projects / apple / xnu.git / blame
| Commit | Line | Data |
|---|---|---|
| 1c79356b | 1 | /* |
| b0d623f7 | 2 | * Copyright (c) 2000-2009 Apple Inc. All rights reserved. |
| 1c79356b | 3 | * |
| 2d21ac55 | 4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
| 0a7de745 | 5 | * |
| 2d21ac55 A |
6 | * This file contains Original Code and/or Modifications of Original Code |
| 7 | * as defined in and that are subject to the Apple Public Source License | |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in | |
| 9 | * compliance with the License. The rights granted to you under the License | |
| 10 | * may not be used to create, or enable the creation or redistribution of, | |
| 11 | * unlawful or unlicensed copies of an Apple operating system, or to | |
| 12 | * circumvent, violate, or enable the circumvention or violation of, any | |
| 13 | * terms of an Apple operating system software license agreement. | |
| 0a7de745 | 14 | * |
| 2d21ac55 A |
15 | * Please obtain a copy of the License at |
| 16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. | |
| 0a7de745 | 17 | * |
| 2d21ac55 A |
18 | * The Original Code and all software distributed under the License are |
| 19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
| 8f6c56a5 A |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
| 21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
| 2d21ac55 A |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
| 23 | * Please see the License for the specific language governing rights and | |
| 24 | * limitations under the License. | |
| 0a7de745 | 25 | * |
| 2d21ac55 | 26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
| 1c79356b A |
27 | */ |
| 28 | /* | |
| 29 | * @OSF_COPYRIGHT@ | |
| 30 | */ | |
| 0a7de745 | 31 | /* |
| 1c79356b A |
32 | * Mach Operating System |
| 33 | * Copyright (c) 1991 Carnegie Mellon University | |
| 34 | * All Rights Reserved. | |
| 0a7de745 | 35 | * |
| 1c79356b A |
36 | * Permission to use, copy, modify and distribute this software and its |
| 37 | * documentation is hereby granted, provided that both the copyright | |
| 38 | * notice and this permission notice appear in all copies of the | |
| 39 | * software, derivative works or modified versions, and any portions | |
| 40 | * thereof, and that both notices appear in supporting documentation. | |
| 0a7de745 | 41 | * |
| 1c79356b A |
42 | * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" |
| 43 | * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR | |
| 44 | * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE. | |
| 0a7de745 | 45 | * |
| 1c79356b | 46 | * Carnegie Mellon requests users of this software to return to |
| 0a7de745 | 47 | * |
| 1c79356b A |
48 | * Software Distribution Coordinator or Software.Distribution@CS.CMU.EDU |
| 49 | * School of Computer Science | |
| 50 | * Carnegie Mellon University | |
| 51 | * Pittsburgh PA 15213-3890 | |
| 0a7de745 A |
52 | * |
| 53 | * any improvements or extensions that they make and grant Carnegie Mellon | |
