sys_machdep.c revision 296953 
190075Sobrien/*-
290075Sobrien * Copyright (c) 2003 Peter Wemm.
390075Sobrien * Copyright (c) 1990 The Regents of the University of California.
490075Sobrien * All rights reserved.
590075Sobrien *
690075Sobrien * Redistribution and use in source and binary forms, with or without
790075Sobrien * modification, are permitted provided that the following conditions
8132718Skan * are met:
990075Sobrien * 1. Redistributions of source code must retain the above copyright
10132718Skan *    notice, this list of conditions and the following disclaimer.
11132718Skan * 2. Redistributions in binary form must reproduce the above copyright
12132718Skan *    notice, this list of conditions and the following disclaimer in the
13132718Skan *    documentation and/or other materials provided with the distribution.
1490075Sobrien * 4. Neither the name of the University nor the names of its contributors
15132718Skan *    may be used to endorse or promote products derived from this software
16132718Skan *    without specific prior written permission.
17132718Skan *
18132718Skan * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
1990075Sobrien * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20132718Skan * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21132718Skan * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22132718Skan * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23132718Skan * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
2490075Sobrien * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
2590075Sobrien * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
2690075Sobrien * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
2790075Sobrien * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
2890075Sobrien * SUCH DAMAGE.
2990075Sobrien *
3090075Sobrien *	from: @(#)sys_machdep.c	5.5 (Berkeley) 1/19/91
3190075Sobrien */
3290075Sobrien
3390075Sobrien#include <sys/cdefs.h>
3490075Sobrien__FBSDID("$FreeBSD: releng/9.3/sys/amd64/amd64/sys_machdep.c 296953 2016-03-16 22:30:03Z glebius $");
3590075Sobrien
3690075Sobrien#include "opt_capsicum.h"
3790075Sobrien
3890075Sobrien#include <sys/param.h>
39117395Skan#include <sys/systm.h>
40117395Skan#include <sys/capability.h>
4190075Sobrien#include <sys/kernel.h>
4290075Sobrien#include <sys/lock.h>
4390075Sobrien#include <sys/malloc.h>
4490075Sobrien#include <sys/mutex.h>
4590075Sobrien#include <sys/priv.h>
4690075Sobrien#include <sys/proc.h>
47117395Skan#include <sys/sysproto.h>
48117395Skan#include <sys/uio.h>
49132718Skan
50117395Skan#include <vm/vm.h>
51117395Skan#include <vm/pmap.h>
5290075Sobrien#include <vm/vm_kern.h>		/* for kernel_map */
5390075Sobrien#include <vm/vm_extern.h>
5490075Sobrien
55117395Skan#include <machine/frame.h>
56117395Skan#include <machine/md_var.h>
57117395Skan#include <machine/pcb.h>
5890075Sobrien#include <machine/specialreg.h>
59117395Skan#include <machine/sysarch.h>
6090075Sobrien#include <machine/tss.h>
6190075Sobrien#include <machine/vmparam.h>
6290075Sobrien
6390075Sobrien#include <security/audit/audit.h>
6490075Sobrien
6590075Sobrien#define	MAX_LD		8192
6690075Sobrien
67117395Skanint max_ldt_segment = 1024;
6890075SobrienSYSCTL_INT(_machdep, OID_AUTO, max_ldt_segment, CTLFLAG_RDTUN,
6990075Sobrien    &max_ldt_segment, 0,
7090075Sobrien    "Maximum number of allowed LDT segments in the single address space");
71117395Skan
72117395Skanstatic void
73117395Skanmax_ldt_segment_init(void *arg __unused)
74117395Skan{
75117395Skan
76117395Skan	TUNABLE_INT_FETCH("machdep.max_ldt_segment", &max_ldt_segment);
77117395Skan	if (max_ldt_segment <= 0)
78117395Skan		max_ldt_segment = 1;
7990075Sobrien	if (max_ldt_segment > MAX_LD)
8090075Sobrien		max_ldt_segment = MAX_LD;
8190075Sobrien}
8290075SobrienSYSINIT(maxldt, SI_SUB_VM_CONF, SI_ORDER_ANY, max_ldt_segment_init, NULL);
8390075Sobrien
8490075Sobrien#ifdef notyet
8590075Sobrien#ifdef SMP
8690075Sobrienstatic void set_user_ldt_rv(struct vmspace *vmsp);
8790075Sobrien#endif
88117395Skan#endif
8990075Sobrienstatic void user_ldt_derefl(struct proc_ldt *pldt);
9090075Sobrien
9190075Sobrien#ifndef _SYS_SYSPROTO_H_
9290075Sobrienstruct sysarch_args {
9390075Sobrien	int op;
9490075Sobrien	char *parms;
9596263Sobrien};
9696263Sobrien#endif
9796263Sobrien
9890075Sobrienint
9990075Sobriensysarch_ldt(struct thread *td, struct sysarch_args *uap, int uap_space)
100117395Skan{
10190075Sobrien	struct i386_ldt_args *largs, la;
10290075Sobrien	struct user_segment_descriptor *lp;
10390075Sobrien	int error = 0;
10490075Sobrien
10590075Sobrien	/*
10690075Sobrien	 * XXXKIB check that the BSM generation code knows to encode
10790075Sobrien	 * the op argument.
