1/*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2003 Peter Wemm 5 * Copyright (c) 1982, 1987, 1990 The Regents of the University of California. 6 * All rights reserved. 7 * 8 * This code is derived from software contributed to Berkeley by 9 * William Jolitz. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. Neither the name of the University nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36#include <sys/cdefs.h> 37__FBSDID("$FreeBSD$"); 38 39#include <sys/param.h> 40#include <sys/exec.h> 41#include <sys/fcntl.h> 42#include <sys/imgact.h> 43#include <sys/kernel.h> 44#include <sys/lock.h> 45#include <sys/malloc.h> 46#include <sys/mutex.h> 47#include <sys/mman.h> 48#include <sys/namei.h> 49#include <sys/pioctl.h> 50#include <sys/proc.h> 51#include <sys/procfs.h> 52#include <sys/resourcevar.h> 53#include <sys/systm.h> 54#include <sys/signalvar.h> 55#include <sys/stat.h> 56#include <sys/sx.h> 57#include <sys/syscall.h> 58#include <sys/syscallsubr.h> 59#include <sys/sysctl.h> 60#include <sys/sysent.h> 61#include <sys/vnode.h> 62 63#include <vm/vm.h> 64#include <vm/vm_kern.h> 65#include <vm/vm_param.h> 66#include <vm/pmap.h> 67#include <vm/vm_map.h> 68#include <vm/vm_object.h> 69#include <vm/vm_extern.h> 70 71#include <compat/freebsd32/freebsd32_signal.h> 72#include <compat/freebsd32/freebsd32_util.h> 73#include <compat/freebsd32/freebsd32_proto.h> 74#include <compat/freebsd32/freebsd32.h> 75#include <compat/ia32/ia32_signal.h> 76#include <machine/psl.h> 77#include <machine/segments.h> 78#include <machine/specialreg.h> 79#include <machine/frame.h> 80#include <machine/md_var.h> 81#include <machine/pcb.h> 82#include <machine/cpufunc.h> 83#include <machine/trap.h> 84 85#ifdef COMPAT_FREEBSD4 86static void freebsd4_ia32_sendsig(sig_t, ksiginfo_t *, sigset_t *); 87#endif 88 89#define CS_SECURE(cs) (ISPL(cs) == SEL_UPL) 90#define EFL_SECURE(ef, oef) ((((ef) ^ (oef)) & ~PSL_USERCHANGE) == 0) 91 92static void 93ia32_get_fpcontext(struct thread *td, struct ia32_mcontext *mcp, 94 char *xfpusave, size_t xfpusave_len) 95{ 96 size_t max_len, len; 97 98 /* 99 * XXX Format of 64bit and 32bit FXSAVE areas differs. FXSAVE 100 * in 32bit mode saves %cs and %ds, while on 64bit it saves 101 * 64bit instruction and data pointers. Ignore the difference 102 * for now, it should be irrelevant for most applications. 103 */ 104 mcp->mc_ownedfp = fpugetregs(td); 105 bcopy(get_pcb_user_save_td(td), &mcp->mc_fpstate[0], 106 sizeof(mcp->mc_fpstate)); 107 mcp->mc_fpformat = fpuformat(); 108 if (!use_xsave || xfpusave_len == 0) 109 return; 110 max_len = cpu_max_ext_state_size - sizeof(struct savefpu); 111 len = xfpusave_len; 112 if (len > max_len) { 113 len = max_len; 114 bzero(xfpusave + max_len, len - max_len); 115 } 116 mcp->mc_flags |= _MC_IA32_HASFPXSTATE; 117 mcp->mc_xfpustate_len = len; 118 bcopy(get_pcb_user_save_td(td) + 1, xfpusave, len); 119} 120 121static int 122ia32_set_fpcontext(struct thread *td, struct ia32_mcontext *mcp, 123 char *xfpustate, size_t xfpustate_len) 124{ 125 int error; 126 127 if (mcp->mc_fpformat == _MC_FPFMT_NODEV) 128 return (0); 129 else if (mcp->mc_fpformat != _MC_FPFMT_XMM) 130 return (EINVAL); 131 else if (mcp->mc_ownedfp == _MC_FPOWNED_NONE) { 132 /* We don't care what state is left in the FPU or PCB. */ 133 fpstate_drop(td); 134 error = 0; 135 } else if (mcp->mc_ownedfp == _MC_FPOWNED_FPU || 136 mcp->mc_ownedfp == _MC_FPOWNED_PCB) { 137 error = fpusetregs(td, (struct savefpu *)&mcp->mc_fpstate, 138 xfpustate, xfpustate_len); 139 } else 140 return (EINVAL); 141 return (error); 142} 143 144/* 145 * Get machine context. 