]> git.saurik.com Git - apple/xnu.git/blame - osfmk/i386/user_ldt.c
xnu-1504.7.4.tar.gz
[apple/xnu.git] / osfmk / i386 / user_ldt.c
CommitLineData
1c79356b 1/*
b0d623f7 2 * Copyright (c) 2000-2009 Apple Inc. All rights reserved.
1c79356b 3 *
2d21ac55 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
1c79356b 5 *
2d21ac55
A
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
8f6c56a5 14 *
2d21ac55
A
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
8f6c56a5
A
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
2d21ac55
A
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
8f6c56a5 25 *
2d21ac55 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
1c79356b
A
27 */
28/*
29 * @OSF_COPYRIGHT@
30 */
31/*
32 * Mach Operating System
33 * Copyright (c) 1991 Carnegie Mellon University
34 * All Rights Reserved.
35 *
36 * Permission to use, copy, modify and distribute this software and its
37 * documentation is hereby granted, provided that both the copyright
38 * notice and this permission notice appear in all copies of the
39 * software, derivative works or modified versions, and any portions
40 * thereof, and that both notices appear in supporting documentation.
41 *
42 * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
43 * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR
44 * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
45 *
46 * Carnegie Mellon requests users of this software to return to
47 *
48 * Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU
49 * School of Computer Science
50 * Carnegie Mellon University
51 * Pittsburgh PA 15213-3890
52 *
53 * any improvements or extensions that they make and grant Carnegie Mellon
54 * the rights to redistribute these changes.
55 */
56
57/*
58 */
59
60/*
61 * User LDT management.
0c530ab8 62 * Each task may have its own LDT.
1c79356b
A
63 */
64
65#include <kern/kalloc.h>
66#include <kern/thread.h>
67#include <kern/misc_protos.h>
68
69#include <vm/vm_kern.h>
70
0c530ab8 71#include <i386/machdep_call.h>
b0d623f7 72#include <i386/user_ldt.h>
0c530ab8
A
73#include <i386/mp.h>
74#include <i386/machine_routines.h>
b0d623f7
A
75#include <i386/proc_reg.h>
76#include <i386/mp_desc.h>
77#include <i386/seg.h>
78#include <i386/thread.h>
1c79356b 79
0c530ab8 80#include <sys/errno.h>
6601e61a 81
0c530ab8 82static void user_ldt_set_action(void *);
1c79356b
A
83
84/*
85 * Add the descriptors to the LDT, starting with
86 * the descriptor for 'first_selector'.
87 */
88
0c530ab8 89int
1c79356b 90i386_set_ldt(
2d21ac55 91 uint32_t *retval,
0c530ab8
A
92 uint32_t start_sel,
93 uint32_t descs, /* out */
94 uint32_t num_sels)
1c79356b 95{
0c530ab8 96 user_ldt_t new_ldt, old_ldt;
1c79356b 97 struct real_descriptor *dp;
0c530ab8
A
98 unsigned int i;
99 unsigned int min_selector = LDTSZ_MIN; /* do not allow the system selectors to be changed */
100 task_t task = current_task();
101 unsigned int ldt_count;
102 kern_return_t err;
4452a7af 103
0c530ab8
A
104 if (start_sel != LDT_AUTO_ALLOC
105 && (start_sel != 0 || num_sels != 0)
106 && (start_sel < min_selector || start_sel >= LDTSZ))
107 return EINVAL;
108 if (start_sel != LDT_AUTO_ALLOC
2d21ac55 109 && (uint64_t)start_sel + (uint64_t)num_sels > LDTSZ) /* cast to uint64_t to detect wrap-around */
0c530ab8 110 return EINVAL;
4452a7af 111
0c530ab8
A
112 task_lock(task);
113
114 old_ldt = task->i386_ldt;
115
116 if (start_sel == LDT_AUTO_ALLOC) {
117 if (old_ldt) {
118 unsigned int null_count;
119 struct real_descriptor null_ldt;
120
121 bzero(&null_ldt, sizeof(null_ldt));
122
123 /*
124 * Look for null selectors among the already-allocated
125 * entries.
126 */
127 null_count = 0;
128 i = 0;
129 while (i < old_ldt->count)
130 {
131 if (!memcmp(&old_ldt->ldt[i++], &null_ldt, sizeof(null_ldt))) {
132 null_count++;
133 if (null_count == num_sels)
134 break; /* break out of while loop */
135 } else {
136 null_count = 0;
137 }
138 }
139
140 /*
141 * If we broke out of the while loop, i points to the selector
142 * after num_sels null selectors. Otherwise it points to the end
143 * of the old LDTs, and null_count is the number of null selectors
144 * at the end.
145 *
146 * Either way, there are null_count null selectors just prior to
147 * the i-indexed selector, and either null_count >= num_sels,
148 * or we're at the end, so we can extend.
