1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Based on arch/arm/kernel/signal.c 4 * 5 * Copyright (C) 1995-2009 Russell King 6 * Copyright (C) 2012 ARM Ltd. 7 * Modified by Will Deacon <will.deacon@arm.com> 8 */ 9 10 #include <linux/compat.h> 11 #include <linux/signal.h> 12 #include <linux/syscalls.h> 13 #include <linux/ratelimit.h> 14 15 #include <asm/esr.h> 16 #include <asm/fpsimd.h> 17 #include <asm/signal32.h> 18 #include <asm/traps.h> 19 #include <linux/uaccess.h> 20 #include <asm/unistd_compat_32.h> 21 #include <asm/vdso.h> 22 23 struct compat_vfp_sigframe { 24 compat_ulong_t magic; 25 compat_ulong_t size; 26 struct compat_user_vfp { 27 compat_u64 fpregs[32]; 28 compat_ulong_t fpscr; 29 } ufp; 30 struct compat_user_vfp_exc { 31 compat_ulong_t fpexc; 32 compat_ulong_t fpinst; 33 compat_ulong_t fpinst2; 34 } ufp_exc; 35 } __attribute__((__aligned__(8))); 36 37 #define VFP_MAGIC 0x56465001 38 #define VFP_STORAGE_SIZE sizeof(struct compat_vfp_sigframe) 39 40 #define FSR_WRITE_SHIFT (11) 41 42 struct compat_aux_sigframe { 43 struct compat_vfp_sigframe vfp; 44 45 /* Something that isn't a valid magic number for any coprocessor. */ 46 unsigned long end_magic; 47 } __attribute__((__aligned__(8))); 48 49 static inline int put_sigset_t(compat_sigset_t __user *uset, sigset_t *set) 50 { 51 compat_sigset_t cset; 52 53 cset.sig[0] = set->sig[0] & 0xffffffffull; 54 cset.sig[1] = set->sig[0] >> 32; 55 56 return copy_to_user(uset, &cset, sizeof(*uset)); 57 } 58 59 static inline int get_sigset_t(sigset_t *set, 60 const compat_sigset_t __user *uset) 61 { 62 compat_sigset_t s32; 63 64 if (copy_from_user(&s32, uset, sizeof(*uset))) 65 return -EFAULT; 66 67 set->sig[0] = s32.sig[0] | (((long)s32.sig[1]) << 32); 68 return 0; 69 } 70 71 /* 72 * VFP save/restore code. 73 * 74 * We have to be careful with endianness, since the fpsimd context-switch 75 * code operates on 128-bit (Q) register values whereas the compat ABI 76 * uses an array of 64-bit (D) registers. Consequently, we need to swap 77 * the two halves of each Q register when running on a big-endian CPU. 78 */ 79 union __fpsimd_vreg { 80 __uint128_t raw; 81 struct { 82 #ifdef __AARCH64EB__ 83 u64 hi; 84 u64 lo; 85 #else 86 u64 lo; 87 u64 hi; 88 #endif 89 }; 90 }; 91 92 static int compat_preserve_vfp_context(struct compat_vfp_sigframe __user *frame) 93 { 94 struct user_fpsimd_state const *fpsimd = 95 ¤t->thread.uw.fpsimd_state; 96 compat_ulong_t magic = VFP_MAGIC; 97 compat_ulong_t size = VFP_STORAGE_SIZE; 98 compat_ulong_t fpscr, fpexc; 99 int i, err = 0; 100 101 /* 102 * Save the hardware registers to the fpsimd_state structure. 103 * Note that this also saves V16-31, which aren't visible 104 * in AArch32. 105 */ 106 fpsimd_save_and_flush_current_state(); 107 108 /* Place structure header on the stack */ 109 __put_user_error(magic, &frame->magic, err); 110 __put_user_error(size, &frame->size, err); 111 112 /* 113 * Now copy the FP registers. Since the registers are packed, 114 * we can copy the prefix we want (V0-V15) as it is. 115 */ 116 for (i = 0; i < ARRAY_SIZE(frame->ufp.fpregs); i += 2) { 117 union __fpsimd_vreg vreg = { 118 .raw = fpsimd->vregs[i >> 1], 119 }; 120 121 __put_user_error(vreg.lo, &frame->ufp.fpregs[i], err); 122 __put_user_error(vreg.hi, &frame->ufp.fpregs[i + 1], err); 123 } 124 125 /* Create an AArch32 fpscr from the fpsr and the fpcr. */ 126 fpscr = (fpsimd->fpsr & VFP_FPSCR_STAT_MASK) | 127 (fpsimd->fpcr & VFP_FPSCR_CTRL_MASK); 128 __put_user_error(fpscr, &frame->ufp.fpscr, err); 129 130 /* 131 * The exception register aren't available so we fake up a 132 * basic FPEXC and zero everything else. 133 */ 134 fpexc = (1 << 30); 135 __put_user_error(fpexc, &frame->ufp_exc.fpexc, err); 136 __put_user_error(0, &frame->ufp_exc.fpinst, err); 137 __put_user_error(0, &frame->ufp_exc.fpinst2, err); 138 139 return err ? -EFAULT : 0; 140 } 141 142 static int compat_restore_vfp_context(struct compat_vfp_sigframe __user *frame) 143 { 144 struct user_fpsimd_state fpsimd; 145 compat_ulong_t magic = VFP_MAGIC; 146 compat_ulong_t size = VFP_STORAGE_SIZE; 147 compat_ulong_t fpscr; 148 int i, err = 0; 149 150 __get_user_error(magic, &frame->magic, err); 151 __get_user_error(size, &frame->size, err); 152 153 if (err) 154 return -EFAULT; 155 if (magic != VFP_MAGIC || size != VFP_STORAGE_SIZE) 156 return -EINVAL; 157 158 /* Copy the FP registers into the start of the fpsimd_state. */ 159 for (i = 0; i < ARRAY_SIZE(frame->ufp.fpregs); i += 2) { 160 union __fpsimd_vreg vreg; 161 162 __get_user_error(vreg.lo, &frame->ufp.fpregs[i], err); 163 __get_user_error(vreg.hi, &frame->ufp.fpregs[i + 1], err); 164 fpsimd.vregs[i >> 1] = vreg.raw; 165 } 166 167 /* Extract the fpsr and the fpcr from the fpscr */ 168 __get_user_error(fpscr, &frame->ufp.fpscr, err); 169 fpsimd.fpsr = fpscr & VFP_FPSCR_STAT_MASK; 170 fpsimd.fpcr = fpscr & VFP_FPSCR_CTRL_MASK; 171 172 if (err) 173 return -EFAULT; 174 175 /* 176 * We don't need to touch the exception register, so 177 * reload the hardware state. 178 */ 179 fpsimd_save_and_flush_current_state(); 180 current->thread.uw.fpsimd_state = fpsimd; 181 182 return 0; 183 } 184 185 static int compat_restore_sigframe(struct pt_regs *regs, 186 struct compat_sigframe __user *sf) 187 { 188 int err; 189 sigset_t set; 190 struct compat_aux_sigframe __user *aux; 191 unsigned long psr; 192 193 err = get_sigset_t(&set, &sf->uc.uc_sigmask); 194 if (err == 0) 195 set_current_blocked(&set); 196 197 __get_user_error(regs->regs[0], &sf->uc.uc_mcontext.arm_r0, err); 198 __get_user_error(regs->regs[1], &sf->uc.uc_mcontext.arm_r1, err); 199 __get_user_error(regs->regs[2], &sf->uc.uc_mcontext.arm_r2, err); 200 __get_user_error(regs->regs[3], &sf->uc.uc_mcontext.arm_r3, err); 201 __get_user_error(regs->regs[4], &sf->uc.uc_mcontext.arm_r4, err); 202 __get_user_error(regs->regs[5], &sf->uc.uc_mcontext.arm_r5, err); 203 __get_user_error(regs->regs[6], &sf->uc.uc_mcontext.arm_r6, err); 204 __get_user_error(regs->regs[7], &sf->uc.uc_mcontext.arm_r7, err); 205 __get_user_error(regs->regs[8], &sf->uc.uc_mcontext.arm_r8, err); 206 __get_user_error(regs->regs[9], &sf->uc.uc_mcontext.arm_r9, err); 207 __get_user_error(regs->regs[10], &sf->uc.uc_mcontext.arm_r10, err); 208 __get_user_error(regs->regs[11], &sf->uc.uc_mcontext.arm_fp, err); 209 __get_user_error(regs->regs[12], &sf->uc.uc_mcontext.arm_ip, err); 210 __get_user_error(regs->compat_sp, &sf->uc.uc_mcontext.arm_sp, err); 211 __get_user_error(regs->compat_lr, &sf->uc.uc_mcontext.arm_lr, err); 212 __get_user_error(regs->pc, &sf->uc.uc_mcontext.arm_pc, err); 213 __get_user_error(psr, &sf->uc.uc_mcontext.arm_cpsr, err); 214 215 regs->pstate = compat_psr_to_pstate(psr); 216 217 /* 218 * Avoid compat_sys_sigreturn() restarting. 