146 */ 147static int 148ia32_get_mcontext(struct thread *td, struct ia32_mcontext *mcp, int flags) 149{ 150 struct pcb *pcb; 151 struct trapframe *tp; 152 153 pcb = td->td_pcb; 154 tp = td->td_frame; 155 156 PROC_LOCK(curthread->td_proc); 157 mcp->mc_onstack = sigonstack(tp->tf_rsp); 158 PROC_UNLOCK(curthread->td_proc); 159 /* Entry into kernel always sets TF_HASSEGS */ 160 mcp->mc_gs = tp->tf_gs; 161 mcp->mc_fs = tp->tf_fs; 162 mcp->mc_es = tp->tf_es; 163 mcp->mc_ds = tp->tf_ds; 164 mcp->mc_edi = tp->tf_rdi; 165 mcp->mc_esi = tp->tf_rsi; 166 mcp->mc_ebp = tp->tf_rbp; 167 mcp->mc_isp = tp->tf_rsp; 168 mcp->mc_eflags = tp->tf_rflags; 169 if (flags & GET_MC_CLEAR_RET) { 170 mcp->mc_eax = 0; 171 mcp->mc_edx = 0; 172 mcp->mc_eflags &= ~PSL_C; 173 } else { 174 mcp->mc_eax = tp->tf_rax; 175 mcp->mc_edx = tp->tf_rdx; 176 } 177 mcp->mc_ebx = tp->tf_rbx; 178 mcp->mc_ecx = tp->tf_rcx; 179 mcp->mc_eip = tp->tf_rip; 180 mcp->mc_cs = tp->tf_cs; 181 mcp->mc_esp = tp->tf_rsp; 182 mcp->mc_ss = tp->tf_ss; 183 mcp->mc_len = sizeof(*mcp); 184 mcp->mc_flags = tp->tf_flags; 185 ia32_get_fpcontext(td, mcp, NULL, 0); 186 mcp->mc_fsbase = pcb->pcb_fsbase; 187 mcp->mc_gsbase = pcb->pcb_gsbase; 188 mcp->mc_xfpustate = 0; 189 mcp->mc_xfpustate_len = 0; 190 bzero(mcp->mc_spare2, sizeof(mcp->mc_spare2)); 191 return (0); 192} 193 194/* 195 * Set machine context. 196 * 197 * However, we don't set any but the user modifiable flags, and we won't 198 * touch the cs selector. 199 */ 200static int 201ia32_set_mcontext(struct thread *td, struct ia32_mcontext *mcp) 202{ 203 struct trapframe *tp; 204 char *xfpustate; 205 long rflags; 206 int ret; 207 208 tp = td->td_frame; 209 if (mcp->mc_len != sizeof(*mcp)) 210 return (EINVAL); 211 rflags = (mcp->mc_eflags & PSL_USERCHANGE) | 212 (tp->tf_rflags & ~PSL_USERCHANGE); 213 if (mcp->mc_flags & _MC_IA32_HASFPXSTATE) { 214 if (mcp->mc_xfpustate_len > cpu_max_ext_state_size - 215 sizeof(struct savefpu)) 216 return (EINVAL); 217 xfpustate = __builtin_alloca(mcp->mc_xfpustate_len); 218 ret = copyin(PTRIN(mcp->mc_xfpustate), xfpustate, 219 mcp->mc_xfpustate_len); 220 if (ret != 0) 221 return (ret); 222 } else 223 xfpustate = NULL; 224 ret = ia32_set_fpcontext(td, mcp, xfpustate, mcp->mc_xfpustate_len); 225 if (ret != 0) 226 return (ret); 227 tp->tf_gs = mcp->mc_gs; 228 tp->tf_fs = mcp->mc_fs; 229 tp->tf_es = mcp->mc_es; 230 tp->tf_ds = mcp->mc_ds; 231 tp->tf_flags = TF_HASSEGS; 232 tp->tf_rdi = mcp->mc_edi; 233 tp->tf_rsi = mcp->mc_esi; 234 tp->tf_rbp = mcp->mc_ebp; 235 tp->tf_rbx = mcp->mc_ebx; 236 tp->tf_rdx = mcp->mc_edx; 237 tp->tf_rcx = mcp->mc_ecx; 238 tp->tf_rax = mcp->mc_eax; 239 /* trapno, err */ 240 tp->tf_rip = mcp->mc_eip; 241 tp->tf_rflags = rflags; 242 tp->tf_rsp = mcp->mc_esp; 243 tp->tf_ss = mcp->mc_ss; 244 set_pcb_flags(td->td_pcb, PCB_FULL_IRET); 245 return (0); 246} 247 248/* 249 * The first two fields of a ucontext_t are the signal mask and 250 * the machine context. The next field is uc_link; we want to 251 * avoid destroying the link when copying out contexts. 252 */ 253#define UC_COPY_SIZE offsetof(struct ia32_ucontext, uc_link) 254 255int 256freebsd32_getcontext(struct thread *td, struct freebsd32_getcontext_args *uap) 257{ 258 struct ia32_ucontext uc; 259 int ret; 260 261 if (uap->ucp == NULL) 262 ret = EINVAL; 263 else { 264 bzero(&uc, sizeof(uc)); 265 ia32_get_mcontext(td, &uc.uc_mcontext, GET_MC_CLEAR_RET); 266 PROC_LOCK(td->td_proc); 267 uc.uc_sigmask = td->td_sigmask; 268 PROC_UNLOCK(td->td_proc); 269 bzero(&uc.__spare__, sizeof(uc.