| 1c79356b A |
54 | * the rights to redistribute these changes. |
| 55 | */ | |
| 56 | ||
| 57 | /* | |
| 58 | */ | |
| 59 | ||
| 60 | /* | |
| 61 | * User LDT management. | |
| 0c530ab8 | 62 | * Each task may have its own LDT. |
| 1c79356b A |
63 | */ |
| 64 | ||
| 65 | #include <kern/kalloc.h> | |
| 66 | #include <kern/thread.h> | |
| 67 | #include <kern/misc_protos.h> | |
| 68 | ||
| 69 | #include <vm/vm_kern.h> | |
| 70 | ||
| 0c530ab8 | 71 | #include <i386/machdep_call.h> |
| b0d623f7 | 72 | #include <i386/user_ldt.h> |
| 0c530ab8 A |
73 | #include <i386/mp.h> |
| 74 | #include <i386/machine_routines.h> | |
| b0d623f7 A |
75 | #include <i386/proc_reg.h> |
| 76 | #include <i386/mp_desc.h> | |
| 77 | #include <i386/seg.h> | |
| 78 | #include <i386/thread.h> | |
| 1c79356b | 79 | |
| 0c530ab8 | 80 | #include <sys/errno.h> |
| 6601e61a | 81 | |
| 0c530ab8 | 82 | static void user_ldt_set_action(void *); |
| 0a7de745 A |
83 | static int i386_set_ldt_impl(uint32_t *retval, uint64_t start_sel, uint64_t descs, |
| 84 | uint64_t num_sels); | |
| 85 | static int i386_get_ldt_impl(uint32_t *retval, uint64_t start_sel, uint64_t descs, | |
| 86 | uint64_t num_sels); | |
| 87 | ||
| 1c79356b A |
88 | /* |
| 89 | * Add the descriptors to the LDT, starting with | |
| 90 | * the descriptor for 'first_selector'. | |
| 91 | */ | |
| 92 | ||
| 0a7de745 A |
93 | static int |
| 94 | i386_set_ldt_impl( | |
| 95 | uint32_t *retval, | |
| 96 | uint64_t start_sel, | |
| 97 | uint64_t descs, /* out */ | |
| 98 | uint64_t num_sels) | |
| 1c79356b | 99 | { |
| 0a7de745 | 100 | user_ldt_t new_ldt, old_ldt; |
| 1c79356b | 101 | struct real_descriptor *dp; |
| 0a7de745 A |
102 | unsigned int i; |
| 103 | unsigned int min_selector = LDTSZ_MIN; /* do not allow the system selectors to be changed */ | |
| 104 | task_t task = current_task(); | |
| 105 | unsigned int ldt_count; | |
| 0c530ab8 | 106 | kern_return_t err; |
| 4452a7af | 107 | |
| 0c530ab8 A |
108 | if (start_sel != LDT_AUTO_ALLOC |
| 109 | && (start_sel != 0 || num_sels != 0) | |
| 0a7de745 A |
110 | && (start_sel < min_selector || start_sel >= LDTSZ || num_sels > LDTSZ)) { |
| 111 | return EINVAL; | |
| 112 | } | |
| 113 | if (start_sel != LDT_AUTO_ALLOC && start_sel + num_sels > LDTSZ) { | |
| 114 | return EINVAL; | |
| 115 | } | |
| 4452a7af | 116 | |
| 0c530ab8 | 117 | task_lock(task); |
| 0a7de745 | 118 | |
| 0c530ab8 A |
119 | old_ldt = task->i386_ldt; |
| 120 | ||
| 121 | if (start_sel == LDT_AUTO_ALLOC) { | |
| 0a7de745 A |
122 | if (old_ldt) { |
| 123 | unsigned int null_count; | |
| 124 | struct real_descriptor null_ldt; | |
| 0c530ab8 | 125 | |
| 0a7de745 A |
126 | bzero(&null_ldt, sizeof(null_ldt)); |
| 127 | ||
| 128 | /* | |
| 129 | * Look for null selectors among the already-allocated | |
| 130 | * entries. | |
| 131 | */ | |
| 0c530ab8 | 132 | null_count = 0; |
| 0a7de745 A |
133 | i = 0; |
| 134 | while (i < old_ldt->count) { | |
| 135 | if (!memcmp(&old_ldt->ldt[i++], &null_ldt, sizeof(null_ldt))) { | |
