search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
cxgbe/t4_tom: Read the chip's DDP page sizes and save them in a
[freebsd-src.git] / sys / i386 / i386 / sys_machdep.c
blob9c8d94b44b81410f088b9a980a5faf584fcef482
1 /*-
2 * Copyright (c) 1990 The Regents of the University of California.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * from: @(#)sys_machdep.c 5.5 (Berkeley) 1/19/91
30 */
31
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
34
35 #include "opt_capsicum.h"
36 #include "opt_kstack_pages.h"
37
38 #include <sys/param.h>
39 #include <sys/capsicum.h>
40 #include <sys/systm.h>
41 #include <sys/lock.h>
42 #include <sys/malloc.h>
43 #include <sys/mutex.h>
44 #include <sys/priv.h>
45 #include <sys/proc.h>
46 #include <sys/smp.h>
47 #include <sys/sysproto.h>
48
49 #include <vm/vm.h>
50 #include <vm/pmap.h>
51 #include <vm/vm_map.h>
52 #include <vm/vm_extern.h>
53
54 #include <machine/cpu.h>
55 #include <machine/pcb.h>
56 #include <machine/pcb_ext.h>
57 #include <machine/proc.h>
58 #include <machine/sysarch.h>
59
60 #include <security/audit/audit.h>
61
62 #include <vm/vm_kern.h> /* for kernel_map */
63
64 #define MAX_LD 8192
65 #define LD_PER_PAGE 512
66 #define NEW_MAX_LD(num) rounddown2(num + LD_PER_PAGE, LD_PER_PAGE)
67 #define SIZE_FROM_LARGEST_LD(num) (NEW_MAX_LD(num) << 3)
68 #define NULL_LDT_BASE ((caddr_t)NULL)
69
70 #ifdef SMP
71 static void set_user_ldt_rv(struct vmspace *vmsp);
72 #endif
73 static int i386_set_ldt_data(struct thread *, int start, int num,
74 union descriptor *descs);
75 static int i386_ldt_grow(struct thread *td, int len);
76
77 void
78 fill_based_sd(struct segment_descriptor *sdp, uint32_t base)
79 {
80
81 sdp->sd_lobase = base & 0xffffff;
82 sdp->sd_hibase = (base >> 24) & 0xff;
83 sdp->sd_lolimit = 0xffff; /* 4GB limit, wraps around */
84 sdp->sd_hilimit = 0xf;
85 sdp->sd_type = SDT_MEMRWA;
86 sdp->sd_dpl = SEL_UPL;
87 sdp->sd_p = 1;
88 sdp->sd_xx = 0;
89 sdp->sd_def32 = 1;
90 sdp->sd_gran = 1;
91 }
92
93 #ifndef _SYS_SYSPROTO_H_
94 struct sysarch_args {
95 int op;
96 char *parms;
97 };
98 #endif
99
100 int
101 sysarch(td, uap)
102 struct thread *td;
103 register struct sysarch_args *uap;
104 {
105 int error;
106 union descriptor *lp;
107 union {
108 struct i386_ldt_args largs;
109 struct i386_ioperm_args iargs;
110 struct i386_get_xfpustate xfpu;
111 } kargs;
112 uint32_t base;
113 struct segment_descriptor sd, *sdp;
114
115 AUDIT_ARG_CMD(uap->op);
116
117 #ifdef CAPABILITY_MODE
118 /*
119 * When adding new operations, add a new case statement here to
120 * explicitly indicate whether or not the operation is safe to
121 * perform in capability mode.
