ptrace.c (35191B)
1// SPDX-License-Identifier: GPL-2.0-only 2/* By Ross Biro 1/23/92 */ 3/* 4 * Pentium III FXSR, SSE support 5 * Gareth Hughes <gareth@valinux.com>, May 2000 6 */ 7 8#include <linux/kernel.h> 9#include <linux/sched.h> 10#include <linux/sched/task_stack.h> 11#include <linux/mm.h> 12#include <linux/smp.h> 13#include <linux/errno.h> 14#include <linux/slab.h> 15#include <linux/ptrace.h> 16#include <linux/user.h> 17#include <linux/elf.h> 18#include <linux/security.h> 19#include <linux/audit.h> 20#include <linux/seccomp.h> 21#include <linux/signal.h> 22#include <linux/perf_event.h> 23#include <linux/hw_breakpoint.h> 24#include <linux/rcupdate.h> 25#include <linux/export.h> 26#include <linux/context_tracking.h> 27#include <linux/nospec.h> 28 29#include <linux/uaccess.h> 30#include <asm/processor.h> 31#include <asm/fpu/signal.h> 32#include <asm/fpu/regset.h> 33#include <asm/fpu/xstate.h> 34#include <asm/debugreg.h> 35#include <asm/ldt.h> 36#include <asm/desc.h> 37#include <asm/prctl.h> 38#include <asm/proto.h> 39#include <asm/hw_breakpoint.h> 40#include <asm/traps.h> 41#include <asm/syscall.h> 42#include <asm/fsgsbase.h> 43#include <asm/io_bitmap.h> 44 45#include "tls.h" 46 47enum x86_regset { 48 REGSET_GENERAL, 49 REGSET_FP, 50 REGSET_XFP, 51 REGSET_IOPERM64 = REGSET_XFP, 52 REGSET_XSTATE, 53 REGSET_TLS, 54 REGSET_IOPERM32, 55}; 56 57struct pt_regs_offset { 58 const char *name; 59 int offset; 60}; 61 62#define REG_OFFSET_NAME(r) {.name = #r, .offset = offsetof(struct pt_regs, r)} 63#define REG_OFFSET_END {.name = NULL, .offset = 0} 64 65static const struct pt_regs_offset regoffset_table[] = { 66#ifdef CONFIG_X86_64 67 REG_OFFSET_NAME(r15), 68 REG_OFFSET_NAME(r14), 69 REG_OFFSET_NAME(r13), 70 REG_OFFSET_NAME(r12), 71 REG_OFFSET_NAME(r11), 72 REG_OFFSET_NAME(r10), 73 REG_OFFSET_NAME(r9), 74 REG_OFFSET_NAME(r8), 75#endif 76 REG_OFFSET_NAME(bx), 77 REG_OFFSET_NAME(cx), 78 REG_OFFSET_NAME(dx), 79 REG_OFFSET_NAME(si), 80 REG_OFFSET_NAME(di), 81 REG_OFFSET_NAME(bp), 82 REG_OFFSET_NAME(ax), 83#ifdef CONFIG_X86_32 84 REG_OFFSET_NAME(ds), 85 REG_OFFSET_NAME(es), 86 REG_OFFSET_NAME(fs), 87 REG_OFFSET_NAME(gs), 88#endif 89 REG_OFFSET_NAME(orig_ax), 90 REG_OFFSET_NAME(ip), 91 REG_OFFSET_NAME(cs), 92 REG_OFFSET_NAME(flags), 93 REG_OFFSET_NAME(sp), 94 REG_OFFSET_NAME(ss), 95 REG_OFFSET_END, 96}; 97 98/** 99 * regs_query_register_offset() - query register offset from its name 100 * @name: the name of a register 101 * 102 * regs_query_register_offset() returns the offset of a register in struct 103 * pt_regs from its name. If the name is invalid, this returns -EINVAL; 104 */ 105int regs_query_register_offset(const char *name) 106{ 107 const struct pt_regs_offset *roff; 108 for (roff = regoffset_table; roff->name != NULL; roff++) 109 if (!strcmp(roff->name, name)) 110 return roff->offset; 111 return -EINVAL; 112} 113 114/** 115 * regs_query_register_name() - query register name from its offset 116 * @offset: the offset of a register in struct pt_regs. 117 * 118 * regs_query_register_name() returns the name of a register from its 119 * offset in struct pt_regs. If the @offset is invalid, this returns NULL; 120 */ 121const char *regs_query_register_name(unsigned int offset) 122{ 123 const struct pt_regs_offset *roff; 124 for (roff = regoffset_table; roff->name != NULL; roff++) 125 if (roff->offset == offset) 126 return roff->name; 127 return NULL; 128} 129 130/* 131 * does not yet catch signals sent when the child dies. 132 * in exit.c or in signal.c. 133 */ 134 135/* 136 * Determines which flags the user has access to [1 = access, 0 = no access]. 137 */ 138#define FLAG_MASK_32 ((unsigned long) \ 139 (X86_EFLAGS_CF | X86_EFLAGS_PF | \ 140 X86_EFLAGS_AF | X86_EFLAGS_ZF | \ 141 X86_EFLAGS_SF | X86_EFLAGS_TF | \ 142 X86_EFLAGS_DF | X86_EFLAGS_OF | \ 143 X86_EFLAGS_RF | X86_EFLAGS_AC)) 144 145/* 146 * Determines whether a value may be installed in a segment register. 147 */ 148static inline bool invalid_selector(u16 value) 149{ 150 return unlikely(value != 0 && (value & SEGMENT_RPL_MASK) != USER_RPL); 151} 152 153#ifdef CONFIG_X86_32 154 155#define FLAG_MASK FLAG_MASK_32 156 157static unsigned long *pt_regs_access(struct pt_regs *regs, unsigned long regno) 158{ 159 BUILD_BUG_ON(offsetof(struct pt_regs, bx) != 0); 160 return ®s->bx + (regno >> 2); 161} 162 163static u16 get_segment_reg(struct task_struct *task, unsigned long offset) 164{ 165 /* 166 * Returning the value truncates it to 16 bits. 167 */ 168 unsigned int retval; 169 if (offset != offsetof(struct user_regs_struct, gs)) 170 retval = *pt_regs_access(task_pt_regs(task), offset); 171 else { 172 if (task == current) 173 savesegment(gs, retval); 174 else 175 retval = task->thread.gs; 176 } 177 return retval; 178} 179 180static int set_segment_reg(struct task_struct *task, 181 unsigned long offset, u16 value) 182{ 183 if (WARN_ON_ONCE(task == current)) 184 return -EIO; 185 186 /* 187 * The value argument was already truncated to 16 bits. 188 */ 189 if (invalid_selector(value)) 190 return -EIO; 191 192 /* 193 * For %cs and %ss we cannot permit a null selector. 