arch/i386/kernel/ldt.c

   1 /*
   2  * linux/kernel/ldt.c
   3  *
   4  * Copyright (C) 1992 Krishna Balasubramanian and Linus Torvalds
   5  * Copyright (C) 1999 Ingo Molnar <mingo@redhat.com>
   6  */
   7
   8 #include <linux/errno.h>
   9 #include <linux/sched.h>
  10 #include <linux/string.h>
  11 #include <linux/mm.h>
  12 #include <linux/smp.h>
  13 #include <linux/smp_lock.h>
  14 #include <linux/vmalloc.h>
  15
  16 #include <asm/uaccess.h>
  17 #include <asm/system.h>
  18 #include <asm/ldt.h>
  19 #include <asm/desc.h>
  20
  21 /*
  22  * read_ldt() is not really atomic - this is not a problem since
  23  * synchronization of reads and writes done to the LDT has to be
  24  * assured by user-space anyway. Writes are atomic, to protect
  25  * the security checks done on new descriptors.
  26  */
  27 static int read_ldt(void * ptr, unsigned long bytecount)
  28 {
  29         int err;
  30         unsigned long size;
  31         struct mm_struct * mm = current->mm;
  32
  33         err = 0;
  34         if (!mm->segments)
  35                 goto out;
  36
  37         size = LDT_ENTRIES*LDT_ENTRY_SIZE;
  38         if (size > bytecount)
  39                 size = bytecount;
  40
  41         err = size;
  42         if (copy_to_user(ptr, mm->segments, size))
  43                 err = -EFAULT;
  44 out:
  45         return err;
  46 }
  47
  48 static int write_ldt(void * ptr, unsigned long bytecount, int oldmode)
  49 {
  50         struct mm_struct * mm = current->mm;
  51         __u32 entry_1, entry_2, *lp;
  52         int error;
  53         struct modify_ldt_ldt_s ldt_info;
  54
  55         error = -EINVAL;
  56         if (bytecount != sizeof(ldt_info))
  57                 goto out;
  58         error = -EFAULT;
  59         if (copy_from_user(&ldt_info, ptr, sizeof(ldt_info)))
  60                 goto out;
  61
  62         error = -EINVAL;
  63         if (ldt_info.entry_number >= LDT_ENTRIES)
  64                 goto out;
  65         if (ldt_info.contents == 3) {
  66                 if (oldmode)
  67                         goto out;
  68                 if (ldt_info.seg_not_present == 0)
  69                         goto out;
  70         }
  71
  72         /*
  73          * Horrible dependencies! Try to get rid of this. This is wrong,
  74          * as it only reloads the ldt for the first process with this
  75          * mm. The implications are that you should really make sure that
  76          * you have a ldt before you do the first clone(), otherwise
  77          * you get strange behaviour (the kernel is safe, it's just user
  78          * space strangeness).
  79          *
  80          * we have two choices: either we preallocate the LDT descriptor
  81          * and can do a shared modify_ldt(), or we postallocate it and do
  82          * an smp message pass to update it. Currently we are a bit
  83          * un-nice to user-space and reload the LDT only on the next
  84          * schedule. (only an issue on SMP)
  85          *
  86          * the GDT index of the LDT is allocated dynamically, and is
  87          * limited by MAX_LDT_DESCRIPTORS.
  88          */
  89         down(&mm->mmap_sem);
  90         if (!mm->segments) {
  91
  92                 error = -ENOMEM;
  93                 mm->segments = vmalloc(LDT_ENTRIES*LDT_ENTRY_SIZE);
  94                 if (!mm->segments)
  95                         goto out_unlock;
  96                 memset(mm->segments, 0, LDT_ENTRIES*LDT_ENTRY_SIZE);
  97
  98                 if (atomic_read(&mm->mm_users) > 1)
  99                         printk(KERN_WARNING "LDT allocated for cloned task!\n");
 100                 /*
 101                  * Possibly do an SMP cross-call to other CPUs to reload
 102                  * their LDTs?
 103                  */
 104                 load_LDT(mm);
 105         }
 106
 107         lp = (__u32 *) ((ldt_info.entry_number << 3) + (char *) mm->segments);
 108
 109         /* Allow LDTs to be cleared by the user. */
 110         if (ldt_info.base_addr == 0 && ldt_info.limit == 0) {
 111                 if (oldmode ||
 112                     (ldt_info.contents == 0             &&
 113                      ldt_info.read_exec_only == 1       &&
 114                      ldt_info.seg_32bit == 0            &&
 115                      ldt_info.limit_in_pages == 0       &&
 116                      ldt_info.seg_not_present == 1      &&
 117                      ldt_info.useable == 0 )) {
 118                         entry_1 = 0;
 119                         entry_2 = 0;
 120                         goto install;
 121                 }
 122         }
 123
 124         entry_1 = ((ldt_info.base_addr & 0x0000ffff) << 16) |
 125                   (ldt_info.limit & 0x0ffff);
 126         entry_2 = (ldt_info.base_addr & 0xff000000) |
 127                   ((ldt_info.base_addr & 0x00ff0000) >> 16) |
 128                   (ldt_info.limit & 0xf0000) |
 129                   ((ldt_info.read_exec_only ^ 1) << 9) |
 130                   (ldt_info.contents << 10) |
 131                   ((ldt_info.seg_not_present ^ 1) << 15) |
 132                   (ldt_info.seg_32bit << 22) |
 133                   (ldt_info.limit_in_pages << 23) |
 134                   0x7000;
 135         if (!oldmode)
 136                 entry_2 |= (ldt_info.useable << 20);
 137
 138         /* Install the new entry ...  */
 139 install:
 140         *lp     = entry_1;
 141         *(lp+1) = entry_2;
 142         error = 0;
 143
 144 out_unlock:
 145         up(&mm->mmap_sem);
 146 out:
 147         return error;
 148 }
 149
 150 asmlinkage int sys_modify_ldt(int func, void *ptr, unsigned long bytecount)
 151 {
 152         int ret = -ENOSYS;
 153
 154         switch (func) {
 155         case 0:
 156                 ret = read_ldt(ptr, bytecount);
 157                 break;
 158         case 1:
 159                 ret = write_ldt(ptr, bytecount, 1);
 160                 break;
 161         case 0x11:
 162                 ret = write_ldt(ptr, bytecount, 0);
 163                 break;
 164         }
 165         return ret;
 166 }