unsafe_put_user(0, &frame->uc.uc_link, Efault); |
481 | unsafe_save_altstack(&frame->uc.uc_stack, regs->sp, Efault); |
482 | |
483 | /* Set up to return from userspace. If provided, use a stub |
484 | already in userspace. */ |
485 | unsafe_put_user(ksig->ka.sa.sa_restorer, &frame->pretcode, Efault); |
486 | unsafe_put_sigcontext(&frame->uc.uc_mcontext, fp, regs, set, Efault); |
487 | unsafe_put_sigmask(set, frame, Efault); |
488 | user_access_end(); |
489 | |
490 | if (ksig->ka.sa.sa_flags & SA_SIGINFO) { |
491 | if (copy_siginfo_to_user(&frame->info, &ksig->info)) |
492 | return -EFAULT; |
493 | } |
494 | |
495 | /* Set up registers for signal handler */ |
496 | regs->di = sig; |
497 | /* In case the signal handler was declared without prototypes */ |
498 | regs->ax = 0; |
499 | |
500 | /* This also works for non SA_SIGINFO handlers because they expect the |
501 | next argument after the signal number on the stack. */ |
502 | regs->si = (unsigned long)&frame->info; |
503 | regs->dx = (unsigned long)&frame->uc; |
504 | regs->ip = (unsigned long) ksig->ka.sa.sa_handler; |
505 | |
506 | regs->sp = (unsigned long)frame; |
507 | |
508 | /* |
509 | * Set up the CS and SS registers to run signal handlers in |
510 | * 64-bit mode, even if the handler happens to be interrupting |
511 | * 32-bit or 16-bit code. |
512 | * |
513 | * SS is subtle. In 64-bit mode, we don't need any particular |
514 | * SS descriptor, but we do need SS to be valid. It's possible |
515 | * that the old SS is entirely bogus -- this can happen if the |
516 | * signal we're trying to deliver is #GP or #SS caused by a bad |
517 | * SS value. We also have a compatibility issue here: DOSEMU |
518 | * relies on the contents of the SS register indicating the |
519 | * SS value at the time of the signal, even though that code in |
520 | * DOSEMU predates sigreturn's ability to restore SS. (DOSEMU |
521 | * avoids relying on sigreturn to restore SS; instead it uses |
522 | * a trampoline.) So we do our best: if the old SS was valid, |
523 | * we keep it. Otherwise we replace it. |
524 | */ |
525 | regs->cs = __USER_CS; |
526 | |
527 | if (unlikely(regs->ss != __USER_DS)) |
528 | force_valid_ss(regs); |
529 | |
530 | return 0; |
531 | |
532 | Efault: |
533 | user_access_end(); |
534 | return -EFAULT; |
535 | } |
536 | #endif /* CONFIG_X86_32 */ |
537 | |
538 | #ifdef CONFIG_X86_X32_ABI |
539 | static int x32_copy_siginfo_to_user(struct compat_siginfo __user *to, |
540 | const struct kernel_siginfo *from) |
541 | { |
542 | struct compat_siginfo new; |
543 | |
544 | copy_siginfo_to_external32(&new, from); |
545 | if (from->si_signo == SIGCHLD) { |
546 | new._sifields._sigchld_x32._utime = from->si_utime; |
547 | new._sifields._sigchld_x32._stime = from->si_stime; |
548 | } |
549 | if (copy_to_user(to, &new, sizeof(struct compat_siginfo))) |
550 | return -EFAULT; |
551 | return 0; |
552 | } |
553 | |
554 | int copy_siginfo_to_user32(struct compat_siginfo __user *to, |
555 | const struct kernel_siginfo *from) |
556 | { |
557 | if (in_x32_syscall()) |
558 | return x32_copy_siginfo_to_user(to, from); |
559 | return __copy_siginfo_to_user32(to, from); |
560 | } |
561 | #endif /* CONFIG_X86_X32_ABI */ |
562 | |
563 | static int x32_setup_rt_frame(struct ksignal *ksig, |
564 | compat_sigset_t *set, |
565 | struct pt_regs *regs) |
566 | { |
567 | #ifdef CONFIG_X86_X32_ABI |
568 | struct rt_sigframe_x32 __user *frame; |
569 | unsigned long uc_flags; |
570 | void __user *restorer; |
571 | void __user *fp = NULL; |
572 | |
573 | if (!(ksig->ka.sa.sa_flags & SA_RESTORER)) |
574 | return -EFAULT; |
575 | |