| 136 | null_count++; | |
| 137 | if (null_count == num_sels) { | |
| 138 | break; /* break out of while loop */ | |
| 139 | } | |
| 140 | } else { | |
| 141 | null_count = 0; | |
| 142 | } | |
| 143 | } | |
| 144 | ||
| 145 | /* | |
| 146 | * If we broke out of the while loop, i points to the selector | |
| 147 | * after num_sels null selectors. Otherwise it points to the end | |
| 148 | * of the old LDTs, and null_count is the number of null selectors | |
| 149 | * at the end. | |
| 150 | * | |
| 151 | * Either way, there are null_count null selectors just prior to | |
| 152 | * the i-indexed selector, and either null_count >= num_sels, | |
| 153 | * or we're at the end, so we can extend. | |
| 154 | */ | |
| 155 | start_sel = old_ldt->start + i - null_count; | |
| 156 | } else { | |
| 157 | start_sel = LDTSZ_MIN; | |
| 0c530ab8 A |
158 | } |
| 159 | ||
| 0a7de745 A |
160 | if (start_sel + num_sels > LDTSZ) { |
| 161 | task_unlock(task); | |
| 162 | return ENOMEM; | |
| 163 | } | |
| 1c79356b | 164 | } |
| 0c530ab8 A |
165 | |
| 166 | if (start_sel == 0 && num_sels == 0) { | |
| 0a7de745 | 167 | new_ldt = NULL; |
| 0c530ab8 | 168 | } else { |
| 0c530ab8 | 169 | /* |
| 0a7de745 | 170 | * Allocate new LDT |
| 0c530ab8 | 171 | */ |
| 0a7de745 A |
172 | |
| 173 | unsigned int begin_sel = (unsigned int)start_sel; | |
| 174 | unsigned int end_sel = (unsigned int)begin_sel + | |
| 175 | (unsigned int)num_sels; | |
| 176 | ||
| 177 | if (old_ldt != NULL) { | |
| 178 | if (old_ldt->start < begin_sel) { | |
| 179 | begin_sel = old_ldt->start; | |
| 180 | } | |
| 181 | if (old_ldt->start + old_ldt->count > end_sel) { | |
| 182 | end_sel = old_ldt->start + old_ldt->count; | |
| 183 | } | |
| 1c79356b | 184 | } |
| 0a7de745 A |
185 | |
| 186 | ldt_count = end_sel - begin_sel; | |
| 187 | /* XXX allocation under task lock */ | |
| 188 | new_ldt = (user_ldt_t)kalloc(sizeof(struct user_ldt) + (ldt_count * sizeof(struct real_descriptor))); | |
| 189 | if (new_ldt == NULL) { | |
| 0c530ab8 | 190 | task_unlock(task); |
| 0a7de745 | 191 | return ENOMEM; |
| 0c530ab8 | 192 | } |
| 0a7de745 A |
193 | |
| 194 | new_ldt->start = begin_sel; | |
| 195 | new_ldt->count = ldt_count; | |
| 196 | ||
| 197 | /* | |
| 198 | * Have new LDT. If there was a an old ldt, copy descriptors | |
| 199 | * from old to new. | |
| 200 | */ | |
| 201 | if (old_ldt) { | |
| 202 | bcopy(&old_ldt->ldt[0], | |
| 203 | &new_ldt->ldt[old_ldt->start - begin_sel], | |
| 204 | old_ldt->count * sizeof(struct real_descriptor)); | |
| 205 | ||
| 206 | /* | |
| 207 | * If the old and new LDTs are non-overlapping, fill the | |
| 208 | * center in with null selectors. | |
| 209 | */ | |
| 210 | ||
| 211 | if (old_ldt->start + old_ldt->count < start_sel) { | |
| 212 | bzero(&new_ldt->ldt[old_ldt->count], | |
| 213 | (start_sel - (old_ldt->start + old_ldt->count)) * sizeof(struct real_descriptor)); | |
| 214 | } else if (old_ldt->start > start_sel + num_sels) { | |