149 */
150 start_sel = old_ldt->start + i - null_count;
151 } else {
152 start_sel = LDTSZ_MIN;
153 }
154
593a1d5f 155 if ((uint64_t)start_sel + (uint64_t)num_sels > LDTSZ) {
0c530ab8
A
156 task_unlock(task);
157 return ENOMEM;
1c79356b
A
158 }
159 }
0c530ab8
A
160
161 if (start_sel == 0 && num_sels == 0) {
162 new_ldt = NULL;
163 } else {
1c79356b 164 /*
0c530ab8 165 * Allocate new LDT
1c79356b 166 */
0c530ab8
A
167
168 unsigned int begin_sel = start_sel;
169 unsigned int end_sel = begin_sel + num_sels;
170
171 if (old_ldt != NULL) {
172 if (old_ldt->start < begin_sel)
173 begin_sel = old_ldt->start;
174 if (old_ldt->start + old_ldt->count > end_sel)
175 end_sel = old_ldt->start + old_ldt->count;
176 }
177
178 ldt_count = end_sel - begin_sel;
179
180 new_ldt = (user_ldt_t)kalloc(sizeof(struct user_ldt) + (ldt_count * sizeof(struct real_descriptor)));
181 if (new_ldt == NULL) {
182 task_unlock(task);
183 return ENOMEM;
5d5c5d0d
A
184 }
185
0c530ab8
A
186 new_ldt->start = begin_sel;
187 new_ldt->count = ldt_count;
188
1c79356b
A
189 /*
190 * Have new LDT. If there was a an old ldt, copy descriptors
0c530ab8 191 * from old to new.
1c79356b
A
192 */
193 if (old_ldt) {
0c530ab8
A
194 bcopy(&old_ldt->ldt[0],
195 &new_ldt->ldt[old_ldt->start - begin_sel],
196 old_ldt->count * sizeof(struct real_descriptor));
197
198 /*
199 * If the old and new LDTs are non-overlapping, fill the
200 * center in with null selectors.
201 */
202
203 if (old_ldt->start + old_ldt->count < start_sel)
204 bzero(&new_ldt->ldt[old_ldt->count],
205 (start_sel - (old_ldt->start + old_ldt->count)) * sizeof(struct real_descriptor));
206 else if (old_ldt->start > start_sel + num_sels)
207 bzero(&new_ldt->ldt[num_sels],
208 (old_ldt->start - (start_sel + num_sels)) * sizeof(struct real_descriptor));
1c79356b 209 }
0c530ab8
A
210
211 /*
212 * Install new descriptors.
213 */
214 if (descs != 0) {
215 err = copyin(descs, (char *)&new_ldt->ldt[start_sel - begin_sel],
216 num_sels * sizeof(struct real_descriptor));
217 if (err != 0)
218 {
219 task_unlock(task);
220 user_ldt_free(new_ldt);
221 return err;
1c79356b 222 }
0c530ab8
A
223 } else {
224 bzero(&new_ldt->ldt[start_sel - begin_sel], num_sels * sizeof(struct real_descriptor));
1c79356b
A
225 }
226
0c530ab8
A
227 /*
228 * Validate descriptors.
229 * Only allow descriptors with user priviledges.
230 */
231 for (i = 0, dp = (struct real_descriptor *) &new_ldt->ldt[start_sel - begin_sel];
232 i < num_sels;
233 i++, dp++)
234 {
235 switch (dp->access & ~ACC_A) {
236 case 0:
237 case ACC_P:
238 /* valid empty descriptor */
239 break;
240 case ACC_P | ACC_PL_U | ACC_DATA:
241 case ACC_P | ACC_PL_U | ACC_DATA_W:
242 case ACC_P | ACC_PL_U | ACC_DATA_E:
243 case ACC_P | ACC_PL_U | ACC_DATA_EW:
244 case ACC_P | ACC_PL_U | ACC_CODE:
245 case ACC_P | ACC_PL_U | ACC_CODE_R:
246 case ACC_P | ACC_PL_U | ACC_CODE_C:
247 case ACC_P | ACC_PL_U | ACC_CODE_CR:
248 case ACC_P | ACC_PL_U | ACC_CALL_GATE_16:
249 case ACC_P | ACC_PL_U | ACC_CALL_GATE:
250 break;
251 default:
252 task_unlock(task);
253 user_ldt_free(new_ldt);
254 return EACCES;
255 }
256 }
6601e61a 257 }
4452a7af 258
0c530ab8
A
259 task->i386_ldt = new_ldt; /* new LDT for task */
260
1c79356b 261 /*
0c530ab8
A
262 * Switch to new LDT. We need to do this on all CPUs, since
263 * another thread in this same task may be currently running,
264 * and we need to make sure the new LDT is in place
265 * throughout the task before returning to the user.