194 * We can permit a bogus selector as long as it has USER_RPL. 195 * Null selectors are fine for other segment registers, but 196 * we will never get back to user mode with invalid %cs or %ss 197 * and will take the trap in iret instead. Much code relies 198 * on user_mode() to distinguish a user trap frame (which can 199 * safely use invalid selectors) from a kernel trap frame. 200 */ 201 switch (offset) { 202 case offsetof(struct user_regs_struct, cs): 203 case offsetof(struct user_regs_struct, ss): 204 if (unlikely(value == 0)) 205 return -EIO; 206 fallthrough; 207 208 default: 209 *pt_regs_access(task_pt_regs(task), offset) = value; 210 break; 211 212 case offsetof(struct user_regs_struct, gs): 213 task->thread.gs = value; 214 } 215 216 return 0; 217} 218 219#else /* CONFIG_X86_64 */ 220 221#define FLAG_MASK (FLAG_MASK_32 | X86_EFLAGS_NT) 222 223static unsigned long *pt_regs_access(struct pt_regs *regs, unsigned long offset) 224{ 225 BUILD_BUG_ON(offsetof(struct pt_regs, r15) != 0); 226 return ®s->r15 + (offset / sizeof(regs->r15)); 227} 228 229static u16 get_segment_reg(struct task_struct *task, unsigned long offset) 230{ 231 /* 232 * Returning the value truncates it to 16 bits. 233 */ 234 unsigned int seg; 235 236 switch (offset) { 237 case offsetof(struct user_regs_struct, fs): 238 if (task == current) { 239 /* Older gas can't assemble movq %?s,%r?? */ 240 asm("movl %%fs,%0" : "=r" (seg)); 241 return seg; 242 } 243 return task->thread.fsindex; 244 case offsetof(struct user_regs_struct, gs): 245 if (task == current) { 246 asm("movl %%gs,%0" : "=r" (seg)); 247 return seg; 248 } 249 return task->thread.gsindex; 250 case offsetof(struct user_regs_struct, ds): 251 if (task == current) { 252 asm("movl %%ds,%0" : "=r" (seg)); 253 return seg; 254 } 255 return task->thread.ds; 256 case offsetof(struct user_regs_struct, es): 257 if (task == current) { 258 asm("movl %%es,%0" : "=r" (seg)); 259 return seg; 260 } 261 return task->thread.es; 262 263 case offsetof(struct user_regs_struct, cs): 264 case offsetof(struct user_regs_struct, ss): 265 break; 266 } 267 return *pt_regs_access(task_pt_regs(task), offset); 268} 269 270static int set_segment_reg(struct task_struct *task, 271 unsigned long offset, u16 value) 272{ 273 if (WARN_ON_ONCE(task == current)) 274 return -EIO; 275 276 /* 277 * The value argument was already truncated to 16 bits. 278 */ 279 if (invalid_selector(value)) 280 return -EIO; 281 282 /* 283 * Writes to FS and GS will change the stored selector. Whether 284 * this changes the segment base as well depends on whether 285 * FSGSBASE is enabled. 286 */ 287 288 switch (offset) { 289 case offsetof(struct user_regs_struct,fs): 290 task->thread.fsindex = value; 291 break; 292 case offsetof(struct user_regs_struct,gs): 293 task->thread.gsindex = value; 294 break; 295 case offsetof(struct user_regs_struct,ds): 296 task->thread.ds = value; 297 break; 298 case offsetof(struct user_regs_struct,es): 299 task->thread.es = value; 300 break; 301 302 /* 303 * Can't actually change these in 64-bit mode. 304 */ 305 case offsetof(struct user_regs_struct,cs): 306 if (unlikely(value == 0)) 307 return -EIO; 308 task_pt_regs(task)->cs = value; 309 break; 310 case offsetof(struct user_regs_struct,ss): 311 if (unlikely(value == 0)) 312 return -EIO; 313 task_pt_regs(task)->ss = value; 314 break; 315 } 316 317 return 0; 318} 319 320#endif /* CONFIG_X86_32 */ 321 322static unsigned long get_flags(struct task_struct *task) 323{ 324 unsigned long retval = task_pt_regs(task)->flags; 325 326 /* 327 * If the debugger set TF, hide it from the readout. 328 */ 329 if (test_tsk_thread_flag(task, TIF_FORCED_TF)) 330 retval &= ~X86_EFLAGS_TF; 331 332 return retval; 333} 334 335static int set_flags(struct task_struct *task, unsigned long value) 336{ 337 struct pt_regs *regs = task_pt_regs(task); 338 339 /* 340 * If the user value contains TF, mark that 341 * it was not "us" (the debugger) that set it. 342 * If not, make sure it stays set if we had. 343 */ 344 if (value & X86_EFLAGS_TF) 345 clear_tsk_thread_flag(task, TIF_FORCED_TF); 346 else if (test_tsk_thread_flag(task, TIF_FORCED_TF)) 347 value |= X86_EFLAGS_TF; 348 349 regs->flags = (regs->flags & ~FLAG_MASK) | (value & FLAG_MASK); 350 351 return 0; 352} 353 354static int putreg(struct task_struct *child, 355 unsigned long offset, unsigned long value) 356{ 357 switch (offset) { 358 case offsetof(struct user_regs_struct, cs): 359 case offsetof(struct