osfmk/i386/user_ldt.c

   1 /*
   2  * Copyright (c) 2000-2004 Apple Computer, Inc. All rights reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * The contents of this file constitute Original Code as defined in and
   7  * are subject to the Apple Public Source License Version 1.1 (the
   8  * "License").  You may not use this file except in compliance with the
   9  * License.  Please obtain a copy of the License at
  10  * http://www.apple.com/publicsource and read it before using this file.
  11  *
  12  * This Original Code and all software distributed under the License are
  13  * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  14  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  15  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  16  * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
  17  * License for the specific language governing rights and limitations
  18  * under the License.
  19  *
  20  * @APPLE_LICENSE_HEADER_END@
  21  */
  22 /*
  23  * @OSF_COPYRIGHT@
  24  */
  25 /*
  26  * Mach Operating System
  27  * Copyright (c) 1991 Carnegie Mellon University
  28  * All Rights Reserved.
  29  *
  30  * Permission to use, copy, modify and distribute this software and its
  31  * documentation is hereby granted, provided that both the copyright
  32  * notice and this permission notice appear in all copies of the
  33  * software, derivative works or modified versions, and any portions
  34  * thereof, and that both notices appear in supporting documentation.
  35  *
  36  * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
  37  * CONDITION.  CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR
  38  * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
  39  *
  40  * Carnegie Mellon requests users of this software to return to
  41  *
  42  *  Software Distribution Coordinator  or  Software.Distribution@CS.CMU.EDU
  43  *  School of Computer Science
  44  *  Carnegie Mellon University
  45  *  Pittsburgh PA 15213-3890
  46  *
  47  * any improvements or extensions that they make and grant Carnegie Mellon
  48  * the rights to redistribute these changes.
  49  */
  50
  51 /*
  52  */
  53
  54 /*
  55  * User LDT management.
  56  * Each task may have its own LDT.
  57  */
  58
  59 #include <kern/kalloc.h>
  60 #include <kern/thread.h>
  61 #include <kern/misc_protos.h>
  62
  63 #include <vm/vm_kern.h>
  64
  65 #include <i386/seg.h>
  66 #include <i386/thread.h>
  67 #include <i386/user_ldt.h>
  68 #include <i386/mp_desc.h>
  69 #include <i386/proc_reg.h>
  70 #include <i386/machdep_call.h>
  71 #include <i386/mp.h>
  72 #include <i386/machine_routines.h>
  73
  74 #include <sys/errno.h>
  75
  76 static void user_ldt_set_action(void *);
  77
  78 /*
  79  * Add the descriptors to the LDT, starting with
  80  * the descriptor for 'first_selector'.
  81  */
  82
  83 int
  84 i386_set_ldt(
  85         int                     *retval,
  86         uint32_t                start_sel,
  87         uint32_t                descs,  /* out */
  88         uint32_t                num_sels)
  89 {
  90         user_ldt_t      new_ldt, old_ldt;
  91         struct real_descriptor *dp;
  92         unsigned int    i;
  93         unsigned int    min_selector = LDTSZ_MIN;       /* do not allow the system selectors to be changed */
  94         task_t          task = current_task();
  95         unsigned int    ldt_count;
  96         kern_return_t err;
  97
  98         if (start_sel != LDT_AUTO_ALLOC
  99             && (start_sel != 0 || num_sels != 0)
 100             && (start_sel < min_selector || start_sel >= LDTSZ))
 101             return EINVAL;
 102         if (start_sel != LDT_AUTO_ALLOC
 103             && start_sel + num_sels > LDTSZ)
 104             return EINVAL;
 105
 106         task_lock(task);
 107
 108         old_ldt = task->i386_ldt;
 109
 110         if (start_sel == LDT_AUTO_ALLOC) {
 111             if (old_ldt) {
 112                 unsigned int null_count;
 113                 struct real_descriptor null_ldt;
 114
 115                 bzero(&null_ldt, sizeof(null_ldt));
 116
 117                 /*
 118                  * Look for null selectors among the already-allocated
 119                  * entries.
 120                  */
 121                 null_count = 0;
 122                 i = 0;
 123                 while (i < old_ldt->count)
 124                 {
 125                     if (!memcmp(&old_ldt->ldt[i++], &null_ldt, sizeof(null_ldt))) {
 126                         null_count++;
 127                         if (null_count == num_sels)
 128                             break;  /* break out of while loop */
 129                     } else {
 130                         null_count = 0;
 131                     }
 132                 }
 133
 134                 /*
 135                  * If we broke out of the while loop, i points to the selector
 136                  * after num_sels null selectors.  Otherwise it points to the end
 137                  * of the old LDTs, and null_count is the number of null selectors
 138                  * at the end.
