cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

ldt.c (8889B)

      1/*
      2 * Copyright (C) 2001 - 2007 Jeff Dike (jdike@{addtoit,linux.intel}.com)
      3 * Licensed under the GPL
      4 */
      5
      6#include <linux/mm.h>
      7#include <linux/sched.h>
      8#include <linux/slab.h>
      9#include <linux/syscalls.h>
     10#include <linux/uaccess.h>
     11#include <asm/unistd.h>
     12#include <os.h>
     13#include <skas.h>
     14#include <sysdep/tls.h>
     15
     16static inline int modify_ldt (int func, void *ptr, unsigned long bytecount)
     17{
     18	return syscall(__NR_modify_ldt, func, ptr, bytecount);
     19}
     20
     21static long write_ldt_entry(struct mm_id *mm_idp, int func,
     22		     struct user_desc *desc, void **addr, int done)
     23{
     24	long res;
     25	void *stub_addr;
     26
     27	BUILD_BUG_ON(sizeof(*desc) % sizeof(long));
     28
     29	res = syscall_stub_data(mm_idp, (unsigned long *)desc,
     30				sizeof(*desc) / sizeof(long),
     31				addr, &stub_addr);
     32	if (!res) {
     33		unsigned long args[] = { func,
     34					 (unsigned long)stub_addr,
     35					 sizeof(*desc),
     36					 0, 0, 0 };
     37		res = run_syscall_stub(mm_idp, __NR_modify_ldt, args,
     38				       0, addr, done);
     39	}
     40
     41	return res;
     42}
     43
     44/*
     45 * In skas mode, we hold our own ldt data in UML.
     46 * Thus, the code implementing sys_modify_ldt_skas
     47 * is very similar to (and mostly stolen from) sys_modify_ldt
     48 * for arch/i386/kernel/ldt.c
     49 * The routines copied and modified in part are:
     50 * - read_ldt
     51 * - read_default_ldt
     52 * - write_ldt
     53 * - sys_modify_ldt_skas
     54 */
     55
     56static int read_ldt(void __user * ptr, unsigned long bytecount)
     57{
     58	int i, err = 0;
     59	unsigned long size;
     60	uml_ldt_t *ldt = &current->mm->context.arch.ldt;
     61
     62	if (!ldt->entry_count)
     63		goto out;
     64	if (bytecount > LDT_ENTRY_SIZE*LDT_ENTRIES)
     65		bytecount = LDT_ENTRY_SIZE*LDT_ENTRIES;
     66	err = bytecount;
     67
     68	mutex_lock(&ldt->lock);
     69	if (ldt->entry_count <= LDT_DIRECT_ENTRIES) {
     70		size = LDT_ENTRY_SIZE*LDT_DIRECT_ENTRIES;
     71		if (size > bytecount)
     72			size = bytecount;
     73		if (copy_to_user(ptr, ldt->u.entries, size))
     74			err = -EFAULT;
     75		bytecount -= size;
     76		ptr += size;
     77	}
     78	else {
     79		for (i=0; i<ldt->entry_count/LDT_ENTRIES_PER_PAGE && bytecount;
     80		     i++) {
     81			size = PAGE_SIZE;
     82			if (size > bytecount)
     83				size = bytecount;
     84			if (copy_to_user(ptr, ldt->u.pages[i], size)) {
     85				err = -EFAULT;
     86				break;
     87			}
     88			bytecount -= size;
     89			ptr += size;
     90		}
     91	}
     92	mutex_unlock(&ldt->lock);
     93
     94	if (bytecount == 0 || err == -EFAULT)
     95		goto out;
     96
     97	if (clear_user(ptr, bytecount))
     98		err = -EFAULT;
     99
    100out:
    101	return err;
    102}
    103
    104static int read_default_ldt(void __user * ptr, unsigned long bytecount)
    105{
    106	int err;
    107
    108	if (bytecount > 5*LDT_ENTRY_SIZE)
    109		bytecount = 5*LDT_ENTRY_SIZE;
    110
    111	err = bytecount;
    112	/*
    113	 * UML doesn't support lcall7 and lcall27.
    114	 * So, we don't really have a default ldt, but emulate
    115	 * an empty ldt of common host default ldt size.