user_regs_struct, ds): 360 case offsetof(struct user_regs_struct, es): 361 case offsetof(struct user_regs_struct, fs): 362 case offsetof(struct user_regs_struct, gs): 363 case offsetof(struct user_regs_struct, ss): 364 return set_segment_reg(child, offset, value); 365 366 case offsetof(struct user_regs_struct, flags): 367 return set_flags(child, value); 368 369#ifdef CONFIG_X86_64 370 case offsetof(struct user_regs_struct,fs_base): 371 if (value >= TASK_SIZE_MAX) 372 return -EIO; 373 x86_fsbase_write_task(child, value); 374 return 0; 375 case offsetof(struct user_regs_struct,gs_base): 376 if (value >= TASK_SIZE_MAX) 377 return -EIO; 378 x86_gsbase_write_task(child, value); 379 return 0; 380#endif 381 } 382 383 *pt_regs_access(task_pt_regs(child), offset) = value; 384 return 0; 385} 386 387static unsigned long getreg(struct task_struct *task, unsigned long offset) 388{ 389 switch (offset) { 390 case offsetof(struct user_regs_struct, cs): 391 case offsetof(struct user_regs_struct, ds): 392 case offsetof(struct user_regs_struct, es): 393 case offsetof(struct user_regs_struct, fs): 394 case offsetof(struct user_regs_struct, gs): 395 case offsetof(struct user_regs_struct, ss): 396 return get_segment_reg(task, offset); 397 398 case offsetof(struct user_regs_struct, flags): 399 return get_flags(task); 400 401#ifdef CONFIG_X86_64 402 case offsetof(struct user_regs_struct, fs_base): 403 return x86_fsbase_read_task(task); 404 case offsetof(struct user_regs_struct, gs_base): 405 return x86_gsbase_read_task(task); 406#endif 407 } 408 409 return *pt_regs_access(task_pt_regs(task), offset); 410} 411 412static int genregs_get(struct task_struct *target, 413 const struct user_regset *regset, 414 struct membuf to) 415{ 416 int reg; 417 418 for (reg = 0; to.left; reg++) 419 membuf_store(&to, getreg(target, reg * sizeof(unsigned long))); 420 return 0; 421} 422 423static int genregs_set(struct task_struct *target, 424 const struct user_regset *regset, 425 unsigned int pos, unsigned int count, 426 const void *kbuf, const void __user *ubuf) 427{ 428 int ret = 0; 429 if (kbuf) { 430 const unsigned long *k = kbuf; 431 while (count >= sizeof(*k) && !ret) { 432 ret = putreg(target, pos, *k++); 433 count -= sizeof(*k); 434 pos += sizeof(*k); 435 } 436 } else { 437 const unsigned long __user *u = ubuf; 438 while (count >= sizeof(*u) && !ret) { 439 unsigned long word; 440 ret = __get_user(word, u++); 441 if (ret) 442 break; 443 ret = putreg(target, pos, word); 444 count -= sizeof(*u); 445 pos += sizeof(*u); 446 } 447 } 448 return ret; 449} 450 451static void ptrace_triggered(struct perf_event *bp, 452 struct perf_sample_data *data, 453 struct pt_regs *regs) 454{ 455 int i; 456 struct thread_struct *thread = &(current->thread); 457 458 /* 459 * Store in the virtual DR6 register the fact that the breakpoint 460 * was hit so the thread's debugger will see it. 461 */ 462 for (i = 0; i < HBP_NUM; i++) { 463 if (thread->ptrace_bps[i] == bp) 464 break; 465 } 466 467 thread->virtual_dr6 |= (DR_TRAP0 << i); 468} 469 470/* 471 * Walk through every ptrace breakpoints for this thread and 472 * build the dr7 value on top of their attributes. 473 * 474 */ 475static unsigned long ptrace_get_dr7(struct perf_event *bp[]) 476{ 477 int i; 478 int dr7 = 0; 479 struct arch_hw_breakpoint *info; 480 481 for (i = 0; i < HBP_NUM; i++) { 482 if (bp[i] && !bp[i]->attr.disabled) { 483 info = counter_arch_bp(bp[i]); 484 dr7 |= encode_dr7(i, info->len, info->type); 485 } 486 } 487 488 return dr7; 489} 490 491static int ptrace_fill_bp_fields(struct perf_event_attr *attr, 492 int len, int type, bool disabled) 493{ 494 int err, bp_len, bp_type; 495 496 err = arch_bp_generic_fields(len, type, &bp_len, &bp_type); 497 if (!err) { 498 attr->bp_len = bp_len; 499 attr->bp_type = bp_type; 500 attr->disabled = disabled; 501 } 502 503 return err; 504} 505 506static struct perf_event * 507ptrace_register_breakpoint(struct task_struct *tsk, int len, int type, 508 unsigned long addr, bool disabled) 509{ 510 struct perf_event_attr attr; 511 int err; 512 513 ptrace_breakpoint_init(&attr); 514 attr.bp_addr = addr; 515 516 err = ptrace_fill_bp_fields(&attr, len, type, disabled); 517 if (err) 518 return ERR_PTR(err); 519 520 return register_user_hw_breakpoint(&attr, ptrace_triggered, 521 NULL, tsk); 522} 523 524static int ptrace_modify_breakpoint(struct perf_event *bp, int len, int type, 525 int disabled) 526{ 527 struct perf_event_attr attr = bp->attr; 528 int err; 529 530 err = ptrace_fill_bp_fields(&attr, len, type, disabled); 531 if (err) 532 return err; 533 534 return modify_user_hw_breakpoint(bp, &attr); 535} 536 537/* 538 * Handle ptrace writes to debug register 7. 