219 */ 220 forget_syscall(regs); 221 222 err |= !valid_user_regs(®s->user_regs, current); 223 224 aux = (struct compat_aux_sigframe __user *) sf->uc.uc_regspace; 225 if (err == 0 && system_supports_fpsimd()) 226 err |= compat_restore_vfp_context(&aux->vfp); 227 228 return err; 229 } 230 231 COMPAT_SYSCALL_DEFINE0(sigreturn) 232 { 233 struct pt_regs *regs = current_pt_regs(); 234 struct compat_sigframe __user *frame; 235 236 /* Always make any pending restarted system calls return -EINTR */ 237 current->restart_block.fn = do_no_restart_syscall; 238 239 /* 240 * Since we stacked the signal on a 64-bit boundary, 241 * then 'sp' should be word aligned here. If it's 242 * not, then the user is trying to mess with us. 243 */ 244 if (regs->compat_sp & 7) 245 goto badframe; 246 247 frame = (struct compat_sigframe __user *)regs->compat_sp; 248 249 if (!access_ok(frame, sizeof (*frame))) 250 goto badframe; 251 252 if (compat_restore_sigframe(regs, frame)) 253 goto badframe; 254 255 return regs->regs[0]; 256 257 badframe: 258 arm64_notify_segfault(regs->compat_sp); 259 return 0; 260 } 261 262 COMPAT_SYSCALL_DEFINE0(rt_sigreturn) 263 { 264 struct pt_regs *regs = current_pt_regs(); 265 struct compat_rt_sigframe __user *frame; 266 267 /* Always make any pending restarted system calls return -EINTR */ 268 current->restart_block.fn = do_no_restart_syscall; 269 270 /* 271 * Since we stacked the signal on a 64-bit boundary, 272 * then 'sp' should be word aligned here. If it's 273 * not, then the user is trying to mess with us. 274 */ 275 if (regs->compat_sp & 7) 276 goto badframe; 277 278 frame = (struct compat_rt_sigframe __user *)regs->compat_sp; 279 280 if (!access_ok(frame, sizeof (*frame))) 281 goto badframe; 282 283 if (compat_restore_sigframe(regs, &frame->sig)) 284 goto badframe; 285 286 if (compat_restore_altstack(&frame->sig.uc.uc_stack)) 287 goto badframe; 288 289 return regs->regs[0]; 290 291 badframe: 292 arm64_notify_segfault(regs->compat_sp); 293 return 0; 294 } 295 296 static void __user *compat_get_sigframe(struct ksignal *ksig, 297 struct pt_regs *regs, 298 int framesize) 299 { 300 compat_ulong_t sp = sigsp(regs->compat_sp, ksig); 301 void __user *frame; 302 303 /* 304 * ATPCS B01 mandates 8-byte alignment 305 */ 306 frame = compat_ptr((compat_uptr_t)((sp - framesize) & ~7)); 307 308 /* 309 * Check that we can actually write to the signal frame. 310 */ 311 if (!access_ok(frame, framesize)) 312 frame = NULL; 313 314 return frame; 315 } 316 317 static void compat_setup_return(struct pt_regs *regs, struct k_sigaction *ka, 318 compat_ulong_t __user *rc, void __user *frame, 319 int usig) 320 { 321 compat_ulong_t handler = ptr_to_compat(ka->sa.sa_handler); 322 compat_ulong_t retcode; 323 compat_ulong_t spsr = regs->pstate & ~(PSR_f | PSR_AA32_E_BIT); 324 int thumb; 325 326 /* Check if the handler is written for ARM or Thumb */ 327 thumb = handler & 1; 328 329 if (thumb) 330 spsr |= PSR_AA32_T_BIT; 331 else 332 spsr &= ~PSR_AA32_T_BIT; 333 334 /* The IT state must be cleared for both