arch/x86/kernel/tls.c

   1 #include <linux/kernel.h>
   2 #include <linux/errno.h>
   3 #include <linux/sched.h>
   4 #include <linux/user.h>
   5 #include <linux/regset.h>
   6 #include <linux/syscalls.h>
   7
   8 #include <asm/uaccess.h>
   9 #include <asm/desc.h>
  10 #include <asm/ldt.h>
  11 #include <asm/processor.h>
  12 #include <asm/proto.h>
  13
  14 #include "tls.h"
  15
  16 /*
  17  * sys_alloc_thread_area: get a yet unused TLS descriptor index.
  18  */
  19 static int get_free_idx(void)
  20 {
  21         struct thread_struct *t = &current->thread;
  22         int idx;
  23
  24         for (idx = 0; idx < GDT_ENTRY_TLS_ENTRIES; idx++)
  25                 if (desc_empty(&t->tls_array[idx]))
  26                         return idx + GDT_ENTRY_TLS_MIN;
  27         return -ESRCH;
  28 }
  29
  30 static bool tls_desc_okay(const struct user_desc *info)
  31 {
  32         if (LDT_empty(info))
  33                 return true;
  34
  35         /*
  36          * espfix is required for 16-bit data segments, but espfix
  37          * only works for LDT segments.
  38          */
  39         if (!info->seg_32bit)
  40                 return false;
  41
  42         /* Only allow data segments in the TLS array. */
  43         if (info->contents > 1)
  44                 return false;
  45
  46         /*
  47          * Non-present segments with DPL 3 present an interesting attack
  48          * surface.  The kernel should handle such segments correctly,
  49          * but TLS is very difficult to protect in a sandbox, so prevent
  50          * such segments from being created.
  51          *
  52          * If userspace needs to remove a TLS entry, it can still delete
  53          * it outright.
  54          */
  55         if (info->seg_not_present)
  56                 return false;
  57
  58         return true;
  59 }
  60
  61 static void set_tls_desc(struct task_struct *p, int idx,
  62                          const struct user_desc *info, int n)
  63 {
  64         struct thread_struct *t = &p->thread;
  65         struct desc_struct *desc = &t->tls_array[idx - GDT_ENTRY_TLS_MIN];
  66         int cpu;
  67
  68         /*
  69          * We must not get preempted while modifying the TLS.
  70          */
  71         cpu = get_cpu();
  72
  73         while (n-- > 0) {
  74                 if (LDT_empty(info))
  75                         desc->a = desc->b = 0;
  76                 else
  77                         fill_ldt(desc, info);
  78                 ++info;
  79                 ++desc;
  80         }
  81
  82         if (t == &current->thread)
  83                 load_TLS(t, cpu);
  84
  85         put_cpu();
  86 }
  87
  88 /*
  89  * Set a given TLS descriptor:
  90  */
  91 int do_set_thread_area(struct task_struct *p, int idx,
  92                        struct user_desc __user *u_info,
  93                        int can_allocate)
  94 {
  95         struct user_desc info;
  96
  97         if (copy_from_user(&info, u_info, sizeof(info)))
  98                 return -EFAULT;
  99
 100         if (!tls_desc_okay(&info))
 101                 return -EINVAL;
 102
 103         if (idx == -1)
 104                 idx = info.entry_number;
 105
 106         /*
 107          * index -1 means the kernel should try to find and
 108          * allocate an empty descriptor:
 109          */
 110         if (idx == -1 && can_allocate) {
 111                 idx = get_free_idx();
 112                 if (idx < 0)
 113                         return idx;
 114                 if (put_user(idx, &u_info->entry_number))
 115                         return -EFAULT;
 116         }
 117
 118         if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
 119                 return -EINVAL;
 120
 121         set_tls_desc(p, idx, &info, 1);
 122
 123         return 0;
 124 }
 125
 126 SYSCALL_DEFINE1(set_thread_area, struct user_desc __user *, u_info)
 127 {
 128         return do_set_thread_area(current, -1, u_info, 1);
 129 }
 130
 131
 132 /*
 133  * Get the current Thread-Local Storage area:
 134  */
 135
 136 static void fill_user_desc(struct user_desc *info, int idx,
 137                            const struct desc_struct *desc)
 138
 139 {