1c79356b 266 */
b0d623f7 267 mp_broadcast(user_ldt_set_action, task);
89b3af67 268
0c530ab8 269 task_unlock(task);
4452a7af 270
0c530ab8
A
271 /* free old LDT. We can't do this until after we've
272 * rendezvoused with all CPUs, in case another thread
273 * in this task was in the process of context switching.
6601e61a 274 */
0c530ab8
A
275 if (old_ldt)
276 user_ldt_free(old_ldt);
277
278 *retval = start_sel;
279
280 return 0;
1c79356b
A
281}
282
0c530ab8 283int
1c79356b 284i386_get_ldt(
2d21ac55 285 uint32_t *retval,
0c530ab8
A
286 uint32_t start_sel,
287 uint32_t descs, /* out */
288 uint32_t num_sels)
1c79356b 289{
0c530ab8
A
290 user_ldt_t user_ldt;
291 task_t task = current_task();
1c79356b 292 unsigned int ldt_count;
0c530ab8 293 kern_return_t err;
c0fea474 294
0c530ab8
A
295 if (start_sel >= 8192)
296 return EINVAL;
593a1d5f 297 if ((uint64_t)start_sel + (uint64_t)num_sels > 8192)
0c530ab8
A
298 return EINVAL;
299 if (descs == 0)
300 return EINVAL;
5d5c5d0d 301
0c530ab8 302 task_lock(task);
89b3af67 303
0c530ab8
A
304 user_ldt = task->i386_ldt;
305 err = 0;
4452a7af 306
0c530ab8
A
307 /*
308 * copy out the descriptors
309 */
310
311 if (user_ldt != 0)
312 ldt_count = user_ldt->start + user_ldt->count;
313 else
314 ldt_count = LDTSZ_MIN;
1c79356b 315
1c79356b 316
0c530ab8
A
317 if (start_sel < ldt_count)
318 {
319 unsigned int copy_sels = num_sels;
1c79356b 320
0c530ab8
A
321 if (start_sel + num_sels > ldt_count)
322 copy_sels = ldt_count - start_sel;
1c79356b 323
0c530ab8
A
324 err = copyout((char *)(current_ldt() + start_sel),
325 descs, copy_sels * sizeof(struct real_descriptor));
1c79356b
A
326 }
327
0c530ab8 328 task_unlock(task);
1c79356b 329
0c530ab8 330 *retval = ldt_count;
1c79356b 331
0c530ab8
A
332 return err;
333}
1c79356b 334
0c530ab8
A
335void
336user_ldt_free(
337 user_ldt_t user_ldt)
338{
339 kfree(user_ldt, sizeof(struct user_ldt) + (user_ldt->count * sizeof(struct real_descriptor)));
340}
1c79356b 341
0c530ab8
A
342user_ldt_t
343user_ldt_copy(
344 user_ldt_t user_ldt)
345{
346 if (user_ldt != NULL) {
347 size_t size = sizeof(struct user_ldt) + (user_ldt->count * sizeof(struct real_descriptor));
348 user_ldt_t new_ldt = (user_ldt_t)kalloc(size);
349 if (new_ldt != NULL)
350 bcopy(user_ldt, new_ldt, size);
351 return new_ldt;
1c79356b 352 }
0c530ab8
A
353
354 return 0;
355}
5d5c5d0d 356
0c530ab8
A
357void
358user_ldt_set_action(
359 void *arg)
360{
361 task_t arg_task = (task_t)arg;
362
363 if (arg_task == current_task()) {
364 user_ldt_set(current_thread());
365 }
1c79356b
A
366}
367
0c530ab8
A
368/*
369 * Set the LDT for the given thread on the current CPU. Should be invoked
370 * with interrupts disabled.
371 */
1c79356b 372void
0c530ab8
A
373user_ldt_set(
374 thread_t thread)
1c79356b 375{
0c530ab8
A
376 task_t task = thread->task;
377 user_ldt_t user_ldt;
378
379 user_ldt = task->i386_ldt;
380
381 if (user_ldt != 0) {
382 struct real_descriptor *ldtp = (struct real_descriptor *)current_ldt();
383
384 if (user_ldt->start > LDTSZ_MIN) {
385 bzero(&ldtp[LDTSZ_MIN],
386 sizeof(struct real_descriptor) * (user_ldt->start - LDTSZ_MIN));
387 }
388
389 bcopy(user_ldt->ldt, &ldtp[user_ldt->start],
390 sizeof(struct real_descriptor) * (user_ldt->count));
391
392 gdt_desc_p(USER_LDT)->limit_low = (sizeof(struct real_descriptor) * (user_ldt->start + user_ldt->count)) - 1;
393
394 ml_cpu_set_ldt(USER_LDT);
395 } else {
396 ml_cpu_set_ldt(KERNEL_LDT);
397 }
1c79356b 398}