__spare__)); 270 ret = copyout(&uc, uap->ucp, UC_COPY_SIZE); 271 } 272 return (ret); 273} 274 275int 276freebsd32_setcontext(struct thread *td, struct freebsd32_setcontext_args *uap) 277{ 278 struct ia32_ucontext uc; 279 int ret; 280 281 if (uap->ucp == NULL) 282 ret = EINVAL; 283 else { 284 ret = copyin(uap->ucp, &uc, UC_COPY_SIZE); 285 if (ret == 0) { 286 ret = ia32_set_mcontext(td, &uc.uc_mcontext); 287 if (ret == 0) { 288 kern_sigprocmask(td, SIG_SETMASK, 289 &uc.uc_sigmask, NULL, 0); 290 } 291 } 292 } 293 return (ret == 0 ? EJUSTRETURN : ret); 294} 295 296int 297freebsd32_swapcontext(struct thread *td, struct freebsd32_swapcontext_args *uap) 298{ 299 struct ia32_ucontext uc; 300 int ret; 301 302 if (uap->oucp == NULL || uap->ucp == NULL) 303 ret = EINVAL; 304 else { 305 bzero(&uc, sizeof(uc)); 306 ia32_get_mcontext(td, &uc.uc_mcontext, GET_MC_CLEAR_RET); 307 PROC_LOCK(td->td_proc); 308 uc.uc_sigmask = td->td_sigmask; 309 PROC_UNLOCK(td->td_proc); 310 ret = copyout(&uc, uap->oucp, UC_COPY_SIZE); 311 if (ret == 0) { 312 ret = copyin(uap->ucp, &uc, UC_COPY_SIZE); 313 if (ret == 0) { 314 ret = ia32_set_mcontext(td, &uc.uc_mcontext); 315 if (ret == 0) { 316 kern_sigprocmask(td, SIG_SETMASK, 317 &uc.uc_sigmask, NULL, 0); 318 } 319 } 320 } 321 } 322 return (ret == 0 ? EJUSTRETURN : ret); 323} 324 325/* 326 * Send an interrupt to process. 327 * 328 * Stack is set up to allow sigcode stored 329 * at top to call routine, followed by kcall 330 * to sigreturn routine below. After sigreturn 331 * resets the signal mask, the stack, and the 332 * frame pointer, it returns to the user 333 * specified pc, psl. 334 */ 335 336#ifdef COMPAT_43 337static void 338ia32_osendsig(sig_t catcher, ksiginfo_t *ksi, sigset_t *mask) 339{ 340 struct ia32_sigframe3 sf, *fp; 341 struct proc *p; 342 struct thread *td; 343 struct sigacts *psp; 344 struct trapframe *regs; 345 int sig; 346 int oonstack; 347 348 td = curthread; 349 p = td->td_proc; 350 PROC_LOCK_ASSERT(p, MA_OWNED); 351 sig = ksi->ksi_signo; 352 psp = p->p_sigacts; 353 mtx_assert(&psp->ps_mtx, MA_OWNED); 354 regs = td->td_frame; 355 oonstack = sigonstack(regs->tf_rsp); 356 357 /* Allocate space for the signal handler context. */ 358 if ((td->td_pflags & TDP_ALTSTACK) && !oonstack && 359 SIGISMEMBER(psp->ps_sigonstack, sig)) { 360 fp = (struct ia32_sigframe3 *)((uintptr_t)td->td_sigstk.ss_sp + 361 td->td_sigstk.ss_size - sizeof(sf)); 362 td->td_sigstk.ss_flags |= SS_ONSTACK; 363 } else 364 fp = (struct ia32_sigframe3 *)regs->tf_rsp - 1; 365 366 /* Build the argument list for the signal handler. */ 367 sf.sf_signum = sig; 368 sf.sf_scp = (register_t)&fp->sf_siginfo.si_sc; 369 bzero(&sf.sf_siginfo, sizeof(sf.sf_siginfo)); 370 if (SIGISMEMBER(psp->ps_siginfo, sig)) { 371 /* Signal handler installed with SA_SIGINFO. */ 372 sf.sf_arg2 = (register_t)&fp->sf_siginfo; 373 sf.sf_siginfo.si_signo = sig; 374 sf.sf_siginfo.si_code = ksi->ksi_code; 375 sf.sf_ah = (uintptr_t)catcher; 376 sf.sf_addr = 0; 377 } else { 378 /* Old FreeBSD-style arguments. */ 379 sf.sf_arg2 = ksi->ksi_code; 380 sf.sf_addr = (register_t)ksi->ksi_addr; 381 sf.sf_ah = (uintptr_t)catcher; 382 } 383 mtx_unlock(&psp->ps_mtx); 384 PROC_UNLOCK(p); 385 386 /* Save most if not all of trap frame. */ 387 sf.sf_siginfo.si_sc.sc_eax = regs->tf_rax; 388 sf.sf_siginfo.si_sc.sc_ebx = regs->tf_rbx; 389 sf.sf_siginfo.si_sc.sc_ecx = regs->tf_rcx; 390 sf.sf_siginfo.si_sc.sc_edx = regs->tf_rdx; 391 sf.sf_siginfo.si_sc.sc_esi = regs->tf_rsi; 392 sf.sf_siginfo.si_sc.sc_edi = regs->tf_rdi; 393 sf.sf_siginfo.si_sc.sc_cs = regs->tf_cs; 394 sf.sf_siginfo.si_sc.sc_ds = regs->tf_ds; 395 sf.sf_siginfo.si_sc.sc_ss = regs->tf_ss; 396 sf.sf_siginfo.si_sc.sc_es = regs->tf_es; 397 sf.sf_siginfo.si_sc.sc_fs = regs->tf_fs; 398 sf.sf_siginfo.si_sc.sc_gs = regs->tf_gs; 399 sf.sf_siginfo.si_sc.sc_isp = regs->tf_rsp; 400 401 /* Build the signal context to be used by osigreturn(). */ 402 sf.sf_siginfo.si_sc.sc_onstack = (oonstack) ? 