    116	 */
    117	if (clear_user(ptr, bytecount))
    118		err = -EFAULT;
    119
    120	return err;
    121}
    122
    123static int write_ldt(void __user * ptr, unsigned long bytecount, int func)
    124{
    125	uml_ldt_t *ldt = &current->mm->context.arch.ldt;
    126	struct mm_id * mm_idp = &current->mm->context.id;
    127	int i, err;
    128	struct user_desc ldt_info;
    129	struct ldt_entry entry0, *ldt_p;
    130	void *addr = NULL;
    131
    132	err = -EINVAL;
    133	if (bytecount != sizeof(ldt_info))
    134		goto out;
    135	err = -EFAULT;
    136	if (copy_from_user(&ldt_info, ptr, sizeof(ldt_info)))
    137		goto out;
    138
    139	err = -EINVAL;
    140	if (ldt_info.entry_number >= LDT_ENTRIES)
    141		goto out;
    142	if (ldt_info.contents == 3) {
    143		if (func == 1)
    144			goto out;
    145		if (ldt_info.seg_not_present == 0)
    146			goto out;
    147	}
    148
    149	mutex_lock(&ldt->lock);
    150
    151	err = write_ldt_entry(mm_idp, func, &ldt_info, &addr, 1);
    152	if (err)
    153		goto out_unlock;
    154
    155	if (ldt_info.entry_number >= ldt->entry_count &&
    156	    ldt_info.entry_number >= LDT_DIRECT_ENTRIES) {
    157		for (i=ldt->entry_count/LDT_ENTRIES_PER_PAGE;
    158		     i*LDT_ENTRIES_PER_PAGE <= ldt_info.entry_number;
    159		     i++) {
    160			if (i == 0)
    161				memcpy(&entry0, ldt->u.entries,
    162				       sizeof(entry0));
    163			ldt->u.pages[i] = (struct ldt_entry *)
    164				__get_free_page(GFP_KERNEL|__GFP_ZERO);
    165			if (!ldt->u.pages[i]) {
    166				err = -ENOMEM;
    167				/* Undo the change in host */
    168				memset(&ldt_info, 0, sizeof(ldt_info));
    169				write_ldt_entry(mm_idp, 1, &ldt_info, &addr, 1);
    170				goto out_unlock;
    171			}
    172			if (i == 0) {
    173				memcpy(ldt->u.pages[0], &entry0,
    174				       sizeof(entry0));
    175				memcpy(ldt->u.pages[0]+1, ldt->u.entries+1,
    176				       sizeof(entry0)*(LDT_DIRECT_ENTRIES-1));
    177			}
    178			ldt->entry_count = (i + 1) * LDT_ENTRIES_PER_PAGE;
    179		}
    180	}
    181	if (ldt->entry_count <= ldt_info.entry_number)
    182		ldt->entry_count = ldt_info.entry_number + 1;
    183
    184	if (ldt->entry_count <= LDT_DIRECT_ENTRIES)
    185		ldt_p = ldt->u.entries + ldt_info.entry_number;
    186	else
    187		ldt_p = ldt->u.pages[ldt_info.entry_number/LDT_ENTRIES_PER_PAGE] +
    188			ldt_info.entry_number%LDT_ENTRIES_PER_PAGE;
    189
    190	if (ldt_info.base_addr == 0 && ldt_info.limit == 0 &&
    191	   (func == 1 || LDT_empty(&ldt_info))) {
    192		ldt_p->a = 0;
    193		ldt_p->b = 0;
    194	}
    195	else{
    196		if (func == 1)
    197			ldt_info.useable = 0;
    198		ldt_p->a = LDT_entry_a(&ldt_info);
    199		ldt_p->b = LDT_entry_b(&ldt_info);
    200	}
    201	err = 0;
    202
    203out_unlock:
    204	mutex_unlock(&ldt->lock);
    205out:
    206	return err;
    207}
    208
    209static long do_modify_ldt_skas(int func, void __user *ptr,
    210			       unsigned long bytecount)
    211{
    212	int ret = -ENOSYS;
    213
    214	switch (func) {
    215		case 0:
    216			ret = read_ldt(ptr, bytecount);
    217			break;
    218		case 1:
    219		case 0x11:
    220			ret = write_ldt(ptr, bytecount, func);
    221			break;
    222		case 2:
    223			ret = read_default_ldt(ptr, bytecount);
    224			break;
    225	}
    226	return ret;
    227}
    228
    229static DEFINE_SPINLOCK(host_ldt_lock);
    230static short dummy_list[9] = {0, -1};
    231static short * host_ldt_entries = NULL;
    232
    233static void ldt_get_host_info(void)
    234{
    235	long ret;
    236	struct ldt_entry * ldt;
    237	short *tmp;
    238	int i, size, k, order;
    239
    240	spin_lock(&host_ldt_lock);
    241
    242	if (host_ldt_entries != NULL) {
    243		spin_unlock(&host_ldt_lock);
    244		return;
    245	}
    246	host_ldt_entries = dummy_list+1;
    247
    248	spin_unlock(&host_ldt_lock);
    249
    250	for (i = LDT_PAGES_MAX-1, order=0; i; i>>=1, order++)
    251		;
    252