10890075Sobrien	 */
109132718Skan	AUDIT_ARG_CMD(uap->op);
11090075Sobrien	if (uap_space == UIO_USERSPACE) {
11190075Sobrien		error = copyin(uap->parms, &la, sizeof(struct i386_ldt_args));
11290075Sobrien		if (error != 0)
11390075Sobrien			return (error);
11490075Sobrien		largs = &la;
11590075Sobrien	} else
11690075Sobrien		largs = (struct i386_ldt_args *)uap->parms;
117132718Skan
118132718Skan	switch (uap->op) {
11990075Sobrien	case I386_GET_LDT:
12090075Sobrien		error = amd64_get_ldt(td, largs);
12190075Sobrien		break;
12290075Sobrien	case I386_SET_LDT:
12390075Sobrien		if (largs->descs != NULL && largs->num > max_ldt_segment)
12490075Sobrien			return (EINVAL);
12590075Sobrien		set_pcb_flags(td->td_pcb, PCB_FULL_IRET);
12690075Sobrien		if (largs->descs != NULL) {
12790075Sobrien			lp = malloc(largs->num * sizeof(struct
12890075Sobrien			    user_segment_descriptor), M_TEMP, M_WAITOK);
12990075Sobrien			error = copyin(largs->descs, lp, largs->num *
13090075Sobrien			    sizeof(struct user_segment_descriptor));
13190075Sobrien			if (error == 0)
13290075Sobrien				error = amd64_set_ldt(td, largs, lp);
13390075Sobrien			free(lp, M_TEMP);
13490075Sobrien		} else {
13590075Sobrien			error = amd64_set_ldt(td, largs, NULL);
13690075Sobrien		}
13790075Sobrien		break;
13890075Sobrien	}
13990075Sobrien	return (error);
14090075Sobrien}
14190075Sobrien
14290075Sobrienvoid
14390075Sobrienupdate_gdt_gsbase(struct thread *td, uint32_t base)
14490075Sobrien{
14590075Sobrien	struct user_segment_descriptor *sd;
14690075Sobrien
14790075Sobrien	if (td != curthread)
148		return;
149	set_pcb_flags(td->td_pcb, PCB_FULL_IRET);
150	critical_enter();
151	sd = PCPU_GET(gs32p);
152	sd->sd_lobase = base & 0xffffff;
153	sd->sd_hibase = (base >> 24) & 0xff;
154	critical_exit();
155}
156
157void
158update_gdt_fsbase(struct thread *td, uint32_t base)
159{
160	struct user_segment_descriptor *sd;
161
162	if (td != curthread)
163		return;
164	set_pcb_flags(td->td_pcb, PCB_FULL_IRET);
165	critical_enter();
166	sd = PCPU_GET(fs32p);
167	sd->sd_lobase = base & 0xffffff;
168	sd->sd_hibase = (base >> 24) & 0xff;
169	critical_exit();
170}
171
172int
173sysarch(td, uap)
174	struct thread *td;
175	register struct sysarch_args *uap;
176{
177	int error = 0;
178	struct pcb *pcb = curthread->td_pcb;
179	uint32_t i386base;
180	uint64_t a64base;
181	struct i386_ioperm_args iargs;
182	struct i386_get_xfpustate i386xfpu;
183	struct amd64_get_xfpustate a64xfpu;
184
185#ifdef CAPABILITY_MODE
186	/*
187	 * When adding new operations, add a new case statement here to
188	 * explicitly indicate whether or not the operation is safe to
189	 * perform in capability mode.
190	 */
191	if (IN_CAPABILITY_MODE(td)) {
192		switch (uap->op) {
193		case I386_GET_LDT:
194		case I386_SET_LDT:
195		case I386_GET_IOPERM:
196		case I386_GET_FSBASE:
197		case I386_SET_FSBASE:
198		case I386_GET_GSBASE:
199		case I386_SET_GSBASE:
200		case I386_GET_XFPUSTATE:
201		case AMD64_GET_FSBASE:
202		case AMD64_SET_FSBASE:
203		case AMD64_GET_GSBASE:
204		case AMD64_SET_GSBASE:
205		case AMD64_GET_XFPUSTATE:
206			break;
207
208		case I386_SET_IOPERM:
209		default:
210			return (ECAPMODE);
211		}
212	}
213#endif
214
215	if (uap->op == I386_GET_LDT || uap->op == I386_SET_LDT)
216		return (sysarch_ldt(td, uap, UIO_USERSPACE));
217	/*
218	 * XXXKIB check that the BSM generation code knows to encode
219	 * the op argument.