1 : 0; 403 SIG2OSIG(*mask, sf.sf_siginfo.si_sc.sc_mask); 404 sf.sf_siginfo.si_sc.sc_esp = regs->tf_rsp; 405 sf.sf_siginfo.si_sc.sc_ebp = regs->tf_rbp; 406 sf.sf_siginfo.si_sc.sc_eip = regs->tf_rip; 407 sf.sf_siginfo.si_sc.sc_eflags = regs->tf_rflags; 408 sf.sf_siginfo.si_sc.sc_trapno = regs->tf_trapno; 409 sf.sf_siginfo.si_sc.sc_err = regs->tf_err; 410 411 /* 412 * Copy the sigframe out to the user's stack. 413 */ 414 if (copyout(&sf, fp, sizeof(*fp)) != 0) { 415#ifdef DEBUG 416 printf("process %ld has trashed its stack\n", (long)p->p_pid); 417#endif 418 PROC_LOCK(p); 419 sigexit(td, SIGILL); 420 } 421 422 regs->tf_rsp = (uintptr_t)fp; 423 regs->tf_rip = p->p_sysent->sv_psstrings - sz_ia32_osigcode; 424 regs->tf_rflags &= ~(PSL_T | PSL_D); 425 regs->tf_cs = _ucode32sel; 426 regs->tf_ds = _udatasel; 427 regs->tf_es = _udatasel; 428 regs->tf_fs = _udatasel; 429 regs->tf_ss = _udatasel; 430 set_pcb_flags(td->td_pcb, PCB_FULL_IRET); 431 PROC_LOCK(p); 432 mtx_lock(&psp->ps_mtx); 433} 434#endif 435 436#ifdef COMPAT_FREEBSD4 437static void 438freebsd4_ia32_sendsig(sig_t catcher, ksiginfo_t *ksi, sigset_t *mask) 439{ 440 struct ia32_sigframe4 sf, *sfp; 441 struct siginfo32 siginfo; 442 struct proc *p; 443 struct thread *td; 444 struct sigacts *psp; 445 struct trapframe *regs; 446 int oonstack; 447 int sig; 448 449 td = curthread; 450 p = td->td_proc; 451 siginfo_to_siginfo32(&ksi->ksi_info, &siginfo); 452 453 PROC_LOCK_ASSERT(p, MA_OWNED); 454 sig = siginfo.si_signo; 455 psp = p->p_sigacts; 456 mtx_assert(&psp->ps_mtx, MA_OWNED); 457 regs = td->td_frame; 458 oonstack = sigonstack(regs->tf_rsp); 459 460 /* Save user context. */ 461 bzero(&sf, sizeof(sf)); 462 sf.sf_uc.uc_sigmask = *mask; 463 sf.sf_uc.uc_stack.ss_sp = (uintptr_t)td->td_sigstk.ss_sp; 464 sf.sf_uc.uc_stack.ss_size = td->td_sigstk.ss_size; 465 sf.sf_uc.uc_stack.ss_flags = (td->td_pflags & TDP_ALTSTACK) 466 ? ((oonstack) ? SS_ONSTACK : 0) : SS_DISABLE; 467 sf.sf_uc.uc_mcontext.mc_onstack = (oonstack) ? 1 : 0; 468 sf.sf_uc.uc_mcontext.mc_edi = regs->tf_rdi; 469 sf.sf_uc.uc_mcontext.mc_esi = regs->tf_rsi; 470 sf.sf_uc.uc_mcontext.mc_ebp = regs->tf_rbp; 471 sf.sf_uc.uc_mcontext.mc_isp = regs->tf_rsp; /* XXX */ 472 sf.sf_uc.uc_mcontext.mc_ebx = regs->tf_rbx; 473 sf.sf_uc.uc_mcontext.mc_edx = regs->tf_rdx; 474 sf.sf_uc.uc_mcontext.mc_ecx = regs->tf_rcx; 475 sf.sf_uc.uc_mcontext.mc_eax = regs->tf_rax; 476 sf.sf_uc.uc_mcontext.mc_trapno = regs->tf_trapno; 477 sf.sf_uc.uc_mcontext.mc_err = regs->tf_err; 478 sf.sf_uc.uc_mcontext.mc_eip = regs->tf_rip; 479 sf.sf_uc.uc_mcontext.mc_cs = regs->tf_cs; 480 sf.sf_uc.uc_mcontext.mc_eflags = regs->tf_rflags; 481 sf.sf_uc.uc_mcontext.mc_esp = regs->tf_rsp; 482 sf.sf_uc.uc_mcontext.mc_ss = regs->tf_ss; 483 sf.sf_uc.uc_mcontext.mc_ds = regs->tf_ds; 484 sf.sf_uc.uc_mcontext.mc_es = regs->tf_es; 485 sf.sf_uc.uc_mcontext.mc_fs = regs->tf_fs; 486 sf.sf_uc.uc_mcontext.mc_gs = regs->tf_gs; 487 bzero(sf.sf_uc.uc_mcontext.mc_fpregs, 488 sizeof(sf.sf_uc.uc_mcontext.mc_fpregs)); 489 bzero(sf.sf_uc.uc_mcontext.__spare__, 490 sizeof(sf.sf_uc.uc_mcontext.__spare__)); 491 bzero(sf.sf_uc.__spare__, sizeof(sf.sf_uc.