122 */
123 if (IN_CAPABILITY_MODE(td)) {
124 switch (uap->op) {
125 case I386_GET_LDT:
126 case I386_SET_LDT:
127 case I386_GET_IOPERM:
128 case I386_GET_FSBASE:
129 case I386_SET_FSBASE:
130 case I386_GET_GSBASE:
131 case I386_SET_GSBASE:
132 case I386_GET_XFPUSTATE:
133 break;
134
135 case I386_SET_IOPERM:
136 default:
137 #ifdef KTRACE
138 if (KTRPOINT(td, KTR_CAPFAIL))
139 ktrcapfail(CAPFAIL_SYSCALL, NULL, NULL);
140 #endif
141 return (ECAPMODE);
142 }
143 }
144 #endif
145
146 switch (uap->op) {
147 case I386_GET_IOPERM:
148 case I386_SET_IOPERM:
149 if ((error = copyin(uap->parms, &kargs.iargs,
150 sizeof(struct i386_ioperm_args))) != 0)
151 return (error);
152 break;
153 case I386_GET_LDT:
154 case I386_SET_LDT:
155 if ((error = copyin(uap->parms, &kargs.largs,
156 sizeof(struct i386_ldt_args))) != 0)
157 return (error);
158 if (kargs.largs.num > MAX_LD || kargs.largs.num <= 0)
159 return (EINVAL);
160 break;
161 case I386_GET_XFPUSTATE:
162 if ((error = copyin(uap->parms, &kargs.xfpu,
163 sizeof(struct i386_get_xfpustate))) != 0)
164 return (error);
165 break;
166 default:
167 break;
168 }
169
170 switch(uap->op) {
171 case I386_GET_LDT:
172 error = i386_get_ldt(td, &kargs.largs);
173 break;
174 case I386_SET_LDT:
175 if (kargs.largs.descs != NULL) {
176 lp = (union descriptor *)malloc(
177 kargs.largs.num * sizeof(union descriptor),
178 M_TEMP, M_WAITOK);
179 error = copyin(kargs.largs.descs, lp,
180 kargs.largs.num * sizeof(union descriptor));
181 if (error == 0)
182 error = i386_set_ldt(td, &kargs.largs, lp);
183 free(lp, M_TEMP);
184 } else {
185 error = i386_set_ldt(td, &kargs.largs, NULL);
186 }
187 break;
188 case I386_GET_IOPERM:
189 error = i386_get_ioperm(td, &kargs.iargs);
190 if (error == 0)
191 error = copyout(&kargs.iargs, uap->parms,
192 sizeof(struct i386_ioperm_args));
193 break;
194 case I386_SET_IOPERM:
195 error = i386_set_ioperm(td, &kargs.iargs);
196 break;
197 case I386_VM86:
198 error = vm86_sysarch(td, uap->parms);
199 break;
200 case I386_GET_FSBASE:
201 sdp = &td->td_pcb->pcb_fsd;
202 base = sdp->sd_hibase << 24 | sdp->sd_lobase;
203 error = copyout(&base, uap->parms, sizeof(base));
204 break;
205 case I386_SET_FSBASE:
206 error = copyin(uap->parms, &base, sizeof(base));
207 if (error == 0) {
208 /*
209 * Construct a descriptor and store it in the pcb for
210 * the next context switch. Also store it in the gdt
211 * so that the load of tf_fs into %fs will activate it
212 * at return to userland.
213 */
214 fill_based_sd(&sd, base);
215 critical_enter();
216 td->td_pcb->pcb_fsd = sd;
217 PCPU_GET(fsgs_gdt)[0] = sd;
218 critical_exit();
219 td->td_frame->tf_fs = GSEL(GUFS_SEL, SEL_UPL);
220 }
221 break;
222 case I386_GET_GSBASE:
223 sdp = &td->td_pcb->pcb_gsd;
224 base = sdp->sd_hibase << 24 | sdp->sd_lobase;
225 error = copyout(&base, uap->parms, sizeof(base));
226 break;
227 case I386_SET_GSBASE:
228 error = copyin(uap->parms, &base, sizeof(base));
229 if (error == 0) {
230 /*
231 * Construct a descriptor and store it in the pcb for
232 * the next context switch. Also store it in the gdt
233 * because we have to do a load_gs() right now.