 139                  *
 140                  * Either way, there are null_count null selectors just prior to
 141                  * the i-indexed selector, and either null_count >= num_sels,
 142                  * or we're at the end, so we can extend.
 143                  */
 144                 start_sel = old_ldt->start + i - null_count;
 145             } else {
 146                 start_sel = LDTSZ_MIN;
 147             }
 148
 149             if (start_sel + num_sels > LDTSZ) {
 150                 task_unlock(task);
 151                 return ENOMEM;
 152             }
 153         }
 154
 155         if (start_sel == 0 && num_sels == 0) {
 156             new_ldt = NULL;
 157         } else {
 158             /*
 159              * Allocate new LDT
 160              */
 161
 162             unsigned int    begin_sel = start_sel;
 163             unsigned int    end_sel = begin_sel + num_sels;
 164
 165             if (old_ldt != NULL) {
 166                 if (old_ldt->start < begin_sel)
 167                     begin_sel = old_ldt->start;
 168                 if (old_ldt->start + old_ldt->count > end_sel)
 169                     end_sel = old_ldt->start + old_ldt->count;
 170             }
 171
 172             ldt_count = end_sel - begin_sel;
 173
 174             new_ldt = (user_ldt_t)kalloc(sizeof(struct user_ldt) + (ldt_count * sizeof(struct real_descriptor)));
 175             if (new_ldt == NULL) {
 176                 task_unlock(task);
 177                 return ENOMEM;
 178             }
 179
 180             new_ldt->start = begin_sel;
 181             new_ldt->count = ldt_count;
 182
 183             /*
 184              * Have new LDT.  If there was a an old ldt, copy descriptors
 185              * from old to new.
 186              */
 187             if (old_ldt) {
 188                 bcopy(&old_ldt->ldt[0],
 189                       &new_ldt->ldt[old_ldt->start - begin_sel],
 190                       old_ldt->count * sizeof(struct real_descriptor));
 191
 192                 /*
 193                  * If the old and new LDTs are non-overlapping, fill the
 194                  * center in with null selectors.
 195                  */
 196
 197                 if (old_ldt->start + old_ldt->count < start_sel)
 198                     bzero(&new_ldt->ldt[old_ldt->count],
 199                           (start_sel - (old_ldt->start + old_ldt->count)) * sizeof(struct real_descriptor));
 200                 else if (old_ldt->start > start_sel + num_sels)
 201                     bzero(&new_ldt->ldt[num_sels],
 202                           (old_ldt->start - (start_sel + num_sels)) * sizeof(struct real_descriptor));
 203             }
 204
 205             /*
 206              * Install new descriptors.
 207              */
 208             if (descs != 0) {
 209                 err = copyin(descs, (char *)&new_ldt->ldt[start_sel - begin_sel],
 210                              num_sels * sizeof(struct real_descriptor));
 211                 if (err != 0)
 212                 {
 213                     task_unlock(task);
 214                     user_ldt_free(new_ldt);
 215                     return err;
 216                 }
 217             } else {
 218                 bzero(&new_ldt->ldt[start_sel - begin_sel], num_sels * sizeof(struct real_descriptor));
 219             }
 220
 221             /*
 222              * Validate descriptors.
 223              * Only allow descriptors with user priviledges.
 224              */
 225             for (i = 0, dp = (struct real_descriptor *) &new_ldt->ldt[start_sel - begin_sel];
 226                  i < num_sels;
 227                  i++, dp++)
 228             {
 229                 switch (dp->access & ~ACC_A) {
 230                     case 0:
 231                     case ACC_P:
 232                         /* valid empty descriptor */
 233                         break;
 234                     case ACC_P | ACC_PL_U | ACC_DATA:
 235                     case ACC_P | ACC_PL_U | ACC_DATA_W:
 236                     case ACC_P | ACC_PL_U | ACC_DATA_E:
 237                     case ACC_P | ACC_PL_U | ACC_DATA_EW:
 238                     case ACC_P | ACC_PL_U | ACC_CODE:
 239                     case ACC_P | ACC_PL_U | ACC_CODE_R:
 240                     case ACC_P | ACC_PL_U | ACC_CODE_C:
 241                     case ACC_P | ACC_PL_U | ACC_CODE_CR:
 242                     case ACC_P | ACC_PL_U | ACC_CALL_GATE_16:
 243                     case ACC_P | ACC_PL_U | ACC_CALL_GATE:
 244                         break;
 245                     default:
 246                         task_unlock(task);
 247                         user_ldt_free(new_ldt);
 248                         return EACCES;
 249                 }
 250             }
 251         }
 252
 253         task->i386_ldt = new_ldt; /* new LDT for task */
 254
 255         /*
 256          * Switch to new LDT.  We need to do this on all CPUs, since
 257          * another thread in this same task may be currently running,
 258          * and we need to make sure the new LDT is in place
 259          * throughout the task before returning to the user.
