]> git.saurik.com Git - apple/xnu.git/blob - osfmk/arm64/copyio.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-4903.221.2.tar.gz
[apple/xnu.git] / osfmk / arm64 / copyio.c
1 /*
2 * Copyright (c) 2012-2013 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 #include <arm/cpu_data_internal.h>
30 #include <arm/misc_protos.h>
31 #include <kern/thread.h>
32 #include <sys/errno.h>
33 #include <vm/pmap.h>
34 #include <vm/vm_map.h>
35 #include <san/kasan.h>
36
37 #undef copyin
38 #undef copyout
39
40 extern int _bcopyin(const char *src, char *dst, vm_size_t len);
41 extern int _bcopyinstr(const char *src, char *dst, vm_size_t max, vm_size_t *actual);
42 extern int _bcopyout(const char *src, char *dst, vm_size_t len);
43 extern int _copyin_word(const char *src, uint64_t *dst, vm_size_t len);
44
45 extern pmap_t kernel_pmap;
46
47 /* On by default, optionally disabled by boot-arg */
48 extern boolean_t copyio_zalloc_check;
49
50 typedef enum copyio_type {
51 COPYIO_IN,
52 COPYIO_IN_WORD,
53 COPYIO_INSTR,
54 COPYIO_OUT,
55 } copyio_type_t;
56
57 static inline void
58 user_access_enable(void)
59 {
60 #if __ARM_PAN_AVAILABLE__
61 __builtin_arm_wsr("pan", 0);
62 #endif /* __ARM_PAN_AVAILABLE__ */
63 }
64
65 static inline void
66 user_access_disable(void)
67 {
68 #if __ARM_PAN_AVAILABLE__
69 __builtin_arm_wsr("pan", 1);
70 #endif /* __ARM_PAN_AVAILABLE__ */
71 }
72
73 static int
74 copyio(copyio_type_t copytype, const char *src, char *dst,
75 vm_size_t nbytes, vm_size_t *lencopied)
76 {
77 int result = 0;
78 vm_size_t bytes_copied = 0;
79 vm_size_t kernel_buf_size = 0;
80 void * kernel_addr = NULL;
81
82 /* Reject TBI addresses */
83 if (copytype == COPYIO_OUT) {
84 if ((uintptr_t)dst & TBI_MASK)
85 return EINVAL;
86 } else {
87 if ((uintptr_t)src & TBI_MASK)
88 return EINVAL;
89 }
90
91 if (__probable(copyio_zalloc_check)) {
92 if (copytype == COPYIO_IN || copytype == COPYIO_INSTR || copytype == COPYIO_IN_WORD) {
93 kernel_addr = (void*)dst;
94 } else if (copytype == COPYIO_OUT) {
95 kernel_addr = (void*)(uintptr_t)src;
96 }
97 if (kernel_addr)
98 kernel_buf_size = zone_element_size(kernel_addr, NULL);
99 if (__improbable(kernel_buf_size && kernel_buf_size < nbytes))
100 panic("copyio: kernel buffer %p has size %lu < nbytes %lu", kernel_addr, kernel_buf_size, nbytes);
101 }
102
103 #if KASAN
104 /* For user copies, asan-check the kernel-side buffer */
105 if (copytype == COPYIO_IN || copytype == COPYIO_INSTR || copytype == COPYIO_IN_WORD) {
106 __asan_storeN((uintptr_t)dst, nbytes);
107 } else if (copytype == COPYIO_OUT) {
108 __asan_loadN((uintptr_t)src, nbytes);
109 }
110 #endif
111
112 user_access_enable();
113
114 /* Select copy routines based on direction:
115 * COPYIO_IN - Use unprivileged loads to read from user address
116 * COPYIO_OUT - Use unprivleged stores to write to user address
117 */
118
119 switch (copytype) {
120 case COPYIO_IN:
121 result = _bcopyin(src, dst, nbytes);
122 break;
123 case COPYIO_INSTR:
124 result = _bcopyinstr(src, dst, nbytes, &bytes_copied);
125 if (result != EFAULT) {
126 *lencopied = bytes_copied;
127 }
128 break;
129 case COPYIO_IN_WORD:
130 result = _copyin_word(src, (uint64_t *)(uintptr_t)dst, nbytes);
131 break;
132 case COPYIO_OUT:
133 result = _bcopyout(src, dst, nbytes);
134 break;
135 default:
136 result = EINVAL;
137 }
138
139 user_access_disable();
140 return result;
141 }
142
143 int
144 copyin_kern(const user_addr_t user_addr, char *kernel_addr, vm_size_t nbytes)
145 {
146 bcopy((const char*)(uintptr_t)user_addr, kernel_addr, nbytes);
147
148 return 0;
149 }
150
151 int
152 copyout_kern(const char *kernel_addr, user_addr_t user_addr, vm_size_t nbytes)
153 {
154 bcopy(kernel_addr, (char *)(uintptr_t)user_addr, nbytes);
155
156 return 0;
157 }
158
159 int
160 copyin(const user_addr_t user_addr, void *kernel_addr, vm_size_t nbytes)
161 {
162 int result;
163
164 if (nbytes == 0)
165 return 0;
166
167 result = copyin_validate(user_addr, (uintptr_t)kernel_addr, nbytes);
168 if (result) return result;
169
170 if (current_thread()->map->pmap == kernel_pmap)
171 return copyin_kern(user_addr, kernel_addr, nbytes);
172 else
173 return copyio(COPYIO_IN, (const char *)(uintptr_t)user_addr, kernel_addr, nbytes, NULL);
174 }
175
176 /*
177 * copyin_word
178 * Read an aligned value from userspace as a single memory transaction.