234 */
235 fill_based_sd(&sd, base);
236 critical_enter();
237 td->td_pcb->pcb_gsd = sd;
238 PCPU_GET(fsgs_gdt)[1] = sd;
239 critical_exit();
240 load_gs(GSEL(GUGS_SEL, SEL_UPL));
241 }
242 break;
243 case I386_GET_XFPUSTATE:
244 if (kargs.xfpu.len > cpu_max_ext_state_size -
245 sizeof(union savefpu))
246 return (EINVAL);
247 npxgetregs(td);
248 error = copyout((char *)(get_pcb_user_save_td(td) + 1),
249 kargs.xfpu.addr, kargs.xfpu.len);
250 break;
251 default:
252 error = EINVAL;
253 break;
254 }
255 return (error);
256 }
257
258 int
259 i386_extend_pcb(struct thread *td)
260 {
261 int i, offset;
262 u_long *addr;
263 struct pcb_ext *ext;
264 struct soft_segment_descriptor ssd = {
265 0, /* segment base address (overwritten) */
266 ctob(IOPAGES + 1) - 1, /* length */
267 SDT_SYS386TSS, /* segment type */
268 0, /* priority level */
269 1, /* descriptor present */
270 0, 0,
271 0, /* default 32 size */
272 0 /* granularity */
273 };
274
275 ext = (struct pcb_ext *)kmem_malloc(kernel_arena, ctob(IOPAGES+1),
276 M_WAITOK | M_ZERO);
277 /* -16 is so we can convert a trapframe into vm86trapframe inplace */
278 ext->ext_tss.tss_esp0 = (vm_offset_t)td->td_pcb - 16;
279 ext->ext_tss.tss_ss0 = GSEL(GDATA_SEL, SEL_KPL);
280 /*
281 * The last byte of the i/o map must be followed by an 0xff byte.
282 * We arbitrarily allocate 16 bytes here, to keep the starting
283 * address on a doubleword boundary.
284 */
285 offset = PAGE_SIZE - 16;
286 ext->ext_tss.tss_ioopt =
287 (offset - ((unsigned)&ext->ext_tss - (unsigned)ext)) << 16;
288 ext->ext_iomap = (caddr_t)ext + offset;
289 ext->ext_vm86.vm86_intmap = (caddr_t)ext + offset - 32;
290
291 addr = (u_long *)ext->ext_vm86.vm86_intmap;
292 for (i = 0; i < (ctob(IOPAGES) + 32 + 16) / sizeof(u_long); i++)
293 *addr++ = ~0;
294
295 ssd.ssd_base = (unsigned)&ext->ext_tss;
296 ssd.ssd_limit -= ((unsigned)&ext->ext_tss - (unsigned)ext);
297 ssdtosd(&ssd, &ext->ext_tssd);
298
299 KASSERT(td == curthread, ("giving TSS to !curthread"));
300 KASSERT(td->td_pcb->pcb_ext == 0, ("already have a TSS!"));
301
302 /* Switch to the new TSS. */
303 critical_enter();
304 td->td_pcb->pcb_ext = ext;
305 PCPU_SET(private_tss, 1);
306 *PCPU_GET(tss_gdt) = ext->ext_tssd;
307 ltr(GSEL(GPROC0_SEL, SEL_KPL));
308 critical_exit();
309
310 return 0;
311 }
312
313 int
314 i386_set_ioperm(td, uap)
315 struct thread *td;
316 struct i386_ioperm_args *uap;
317 {
318 char *iomap;
319 u_int i;
320 int error;
321
322 if ((error = priv_check(td, PRIV_IO)) != 0)
323 return (error);
324 if ((error = securelevel_gt(td->td_ucred, 0)) != 0)
325 return (error);
326 /*
327 * XXX
328 * While this is restricted to root, we should probably figure out
329 * whether any other driver is using this i/o address, as so not to
330 * cause confusion. This probably requires a global 'usage registry'.