__spare__)); 492 493 /* Allocate space for the signal handler context. */ 494 if ((td->td_pflags & TDP_ALTSTACK) != 0 && !oonstack && 495 SIGISMEMBER(psp->ps_sigonstack, sig)) { 496 sfp = (struct ia32_sigframe4 *)((uintptr_t)td->td_sigstk.ss_sp + 497 td->td_sigstk.ss_size - sizeof(sf)); 498 } else 499 sfp = (struct ia32_sigframe4 *)regs->tf_rsp - 1; 500 PROC_UNLOCK(p); 501 502 /* Build the argument list for the signal handler. */ 503 sf.sf_signum = sig; 504 sf.sf_ucontext = (register_t)&sfp->sf_uc; 505 bzero(&sf.sf_si, sizeof(sf.sf_si)); 506 if (SIGISMEMBER(psp->ps_siginfo, sig)) { 507 /* Signal handler installed with SA_SIGINFO. */ 508 sf.sf_siginfo = (u_int32_t)(uintptr_t)&sfp->sf_si; 509 sf.sf_ah = (u_int32_t)(uintptr_t)catcher; 510 511 /* Fill in POSIX parts */ 512 sf.sf_si = siginfo; 513 sf.sf_si.si_signo = sig; 514 } else { 515 /* Old FreeBSD-style arguments. */ 516 sf.sf_siginfo = siginfo.si_code; 517 sf.sf_addr = (u_int32_t)siginfo.si_addr; 518 sf.sf_ah = (u_int32_t)(uintptr_t)catcher; 519 } 520 mtx_unlock(&psp->ps_mtx); 521 522 /* 523 * Copy the sigframe out to the user's stack. 524 */ 525 if (copyout(&sf, sfp, sizeof(*sfp)) != 0) { 526#ifdef DEBUG 527 printf("process %ld has trashed its stack\n", (long)p->p_pid); 528#endif 529 PROC_LOCK(p); 530 sigexit(td, SIGILL); 531 } 532 533 regs->tf_rsp = (uintptr_t)sfp; 534 regs->tf_rip = p->p_sysent->sv_sigcode_base + sz_ia32_sigcode - 535 sz_freebsd4_ia32_sigcode; 536 regs->tf_rflags &= ~(PSL_T | PSL_D); 537 regs->tf_cs = _ucode32sel; 538 regs->tf_ss = _udatasel; 539 regs->tf_ds = _udatasel; 540 regs->tf_es = _udatasel; 541 set_pcb_flags(td->td_pcb, PCB_FULL_IRET); 542 /* leave user %fs and %gs untouched */ 543 PROC_LOCK(p); 544 mtx_lock(&psp->ps_mtx); 545} 546#endif /* COMPAT_FREEBSD4 */ 547 548void 549ia32_sendsig(sig_t catcher, ksiginfo_t *ksi, sigset_t *mask) 550{ 551 struct ia32_sigframe sf, *sfp; 552 struct siginfo32 siginfo; 553 struct proc *p; 554 struct thread *td; 555 struct sigacts *psp; 556 char *sp; 557 struct trapframe *regs; 558 char *xfpusave; 559 size_t xfpusave_len; 560 int oonstack; 561 int sig; 562 563 siginfo_to_siginfo32(&ksi->ksi_info, &siginfo); 564 td = curthread; 565 p = td->td_proc; 566 PROC_LOCK_ASSERT(p, MA_OWNED); 567 sig = siginfo.si_signo; 568 psp = p->p_sigacts; 569#ifdef COMPAT_FREEBSD4 570 if (SIGISMEMBER(psp->ps_freebsd4, sig)) { 571 freebsd4_ia32_sendsig(catcher, ksi, mask); 572 return; 573 } 574#endif 575#ifdef COMPAT_43 576 if (SIGISMEMBER(psp->ps_osigset, sig)) { 577 ia32_osendsig(catcher, ksi, mask); 578 return; 579 } 580#endif 581 mtx_assert(&psp->ps_mtx, MA_OWNED); 582 regs = td->td_frame; 583 oonstack = sigonstack(regs->tf_rsp); 584 585 if (cpu_max_ext_state_size > sizeof(struct savefpu) && use_xsave) { 586 xfpusave_len = cpu_max_ext_state_size - sizeof(struct savefpu); 587 xfpusave = __builtin_alloca(xfpusave_len); 588 } else { 589 xfpusave_len = 0; 590 xfpusave = NULL; 591 } 592 593 /* Save user context. */ 594 bzero(&sf, sizeof(sf)); 595 sf.sf_uc.uc_sigmask = *mask; 596 sf.sf_uc.uc_stack.ss_sp = (uintptr_t)td->td_sigstk.ss_sp; 597 sf.sf_uc.uc_stack.ss_size = td->td_sigstk.ss_size; 598 sf.sf_uc.uc_stack.ss_flags = (td->td_pflags & TDP_ALTSTACK) 599 ? ((oonstack) ? SS_ONSTACK : 0) : SS_DISABLE; 600 sf.sf_uc.uc_mcontext.mc_onstack = (oonstack) ? 1 : 0; 601 sf.sf_uc.uc_mcontext.mc_edi = regs->tf_rdi; 602 sf.sf_uc.uc_mcontext.mc_esi = regs->tf_rsi; 603 sf.sf_uc.uc_mcontext.mc_ebp = regs->tf_rbp; 604 sf.sf_uc.uc_mcontext.mc_isp = regs->tf_rsp; /* XXX */ 605 sf.sf_uc.uc_mcontext.mc_ebx = regs->tf_rbx; 606 sf.sf_uc.uc_mcontext.mc_edx = regs->tf_rdx; 607 sf.sf_uc.uc_mcontext.mc_ecx = regs->tf_rcx; 608 sf.sf_uc.uc_mcontext.mc_eax = regs->tf_rax; 609 sf.sf_uc.uc_mcontext.mc_trapno = regs->tf_trapno; 610 sf.sf_uc.uc_mcontext.mc_err = regs->tf_err; 611 sf.sf_uc.uc_mcontext.mc_eip = regs->tf_rip; 612 sf.sf_uc.uc_mcontext.mc_cs = regs->tf_cs; 613 sf.sf_uc.uc_mcontext.mc_eflags = regs->tf_rflags; 614 sf.sf_uc.uc_mcontext.mc_esp = regs->tf_rsp; 615 sf.sf_uc.uc_mcontext.mc_ss = regs->tf_ss; 616 sf.sf_uc.uc_mcontext.mc_ds = regs->tf_ds; 617 sf.sf_uc.uc_mcontext.mc_es = regs->tf_es; 618 sf.sf_uc.uc_mcontext.mc_fs = regs->tf_fs; 619 sf.sf_uc.uc_mcontext.mc_gs = regs->tf_gs; 620 sf.sf_uc.uc_mcontext.mc_len = sizeof(sf.sf_uc.uc_mcontext); /* magic */ 621 ia32_get_fpcontext(td, &sf.sf_uc.uc_mcontext, xfpusave, xfpusave_len); 622 fpstate_drop(td); 623 sf.sf_uc.uc_mcontext.mc_fsbase = td->td_pcb->pcb_fsbase; 624 sf.sf_uc.uc_mcontext.mc_gsbase = td->td_pcb->pcb_gsbase; 625 bzero(sf.sf_uc.