ARM and Thumb-2 */ 335 spsr &= ~PSR_AA32_IT_MASK; 336 337 /* Restore the original endianness */ 338 spsr |= PSR_AA32_ENDSTATE; 339 340 if (ka->sa.sa_flags & SA_RESTORER) { 341 retcode = ptr_to_compat(ka->sa.sa_restorer); 342 } else { 343 /* Set up sigreturn pointer */ 344 unsigned int idx = thumb << 1; 345 346 if (ka->sa.sa_flags & SA_SIGINFO) 347 idx += 3; 348 349 retcode = (unsigned long)current->mm->context.sigpage + 350 (idx << 2) + thumb; 351 } 352 353 regs->regs[0] = usig; 354 regs->compat_sp = ptr_to_compat(frame); 355 regs->compat_lr = retcode; 356 regs->pc = handler; 357 regs->pstate = spsr; 358 } 359 360 static int compat_setup_sigframe(struct compat_sigframe __user *sf, 361 struct pt_regs *regs, sigset_t *set) 362 { 363 struct compat_aux_sigframe __user *aux; 364 unsigned long psr = pstate_to_compat_psr(regs->pstate); 365 int err = 0; 366 367 __put_user_error(regs->regs[0], &sf->uc.uc_mcontext.arm_r0, err); 368 __put_user_error(regs->regs[1], &sf->uc.uc_mcontext.arm_r1, err); 369 __put_user_error(regs->regs[2], &sf->uc.uc_mcontext.arm_r2, err); 370 __put_user_error(regs->regs[3], &sf->uc.uc_mcontext.arm_r3, err); 371 __put_user_error(regs->regs[4], &sf->uc.uc_mcontext.arm_r4, err); 372 __put_user_error(regs->regs[5], &sf->uc.uc_mcontext.arm_r5, err); 373 __put_user_error(regs->regs[6], &sf->uc.uc_mcontext.arm_r6, err); 374 __put_user_error(regs->regs[7], &sf->uc.uc_mcontext.arm_r7, err); 375 __put_user_error(regs->regs[8], &sf->uc.uc_mcontext.arm_r8, err); 376 __put_user_error(regs->regs[9], &sf->uc.uc_mcontext.arm_r9, err); 377 __put_user_error(regs->regs[10], &sf->uc.uc_mcontext.arm_r10, err); 378 __put_user_error(regs->regs[11], &sf->uc.uc_mcontext.arm_fp, err); 379 __put_user_error(regs->regs[12], &sf->uc.uc_mcontext.arm_ip, err); 380 __put_user_error(regs->compat_sp, &sf->uc.uc_mcontext.arm_sp, err); 381 __put_user_error(regs->compat_lr, &sf->uc.uc_mcontext.arm_lr, err); 382 __put_user_error(regs->pc, &sf->uc.uc_mcontext.arm_pc, err); 383 __put_user_error(psr, &sf->uc.uc_mcontext.arm_cpsr, err); 384 385 __put_user_error((compat_ulong_t)0, &sf->uc.uc_mcontext.trap_no, err); 386 /* set the compat FSR WnR */ 387 __put_user_error(!!(current->thread.fault_code & ESR_ELx_WNR) << 388 FSR_WRITE_SHIFT, &sf->uc.uc_mcontext.error_code, err); 389 __put_user_error(current->thread.fault_address, &sf->uc.uc_mcontext.fault_address, err); 390 __put_user_error(set->sig[0], &sf->uc.uc_mcontext.oldmask, err); 391 392 err |= put_sigset_t(&sf->uc.uc_sigmask, set); 393 394 aux = (struct compat_aux_sigframe __user *) sf->uc.uc_regspace; 395 396 if (err == 0 && system_supports_fpsimd()) 397 err |= compat_preserve_vfp_context(&aux->vfp); 398 __put_user_error(0, &aux->end_magic, err); 399 400 return err; 401 } 402 403 /* 404 * 32-bit signal handling routines called from signal.c 405 */ 406 int compat_setup_rt_frame(int usig, struct ksignal *ksig, 407 sigset_t *set, struct pt_regs *regs) 408 { 409 struct compat_rt_sigframe __user *frame; 410 int err = 0; 411 412 frame = compat_get_sigframe(ksig, regs, sizeof(*frame)); 413 414 if (!frame) 415 return 1; 416 417 err |= copy_siginfo_to_user32(&frame->info, &ksig->info); 418 419 __put_user_error(0, &frame->sig.uc.uc_flags, err); 420 __put_user_error(0, &frame->sig.uc.uc_link, err); 