| 215 | bzero(&new_ldt->ldt[num_sels], | |
| 216 | (old_ldt->start - (start_sel + num_sels)) * sizeof(struct real_descriptor)); | |
| 217 | } | |
| 218 | } | |
| 219 | ||
| 220 | /* | |
| 221 | * Install new descriptors. | |
| 222 | */ | |
| 223 | if (descs != 0) { | |
| 224 | /* XXX copyin under task lock */ | |
| 225 | err = copyin(descs, (char *)&new_ldt->ldt[start_sel - begin_sel], | |
| 226 | num_sels * sizeof(struct real_descriptor)); | |
| 227 | if (err != 0) { | |
| 228 | task_unlock(task); | |
| 229 | user_ldt_free(new_ldt); | |
| 230 | return err; | |
| 231 | } | |
| 232 | } else { | |
| 233 | bzero(&new_ldt->ldt[start_sel - begin_sel], num_sels * sizeof(struct real_descriptor)); | |
| 234 | } | |
| 235 | /* | |
| 236 | * Validate descriptors. | |
| 237 | * Only allow descriptors with user privileges. | |
| 238 | */ | |
| 239 | for (i = 0, dp = (struct real_descriptor *) &new_ldt->ldt[start_sel - begin_sel]; | |
| 240 | i < num_sels; | |
| 241 | i++, dp++) { | |
| 242 | switch (dp->access & ~ACC_A) { | |
| 243 | case 0: | |
| 244 | case ACC_P: | |
| 245 | /* valid empty descriptor, clear Present preemptively */ | |
| 246 | dp->access &= (~ACC_P & 0xff); | |
| 247 | break; | |
| 248 | case ACC_P | ACC_PL_U | ACC_DATA: | |
| 249 | case ACC_P | ACC_PL_U | ACC_DATA_W: | |
| 250 | case ACC_P | ACC_PL_U | ACC_DATA_E: | |
| 251 | case ACC_P | ACC_PL_U | ACC_DATA_EW: | |
| 252 | case ACC_P | ACC_PL_U | ACC_CODE: | |
| 253 | case ACC_P | ACC_PL_U | ACC_CODE_R: | |
| 254 | case ACC_P | ACC_PL_U | ACC_CODE_C: | |
| 255 | case ACC_P | ACC_PL_U | ACC_CODE_CR: | |
| 256 | break; | |
| 257 | default: | |
| 258 | task_unlock(task); | |
| 259 | user_ldt_free(new_ldt); | |
| 260 | return EACCES; | |
| 261 | } | |
| 262 | /* Reject attempts to create segments with 64-bit granules */ | |
| 263 | /* Note this restriction is still correct, even when | |
| 264 | * executing as a 64-bit process (we want to maintain a single | |
| 265 | * 64-bit selector (located in the GDT)). | |
| 266 | */ | |
| 267 | if (dp->granularity & SZ_64) { | |
| 268 | task_unlock(task); | |
| 269 | user_ldt_free(new_ldt); | |
| 270 | return EACCES; | |
| 271 | } | |
| 5c9f4661 | 272 | } |
| 6601e61a | 273 | } |
| 4452a7af | 274 | |
| 0c530ab8 A |
275 | task->i386_ldt = new_ldt; /* new LDT for task */ |
| 276 | ||
| 1c79356b | 277 | /* |
| 0c530ab8 A |
278 | * Switch to new LDT. We need to do this on all CPUs, since |
| 279 | * another thread in this same task may be currently running, | |
| 280 | * and we need to make sure the new LDT is in place | |
| 281 | * throughout the task before returning to the user. | |
| 1c79356b | 282 | */ |
| b0d623f7 | 283 | mp_broadcast(user_ldt_set_action, task); |
| 89b3af67 | 284 | |
| 0c530ab8 | 285 | task_unlock(task); |
| 4452a7af | 286 | |
| 0c530ab8 A |
287 | /* free old LDT. We can't do this until after we've |
| 288 | * rendezvoused with all CPUs, in case another thread | |
| 289 | * in this task was in the process of context switching. | |