331 */
332
333 if (td->td_pcb->pcb_ext == 0)
334 if ((error = i386_extend_pcb(td)) != 0)
335 return (error);
336 iomap = (char *)td->td_pcb->pcb_ext->ext_iomap;
337
338 if (uap->start > uap->start + uap->length ||
339 uap->start + uap->length > IOPAGES * PAGE_SIZE * NBBY)
340 return (EINVAL);
341
342 for (i = uap->start; i < uap->start + uap->length; i++) {
343 if (uap->enable)
344 iomap[i >> 3] &= ~(1 << (i & 7));
345 else
346 iomap[i >> 3] |= (1 << (i & 7));
347 }
348 return (error);
349 }
350
351 int
352 i386_get_ioperm(td, uap)
353 struct thread *td;
354 struct i386_ioperm_args *uap;
355 {
356 int i, state;
357 char *iomap;
358
359 if (uap->start >= IOPAGES * PAGE_SIZE * NBBY)
360 return (EINVAL);
361
362 if (td->td_pcb->pcb_ext == 0) {
363 uap->length = 0;
364 goto done;
365 }
366
367 iomap = (char *)td->td_pcb->pcb_ext->ext_iomap;
368
369 i = uap->start;
370 state = (iomap[i >> 3] >> (i & 7)) & 1;
371 uap->enable = !state;
372 uap->length = 1;
373
374 for (i = uap->start + 1; i < IOPAGES * PAGE_SIZE * NBBY; i++) {
375 if (state != ((iomap[i >> 3] >> (i & 7)) & 1))
376 break;
377 uap->length++;
378 }
379
380 done:
381 return (0);
382 }
383
384 /*
385 * Update the GDT entry pointing to the LDT to point to the LDT of the
386 * current process. Manage dt_lock holding/unholding autonomously.
387 */
388 void
389 set_user_ldt(struct mdproc *mdp)
390 {
391 struct proc_ldt *pldt;
392 int dtlocked;
393
394 dtlocked = 0;
395 if (!mtx_owned(&dt_lock)) {
396 mtx_lock_spin(&dt_lock);
397 dtlocked = 1;
398 }
399
400 pldt = mdp->md_ldt;
401 #ifdef SMP
402 gdt[PCPU_GET(cpuid) * NGDT + GUSERLDT_SEL].sd = pldt->ldt_sd;
403 #else
404 gdt[GUSERLDT_SEL].sd = pldt->ldt_sd;
405 #endif
406 lldt(GSEL(GUSERLDT_SEL, SEL_KPL));
407 PCPU_SET(currentldt, GSEL(GUSERLDT_SEL, SEL_KPL));
408 if (dtlocked)
409 mtx_unlock_spin(&dt_lock);
410 }
411
412 #ifdef SMP
413 static void
414 set_user_ldt_rv(struct vmspace *vmsp)
415 {
416 struct thread *td;
417
418 td = curthread;
419 if (vmsp != td->td_proc->p_vmspace)
420 return;
421
422 set_user_ldt(&td->td_proc->p_md);
423 }
424 #endif
425
426 /*
427 * dt_lock must be held. Returns with dt_lock held.
428 */
429 struct proc_ldt *
430 user_ldt_alloc(struct mdproc *mdp, int len)
431 {
432 struct proc_ldt *pldt, *new_ldt;
433
434 mtx_assert(&dt_lock, MA_OWNED);
435 mtx_unlock_spin(&dt_lock);
436 new_ldt = malloc(sizeof(struct proc_ldt),
437 M_SUBPROC, M_WAITOK);
438
439 new_ldt->ldt_len = len = NEW_MAX_LD(len);
440 new_ldt->ldt_base = (caddr_t)kmem_malloc(kernel_arena,
441 len * sizeof(union descriptor), M_WAITOK);
442 new_ldt->ldt_refcnt = 1;
443 new_ldt->ldt_active = 0;
444
445 mtx_lock_spin(&dt_lock);
446 gdt_segs[GUSERLDT_SEL].ssd_base = (unsigned)new_ldt->ldt_base;
447 gdt_segs[GUSERLDT_SEL].ssd_limit = len * sizeof(union descriptor) - 1;
448 ssdtosd(&gdt_segs[GUSERLDT_SEL], &new_ldt->ldt_sd);
449
450 if ((pldt = mdp->md_ldt) != NULL) {
451 if (len > pldt->ldt_len)
452 len = pldt->ldt_len;
453 bcopy(pldt->ldt_base, new_ldt->ldt_base,
454 len * sizeof(union descriptor));
455 } else
456 bcopy(ldt, new_ldt->ldt_base, sizeof(ldt));
457
458 return (new_ldt);
459 }
460
461 /*
462 * Must be called with dt_lock held. Returns with dt_lock unheld.