421 422 err |= __compat_save_altstack(&frame->sig.uc.uc_stack, regs->compat_sp); 423 424 err |= compat_setup_sigframe(&frame->sig, regs, set); 425 426 if (err == 0) { 427 compat_setup_return(regs, &ksig->ka, frame->sig.retcode, frame, usig); 428 regs->regs[1] = (compat_ulong_t)(unsigned long)&frame->info; 429 regs->regs[2] = (compat_ulong_t)(unsigned long)&frame->sig.uc; 430 } 431 432 return err; 433 } 434 435 int compat_setup_frame(int usig, struct ksignal *ksig, sigset_t *set, 436 struct pt_regs *regs) 437 { 438 struct compat_sigframe __user *frame; 439 int err = 0; 440 441 frame = compat_get_sigframe(ksig, regs, sizeof(*frame)); 442 443 if (!frame) 444 return 1; 445 446 __put_user_error(0x5ac3c35a, &frame->uc.uc_flags, err); 447 448 err |= compat_setup_sigframe(frame, regs, set); 449 if (err == 0) 450 compat_setup_return(regs, &ksig->ka, frame->retcode, frame, usig); 451 452 return err; 453 } 454 455 void compat_setup_restart_syscall(struct pt_regs *regs) 456 { 457 regs->regs[7] = __NR_compat32_restart_syscall; 458 } 459 460 /* 461 * Compile-time assertions for siginfo_t offsets. Check NSIG* as well, as 462 * changes likely come with new fields that should be added below. 463 */ 464 static_assert(NSIGILL == 11); 465 static_assert(NSIGFPE == 15); 466 static_assert(NSIGSEGV == 10); 467 static_assert(NSIGBUS == 5); 468 static_assert(NSIGTRAP == 6); 469 static_assert(NSIGCHLD == 6); 470 static_assert(NSIGSYS == 2); 471 static_assert(sizeof(compat_siginfo_t) == 128); 472 static_assert(__alignof__(compat_siginfo_t) == 4); 473 static_assert(offsetof(compat_siginfo_t, si_signo) == 0x00); 474 static_assert(offsetof(compat_siginfo_t, si_errno) == 0x04); 475 static_assert(offsetof(compat_siginfo_t, si_code) == 0x08); 476 static_assert(offsetof(compat_siginfo_t, si_pid) == 0x0c); 477 static_assert(offsetof(compat_siginfo_t, si_uid) == 0x10); 478 static_assert(offsetof(compat_siginfo_t, si_tid) == 0x0c); 479 static_assert(offsetof(compat_siginfo_t, si_overrun) == 0x10); 480 static_assert(offsetof(compat_siginfo_t, si_status) == 0x14); 481 static_assert(offsetof(compat_siginfo_t, si_utime) == 0x18); 482 static_assert(offsetof(compat_siginfo_t, si_stime) == 0x1c); 483 static_assert(offsetof(compat_siginfo_t, si_value) == 0x14); 484 static_assert(offsetof(compat_siginfo_t, si_int) == 0x14); 485 static_assert(offsetof(compat_siginfo_t, si_ptr) == 0x14); 486 static_assert(offsetof(compat_siginfo_t, si_addr) == 0x0c); 487 static_assert(offsetof(compat_siginfo_t, si_addr_lsb) == 0x10); 488 static_assert(offsetof(compat_siginfo_t, si_lower) == 0x14); 489 static_assert(offsetof(compat_siginfo_t, si_upper) == 0x18); 490 static_assert(offsetof(compat_siginfo_t, si_pkey) == 0x14); 491 static_assert(offsetof(compat_siginfo_t, si_perf_data) == 0x10); 492 static_assert(offsetof(compat_siginfo_t, si_perf_type) == 0x14); 493 static_assert(offsetof(compat_siginfo_t, si_perf_flags) == 0x18); 494 static_assert(offsetof(compat_siginfo_t, si_band) == 0x0c); 495 static_assert(offsetof(compat_siginfo_t, si_fd) == 0x10); 496 static_assert(offsetof(compat_siginfo_t, si_call_addr) == 0x0c); 497 static_assert(offsetof(compat_siginfo_t, si_syscall) == 0x10); 498 static_assert(offsetof(compat_siginfo_t, si_arch) == 0x14); 499