__spare__, sizeof(sf.sf_uc.__spare__)); 626 627 /* Allocate space for the signal handler context. */ 628 if ((td->td_pflags & TDP_ALTSTACK) != 0 && !oonstack && 629 SIGISMEMBER(psp->ps_sigonstack, sig)) 630 sp = (char *)td->td_sigstk.ss_sp + td->td_sigstk.ss_size; 631 else 632 sp = (char *)regs->tf_rsp; 633 if (xfpusave != NULL) { 634 sp -= xfpusave_len; 635 sp = (char *)((unsigned long)sp & ~0x3Ful); 636 sf.sf_uc.uc_mcontext.mc_xfpustate = (register_t)sp; 637 } 638 sp -= sizeof(sf); 639 /* Align to 16 bytes. */ 640 sfp = (struct ia32_sigframe *)((uintptr_t)sp & ~0xF); 641 PROC_UNLOCK(p); 642 643 /* Build the argument list for the signal handler. */ 644 sf.sf_signum = sig; 645 sf.sf_ucontext = (register_t)&sfp->sf_uc; 646 bzero(&sf.sf_si, sizeof(sf.sf_si)); 647 if (SIGISMEMBER(psp->ps_siginfo, sig)) { 648 /* Signal handler installed with SA_SIGINFO. */ 649 sf.sf_siginfo = (u_int32_t)(uintptr_t)&sfp->sf_si; 650 sf.sf_ah = (u_int32_t)(uintptr_t)catcher; 651 652 /* Fill in POSIX parts */ 653 sf.sf_si = siginfo; 654 sf.sf_si.si_signo = sig; 655 } else { 656 /* Old FreeBSD-style arguments. */ 657 sf.sf_siginfo = siginfo.si_code; 658 sf.sf_addr = (u_int32_t)siginfo.si_addr; 659 sf.sf_ah = (u_int32_t)(uintptr_t)catcher; 660 } 661 mtx_unlock(&psp->ps_mtx); 662 663 /* 664 * Copy the sigframe out to the user's stack. 665 */ 666 if (copyout(&sf, sfp, sizeof(*sfp)) != 0 || 667 (xfpusave != NULL && copyout(xfpusave, 668 PTRIN(sf.sf_uc.uc_mcontext.mc_xfpustate), xfpusave_len) 669 != 0)) { 670#ifdef DEBUG 671 printf("process %ld has trashed its stack\n", (long)p->p_pid); 672#endif 673 PROC_LOCK(p); 674 sigexit(td, SIGILL); 675 } 676 677 regs->tf_rsp = (uintptr_t)sfp; 678 regs->tf_rip = p->p_sysent->sv_sigcode_base; 679 regs->tf_rflags &= ~(PSL_T | PSL_D); 680 regs->tf_cs = _ucode32sel; 681 regs->tf_ss = _udatasel; 682 regs->tf_ds = _udatasel; 683 regs->tf_es = _udatasel; 684 set_pcb_flags(td->td_pcb, PCB_FULL_IRET); 685 /* XXXKIB leave user %fs and %gs untouched */ 686 PROC_LOCK(p); 687 mtx_lock(&psp->ps_mtx); 688} 689 690/* 691 * System call to cleanup state after a signal 692 * has been taken. Reset signal mask and 693 * stack state from context left by sendsig (above). 694 * Return to previous pc and psl as specified by 695 * context left by sendsig. Check carefully to 696 * make sure that the user has not modified the 697 * state to gain improper privileges. 698 */ 699 700#ifdef COMPAT_43 701int 702ofreebsd32_sigreturn(struct thread *td, struct ofreebsd32_sigreturn_args *uap) 703{ 704 struct ia32_sigcontext3 sc, *scp; 705 struct trapframe *regs; 706 int eflags, error; 707 ksiginfo_t ksi; 708 709 regs = td->td_frame; 710 error = copyin(uap->sigcntxp, &sc, sizeof(sc)); 711 if (error != 0) 712 return (error); 713 scp = ≻ 714 eflags = scp->sc_eflags; 715 if (!EFL_SECURE(eflags, regs->tf_rflags)) { 716 return (EINVAL); 717 } 718 if (!CS_SECURE(scp->sc_cs)) { 719 ksiginfo_init_trap(&ksi); 720 ksi.ksi_signo = SIGBUS; 721 ksi.ksi_code = BUS_OBJERR; 722 ksi.ksi_trapno = T_PROTFLT; 723 ksi.ksi_addr = (void *)regs->tf_rip; 724 trapsignal(td, &ksi); 725 return (EINVAL); 726 } 727 regs->tf_ds = scp->sc_ds; 728 regs->tf_es = scp->sc_es; 729 regs->tf_fs = scp->sc_fs; 730 regs->tf_gs = scp->sc_gs; 731 732 regs->tf_rax = scp->sc_eax; 733 regs->tf_rbx = scp->sc_ebx; 734 regs->tf_rcx = scp->sc_ecx; 735 