539 */ 540static int ptrace_write_dr7(struct task_struct *tsk, unsigned long data) 541{ 542 struct thread_struct *thread = &tsk->thread; 543 unsigned long old_dr7; 544 bool second_pass = false; 545 int i, rc, ret = 0; 546 547 data &= ~DR_CONTROL_RESERVED; 548 old_dr7 = ptrace_get_dr7(thread->ptrace_bps); 549 550restore: 551 rc = 0; 552 for (i = 0; i < HBP_NUM; i++) { 553 unsigned len, type; 554 bool disabled = !decode_dr7(data, i, &len, &type); 555 struct perf_event *bp = thread->ptrace_bps[i]; 556 557 if (!bp) { 558 if (disabled) 559 continue; 560 561 bp = ptrace_register_breakpoint(tsk, 562 len, type, 0, disabled); 563 if (IS_ERR(bp)) { 564 rc = PTR_ERR(bp); 565 break; 566 } 567 568 thread->ptrace_bps[i] = bp; 569 continue; 570 } 571 572 rc = ptrace_modify_breakpoint(bp, len, type, disabled); 573 if (rc) 574 break; 575 } 576 577 /* Restore if the first pass failed, second_pass shouldn't fail. */ 578 if (rc && !WARN_ON(second_pass)) { 579 ret = rc; 580 data = old_dr7; 581 second_pass = true; 582 goto restore; 583 } 584 585 return ret; 586} 587 588/* 589 * Handle PTRACE_PEEKUSR calls for the debug register area. 590 */ 591static unsigned long ptrace_get_debugreg(struct task_struct *tsk, int n) 592{ 593 struct thread_struct *thread = &tsk->thread; 594 unsigned long val = 0; 595 596 if (n < HBP_NUM) { 597 int index = array_index_nospec(n, HBP_NUM); 598 struct perf_event *bp = thread->ptrace_bps[index]; 599 600 if (bp) 601 val = bp->hw.info.address; 602 } else if (n == 6) { 603 val = thread->virtual_dr6 ^ DR6_RESERVED; /* Flip back to arch polarity */ 604 } else if (n == 7) { 605 val = thread->ptrace_dr7; 606 } 607 return val; 608} 609 610static int ptrace_set_breakpoint_addr(struct task_struct *tsk, int nr, 611 unsigned long addr) 612{ 613 struct thread_struct *t = &tsk->thread; 614 struct perf_event *bp = t->ptrace_bps[nr]; 615 int err = 0; 616 617 if (!bp) { 618 /* 619 * Put stub len and type to create an inactive but correct bp. 620 * 621 * CHECKME: the previous code returned -EIO if the addr wasn't 622 * a valid task virtual addr. The new one will return -EINVAL in 623 * this case. 624 * -EINVAL may be what we want for in-kernel breakpoints users, 625 * but -EIO looks better for ptrace, since we refuse a register 626 * writing for the user. And anyway this is the previous 627 * behaviour. 628 */ 629 bp = ptrace_register_breakpoint(tsk, 630 X86_BREAKPOINT_LEN_1, X86_BREAKPOINT_WRITE, 631 addr, true); 632 if (IS_ERR(bp)) 633 err = PTR_ERR(bp); 634 else 635 t->ptrace_bps[nr] = bp; 636 } else { 637 struct perf_event_attr attr = bp->attr; 638 639 attr.bp_addr = addr; 640 err = modify_user_hw_breakpoint(bp, &attr); 641 } 642 643 return err; 644} 645 646/* 647 * Handle PTRACE_POKEUSR calls for the debug register area. 648 */ 649static int ptrace_set_debugreg(struct task_struct *tsk, int n, 650 unsigned long val) 651{ 652 struct thread_struct *thread = &tsk->thread; 653 /* There are no DR4 or DR5 registers */ 654 int rc = -EIO; 655 656 if (n < HBP_NUM) { 657 rc = ptrace_set_breakpoint_addr(tsk, n, val); 658 } else if (n == 6) { 659 thread->virtual_dr6 = val ^ DR6_RESERVED; /* Flip to positive polarity */ 660 rc = 0; 661 } else if (n == 7) { 662 rc = ptrace_write_dr7(tsk, val); 663 if (!rc) 664 thread->ptrace_dr7 = val; 665 } 666 return rc; 667} 668 669/* 670 * These access the current or another (stopped) task's io permission 671 * bitmap for debugging or core dump. 672 */ 673static int ioperm_active(struct task_struct *target, 674 const struct user_regset *regset) 675{ 676 struct io_bitmap *iobm = target->thread.io_bitmap; 677 678 return iobm ? DIV_ROUND_UP(iobm->max, regset->size) : 0; 679} 680 681static int ioperm_get(struct task_struct *target, 682 const struct user_regset *regset, 683 struct membuf to) 684{ 685 struct io_bitmap *iobm = target->thread.io_bitmap; 686 687 if (!iobm) 688 return -ENXIO; 689 690 return membuf_write(&to, iobm->bitmap, IO_BITMAP_BYTES); 691} 692 693/* 694 * Called by kernel/ptrace.c when detaching.. 695 * 696 * Make sure the single step bit is not set. 697 */ 698void ptrace_disable(struct task_struct *child) 699{ 700 user_disable_single_step(child); 701} 702 703#if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION 704static const struct user_regset_view user_x86_32_view; /* Initialized below. */ 705#endif 706#ifdef CONFIG_X86_64 707static const struct user_regset_view user_x86_64_view; /* Initialized below. */ 708#endif 709 710long arch_ptrace(struct task_struct *child, long request, 711 unsigned long addr, unsigned long data) 712{ 713 int ret; 714 unsigned long __user *datap = (unsigned long __user *)data; 715 716#ifdef CONFIG_X86_64 717 /* This is native 64-bit ptrace() */ 718 const struct user_regset_view *regset_view = &user_x86_64_view; 719#else 720 /* This is native 32-bit ptrace() */ 721 const struct user_regset_view *regset_view = &user_x86_32_view; 722#endif 