576 | frame = get_sigframe(&ksig->ka, regs, sizeof(*frame), &fp); |
577 | |
578 | uc_flags = frame_uc_flags(regs); |
579 | |
580 | if (!user_access_begin(frame, sizeof(*frame))) |
581 | return -EFAULT; |
582 | |
583 | /* Create the ucontext. */ |
584 | unsafe_put_user(uc_flags, &frame->uc.uc_flags, Efault); |
585 | unsafe_put_user(0, &frame->uc.uc_link, Efault); |
586 | unsafe_compat_save_altstack(&frame->uc.uc_stack, regs->sp, Efault); |
587 | unsafe_put_user(0, &frame->uc.uc__pad0, Efault); |
588 | restorer = ksig->ka.sa.sa_restorer; |
589 | unsafe_put_user(restorer, (unsigned long __user *)&frame->pretcode, Efault); |
590 | unsafe_put_sigcontext(&frame->uc.uc_mcontext, fp, regs, set, Efault); |
591 | unsafe_put_sigmask(set, frame, Efault); |
592 | user_access_end(); |
593 | |
594 | if (ksig->ka.sa.sa_flags & SA_SIGINFO) { |
595 | if (x32_copy_siginfo_to_user(&frame->info, &ksig->info)) |
596 | return -EFAULT; |
597 | } |
598 | |
599 | /* Set up registers for signal handler */ |
600 | regs->sp = (unsigned long) frame; |
601 | regs->ip = (unsigned long) ksig->ka.sa.sa_handler; |
602 | |
603 | /* We use the x32 calling convention here... */ |
604 | regs->di = ksig->sig; |
605 | regs->si = (unsigned long) &frame->info; |
606 | regs->dx = (unsigned long) &frame->uc; |
607 | |
608 | loadsegment(ds, __USER_DS); |
609 | loadsegment(es, __USER_DS); |
610 | |
611 | regs->cs = __USER_CS; |
612 | regs->ss = __USER_DS; |
613 | #endif /* CONFIG_X86_X32_ABI */ |
614 | |
615 | return 0; |
616 | #ifdef CONFIG_X86_X32_ABI |
617 | Efault: |
618 | user_access_end(); |
619 | return -EFAULT; |
620 | #endif |
621 | } |
622 | |
623 | /* |
624 | * Do a signal return; undo the signal stack. |
625 | */ |
626 | #ifdef CONFIG_X86_32 |
627 | SYSCALL_DEFINE0(sigreturn) |
628 | { |
629 | struct pt_regs *regs = current_pt_regs(); |
630 | struct sigframe __user *frame; |
631 | sigset_t set; |
632 | |
633 | frame = (struct sigframe __user *)(regs->sp - 8); |
634 | |
635 | if (!access_ok(frame, sizeof(*frame))) |
636 | goto badframe; |
637 | if (__get_user(set.sig[0], &frame->sc.oldmask) || |
638 | __get_user(set.sig[1], &frame->extramask[0])) |
639 | goto badframe; |
640 | |
641 | set_current_blocked(&set); |
642 | |
643 | /* |
644 | * x86_32 has no uc_flags bits relevant to restore_sigcontext. |
645 | * Save a few cycles by skipping the __get_user. |
646 | */ |
647 | if (!restore_sigcontext(regs, &frame->sc, 0)) |
648 | goto badframe; |
649 | return regs->ax; |
650 | |
651 | badframe: |
652 | signal_fault(regs, frame, "sigreturn" ); |
653 | |
654 | return 0; |
655 | } |
656 | #endif /* CONFIG_X86_32 */ |
657 | |
658 | SYSCALL_DEFINE0(rt_sigreturn) |
659 | { |
660 | struct pt_regs *regs = current_pt_regs(); |
661 | struct rt_sigframe __user *frame; |
662 | sigset_t set; |
663 | unsigned long uc_flags; |
664 | |
665 | frame = (struct rt_sigframe __user *)(regs->sp - sizeof(long)); |
666 | if (!access_ok(frame, sizeof(*frame))) |
667 | goto badframe; |
668 | if (__get_user(*(__u64 *)&set, (__u64 __user *)&frame->uc.uc_sigmask)) |
669 | goto badframe; |
670 | if (__get_user(uc_flags, &frame->uc.uc_flags)) |
671 | goto badframe; |
672 | |
673 | set_current_blocked(&set); |
674 | |
675 | if (!restore_sigcontext(regs, &frame->uc.uc_mcontext, uc_flags)) |
676 | goto badframe; |
677 | |
678 | if (restore_altstack(&frame->uc.uc_stack)) |
679 | goto badframe; |
680 | |
681 | return regs->ax; |
682 | |
683 | badframe: |
684 | signal_fault(regs, frame, "rt_sigreturn" ); |
685 | return 0; |
686 | } |
687 | |
688 | /* |
689 | * There are four different struct types for signal frame: sigframe_ia32, |