regs->tf_rdx = scp->sc_edx; 736 regs->tf_rsi = scp->sc_esi; 737 regs->tf_rdi = scp->sc_edi; 738 regs->tf_cs = scp->sc_cs; 739 regs->tf_ss = scp->sc_ss; 740 regs->tf_rbp = scp->sc_ebp; 741 regs->tf_rsp = scp->sc_esp; 742 regs->tf_rip = scp->sc_eip; 743 regs->tf_rflags = eflags; 744 745 if (scp->sc_onstack & 1) 746 td->td_sigstk.ss_flags |= SS_ONSTACK; 747 else 748 td->td_sigstk.ss_flags &= ~SS_ONSTACK; 749 750 kern_sigprocmask(td, SIG_SETMASK, (sigset_t *)&scp->sc_mask, NULL, 751 SIGPROCMASK_OLD); 752 set_pcb_flags(td->td_pcb, PCB_FULL_IRET); 753 return (EJUSTRETURN); 754} 755#endif 756 757#ifdef COMPAT_FREEBSD4 758/* 759 * MPSAFE 760 */ 761int 762freebsd4_freebsd32_sigreturn(td, uap) 763 struct thread *td; 764 struct freebsd4_freebsd32_sigreturn_args /* { 765 const struct freebsd4_freebsd32_ucontext *sigcntxp; 766 } */ *uap; 767{ 768 struct ia32_ucontext4 uc; 769 struct trapframe *regs; 770 struct ia32_ucontext4 *ucp; 771 int cs, eflags, error; 772 ksiginfo_t ksi; 773 774 error = copyin(uap->sigcntxp, &uc, sizeof(uc)); 775 if (error != 0) 776 return (error); 777 ucp = &uc; 778 regs = td->td_frame; 779 eflags = ucp->uc_mcontext.mc_eflags; 780 /* 781 * Don't allow users to change privileged or reserved flags. 782 */ 783 if (!EFL_SECURE(eflags, regs->tf_rflags)) { 784 uprintf("pid %d (%s): freebsd4_freebsd32_sigreturn eflags = 0x%x\n", 785 td->td_proc->p_pid, td->td_name, eflags); 786 return (EINVAL); 787 } 788 789 /* 790 * Don't allow users to load a valid privileged %cs. Let the 791 * hardware check for invalid selectors, excess privilege in 792 * other selectors, invalid %eip's and invalid %esp's. 793 */ 794 cs = ucp->uc_mcontext.mc_cs; 795 if (!CS_SECURE(cs)) { 796 uprintf("pid %d (%s): freebsd4_sigreturn cs = 0x%x\n", 797 td->td_proc->p_pid, td->td_name, cs); 798 ksiginfo_init_trap(&ksi); 799 ksi.ksi_signo = SIGBUS; 800 ksi.ksi_code = BUS_OBJERR; 801 ksi.ksi_trapno = T_PROTFLT; 802 ksi.ksi_addr = (void *)regs->tf_rip; 803 trapsignal(td, &ksi); 804 return (EINVAL); 805 } 806 807 regs->tf_rdi = ucp->uc_mcontext.mc_edi; 808 regs->tf_rsi = ucp->uc_mcontext.mc_esi; 809 regs->tf_rbp = ucp->uc_mcontext.mc_ebp; 810 regs->tf_rbx = ucp->uc_mcontext.mc_ebx; 811 regs->tf_rdx = ucp->uc_mcontext.mc_edx; 812 regs->tf_rcx = ucp->uc_mcontext.mc_ecx; 813 regs->tf_rax = ucp->uc_mcontext.mc_eax; 814 regs->tf_trapno = ucp->uc_mcontext.mc_trapno; 815 regs->tf_err = ucp->uc_mcontext.mc_err; 816 regs->tf_rip = ucp->uc_mcontext.mc_eip; 817 regs->tf_cs = cs; 818 regs->tf_rflags = ucp->uc_mcontext.mc_eflags; 819 regs->tf_rsp = ucp->uc_mcontext.mc_esp; 820 regs->tf_ss = ucp->uc_mcontext.mc_ss; 821 regs->tf_ds = ucp->uc_mcontext.mc_ds; 822 regs->tf_es = ucp->uc_mcontext.mc_es; 823 regs->tf_fs = ucp->uc_mcontext.mc_fs; 824 regs->tf_gs = ucp->uc_mcontext.mc_gs; 825 826 kern_sigprocmask(td, SIG_SETMASK, &ucp->uc_sigmask, NULL, 0); 827 set_pcb_flags(td->td_pcb, PCB_FULL_IRET); 828 return (EJUSTRETURN); 829} 830#endif /* COMPAT_FREEBSD4 */ 831 832/* 833 * MPSAFE 834 */ 835int 836freebsd32_sigreturn(td, uap) 837 struct thread *td; 838 struct freebsd32_sigreturn_args /* { 839 const struct freebsd32_ucontext *sigcntxp; 840 } */ *uap; 841{ 842 struct ia32_ucontext uc; 843 struct trapframe *regs; 844 struct ia32_ucontext *ucp; 845 char *xfpustate; 846 size_t xfpustate_len; 847 int cs, eflags, error, ret; 848 ksiginfo_t ksi; 849 850 error = copyin(uap->sigcntxp, &uc, sizeof(uc)); 851 if (error != 0) 852 return (error); 853 ucp = &uc; 854 regs = td->td_frame; 855 eflags = ucp->uc_mcontext.mc_eflags; 856 /* 857 * Don't allow users to change privileged or reserved flags. 