463 */
464 void
465 user_ldt_free(struct thread *td)
466 {
467 struct mdproc *mdp = &td->td_proc->p_md;
468 struct proc_ldt *pldt;
469
470 mtx_assert(&dt_lock, MA_OWNED);
471 if ((pldt = mdp->md_ldt) == NULL) {
472 mtx_unlock_spin(&dt_lock);
473 return;
474 }
475
476 if (td == curthread) {
477 lldt(_default_ldt);
478 PCPU_SET(currentldt, _default_ldt);
479 }
480
481 mdp->md_ldt = NULL;
482 user_ldt_deref(pldt);
483 }
484
485 void
486 user_ldt_deref(struct proc_ldt *pldt)
487 {
488
489 mtx_assert(&dt_lock, MA_OWNED);
490 if (--pldt->ldt_refcnt == 0) {
491 mtx_unlock_spin(&dt_lock);
492 kmem_free(kernel_arena, (vm_offset_t)pldt->ldt_base,
493 pldt->ldt_len * sizeof(union descriptor));
494 free(pldt, M_SUBPROC);
495 } else
496 mtx_unlock_spin(&dt_lock);
497 }
498
499 /*
500 * Note for the authors of compat layers (linux, etc): copyout() in
501 * the function below is not a problem since it presents data in
502 * arch-specific format (i.e. i386-specific in this case), not in
503 * the OS-specific one.
504 */
505 int
506 i386_get_ldt(td, uap)
507 struct thread *td;
508 struct i386_ldt_args *uap;
509 {
510 int error = 0;
511 struct proc_ldt *pldt;
512 int nldt, num;
513 union descriptor *lp;
514
515 #ifdef DEBUG
516 printf("i386_get_ldt: start=%d num=%d descs=%p\n",
517 uap->start, uap->num, (void *)uap->descs);
518 #endif
519
520 mtx_lock_spin(&dt_lock);
521 if ((pldt = td->td_proc->p_md.md_ldt) != NULL) {
522 nldt = pldt->ldt_len;
523 lp = &((union descriptor *)(pldt->ldt_base))[uap->start];
524 mtx_unlock_spin(&dt_lock);
525 num = min(uap->num, nldt);
526 } else {
527 mtx_unlock_spin(&dt_lock);
528 nldt = sizeof(ldt)/sizeof(ldt[0]);
529 num = min(uap->num, nldt);
530 lp = &ldt[uap->start];
531 }
532
533 if ((uap->start > (unsigned int)nldt) ||
534 ((unsigned int)num > (unsigned int)nldt) ||
535 ((unsigned int)(uap->start + num) > (unsigned int)nldt))
536 return(EINVAL);
537
538 error = copyout(lp, uap->descs, num * sizeof(union descriptor));
539 if (!error)
540 td->td_retval[0] = num;
541
542 return(error);
543 }
544
545 int
546 i386_set_ldt(td, uap, descs)
547 struct thread *td;
548 struct i386_ldt_args *uap;
549 union descriptor *descs;
550 {
551 int error = 0, i;
552 int largest_ld;
553 struct mdproc *mdp = &td->td_proc->p_md;
554 struct proc_ldt *pldt;
555 union descriptor *dp;
556
557 #ifdef DEBUG
558 printf("i386_set_ldt: start=%d num=%d descs=%p\n",
559 uap->start, uap->num, (void *)uap->descs);
560 #endif
561
562 if (descs == NULL) {
563 /* Free descriptors */
564 if (uap->start == 0 && uap->num == 0) {
565 /*
566 * Treat this as a special case, so userland needn't
567 * know magic number NLDT.