| 6601e61a | 290 | */ |
| 0a7de745 A |
291 | if (old_ldt) { |
| 292 | user_ldt_free(old_ldt); | |
| 293 | } | |
| 0c530ab8 | 294 | |
| 0a7de745 | 295 | *retval = (uint32_t)start_sel; |
| 0c530ab8 A |
296 | |
| 297 | return 0; | |
| 1c79356b A |
298 | } |
| 299 | ||
| 0a7de745 A |
300 | static int |
| 301 | i386_get_ldt_impl( | |
| 302 | uint32_t *retval, | |
| 303 | uint64_t start_sel, | |
| 304 | uint64_t descs, /* out */ | |
| 305 | uint64_t num_sels) | |
| 1c79356b | 306 | { |
| 0a7de745 A |
307 | user_ldt_t user_ldt; |
| 308 | task_t task = current_task(); | |
| 309 | unsigned int ldt_count; | |
| 310 | kern_return_t err; | |
| 311 | ||
| 312 | if (start_sel >= LDTSZ || num_sels > LDTSZ) { | |
| 313 | return EINVAL; | |
| 314 | } | |
| 315 | if (start_sel + num_sels > LDTSZ) { | |
| 316 | return EINVAL; | |
| 317 | } | |
| 318 | if (descs == 0) { | |
| 319 | return EINVAL; | |
| 320 | } | |
| 5d5c5d0d | 321 | |
| 0c530ab8 | 322 | task_lock(task); |
| 89b3af67 | 323 | |
| 0c530ab8 A |
324 | user_ldt = task->i386_ldt; |
| 325 | err = 0; | |
| 4452a7af | 326 | |
| 0c530ab8 A |
327 | /* |
| 328 | * copy out the descriptors | |
| 329 | */ | |
| 330 | ||
| 0a7de745 A |
331 | if (user_ldt != 0) { |
| 332 | ldt_count = user_ldt->start + user_ldt->count; | |
| 333 | } else { | |
| 334 | ldt_count = LDTSZ_MIN; | |
| 335 | } | |
| 1c79356b | 336 | |
| 1c79356b | 337 | |
| 0a7de745 A |
338 | if (start_sel < ldt_count) { |
| 339 | unsigned int copy_sels = (unsigned int)num_sels; | |
| 1c79356b | 340 | |
| 0a7de745 A |
341 | if (start_sel + num_sels > ldt_count) { |
| 342 | copy_sels = ldt_count - (unsigned int)start_sel; | |
| 343 | } | |
| 1c79356b | 344 | |
| 0a7de745 A |
345 | err = copyout((char *)(current_ldt() + start_sel), |
| 346 | descs, copy_sels * sizeof(struct real_descriptor)); | |
| 1c79356b A |
347 | } |
| 348 | ||
| 0c530ab8 | 349 | task_unlock(task); |
| 1c79356b | 350 | |
| 0c530ab8 | 351 | *retval = ldt_count; |
| 1c79356b | 352 | |
| 0c530ab8 A |
353 | return err; |
| 354 | } | |
| 1c79356b | 355 | |
| 0c530ab8 A |
356 | void |
| 357 | user_ldt_free( | |
| 0a7de745 | 358 | user_ldt_t user_ldt) |
| 0c530ab8 A |
359 | { |
| 360 | kfree(user_ldt, sizeof(struct user_ldt) + (user_ldt->count * sizeof(struct real_descriptor))); | |
| 361 | } | |
| 1c79356b | 362 | |
| 0c530ab8 A |
363 | user_ldt_t |
| 364 | user_ldt_copy( | |
| 0a7de745 | 365 | user_ldt_t user_ldt) |
| 0c530ab8 A |
366 | { |
| 367 | if (user_ldt != NULL) { | |
| 0a7de745 A |
368 | size_t size = sizeof(struct user_ldt) + (user_ldt->count * sizeof(struct real_descriptor)); |
| 369 | user_ldt_t new_ldt = (user_ldt_t)kalloc(size); | |
| 370 | if (new_ldt != NULL) { | |
| 371 | bcopy(user_ldt, new_ldt, size); | |
| 372 | } | |
| 373 | return new_ldt; | |
| 1c79356b | 374 | } |
| 0a7de745 | 375 | |
| 0c530ab8 A |
376 | return 0; |
| 377 | } | |
| 5d5c5d0d | 378 | |
| 0c530ab8 A |
379 | void |
| 380 | user_ldt_set_action( | |
| 381 | void *arg) | |
| 382 | { | |