    253	ldt = (struct ldt_entry *)
    254	      __get_free_pages(GFP_KERNEL|__GFP_ZERO, order);
    255	if (ldt == NULL) {
    256		printk(KERN_ERR "ldt_get_host_info: couldn't allocate buffer "
    257		       "for host ldt\n");
    258		return;
    259	}
    260
    261	ret = modify_ldt(0, ldt, (1<<order)*PAGE_SIZE);
    262	if (ret < 0) {
    263		printk(KERN_ERR "ldt_get_host_info: couldn't read host ldt\n");
    264		goto out_free;
    265	}
    266	if (ret == 0) {
    267		/* default_ldt is active, simply write an empty entry 0 */
    268		host_ldt_entries = dummy_list;
    269		goto out_free;
    270	}
    271
    272	for (i=0, size=0; i<ret/LDT_ENTRY_SIZE; i++) {
    273		if (ldt[i].a != 0 || ldt[i].b != 0)
    274			size++;
    275	}
    276
    277	if (size < ARRAY_SIZE(dummy_list))
    278		host_ldt_entries = dummy_list;
    279	else {
    280		size = (size + 1) * sizeof(dummy_list[0]);
    281		tmp = kmalloc(size, GFP_KERNEL);
    282		if (tmp == NULL) {
    283			printk(KERN_ERR "ldt_get_host_info: couldn't allocate "
    284			       "host ldt list\n");
    285			goto out_free;
    286		}
    287		host_ldt_entries = tmp;
    288	}
    289
    290	for (i=0, k=0; i<ret/LDT_ENTRY_SIZE; i++) {
    291		if (ldt[i].a != 0 || ldt[i].b != 0)
    292			host_ldt_entries[k++] = i;
    293	}
    294	host_ldt_entries[k] = -1;
    295
    296out_free:
    297	free_pages((unsigned long)ldt, order);
    298}
    299
    300long init_new_ldt(struct mm_context *new_mm, struct mm_context *from_mm)
    301{
    302	struct user_desc desc;
    303	short * num_p;
    304	int i;
    305	long page, err=0;
    306	void *addr = NULL;
    307
    308
    309	mutex_init(&new_mm->arch.ldt.lock);
    310
    311	if (!from_mm) {
    312		memset(&desc, 0, sizeof(desc));
    313		/*
    314		 * Now we try to retrieve info about the ldt, we
    315		 * inherited from the host. All ldt-entries found
    316		 * will be reset in the following loop
    317		 */
    318		ldt_get_host_info();
    319		for (num_p=host_ldt_entries; *num_p != -1; num_p++) {
    320			desc.entry_number = *num_p;
    321			err = write_ldt_entry(&new_mm->id, 1, &desc,
    322					      &addr, *(num_p + 1) == -1);
    323			if (err)
    324				break;
    325		}
    326		new_mm->arch.ldt.entry_count = 0;
    327
    328		goto out;
    329	}
    330
    331	/*
    332	 * Our local LDT is used to supply the data for
    333	 * modify_ldt(READLDT), if PTRACE_LDT isn't available,
    334	 * i.e., we have to use the stub for modify_ldt, which
    335	 * can't handle the big read buffer of up to 64kB.
    336	 */
    337	mutex_lock(&from_mm->arch.ldt.lock);
    338	if (from_mm->arch.ldt.entry_count <= LDT_DIRECT_ENTRIES)
    339		memcpy(new_mm->arch.ldt.u.entries, from_mm->arch.ldt.u.entries,
    340		       sizeof(new_mm->arch.ldt.u.entries));
    341	else {
    342		i = from_mm->arch.ldt.entry_count / LDT_ENTRIES_PER_PAGE;
    343		while (i-->0) {
    344			page = __get_free_page(GFP_KERNEL|__GFP_ZERO);
    345			if (!page) {
    346				err = -ENOMEM;
    347				break;
    348			}
    349			new_mm->arch.ldt.u.pages[i] =
    350				(struct ldt_entry *) page;
    351			memcpy(new_mm->arch.ldt.u.pages[i],
    352			       from_mm->arch.ldt.u.pages[i], PAGE_SIZE);
    353		}
    354	}
    355	new_mm->arch.ldt.entry_count = from_mm->arch.ldt.entry_count;
    356	mutex_unlock(&from_mm->arch.ldt.lock);
    357
    358    out:
    359	return err;
    360}
    361
    362
    363void free_ldt(struct mm_context *mm)
    364{
    365	int i;
    366
    367	if (mm->arch.ldt.entry_count > LDT_DIRECT_ENTRIES) {
    368		i = mm->arch.ldt.entry_count / LDT_ENTRIES_PER_PAGE;
    369		while (i-- > 0)
    370			free_page((long) mm->arch.ldt.u.pages[i]);
    371	}
    372	mm->arch.ldt.entry_count = 0;
    373}
    374
    375SYSCALL_DEFINE3(modify_ldt, int , func , void __user * , ptr ,
    376		unsigned long , bytecount)
    377{
    378	/* See non-um modify_ldt() for why we do this cast */
    379	return (unsigned int)do_modify_ldt_skas(func, ptr, bytecount);
    380}