690 | * rt_sigframe_ia32, rt_sigframe_x32, and rt_sigframe. Use the worst case |
691 | * -- the largest size. It means the size for 64-bit apps is a bit more |
692 | * than needed, but this keeps the code simple. |
693 | */ |
694 | #if defined(CONFIG_X86_32) || defined(CONFIG_IA32_EMULATION) |
695 | # define MAX_FRAME_SIGINFO_UCTXT_SIZE sizeof(struct sigframe_ia32) |
696 | #else |
697 | # define MAX_FRAME_SIGINFO_UCTXT_SIZE sizeof(struct rt_sigframe) |
698 | #endif |
699 | |
700 | /* |
701 | * The FP state frame contains an XSAVE buffer which must be 64-byte aligned. |
702 | * If a signal frame starts at an unaligned address, extra space is required. |
703 | * This is the max alignment padding, conservatively. |
704 | */ |
705 | #define MAX_XSAVE_PADDING 63UL |
706 | |
707 | /* |
708 | * The frame data is composed of the following areas and laid out as: |
709 | * |
710 | * ------------------------- |
711 | * | alignment padding | |
712 | * ------------------------- |
713 | * | (f)xsave frame | |
714 | * ------------------------- |
715 | * | fsave header | |
716 | * ------------------------- |
717 | * | alignment padding | |
718 | * ------------------------- |
719 | * | siginfo + ucontext | |
720 | * ------------------------- |
721 | */ |
722 | |
723 | /* max_frame_size tells userspace the worst case signal stack size. */ |
724 | static unsigned long __ro_after_init max_frame_size; |
725 | static unsigned int __ro_after_init fpu_default_state_size; |
726 | |
727 | void __init init_sigframe_size(void) |
728 | { |
729 | fpu_default_state_size = fpu__get_fpstate_size(); |
730 | |
731 | max_frame_size = MAX_FRAME_SIGINFO_UCTXT_SIZE + MAX_FRAME_PADDING; |
732 | |
733 | max_frame_size += fpu_default_state_size + MAX_XSAVE_PADDING; |
734 | |
735 | /* Userspace expects an aligned size. */ |
736 | max_frame_size = round_up(max_frame_size, FRAME_ALIGNMENT); |
737 | |
738 | pr_info("max sigframe size: %lu\n" , max_frame_size); |
739 | } |
740 | |
741 | unsigned long get_sigframe_size(void) |
742 | { |
743 | return max_frame_size; |
744 | } |
745 | |
746 | static inline int is_ia32_compat_frame(struct ksignal *ksig) |
747 | { |
748 | return IS_ENABLED(CONFIG_IA32_EMULATION) && |
749 | ksig->ka.sa.sa_flags & SA_IA32_ABI; |
750 | } |
751 | |
752 | static inline int is_ia32_frame(struct ksignal *ksig) |
753 | { |
754 | return IS_ENABLED(CONFIG_X86_32) || is_ia32_compat_frame(ksig); |
755 | } |
756 | |
757 | static inline int is_x32_frame(struct ksignal *ksig) |
758 | { |
759 | return IS_ENABLED(CONFIG_X86_X32_ABI) && |
760 | ksig->ka.sa.sa_flags & SA_X32_ABI; |
761 | } |
762 | |
763 | static int |
764 | setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs) |
765 | { |
766 | int usig = ksig->sig; |
767 | sigset_t *set = sigmask_to_save(); |
768 | compat_sigset_t *cset = (compat_sigset_t *) set; |
769 | |
770 | /* Perform fixup for the pre-signal frame. */ |
771 | rseq_signal_deliver(ksig, regs); |
772 | |
773 | /* Set up the stack frame */ |
774 | if (is_ia32_frame(ksig)) { |
775 | if (ksig->ka.sa.sa_flags & SA_SIGINFO) |
776 | return ia32_setup_rt_frame(usig, ksig, cset, regs); |
777 | else |
778 | return ia32_setup_frame(usig, ksig, cset, regs); |
779 | } else if (is_x32_frame(ksig)) { |
780 | return x32_setup_rt_frame(ksig, cset, regs); |
781 | } else { |
782 | return __setup_rt_frame(ksig->sig, ksig, set, regs); |
783 | } |
784 | } |
785 | |
786 | static void |
787 | handle_signal(struct ksignal *ksig, struct pt_regs *regs) |
788 | { |
789 | bool stepping, failed; |
790 | struct fpu *fpu = ¤t->thread.fpu; |
791 | |
792 | if (v8086_mode(regs)) |