723 724 switch (request) { 725 /* read the word at location addr in the USER area. */ 726 case PTRACE_PEEKUSR: { 727 unsigned long tmp; 728 729 ret = -EIO; 730 if ((addr & (sizeof(data) - 1)) || addr >= sizeof(struct user)) 731 break; 732 733 tmp = 0; /* Default return condition */ 734 if (addr < sizeof(struct user_regs_struct)) 735 tmp = getreg(child, addr); 736 else if (addr >= offsetof(struct user, u_debugreg[0]) && 737 addr <= offsetof(struct user, u_debugreg[7])) { 738 addr -= offsetof(struct user, u_debugreg[0]); 739 tmp = ptrace_get_debugreg(child, addr / sizeof(data)); 740 } 741 ret = put_user(tmp, datap); 742 break; 743 } 744 745 case PTRACE_POKEUSR: /* write the word at location addr in the USER area */ 746 ret = -EIO; 747 if ((addr & (sizeof(data) - 1)) || addr >= sizeof(struct user)) 748 break; 749 750 if (addr < sizeof(struct user_regs_struct)) 751 ret = putreg(child, addr, data); 752 else if (addr >= offsetof(struct user, u_debugreg[0]) && 753 addr <= offsetof(struct user, u_debugreg[7])) { 754 addr -= offsetof(struct user, u_debugreg[0]); 755 ret = ptrace_set_debugreg(child, 756 addr / sizeof(data), data); 757 } 758 break; 759 760 case PTRACE_GETREGS: /* Get all gp regs from the child. */ 761 return copy_regset_to_user(child, 762 regset_view, 763 REGSET_GENERAL, 764 0, sizeof(struct user_regs_struct), 765 datap); 766 767 case PTRACE_SETREGS: /* Set all gp regs in the child. */ 768 return copy_regset_from_user(child, 769 regset_view, 770 REGSET_GENERAL, 771 0, sizeof(struct user_regs_struct), 772 datap); 773 774 case PTRACE_GETFPREGS: /* Get the child FPU state. */ 775 return copy_regset_to_user(child, 776 regset_view, 777 REGSET_FP, 778 0, sizeof(struct user_i387_struct), 779 datap); 780 781 case PTRACE_SETFPREGS: /* Set the child FPU state. */ 782 return copy_regset_from_user(child, 783 regset_view, 784 REGSET_FP, 785 0, sizeof(struct user_i387_struct), 786 datap); 787 788#ifdef CONFIG_X86_32 789 case PTRACE_GETFPXREGS: /* Get the child extended FPU state. */ 790 return copy_regset_to_user(child, &user_x86_32_view, 791 REGSET_XFP, 792 0, sizeof(struct user_fxsr_struct), 793 datap) ? -EIO : 0; 794 795 case PTRACE_SETFPXREGS: /* Set the child extended FPU state. */ 796 return copy_regset_from_user(child, &user_x86_32_view, 797 REGSET_XFP, 798 0, sizeof(struct user_fxsr_struct), 799 datap) ? -EIO : 0; 800#endif 801 802#if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION 803 case PTRACE_GET_THREAD_AREA: 804 if ((int) addr < 0) 805 return -EIO; 806 ret = do_get_thread_area(child, addr, 807 (struct user_desc __user *)data); 808 break; 809 810 case PTRACE_SET_THREAD_AREA: 811 if ((int) addr < 0) 812 return -EIO; 813 ret = do_set_thread_area(child, addr, 814 (struct user_desc __user *)data, 0); 815 break; 816#endif 817 818#ifdef CONFIG_X86_64 819 /* normal 64bit interface to access TLS data. 820 Works just like arch_prctl, except that the arguments 821 are reversed. */ 822 case PTRACE_ARCH_PRCTL: 823 ret = do_arch_prctl_64(child, data, addr); 824 break; 825#endif 826 827 default: 828 ret = ptrace_request(child, request, addr, data); 829 break; 830 } 831 832 return ret; 833} 834 835#ifdef CONFIG_IA32_EMULATION 836 837#include <linux/compat.h> 838#include <linux/syscalls.h> 839#include <asm/ia32.h> 840#include <asm/user32.h> 841 842#define R32(l,q) \ 843 case offsetof(struct user32, regs.l): \ 844 regs->q = value; break 845 846#define SEG32(rs) \ 847 case offsetof(struct user32, regs.rs): \ 848 return set_segment_reg(child, \ 849 offsetof(struct user_regs_struct, rs), \ 850 value); \ 851 break 852 853static int putreg32(struct task_struct *child, unsigned regno, u32 value) 854{ 855 struct pt_regs *regs = task_pt_regs(child); 856 int ret; 857 858 switch (regno) { 859 860 SEG32(cs); 861 SEG32(ds); 862 SEG32(es); 863 864 /* 865 * A 32-bit ptracer on a 64-bit kernel expects that writing 866 * FS or GS will also update the base. This is needed for 867 * operations like PTRACE_SETREGS to fully restore a saved 868 * CPU state. 869 */ 870 871 case offsetof(struct user32, regs.fs): 872 ret = set_segment_reg(child, 873 offsetof(struct user_regs_struct, fs), 874 value); 875 if (ret == 0) 876 child->thread.fsbase = 877 x86_fsgsbase_read_task(child, value); 878 return ret; 879 880 case offsetof(struct user32, regs.gs): 881 ret = set_segment_reg(child, 882 offsetof(struct user_regs_struct, gs), 883 value); 884 if (ret == 0) 885 child->thread.gsbase = 886 x86_fsgsbase_read_task(child, value); 887 return ret; 888 889 SEG32(ss); 890 891 R32(ebx, bx); 892 R32(ecx, cx); 893 R32(edx, dx); 894 R32(edi, di); 895 R32(esi, si); 896 R32(ebp, bp); 897 R32(eax, ax); 898 R32(eip, ip); 899 R32(esp, sp); 900 901 case offsetof(struct user32, regs.orig_eax): 902 /* 903 * Warning: bizarre corner case fixup here. A 32-bit 904 * debugger setting orig_eax to -1 wants to disable 905 * syscall restart. Make sure that the syscall 906 * restart code sign-extends orig_ax. Also make sure 907 * we interpret the -ERESTART* codes correctly if 908 * loaded into regs->ax in case the task is not 909 * actually still sitting at the exit from a 32-bit 910 * syscall with TS_COMPAT still set. 911 */ 912 regs->orig_ax = value; 913 if (syscall_get_nr(child, regs) != -1) 914 child->thread_info.status |= TS_I386_REGS_POKED; 915 break; 916 917 case offsetof(struct user32, regs.eflags): 918 return set_flags(child, value); 919 920 case offsetof(struct user32, u_debugreg[0]) ... 