 140         memset(info, 0, sizeof(*info));
 141         info->entry_number = idx;
 142         info->base_addr = get_desc_base(desc);
 143         info->limit = get_desc_limit(desc);
 144         info->seg_32bit = desc->d;
 145         info->contents = desc->type >> 2;
 146         info->read_exec_only = !(desc->type & 2);
 147         info->limit_in_pages = desc->g;
 148         info->seg_not_present = !desc->p;
 149         info->useable = desc->avl;
 150 #ifdef CONFIG_X86_64
 151         info->lm = desc->l;
 152 #endif
 153 }
 154
 155 int do_get_thread_area(struct task_struct *p, int idx,
 156                        struct user_desc __user *u_info)
 157 {
 158         struct user_desc info;
 159
 160         if (idx == -1 && get_user(idx, &u_info->entry_number))
 161                 return -EFAULT;
 162
 163         if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
 164                 return -EINVAL;
 165
 166         fill_user_desc(&info, idx,
 167                        &p->thread.tls_array[idx - GDT_ENTRY_TLS_MIN]);
 168
 169         if (copy_to_user(u_info, &info, sizeof(info)))
 170                 return -EFAULT;
 171         return 0;
 172 }
 173
 174 SYSCALL_DEFINE1(get_thread_area, struct user_desc __user *, u_info)
 175 {
 176         return do_get_thread_area(current, -1, u_info);
 177 }
 178
 179 int regset_tls_active(struct task_struct *target,
 180                       const struct user_regset *regset)
 181 {
 182         struct thread_struct *t = &target->thread;
 183         int n = GDT_ENTRY_TLS_ENTRIES;
 184         while (n > 0 && desc_empty(&t->tls_array[n - 1]))
 185                 --n;
 186         return n;
 187 }
 188
 189 int regset_tls_get(struct task_struct *target, const struct user_regset *regset,
 190                    unsigned int pos, unsigned int count,
 191                    void *kbuf, void __user *ubuf)
 192 {
 193         const struct desc_struct *tls;
 194
 195         if (pos >= GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) ||
 196             (pos % sizeof(struct user_desc)) != 0 ||
 197             (count % sizeof(struct user_desc)) != 0)
 198                 return -EINVAL;
 199
 200         pos /= sizeof(struct user_desc);
 201         count /= sizeof(struct user_desc);
 202
 203         tls = &target->thread.tls_array[pos];
 204
 205         if (kbuf) {
 206                 struct user_desc *info = kbuf;
 207                 while (count-- > 0)
 208                         fill_user_desc(info++, GDT_ENTRY_TLS_MIN + pos++,
 209                                        tls++);
 210         } else {
 211                 struct user_desc __user *u_info = ubuf;
 212                 while (count-- > 0) {
 213                         struct user_desc info;
 214                         fill_user_desc(&info, GDT_ENTRY_TLS_MIN + pos++, tls++);
 215                         if (__copy_to_user(u_info++, &info, sizeof(info)))
 216                                 return -EFAULT;
 217                 }
 218         }
 219
 220         return 0;
 221 }
 222
 223 int regset_tls_set(struct task_struct *target, const struct user_regset *regset,
 224                    unsigned int pos, unsigned int count,
 225                    const void *kbuf, const void __user *ubuf)
 226 {
 227         struct user_desc infobuf[GDT_ENTRY_TLS_ENTRIES];
 228         const struct user_desc *info;
 229         int i;
 230
 231         if (pos >= GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) ||
 232             (pos % sizeof(struct user_desc)) != 0 ||
 233             (count % sizeof(struct user_desc)) != 0)
 234                 return -EINVAL;
 235
 236         if (kbuf)
 237                 info = kbuf;
 238         else if (__copy_from_user(infobuf, ubuf, count))
 239                 return -EFAULT;
 240         else
 241                 info = infobuf;
 242
 243         for (i = 0; i < count / sizeof(struct user_desc); i++)
 244                 if (!tls_desc_okay(info + i))
 245                         return -EINVAL;
 246
 247         set_tls_desc(target,
 248                      GDT_ENTRY_TLS_MIN + (pos / sizeof(struct user_desc)),
 249                      info, count / sizeof(struct user_desc));
 250
 251         return 0;
 252 }