858 */ 859 if (!EFL_SECURE(eflags, regs->tf_rflags)) { 860 uprintf("pid %d (%s): freebsd32_sigreturn eflags = 0x%x\n", 861 td->td_proc->p_pid, td->td_name, eflags); 862 return (EINVAL); 863 } 864 865 /* 866 * Don't allow users to load a valid privileged %cs. Let the 867 * hardware check for invalid selectors, excess privilege in 868 * other selectors, invalid %eip's and invalid %esp's. 869 */ 870 cs = ucp->uc_mcontext.mc_cs; 871 if (!CS_SECURE(cs)) { 872 uprintf("pid %d (%s): sigreturn cs = 0x%x\n", 873 td->td_proc->p_pid, td->td_name, cs); 874 ksiginfo_init_trap(&ksi); 875 ksi.ksi_signo = SIGBUS; 876 ksi.ksi_code = BUS_OBJERR; 877 ksi.ksi_trapno = T_PROTFLT; 878 ksi.ksi_addr = (void *)regs->tf_rip; 879 trapsignal(td, &ksi); 880 return (EINVAL); 881 } 882 883 if ((ucp->uc_mcontext.mc_flags & _MC_HASFPXSTATE) != 0) { 884 xfpustate_len = uc.uc_mcontext.mc_xfpustate_len; 885 if (xfpustate_len > cpu_max_ext_state_size - 886 sizeof(struct savefpu)) { 887 uprintf("pid %d (%s): sigreturn xfpusave_len = 0x%zx\n", 888 td->td_proc->p_pid, td->td_name, xfpustate_len); 889 return (EINVAL); 890 } 891 xfpustate = __builtin_alloca(xfpustate_len); 892 error = copyin(PTRIN(ucp->uc_mcontext.mc_xfpustate), 893 xfpustate, xfpustate_len); 894 if (error != 0) { 895 uprintf( 896 "pid %d (%s): sigreturn copying xfpustate failed\n", 897 td->td_proc->p_pid, td->td_name); 898 return (error); 899 } 900 } else { 901 xfpustate = NULL; 902 xfpustate_len = 0; 903 } 904 ret = ia32_set_fpcontext(td, &ucp->uc_mcontext, xfpustate, 905 xfpustate_len); 906 if (ret != 0) { 907 uprintf("pid %d (%s): sigreturn set_fpcontext err %d\n", 908 td->td_proc->p_pid, td->td_name, ret); 909 return (ret); 910 } 911 912 regs->tf_rdi = ucp->uc_mcontext.mc_edi; 913 regs->tf_rsi = ucp->uc_mcontext.mc_esi; 914 regs->tf_rbp = ucp->uc_mcontext.mc_ebp; 915 regs->tf_rbx = ucp->uc_mcontext.mc_ebx; 916 regs->tf_rdx = ucp->uc_mcontext.mc_edx; 917 regs->tf_rcx = ucp->uc_mcontext.mc_ecx; 918 regs->tf_rax = ucp->uc_mcontext.mc_eax; 919 regs->tf_trapno = ucp->uc_mcontext.mc_trapno; 920 regs->tf_err = ucp->uc_mcontext.mc_err; 921 regs->tf_rip = ucp->uc_mcontext.mc_eip; 922 regs->tf_cs = cs; 923 regs->tf_rflags = ucp->uc_mcontext.mc_eflags; 924 regs->tf_rsp = ucp->uc_mcontext.mc_esp; 925 regs->tf_ss = ucp->uc_mcontext.mc_ss; 926 regs->tf_ds = ucp->uc_mcontext.mc_ds; 927 regs->tf_es = ucp->uc_mcontext.mc_es; 928 regs->tf_fs = ucp->uc_mcontext.mc_fs; 929 regs->tf_gs = ucp->uc_mcontext.mc_gs; 930 regs->tf_flags = TF_HASSEGS; 931 932 kern_sigprocmask(td, SIG_SETMASK, &ucp->uc_sigmask, NULL, 0); 933 set_pcb_flags(td->td_pcb, PCB_FULL_IRET); 934 return (EJUSTRETURN); 935} 936 937/* 938 * Clear registers on exec 939 */ 940void 941ia32_setregs(struct thread *td, struct image_params *imgp, u_long stack) 942{ 943 struct trapframe *regs; 944 struct pcb *pcb; 945 register_t saved_rflags; 946 947 regs = td->td_frame; 948 pcb = td->td_pcb; 949 950 if (td->td_proc->p_md.md_ldt != NULL) 951 user_ldt_free(td); 952#ifdef COMPAT_43 953 setup_lcall_gate(); 954#endif 955 956 pcb->pcb_fsbase = 0; 957 pcb->pcb_gsbase = 0; 958 pcb->pcb_initial_fpucw = __INITIAL_FPUCW_I386__; 959 960 saved_rflags = regs->tf_rflags & PSL_T; 961 bzero((char *)regs, sizeof(struct trapframe)); 962 regs->tf_rip = imgp->entry_addr; 963 regs->tf_rsp = stack; 964 regs->tf_rflags = PSL_USER | saved_rflags; 965 regs->tf_ss = _udatasel; 966 regs->tf_cs = _ucode32sel; 967 regs->tf_rbx = imgp->ps_strings; 968 regs->tf_ds = _udatasel; 969 regs->tf_es = _udatasel; 970 regs->tf_fs = _ufssel; 971 regs->tf_gs = _ugssel; 972 regs->tf_flags = TF_HASSEGS; 973 974 x86_clear_dbregs(pcb); 975 976 fpstate_drop(td); 977 978 /* Return via doreti so that we can change to a different %cs */ 979 set_pcb_flags(pcb, PCB_32BIT | PCB_FULL_IRET); 980} 981