179 * This function supports userspace synchronization features
180 */
181 int
182 copyin_word(const user_addr_t user_addr, uint64_t *kernel_addr, vm_size_t nbytes)
183 {
184 int result;
185
186 /* Verify sizes */
187 if ((nbytes != 4) && (nbytes != 8))
188 return EINVAL;
189
190 /* Test alignment */
191 if (user_addr & (nbytes - 1))
192 return EINVAL;
193
194 result = copyin_validate(user_addr, (uintptr_t)kernel_addr, nbytes);
195 if (result)
196 return result;
197
198 return copyio(COPYIO_IN_WORD, (const char *)user_addr, (char *)(uintptr_t)kernel_addr, nbytes, NULL);
199 }
200
201 int
202 copyinstr(const user_addr_t user_addr, char *kernel_addr, vm_size_t nbytes, vm_size_t *lencopied)
203 {
204 int result;
205
206 *lencopied = 0;
207 if (nbytes == 0)
208 return ENAMETOOLONG;
209
210 result = copyin_validate(user_addr, (uintptr_t)kernel_addr, nbytes);
211
212 if (result) return result;
213
214 return copyio(COPYIO_INSTR, (const char *)(uintptr_t)user_addr, kernel_addr, nbytes, lencopied);
215 }
216
217 int
218 copyout(const void *kernel_addr, user_addr_t user_addr, vm_size_t nbytes)
219 {
220 int result;
221
222 if (nbytes == 0)
223 return 0;
224
225 result = copyout_validate((uintptr_t)kernel_addr, user_addr, nbytes);
226 if (result) return result;
227
228 if (current_thread()->map->pmap == kernel_pmap)
229 return copyout_kern(kernel_addr, user_addr, nbytes);
230 else
231 return copyio(COPYIO_OUT, kernel_addr, (char *)(uintptr_t)user_addr, nbytes, NULL);
232 }
233
234
235 /*
236 * Copy sizes bigger than this value will cause a kernel panic.
237 *
238 * Yes, this is an arbitrary fixed limit, but it's almost certainly
239 * a programming error to be copying more than this amount between
240 * user and wired kernel memory in a single invocation on this
241 * platform.
242 */
243 const int copysize_limit_panic = (64 * 1024 * 1024);
244
245 /*
246 * Validate the arguments to copy{in,out} on this platform.
247 */
248 static int
249 copy_validate(const user_addr_t user_addr,
250 uintptr_t kernel_addr, vm_size_t nbytes)
251 {
252 uintptr_t kernel_addr_last = kernel_addr + nbytes;
253
254 if (__improbable(kernel_addr < VM_MIN_KERNEL_ADDRESS ||
255 kernel_addr > VM_MAX_KERNEL_ADDRESS ||
256 kernel_addr_last < kernel_addr ||
257 kernel_addr_last > VM_MAX_KERNEL_ADDRESS))
258 panic("%s(%p, %p, %lu) - kaddr not in kernel", __func__,
259 (void *)user_addr, (void *)kernel_addr, nbytes);
260
261 user_addr_t user_addr_last = user_addr + nbytes;
262
263 if (__improbable((user_addr_last < user_addr) || ((user_addr + nbytes) > vm_map_max(current_thread()->map)) ||
264 (user_addr < vm_map_min(current_thread()->map))))
265 return (EFAULT);
266
267 if (__improbable(nbytes > copysize_limit_panic))
268 panic("%s(%p, %p, %lu) - transfer too large", __func__,
269 (void *)user_addr, (void *)kernel_addr, nbytes);
270
271 return (0);
272 }
273
274 int
275 copyin_validate(const user_addr_t ua, uintptr_t ka, vm_size_t nbytes)
276 {
277 return (copy_validate(ua, ka, nbytes));
278 }
279
280 int
281 copyout_validate(uintptr_t ka, const user_addr_t ua, vm_size_t nbytes)
282 {
283 return (copy_validate(ua, ka, nbytes));
284 }
285
mirror of XNU