921 offsetof(struct user32, u_debugreg[7]): 922 regno -= offsetof(struct user32, u_debugreg[0]); 923 return ptrace_set_debugreg(child, regno / 4, value); 924 925 default: 926 if (regno > sizeof(struct user32) || (regno & 3)) 927 return -EIO; 928 929 /* 930 * Other dummy fields in the virtual user structure 931 * are ignored 932 */ 933 break; 934 } 935 return 0; 936} 937 938#undef R32 939#undef SEG32 940 941#define R32(l,q) \ 942 case offsetof(struct user32, regs.l): \ 943 *val = regs->q; break 944 945#define SEG32(rs) \ 946 case offsetof(struct user32, regs.rs): \ 947 *val = get_segment_reg(child, \ 948 offsetof(struct user_regs_struct, rs)); \ 949 break 950 951static int getreg32(struct task_struct *child, unsigned regno, u32 *val) 952{ 953 struct pt_regs *regs = task_pt_regs(child); 954 955 switch (regno) { 956 957 SEG32(ds); 958 SEG32(es); 959 SEG32(fs); 960 SEG32(gs); 961 962 R32(cs, cs); 963 R32(ss, ss); 964 R32(ebx, bx); 965 R32(ecx, cx); 966 R32(edx, dx); 967 R32(edi, di); 968 R32(esi, si); 969 R32(ebp, bp); 970 R32(eax, ax); 971 R32(orig_eax, orig_ax); 972 R32(eip, ip); 973 R32(esp, sp); 974 975 case offsetof(struct user32, regs.eflags): 976 *val = get_flags(child); 977 break; 978 979 case offsetof(struct user32, u_debugreg[0]) ... 980 offsetof(struct user32, u_debugreg[7]): 981 regno -= offsetof(struct user32, u_debugreg[0]); 982 *val = ptrace_get_debugreg(child, regno / 4); 983 break; 984 985 default: 986 if (regno > sizeof(struct user32) || (regno & 3)) 987 return -EIO; 988 989 /* 990 * Other dummy fields in the virtual user structure 991 * are ignored 992 */ 993 *val = 0; 994 break; 995 } 996 return 0; 997} 998 999#undef R32 1000#undef SEG32 1001 1002static int genregs32_get(struct task_struct *target, 1003 const struct user_regset *regset, 1004 struct membuf to) 1005{ 1006 int reg; 1007 1008 for (reg = 0; to.left; reg++) { 1009 u32 val; 1010 getreg32(target, reg * 4, &val); 1011 membuf_store(&to, val); 1012 } 1013 return 0; 1014} 1015 1016static int genregs32_set(struct task_struct *target, 1017 const struct user_regset *regset, 1018 unsigned int pos, unsigned int count, 1019 const void *kbuf, const void __user *ubuf) 1020{ 1021 int ret = 0; 1022 if (kbuf) { 1023 const compat_ulong_t *k = kbuf; 1024 while (count >= sizeof(*k) && !ret) { 1025 ret = putreg32(target, pos, *k++); 1026 count -= sizeof(*k); 1027 pos += sizeof(*k); 1028 } 1029 } else { 1030 const compat_ulong_t __user *u = ubuf; 1031 while (count >= sizeof(*u) && !ret) { 1032 compat_ulong_t word; 1033 ret = __get_user(word, u++); 1034 if (ret) 1035 break; 1036 ret = putreg32(target, pos, word); 1037 count -= sizeof(*u); 1038 pos += sizeof(*u); 1039 } 1040 } 1041 return ret; 1042} 1043 1044static long ia32_arch_ptrace(struct task_struct *child, compat_long_t request, 1045 compat_ulong_t caddr, compat_ulong_t cdata) 1046{ 1047 unsigned long addr = caddr; 1048 unsigned long data = cdata; 1049 void __user *datap = compat_ptr(data); 1050 int ret; 1051 __u32 val; 1052 1053 switch (request) { 1054 case PTRACE_PEEKUSR: 1055 ret = getreg32(child, addr, &val); 1056 if (ret == 0) 1057 ret = put_user(val, (__u32 __user *)datap); 1058 break; 1059 1060 case PTRACE_POKEUSR: 1061 ret = putreg32(child, addr, data); 1062 break; 1063 1064 case PTRACE_GETREGS: /* Get all gp regs from the child. */ 1065 return copy_regset_to_user(child, &user_x86_32_view, 1066 REGSET_GENERAL, 1067 0, sizeof(struct user_regs_struct32), 1068 datap); 1069 1070 case PTRACE_SETREGS: /* Set all gp regs in the child. */ 1071 return copy_regset_from_user(child, &user_x86_32_view, 1072 REGSET_GENERAL, 0, 1073 sizeof(struct user_regs_struct32), 1074 datap); 1075 1076 case PTRACE_GETFPREGS: /* Get the child FPU state. */ 1077 return copy_regset_to_user(child, &user_x86_32_view, 1078 REGSET_FP, 0, 1079 sizeof(struct user_i387_ia32_struct), 1080 datap); 1081 1082 case PTRACE_SETFPREGS: /* Set the child FPU state. */ 1083 return copy_regset_from_user( 1084 child, &user_x86_32_view, REGSET_FP, 1085 0, sizeof(struct user_i387_ia32_struct), datap); 1086 1087 case PTRACE_GETFPXREGS: /* Get the child extended FPU state. */ 1088 return