 260          */
 261         mp_rendezvous_no_intrs(user_ldt_set_action, task);
 262
 263         task_unlock(task);
 264
 265         /* free old LDT.  We can't do this until after we've
 266          * rendezvoused with all CPUs, in case another thread
 267          * in this task was in the process of context switching.
 268          */
 269         if (old_ldt)
 270             user_ldt_free(old_ldt);
 271
 272         *retval = start_sel;
 273
 274         return 0;
 275 }
 276
 277 int
 278 i386_get_ldt(
 279         int                     *retval,
 280         uint32_t                start_sel,
 281         uint32_t                descs,  /* out */
 282         uint32_t                num_sels)
 283 {
 284         user_ldt_t      user_ldt;
 285         task_t          task = current_task();
 286         unsigned int    ldt_count;
 287         kern_return_t   err;
 288
 289         if (start_sel >= 8192)
 290             return EINVAL;
 291         if (start_sel + num_sels > 8192)
 292             return EINVAL;
 293         if (descs == 0)
 294             return EINVAL;
 295
 296         task_lock(task);
 297
 298         user_ldt = task->i386_ldt;
 299         err = 0;
 300
 301         /*
 302          * copy out the descriptors
 303          */
 304
 305         if (user_ldt != 0)
 306             ldt_count = user_ldt->start + user_ldt->count;
 307         else
 308             ldt_count = LDTSZ_MIN;
 309
 310
 311         if (start_sel < ldt_count)
 312         {
 313             unsigned int copy_sels = num_sels;
 314
 315             if (start_sel + num_sels > ldt_count)
 316                 copy_sels = ldt_count - start_sel;
 317
 318             err = copyout((char *)(current_ldt() + start_sel),
 319                           descs, copy_sels * sizeof(struct real_descriptor));
 320         }
 321
 322         task_unlock(task);
 323
 324         *retval = ldt_count;
 325
 326         return err;
 327 }
 328
 329 void
 330 user_ldt_free(
 331         user_ldt_t      user_ldt)
 332 {
 333         kfree(user_ldt, sizeof(struct user_ldt) + (user_ldt->count * sizeof(struct real_descriptor)));
 334 }
 335
 336 user_ldt_t
 337 user_ldt_copy(
 338         user_ldt_t      user_ldt)
 339 {
 340         if (user_ldt != NULL) {
 341             size_t      size = sizeof(struct user_ldt) + (user_ldt->count * sizeof(struct real_descriptor));
 342             user_ldt_t  new_ldt = (user_ldt_t)kalloc(size);
 343             if (new_ldt != NULL)
 344                 bcopy(user_ldt, new_ldt, size);
 345             return new_ldt;
 346         }
 347
 348         return 0;
 349 }
 350
 351 void
 352 user_ldt_set_action(
 353         void *arg)
 354 {
 355         task_t          arg_task = (task_t)arg;
 356
 357         if (arg_task == current_task()) {
 358             user_ldt_set(current_thread());
 359         }
 360 }
 361
 362 /*
 363  * Set the LDT for the given thread on the current CPU.  Should be invoked
 364  * with interrupts disabled.
 365  */
 366 void
 367 user_ldt_set(
 368         thread_t thread)
 369 {
 370         task_t          task = thread->task;
 371         user_ldt_t      user_ldt;
 372
 373         user_ldt = task->i386_ldt;
 374
 375         if (user_ldt != 0) {
 376             struct real_descriptor *ldtp = (struct real_descriptor *)current_ldt();
 377
 378             if (user_ldt->start > LDTSZ_MIN) {
 379                 bzero(&ldtp[LDTSZ_MIN],
 380                       sizeof(struct real_descriptor) * (user_ldt->start - LDTSZ_MIN));
 381             }
 382
 383             bcopy(user_ldt->ldt, &ldtp[user_ldt->start],
 384                   sizeof(struct real_descriptor) * (user_ldt->count));
 385
 386             gdt_desc_p(USER_LDT)->limit_low = (sizeof(struct real_descriptor) * (user_ldt->start + user_ldt->count)) - 1;
 387
 388             ml_cpu_set_ldt(USER_LDT);
 389         } else {
 390             ml_cpu_set_ldt(KERNEL_LDT);
 391         }
 392 }