568 */
569 uap->start = NLDT;
570 uap->num = MAX_LD - NLDT;
571 }
572 if (uap->num == 0)
573 return (EINVAL);
574 mtx_lock_spin(&dt_lock);
575 if ((pldt = mdp->md_ldt) == NULL ||
576 uap->start >= pldt->ldt_len) {
577 mtx_unlock_spin(&dt_lock);
578 return (0);
579 }
580 largest_ld = uap->start + uap->num;
581 if (largest_ld > pldt->ldt_len)
582 largest_ld = pldt->ldt_len;
583 i = largest_ld - uap->start;
584 bzero(&((union descriptor *)(pldt->ldt_base))[uap->start],
585 sizeof(union descriptor) * i);
586 mtx_unlock_spin(&dt_lock);
587 return (0);
588 }
589
590 if (!(uap->start == LDT_AUTO_ALLOC && uap->num == 1)) {
591 /* verify range of descriptors to modify */
592 largest_ld = uap->start + uap->num;
593 if (uap->start >= MAX_LD || largest_ld > MAX_LD) {
594 return (EINVAL);
595 }
596 }
597
598 /* Check descriptors for access violations */
599 for (i = 0; i < uap->num; i++) {
600 dp = &descs[i];
601
602 switch (dp->sd.sd_type) {
603 case SDT_SYSNULL: /* system null */
604 dp->sd.sd_p = 0;
605 break;
606 case SDT_SYS286TSS: /* system 286 TSS available */
607 case SDT_SYSLDT: /* system local descriptor table */
608 case SDT_SYS286BSY: /* system 286 TSS busy */
609 case SDT_SYSTASKGT: /* system task gate */
610 case SDT_SYS286IGT: /* system 286 interrupt gate */
611 case SDT_SYS286TGT: /* system 286 trap gate */
612 case SDT_SYSNULL2: /* undefined by Intel */
613 case SDT_SYS386TSS: /* system 386 TSS available */
614 case SDT_SYSNULL3: /* undefined by Intel */
615 case SDT_SYS386BSY: /* system 386 TSS busy */
616 case SDT_SYSNULL4: /* undefined by Intel */
617 case SDT_SYS386IGT: /* system 386 interrupt gate */
618 case SDT_SYS386TGT: /* system 386 trap gate */
619 case SDT_SYS286CGT: /* system 286 call gate */
620 case SDT_SYS386CGT: /* system 386 call gate */
621 /* I can't think of any reason to allow a user proc
622 * to create a segment of these types. They are
623 * for OS use only.
624 */
625 return (EACCES);
626 /*NOTREACHED*/
627
628 /* memory segment types */
629 case SDT_MEMEC: /* memory execute only conforming */
630 case SDT_MEMEAC: /* memory execute only accessed conforming */
631 case SDT_MEMERC: /* memory execute read conforming */
632 case SDT_MEMERAC: /* memory execute read accessed conforming */
633 /* Must be "present" if executable and conforming. */
634 if (dp->sd.sd_p == 0)
635 return (EACCES);
636 break;
637 case SDT_MEMRO: /* memory read only */
638 case SDT_MEMROA: /* memory read only accessed */
639 case SDT_MEMRW: /* memory read write */
640 case SDT_MEMRWA: /* memory read write accessed */
641 case SDT_MEMROD: /* memory read only expand dwn limit */
642 case SDT_MEMRODA: /* memory read only expand dwn lim accessed */
643 case SDT_MEMRWD: /* memory read write expand dwn limit */
644 case SDT_MEMRWDA: /* memory read write expand dwn lim acessed */
645 case SDT_MEME: /* memory execute only */
646 case SDT_MEMEA: /* memory execute only accessed */
647 case SDT_MEMER: /* memory execute read */
648 case SDT_MEMERA: /* memory execute read accessed */
649 break;
650 default:
651 return(EINVAL);
652 /*NOTREACHED*/
653 }
654
655 /* Only user (ring-3) descriptors may be present. */
656 if ((dp->sd.sd_p != 0) && (dp->sd.sd_dpl != SEL_UPL))
657 return (EACCES);
658 }
659
660 if (uap->start == LDT_AUTO_ALLOC && uap->num == 1) {
661 /* Allocate a free slot */
662 mtx_lock_spin(&dt_lock);
663 if ((pldt = mdp->md_ldt) == NULL) {
664 if ((error = i386_ldt_grow(td, NLDT + 1))) {
665 mtx_unlock_spin(&dt_lock);
666 return (error);
667 }
668 pldt = mdp->md_ldt;
669 }
670 again:
671 /*
672 * start scanning a bit up to leave room for NVidia and
673 * Wine, which still user the "Blat" method of allocation.