copy_regset_to_user(child, &user_x86_32_view, 1089 REGSET_XFP, 0, 1090 sizeof(struct user32_fxsr_struct), 1091 datap); 1092 1093 case PTRACE_SETFPXREGS: /* Set the child extended FPU state. */ 1094 return copy_regset_from_user(child, &user_x86_32_view, 1095 REGSET_XFP, 0, 1096 sizeof(struct user32_fxsr_struct), 1097 datap); 1098 1099 case PTRACE_GET_THREAD_AREA: 1100 case PTRACE_SET_THREAD_AREA: 1101 return arch_ptrace(child, request, addr, data); 1102 1103 default: 1104 return compat_ptrace_request(child, request, addr, data); 1105 } 1106 1107 return ret; 1108} 1109#endif /* CONFIG_IA32_EMULATION */ 1110 1111#ifdef CONFIG_X86_X32_ABI 1112static long x32_arch_ptrace(struct task_struct *child, 1113 compat_long_t request, compat_ulong_t caddr, 1114 compat_ulong_t cdata) 1115{ 1116 unsigned long addr = caddr; 1117 unsigned long data = cdata; 1118 void __user *datap = compat_ptr(data); 1119 int ret; 1120 1121 switch (request) { 1122 /* Read 32bits at location addr in the USER area. Only allow 1123 to return the lower 32bits of segment and debug registers. */ 1124 case PTRACE_PEEKUSR: { 1125 u32 tmp; 1126 1127 ret = -EIO; 1128 if ((addr & (sizeof(data) - 1)) || addr >= sizeof(struct user) || 1129 addr < offsetof(struct user_regs_struct, cs)) 1130 break; 1131 1132 tmp = 0; /* Default return condition */ 1133 if (addr < sizeof(struct user_regs_struct)) 1134 tmp = getreg(child, addr); 1135 else if (addr >= offsetof(struct user, u_debugreg[0]) && 1136 addr <= offsetof(struct user, u_debugreg[7])) { 1137 addr -= offsetof(struct user, u_debugreg[0]); 1138 tmp = ptrace_get_debugreg(child, addr / sizeof(data)); 1139 } 1140 ret = put_user(tmp, (__u32 __user *)datap); 1141 break; 1142 } 1143 1144 /* Write the word at location addr in the USER area. Only allow 1145 to update segment and debug registers with the upper 32bits 1146 zero-extended. */ 1147 case PTRACE_POKEUSR: 1148 ret = -EIO; 1149 if ((addr & (sizeof(data) - 1)) || addr >= sizeof(struct user) || 1150 addr < offsetof(struct user_regs_struct, cs)) 1151 break; 1152 1153 if (addr < sizeof(struct user_regs_struct)) 1154 ret = putreg(child, addr, data); 1155 else if (addr >= offsetof(struct user, u_debugreg[0]) && 1156 addr <= offsetof(struct user, u_debugreg[7])) { 1157 addr -= offsetof(struct user, u_debugreg[0]); 1158 ret = ptrace_set_debugreg(child, 1159 addr / sizeof(data), data); 1160 } 1161 break; 1162 1163 case PTRACE_GETREGS: /* Get all gp regs from the child. */ 1164 return copy_regset_to_user(child, 1165 &user_x86_64_view, 1166 REGSET_GENERAL, 1167 0, sizeof(struct user_regs_struct), 1168 datap); 1169 1170 case PTRACE_SETREGS: /* Set all gp regs in the child. */ 1171 return copy_regset_from_user(child, 1172 &user_x86_64_view, 1173 REGSET_GENERAL, 1174 0, sizeof(struct user_regs_struct), 1175 datap); 1176 1177 case PTRACE_GETFPREGS: /* Get the child FPU state. */ 1178 return copy_regset_to_user(child, 1179 &user_x86_64_view, 1180 REGSET_FP, 1181 0, sizeof(struct user_i387_struct), 1182 datap); 1183 1184 case PTRACE_SETFPREGS: /* Set the child FPU state. */ 1185 return copy_regset_from_user(child, 1186 &user_x86_64_view, 1187 REGSET_FP, 1188 0, sizeof(struct user_i387_struct), 1189 datap); 1190 1191 default: 1192 return compat_ptrace_request(child, request, addr, data); 1193 } 1194 1195 return ret; 1196} 1197#endif 1198 1199#ifdef CONFIG_COMPAT 1200long compat_arch_ptrace(struct task_struct *child, compat_long_t request, 1201 compat_ulong_t caddr, compat_ulong_t cdata) 1202{ 1203#ifdef CONFIG_X86_X32_ABI 1204 if (!in_ia32_syscall()) 1205 return x32_arch_ptrace(child, request, caddr, cdata); 1206#endif 1207#ifdef CONFIG_IA32_EMULATION 1208 return ia32_arch_ptrace(child, request, caddr, cdata); 1209#else 1210 return 0; 1211#endif 1212} 1213#endif /* CONFIG_COMPAT */ 1214 1215#ifdef CONFIG_X86_64 1216 1217static struct user_regset x86_64_regsets[] __ro_after_init = { 1218 [REGSET_GENERAL] = { 1219 .core_note_type = NT_PRSTATUS, 1220 .n = sizeof(struct user_regs_struct) / sizeof(long), 1221 .size = sizeof(long), .align = sizeof(long), 1222 .regset_get = genregs_get, .set = genregs_set 1223 }, 1224 [REGSET_FP] = { 1225 .core_note_type = NT_PRFPREG, 1226 .n = sizeof(struct fxregs_state) / sizeof(long), 1227 .size = sizeof(long), .align = sizeof(long), 1228 .active = regset_xregset_fpregs_active, .regset_get = xfpregs_get, .set = xfpregs_set 1229 }, 1230 [REGSET_XSTATE] = { 1231 .core_note_type = NT_X86_XSTATE, 1232 .size = sizeof(u64), .align = sizeof(u64), 1233 .active = xstateregs_active, .regset_get = xstateregs_get, 1234 .set = xstateregs_set 1235 }, 1236 [REGSET_IOPERM64] = { 1237 .core_note_type = NT_386_IOPERM, 1238 .n = IO_BITMAP_LONGS, 1239 .size = sizeof(long), .align = sizeof(long), 1240 .active = ioperm_active, .regset_get = ioperm_get 