793 | save_v86_state((struct kernel_vm86_regs *) regs, VM86_SIGNAL); |
794 | |
795 | /* Are we from a system call? */ |
796 | if (syscall_get_nr(current, regs) != -1) { |
797 | /* If so, check system call restarting.. */ |
798 | switch (syscall_get_error(current, regs)) { |
799 | case -ERESTART_RESTARTBLOCK: |
800 | case -ERESTARTNOHAND: |
801 | regs->ax = -EINTR; |
802 | break; |
803 | |
804 | case -ERESTARTSYS: |
805 | if (!(ksig->ka.sa.sa_flags & SA_RESTART)) { |
806 | regs->ax = -EINTR; |
807 | break; |
808 | } |
809 | fallthrough; |
810 | case -ERESTARTNOINTR: |
811 | regs->ax = regs->orig_ax; |
812 | regs->ip -= 2; |
813 | break; |
814 | } |
815 | } |
816 | |
817 | /* |
818 | * If TF is set due to a debugger (TIF_FORCED_TF), clear TF now |
819 | * so that register information in the sigcontext is correct and |
820 | * then notify the tracer before entering the signal handler. |
821 | */ |
822 | stepping = test_thread_flag(TIF_SINGLESTEP); |
823 | if (stepping) |
824 | user_disable_single_step(current); |
825 | |
826 | failed = (setup_rt_frame(ksig, regs) < 0); |
827 | if (!failed) { |
828 | /* |
829 | * Clear the direction flag as per the ABI for function entry. |
830 | * |
831 | * Clear RF when entering the signal handler, because |
832 | * it might disable possible debug exception from the |
833 | * signal handler. |
834 | * |
835 | * Clear TF for the case when it wasn't set by debugger to |
836 | * avoid the recursive send_sigtrap() in SIGTRAP handler. |
837 | */ |
838 | regs->flags &= ~(X86_EFLAGS_DF|X86_EFLAGS_RF|X86_EFLAGS_TF); |
839 | /* |
840 | * Ensure the signal handler starts with the new fpu state. |
841 | */ |
842 | fpu__clear_user_states(fpu); |
843 | } |
844 | signal_setup_done(failed, ksig, stepping); |
845 | } |
846 | |
847 | static inline unsigned long get_nr_restart_syscall(const struct pt_regs *regs) |
848 | { |
849 | #ifdef CONFIG_IA32_EMULATION |
850 | if (current->restart_block.arch_data & TS_COMPAT) |
851 | return __NR_ia32_restart_syscall; |
852 | #endif |
853 | #ifdef CONFIG_X86_X32_ABI |
854 | return __NR_restart_syscall | (regs->orig_ax & __X32_SYSCALL_BIT); |
855 | #else |
856 | return __NR_restart_syscall; |
857 | #endif |
858 | } |
859 | |
860 | /* |
861 | * Note that 'init' is a special process: it doesn't get signals it doesn't |
862 | * want to handle. Thus you cannot kill init even with a SIGKILL even by |
863 | * mistake. |
864 | */ |
865 | void arch_do_signal_or_restart(struct pt_regs *regs) |
866 | { |
867 | struct ksignal ksig; |
868 | |
869 | if (get_signal(&ksig)) { |
870 | /* Whee! Actually deliver the signal. */ |
871 | handle_signal(&ksig, regs); |
872 | return; |
873 | } |
874 | |
875 | /* Did we come from a system call? */ |
876 | if (syscall_get_nr(current, regs) != -1) { |
877 | /* Restart the system call - no handlers present */ |
878 | switch (syscall_get_error(current, regs)) { |
879 | case -ERESTARTNOHAND: |
880 | case -ERESTARTSYS: |
881 | case -ERESTARTNOINTR: |
882 | regs->ax = regs->orig_ax; |
883 | regs->ip -= 2; |
884 | break; |
885 | |
886 | case -ERESTART_RESTARTBLOCK: |
887 | regs->ax = get_nr_restart_syscall(regs); |
888 | regs->ip -= 2; |
889 | break; |
890 | } |
891 | } |
892 | |
893 | /* |
894 | * If there's no signal to deliver, we just put the saved sigmask |
895 | * back. |
896 | */ |
897 | restore_saved_sigmask(); |
898 | } |
899 | |
900 | void signal_fault(struct pt_regs *regs, void __user *frame, char *where) |
901 | { |
902 | struct task_struct *me = current; |
903 | |
904 | if (show_unhandled_signals && printk_ratelimit()) { |
905 | printk("%s" |
906 | "%s[%d] bad frame in %s frame:%p ip:%lx sp:%lx orax:%lx" , |