674 */
675 dp = &((union descriptor *)(pldt->ldt_base))[NLDT];
676 for (i = NLDT; i < pldt->ldt_len; ++i) {
677 if (dp->sd.sd_type == SDT_SYSNULL)
678 break;
679 dp++;
680 }
681 if (i >= pldt->ldt_len) {
682 if ((error = i386_ldt_grow(td, pldt->ldt_len+1))) {
683 mtx_unlock_spin(&dt_lock);
684 return (error);
685 }
686 goto again;
687 }
688 uap->start = i;
689 error = i386_set_ldt_data(td, i, 1, descs);
690 mtx_unlock_spin(&dt_lock);
691 } else {
692 largest_ld = uap->start + uap->num;
693 mtx_lock_spin(&dt_lock);
694 if (!(error = i386_ldt_grow(td, largest_ld))) {
695 error = i386_set_ldt_data(td, uap->start, uap->num,
696 descs);
697 }
698 mtx_unlock_spin(&dt_lock);
699 }
700 if (error == 0)
701 td->td_retval[0] = uap->start;
702 return (error);
703 }
704
705 static int
706 i386_set_ldt_data(struct thread *td, int start, int num,
707 union descriptor *descs)
708 {
709 struct mdproc *mdp = &td->td_proc->p_md;
710 struct proc_ldt *pldt = mdp->md_ldt;
711
712 mtx_assert(&dt_lock, MA_OWNED);
713
714 /* Fill in range */
715 bcopy(descs,
716 &((union descriptor *)(pldt->ldt_base))[start],
717 num * sizeof(union descriptor));
718 return (0);
719 }
720
721 static int
722 i386_ldt_grow(struct thread *td, int len)
723 {
724 struct mdproc *mdp = &td->td_proc->p_md;
725 struct proc_ldt *new_ldt, *pldt;
726 caddr_t old_ldt_base = NULL_LDT_BASE;
727 int old_ldt_len = 0;
728
729 mtx_assert(&dt_lock, MA_OWNED);
730
731 if (len > MAX_LD)
732 return (ENOMEM);
733 if (len < NLDT + 1)
734 len = NLDT + 1;
735
736 /* Allocate a user ldt. */
737 if ((pldt = mdp->md_ldt) == NULL || len > pldt->ldt_len) {
738 new_ldt = user_ldt_alloc(mdp, len);
739 if (new_ldt == NULL)
740 return (ENOMEM);
741 pldt = mdp->md_ldt;
742
743 if (pldt != NULL) {
744 if (new_ldt->ldt_len <= pldt->ldt_len) {
745 /*
746 * We just lost the race for allocation, so
747 * free the new object and return.
748 */
749 mtx_unlock_spin(&dt_lock);
750 kmem_free(kernel_arena,
751 (vm_offset_t)new_ldt->ldt_base,
752 new_ldt->ldt_len * sizeof(union descriptor));
753 free(new_ldt, M_SUBPROC);
754 mtx_lock_spin(&dt_lock);
755 return (0);
756 }
757
758 /*
759 * We have to substitute the current LDT entry for
760 * curproc with the new one since its size grew.
761 */
762 old_ldt_base = pldt->ldt_base;
763 old_ldt_len = pldt->ldt_len;
764 pldt->ldt_sd = new_ldt->ldt_sd;
765 pldt->ldt_base = new_ldt->ldt_base;
766 pldt->ldt_len = new_ldt->ldt_len;
767 } else
768 mdp->md_ldt = pldt = new_ldt;
769 #ifdef SMP
770 /*
771 * Signal other cpus to reload ldt. We need to unlock dt_lock
772 * here because other CPU will contest on it since their
773 * curthreads won't hold the lock and will block when trying
774 * to acquire it.
775 */
776 mtx_unlock_spin(&dt_lock);
777 smp_rendezvous(NULL, (void (*)(void *))set_user_ldt_rv,
778 NULL, td->td_proc->p_vmspace);
779 #else
780 set_user_ldt(&td->td_proc->p_md);
781 mtx_unlock_spin(&dt_lock);
782 #endif
783 if (old_ldt_base != NULL_LDT_BASE) {
784 kmem_free(kernel_arena, (vm_offset_t)old_ldt_base,
785 old_ldt_len * sizeof(union descriptor));
786 free(new_ldt, M_SUBPROC);
787 }
788 mtx_lock_spin(&dt_lock);
789 }
790 return (0);
791 }
FreeBSD src