1 #include <linux/kernel.h>
2 #include <linux/errno.h>
3 #include <linux/sched.h>
4 #include <linux/user.h>
5 #include <linux/regset.h>
6 #include <linux/syscalls.h>
8 #include <asm/uaccess.h>
11 #include <asm/processor.h>
12 #include <asm/proto.h>
17 * sys_alloc_thread_area: get a yet unused TLS descriptor index.
19 static int get_free_idx(void)
21 struct thread_struct
*t
= ¤t
->thread
;
24 for (idx
= 0; idx
< GDT_ENTRY_TLS_ENTRIES
; idx
++)
25 if (desc_empty(&t
->tls_array
[idx
]))
26 return idx
+ GDT_ENTRY_TLS_MIN
;
30 static bool tls_desc_okay(const struct user_desc
*info
)
36 * espfix is required for 16-bit data segments, but espfix
37 * only works for LDT segments.
42 /* Only allow data segments in the TLS array. */
43 if (info
->contents
> 1)
47 * Non-present segments with DPL 3 present an interesting attack
48 * surface. The kernel should handle such segments correctly,
49 * but TLS is very difficult to protect in a sandbox, so prevent
50 * such segments from being created.
52 * If userspace needs to remove a TLS entry, it can still delete
55 if (info
->seg_not_present
)
61 static void set_tls_desc(struct task_struct
*p
, int idx
,
62 const struct user_desc
*info
, int n
)
64 struct thread_struct
*t
= &p
->thread
;
65 struct desc_struct
*desc
= &t
->tls_array
[idx
- GDT_ENTRY_TLS_MIN
];
69 * We must not get preempted while modifying the TLS.
75 desc
->a
= desc
->b
= 0;
82 if (t
== ¤t
->thread
)
89 * Set a given TLS descriptor:
91 int do_set_thread_area(struct task_struct
*p
, int idx
,
92 struct user_desc __user
*u_info
,
95 struct user_desc info
;
97 if (copy_from_user(&info
, u_info
, sizeof(info
)))
100 if (!tls_desc_okay(&info
))
104 idx
= info
.entry_number
;
107 * index -1 means the kernel should try to find and
108 * allocate an empty descriptor:
110 if (idx
== -1 && can_allocate
) {
111 idx
= get_free_idx();
114 if (put_user(idx
, &u_info
->entry_number
))
118 if (idx
< GDT_ENTRY_TLS_MIN
|| idx
> GDT_ENTRY_TLS_MAX
)
121 set_tls_desc(p
, idx
, &info
, 1);
126 SYSCALL_DEFINE1(set_thread_area
, struct user_desc __user
*, u_info
)
128 return do_set_thread_area(current
, -1, u_info
, 1);
133 * Get the current Thread-Local Storage area:
136 static void fill_user_desc(struct user_desc
*info
, int idx
,
137 const struct desc_struct
*desc
)
140 memset(info
, 0, sizeof(*info
));
141 info
->entry_number
= idx
;
142 info
->base_addr
= get_desc_base(desc
);
143 info
->limit
= get_desc_limit(desc
);
144 info
->seg_32bit
= desc
->d
;
145 info
->contents
= desc
->type
>> 2;
146 info
->read_exec_only
= !(desc
->type
& 2);
147 info
->limit_in_pages
= desc
->g
;
148 info
->seg_not_present
= !desc
->p
;
149 info
->useable
= desc
->avl
;
155 int do_get_thread_area(struct task_struct
*p
, int idx
,
156 struct user_desc __user
*u_info
)
158 struct user_desc info
;
160 if (idx
== -1 && get_user(idx
, &u_info
->entry_number
))
163 if (idx
< GDT_ENTRY_TLS_MIN
|| idx
> GDT_ENTRY_TLS_MAX
)
166 fill_user_desc(&info
, idx
,
167 &p
->thread
.tls_array
[idx
- GDT_ENTRY_TLS_MIN
]);
169 if (copy_to_user(u_info
, &info
, sizeof(info
)))
174 SYSCALL_DEFINE1(get_thread_area
, struct user_desc __user
*, u_info
)
176 return do_get_thread_area(current
, -1, u_info
);
179 int regset_tls_active(struct task_struct
*target
,
180 const struct user_regset
*regset
)
182 struct thread_struct
*t
= &target
->thread
;
183 int n
= GDT_ENTRY_TLS_ENTRIES
;
184 while (n
> 0 && desc_empty(&t
->tls_array
[n
- 1]))
189 int regset_tls_get(struct task_struct
*target
, const struct user_regset
*regset
,
190 unsigned int pos
, unsigned int count
,
191 void *kbuf
, void __user
*ubuf
)
193 const struct desc_struct
*tls
;
195 if (pos
>= GDT_ENTRY_TLS_ENTRIES
* sizeof(struct user_desc
) ||
196 (pos
% sizeof(struct user_desc
)) != 0 ||
197 (count
% sizeof(struct user_desc
)) != 0)
200 pos
/= sizeof(struct user_desc
);
201 count
/= sizeof(struct user_desc
);
203 tls
= &target
->thread
.tls_array
[pos
];
206 struct user_desc
*info
= kbuf
;
208 fill_user_desc(info
++, GDT_ENTRY_TLS_MIN
+ pos
++,
211 struct user_desc __user
*u_info
= ubuf
;
212 while (count
-- > 0) {
213 struct user_desc info
;
214 fill_user_desc(&info
, GDT_ENTRY_TLS_MIN
+ pos
++, tls
++);
215 if (__copy_to_user(u_info
++, &info
, sizeof(info
)))
223 int regset_tls_set(struct task_struct
*target
, const struct user_regset
*regset
,
224 unsigned int pos
, unsigned int count
,
225 const void *kbuf
, const void __user
*ubuf
)
227 struct user_desc infobuf
[GDT_ENTRY_TLS_ENTRIES
];
228 const struct user_desc
*info
;
231 if (pos
>= GDT_ENTRY_TLS_ENTRIES
* sizeof(struct user_desc
) ||
232 (pos
% sizeof(struct user_desc
)) != 0 ||
233 (count
% sizeof(struct user_desc
)) != 0)
238 else if (__copy_from_user(infobuf
, ubuf
, count
))
243 for (i
= 0; i
< count
/ sizeof(struct user_desc
); i
++)
244 if (!tls_desc_okay(info
+ i
))
248 GDT_ENTRY_TLS_MIN
+ (pos
/ sizeof(struct user_desc
)),
249 info
, count
/ sizeof(struct user_desc
));