1241 }, 1242}; 1243 1244static const struct user_regset_view user_x86_64_view = { 1245 .name = "x86_64", .e_machine = EM_X86_64, 1246 .regsets = x86_64_regsets, .n = ARRAY_SIZE(x86_64_regsets) 1247}; 1248 1249#else /* CONFIG_X86_32 */ 1250 1251#define user_regs_struct32 user_regs_struct 1252#define genregs32_get genregs_get 1253#define genregs32_set genregs_set 1254 1255#endif /* CONFIG_X86_64 */ 1256 1257#if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION 1258static struct user_regset x86_32_regsets[] __ro_after_init = { 1259 [REGSET_GENERAL] = { 1260 .core_note_type = NT_PRSTATUS, 1261 .n = sizeof(struct user_regs_struct32) / sizeof(u32), 1262 .size = sizeof(u32), .align = sizeof(u32), 1263 .regset_get = genregs32_get, .set = genregs32_set 1264 }, 1265 [REGSET_FP] = { 1266 .core_note_type = NT_PRFPREG, 1267 .n = sizeof(struct user_i387_ia32_struct) / sizeof(u32), 1268 .size = sizeof(u32), .align = sizeof(u32), 1269 .active = regset_fpregs_active, .regset_get = fpregs_get, .set = fpregs_set 1270 }, 1271 [REGSET_XFP] = { 1272 .core_note_type = NT_PRXFPREG, 1273 .n = sizeof(struct fxregs_state) / sizeof(u32), 1274 .size = sizeof(u32), .align = sizeof(u32), 1275 .active = regset_xregset_fpregs_active, .regset_get = xfpregs_get, .set = xfpregs_set 1276 }, 1277 [REGSET_XSTATE] = { 1278 .core_note_type = NT_X86_XSTATE, 1279 .size = sizeof(u64), .align = sizeof(u64), 1280 .active = xstateregs_active, .regset_get = xstateregs_get, 1281 .set = xstateregs_set 1282 }, 1283 [REGSET_TLS] = { 1284 .core_note_type = NT_386_TLS, 1285 .n = GDT_ENTRY_TLS_ENTRIES, .bias = GDT_ENTRY_TLS_MIN, 1286 .size = sizeof(struct user_desc), 1287 .align = sizeof(struct user_desc), 1288 .active = regset_tls_active, 1289 .regset_get = regset_tls_get, .set = regset_tls_set 1290 }, 1291 [REGSET_IOPERM32] = { 1292 .core_note_type = NT_386_IOPERM, 1293 .n = IO_BITMAP_BYTES / sizeof(u32), 1294 .size = sizeof(u32), .align = sizeof(u32), 1295 .active = ioperm_active, .regset_get = ioperm_get 1296 }, 1297}; 1298 1299static const struct user_regset_view user_x86_32_view = { 1300 .name = "i386", .e_machine = EM_386, 1301 .regsets = x86_32_regsets, .n = ARRAY_SIZE(x86_32_regsets) 1302}; 1303#endif 1304 1305/* 1306 * This represents bytes 464..511 in the memory layout exported through 1307 * the REGSET_XSTATE interface. 1308 */ 1309u64 xstate_fx_sw_bytes[USER_XSTATE_FX_SW_WORDS]; 1310 1311void __init update_regset_xstate_info(unsigned int size, u64 xstate_mask) 1312{ 1313#ifdef CONFIG_X86_64 1314 x86_64_regsets[REGSET_XSTATE].n = size / sizeof(u64); 1315#endif 1316#if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION 1317 x86_32_regsets[REGSET_XSTATE].n = size / sizeof(u64); 1318#endif 1319 xstate_fx_sw_bytes[USER_XSTATE_XCR0_WORD] = xstate_mask; 1320} 1321 1322/* 1323 * This is used by the core dump code to decide which regset to dump. The 1324 * core dump code writes out the resulting .e_machine and the corresponding 1325 * regsets. This is suboptimal if the task is messing around with its CS.L 1326 * field, but at worst the core dump will end up missing some information. 1327 * 1328 * Unfortunately, it is also used by the broken PTRACE_GETREGSET and 1329 * PTRACE_SETREGSET APIs. These APIs look at the .regsets field but have 1330 * no way to make sure that the e_machine they use matches the caller's 1331 * expectations. The result is that the data format returned by 1332 * PTRACE_GETREGSET depends on the returned CS field (and even the offset 1333 * of the returned CS field depends on its value!) and the data format 1334 * accepted by PTRACE_SETREGSET is determined by the old CS value. The 1335 * upshot is that it is basically impossible to use these APIs correctly. 1336 * 1337 * The best way to fix it in the long run would probably be to add new 1338 * improved ptrace() APIs to read and write registers reliably, possibly by 1339 * allowing userspace to select the ELF e_machine variant that they expect. 1340 */ 1341const struct user_regset_view *task_user_regset_view(struct task_struct *task) 1342{ 1343#ifdef CONFIG_IA32_EMULATION 1344 if (!user_64bit_mode(task_pt_regs(task))) 1345#endif 1346#if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION 1347 return &user_x86_32_view; 1348#endif 1349#ifdef CONFIG_X86_64 1350 return &user_x86_64_view; 1351#endif 1352} 1353 1354void send_sigtrap(struct pt_regs *regs, int error_code, int si_code) 1355{ 1356 struct task_struct *tsk = current; 1357 1358 tsk->thread.trap_nr = X86_TRAP_DB; 1359 tsk->thread.error_code = error_code; 1360 1361 /* Send us the fake SIGTRAP */ 1362 force_sig_fault(SIGTRAP, si_code, 1363 user_mode(regs) ? (void __user *)regs->ip : NULL); 1364} 1365 1366void user_single_step_report(struct pt_regs *regs) 1367{ 1368 send_sigtrap(regs, 0, TRAP_BRKPT); 1369}