| 0a7de745 | 383 | task_t arg_task = (task_t)arg; |
| 0c530ab8 | 384 | |
| 0a7de745 A |
385 | if (arg_task == current_task()) { |
| 386 | user_ldt_set(current_thread()); | |
| 0c530ab8 | 387 | } |
| 1c79356b A |
388 | } |
| 389 | ||
| 0c530ab8 A |
390 | /* |
| 391 | * Set the LDT for the given thread on the current CPU. Should be invoked | |
| 392 | * with interrupts disabled. | |
| 393 | */ | |
| 1c79356b | 394 | void |
| 0c530ab8 A |
395 | user_ldt_set( |
| 396 | thread_t thread) | |
| 1c79356b | 397 | { |
| 0a7de745 A |
398 | task_t task = thread->task; |
| 399 | user_ldt_t user_ldt; | |
| 0c530ab8 A |
400 | |
| 401 | user_ldt = task->i386_ldt; | |
| 402 | ||
| 403 | if (user_ldt != 0) { | |
| 0a7de745 | 404 | struct real_descriptor *ldtp = current_ldt(); |
| 0c530ab8 | 405 | |
| 0a7de745 A |
406 | if (user_ldt->start > LDTSZ_MIN) { |
| 407 | bzero(&ldtp[LDTSZ_MIN], | |
| 408 | sizeof(struct real_descriptor) * (user_ldt->start - LDTSZ_MIN)); | |
| 409 | } | |
| 0c530ab8 | 410 | |
| 0a7de745 A |
411 | bcopy(user_ldt->ldt, &ldtp[user_ldt->start], |
| 412 | sizeof(struct real_descriptor) * (user_ldt->count)); | |
| 0c530ab8 | 413 | |
| 0a7de745 A |
414 | gdt_desc_p(USER_LDT)->limit_low = (uint16_t)((sizeof(struct real_descriptor) * (user_ldt->start + user_ldt->count)) - 1); |
| 415 | ||
| 416 | ml_cpu_set_ldt(USER_LDT); | |
| 0c530ab8 | 417 | } else { |
| 0a7de745 A |
418 | ml_cpu_set_ldt(KERNEL_LDT); |
| 419 | } | |
| 420 | } | |
| 421 | ||
| 422 | /* For 32-bit processes, called via machdep_syscall() */ | |
| 423 | int | |
| 424 | i386_set_ldt( | |
| 425 | uint32_t *retval, | |
| 426 | uint32_t start_sel, | |
| 427 | uint32_t descs, /* out */ | |
| 428 | uint32_t num_sels) | |
| 429 | { | |
| 430 | return i386_set_ldt_impl(retval, (uint64_t)start_sel, (uint64_t)descs, | |
| 431 | (uint64_t)num_sels); | |
| 432 | } | |
| 433 | ||
| 434 | /* For 64-bit processes, called via machdep_syscall64() */ | |
| 435 | int | |
| 436 | i386_set_ldt64( | |
| 437 | uint32_t *retval, | |
| 438 | uint64_t start_sel, | |
| 439 | uint64_t descs, /* out */ | |
| 440 | uint64_t num_sels) | |
| 441 | { | |
| 0a7de745 A |
442 | return i386_set_ldt_impl(retval, start_sel, descs, num_sels); |
| 443 | } | |
| 444 | ||
| 445 | /* For 32-bit processes, called via machdep_syscall() */ | |
| 446 | int | |
| 447 | i386_get_ldt( | |
| 448 | uint32_t *retval, | |
| 449 | uint32_t start_sel, | |
| 450 | uint32_t descs, /* out */ | |
| 451 | uint32_t num_sels) | |
| 452 | { | |
| 453 | return i386_get_ldt_impl(retval, (uint64_t)start_sel, (uint64_t)descs, | |
| 454 | (uint64_t)num_sels); | |
| 455 | } | |
| 456 | ||
| 457 | /* For 64-bit processes, called via machdep_syscall64() */ | |
| 458 | int | |
| 459 | i386_get_ldt64( | |
| 460 | uint32_t *retval, | |
| 461 | uint64_t start_sel, | |
| 462 | uint64_t descs, /* out */ | |
| 463 | uint64_t num_sels) | |
| 464 | { | |
| 0a7de745 | 465 | return i386_get_ldt_impl(retval, start_sel, descs, num_sels); |
| 1c79356b | 466 | } |