907 | task_pid_nr(current) > 1 ? KERN_INFO : KERN_EMERG, |
908 | me->comm, me->pid, where, frame, |
909 | regs->ip, regs->sp, regs->orig_ax); |
910 | print_vma_addr(KERN_CONT " in " , regs->ip); |
911 | pr_cont("\n" ); |
912 | } |
913 | |
914 | force_sig(SIGSEGV); |
915 | } |
916 | |
917 | #ifdef CONFIG_DYNAMIC_SIGFRAME |
918 | #ifdef CONFIG_STRICT_SIGALTSTACK_SIZE |
919 | static bool strict_sigaltstack_size __ro_after_init = true; |
920 | #else |
921 | static bool strict_sigaltstack_size __ro_after_init = false; |
922 | #endif |
923 | |
924 | static int __init strict_sas_size(char *arg) |
925 | { |
926 | return kstrtobool(arg, &strict_sigaltstack_size); |
927 | } |
928 | __setup("strict_sas_size" , strict_sas_size); |
929 | |
930 | /* |
931 | * MINSIGSTKSZ is 2048 and can't be changed despite the fact that AVX512 |
932 | * exceeds that size already. As such programs might never use the |
933 | * sigaltstack they just continued to work. While always checking against |
934 | * the real size would be correct, this might be considered a regression. |
935 | * |
936 | * Therefore avoid the sanity check, unless enforced by kernel |
937 | * configuration or command line option. |
938 | * |
939 | * When dynamic FPU features are supported, the check is also enforced when |
940 | * the task has permissions to use dynamic features. Tasks which have no |
941 | * permission are checked against the size of the non-dynamic feature set |
942 | * if strict checking is enabled. This avoids forcing all tasks on the |
943 | * system to allocate large sigaltstacks even if they are never going |
944 | * to use a dynamic feature. As this is serialized via sighand::siglock |
945 | * any permission request for a dynamic feature either happened already |
946 | * or will see the newly install sigaltstack size in the permission checks. |
947 | */ |
948 | bool sigaltstack_size_valid(size_t ss_size) |
949 | { |
950 | unsigned long fsize = max_frame_size - fpu_default_state_size; |
951 | u64 mask; |
952 | |
953 | lockdep_assert_held(¤t->sighand->siglock); |
954 | |
955 | if (!fpu_state_size_dynamic() && !strict_sigaltstack_size) |
956 | return true; |
957 | |
958 | fsize += current->group_leader->thread.fpu.perm.__user_state_size; |
959 | if (likely(ss_size > fsize)) |
960 | return true; |
961 | |
962 | if (strict_sigaltstack_size) |
963 | return ss_size > fsize; |
964 | |
965 | mask = current->group_leader->thread.fpu.perm.__state_perm; |
966 | if (mask & XFEATURE_MASK_USER_DYNAMIC) |
967 | return ss_size > fsize; |
968 | |
969 | return true; |
970 | } |
971 | #endif /* CONFIG_DYNAMIC_SIGFRAME */ |
972 | |
973 | #ifdef CONFIG_X86_X32_ABI |
974 | COMPAT_SYSCALL_DEFINE0(x32_rt_sigreturn) |
975 | { |
976 | struct pt_regs *regs = current_pt_regs(); |
977 | struct rt_sigframe_x32 __user *frame; |
978 | sigset_t set; |
979 | unsigned long uc_flags; |
980 | |
981 | frame = (struct rt_sigframe_x32 __user *)(regs->sp - 8); |
982 | |
983 | if (!access_ok(frame, sizeof(*frame))) |
984 | goto badframe; |
985 | if (__get_user(set.sig[0], (__u64 __user *)&frame->uc.uc_sigmask)) |
986 | goto badframe; |
987 | if (__get_user(uc_flags, &frame->uc.uc_flags)) |
988 | goto badframe; |
989 | |
990 | set_current_blocked(&set); |
991 | |
992 | if (!restore_sigcontext(regs, &frame->uc.uc_mcontext, uc_flags)) |
993 | goto badframe; |
994 | |
995 | if (compat_restore_altstack(&frame->uc.uc_stack)) |
996 | goto badframe; |
997 | |
998 | return regs->ax; |
999 | |
1000 | badframe: |
1001 | signal_fault(regs, frame, "x32 rt_sigreturn" ); |
1002 | return 0; |
1003 | } |
1004 | #endif |
1005 | |