220	 */
221	AUDIT_ARG_CMD(uap->op);
222	switch (uap->op) {
223	case I386_GET_IOPERM:
224	case I386_SET_IOPERM:
225		if ((error = copyin(uap->parms, &iargs,
226		    sizeof(struct i386_ioperm_args))) != 0)
227			return (error);
228		break;
229	case I386_GET_XFPUSTATE:
230		if ((error = copyin(uap->parms, &i386xfpu,
231		    sizeof(struct i386_get_xfpustate))) != 0)
232			return (error);
233		a64xfpu.addr = (void *)(uintptr_t)i386xfpu.addr;
234		a64xfpu.len = i386xfpu.len;
235		break;
236	case AMD64_GET_XFPUSTATE:
237		if ((error = copyin(uap->parms, &a64xfpu,
238		    sizeof(struct amd64_get_xfpustate))) != 0)
239			return (error);
240		break;
241	default:
242		break;
243	}
244
245	switch (uap->op) {
246	case I386_GET_IOPERM:
247		error = amd64_get_ioperm(td, &iargs);
248		if (error == 0)
249			error = copyout(&iargs, uap->parms,
250			    sizeof(struct i386_ioperm_args));
251		break;
252	case I386_SET_IOPERM:
253		error = amd64_set_ioperm(td, &iargs);
254		break;
255	case I386_GET_FSBASE:
256		i386base = pcb->pcb_fsbase;
257		error = copyout(&i386base, uap->parms, sizeof(i386base));
258		break;
259	case I386_SET_FSBASE:
260		error = copyin(uap->parms, &i386base, sizeof(i386base));
261		if (!error) {
262			pcb->pcb_fsbase = i386base;
263			td->td_frame->tf_fs = _ufssel;
264			update_gdt_fsbase(td, i386base);
265		}
266		break;
267	case I386_GET_GSBASE:
268		i386base = pcb->pcb_gsbase;
269		error = copyout(&i386base, uap->parms, sizeof(i386base));
270		break;
271	case I386_SET_GSBASE:
272		error = copyin(uap->parms, &i386base, sizeof(i386base));
273		if (!error) {
274			pcb->pcb_gsbase = i386base;
275			td->td_frame->tf_gs = _ugssel;
276			update_gdt_gsbase(td, i386base);
277		}
278		break;
279	case AMD64_GET_FSBASE:
280		error = copyout(&pcb->pcb_fsbase, uap->parms, sizeof(pcb->pcb_fsbase));
281		break;
282
283	case AMD64_SET_FSBASE:
284		error = copyin(uap->parms, &a64base, sizeof(a64base));
285		if (!error) {
286			if (a64base < VM_MAXUSER_ADDRESS) {
287				pcb->pcb_fsbase = a64base;
288				set_pcb_flags(pcb, PCB_FULL_IRET);
289				td->td_frame->tf_fs = _ufssel;
290			} else
291				error = EINVAL;
292		}
293		break;
294
295	case AMD64_GET_GSBASE:
296		error = copyout(&pcb->pcb_gsbase, uap->parms, sizeof(pcb->pcb_gsbase));
297		break;
298
299	case AMD64_SET_GSBASE:
300		error = copyin(uap->parms, &a64base, sizeof(a64base));
301		if (!error) {
302			if (a64base < VM_MAXUSER_ADDRESS) {
303				pcb->pcb_gsbase = a64base;
304				set_pcb_flags(pcb, PCB_FULL_IRET);
305				td->td_frame->tf_gs = _ugssel;
306			} else
307				error = EINVAL;
308		}
309		break;
310
311	case I386_GET_XFPUSTATE:
312	case AMD64_GET_XFPUSTATE:
313		if (a64xfpu.len > cpu_max_ext_state_size -
314		    sizeof(struct savefpu))
315			return (EINVAL);
316		fpugetregs(td);
317		error = copyout((char *)(get_pcb_user_save_td(td) + 1),
318		    a64xfpu.addr, a64xfpu.len);
319		return (error);
320
321	default:
322		error = EINVAL;
323		break;
324	}
325	return (error);
326}
327
328int
329amd64_set_ioperm(td, uap)
330	struct thread *td;
331	struct i386_ioperm_args *uap;
332{
333	int i, error;
334	char *iomap;
335	struct amd64tss *tssp;
336	struct system_segment_descriptor *tss_sd;
337	u_long *addr;
338	struct pcb *pcb;
339
340	if ((error = priv_check(td, PRIV_IO)) != 0)
341		return (error);
342	if ((error = securelevel_gt(td->td_ucred, 0)) != 0)
343		return (error);
344	if (uap->start + uap->length > IOPAGES * PAGE_SIZE * NBBY)
345		return (EINVAL);
346
347	/*
348	 * XXX
349	 * While this is restricted to root, we should probably figure out
350	 * whether any other driver is using this i/o address, as so not to
351	 * cause confusion.  This probably requires a global 'usage registry'.
352	 */
353	pcb = td->td_pcb;
354	if (pcb->pcb_tssp == NULL) {
355		tssp = (struct amd64tss *)kmem_alloc(kernel_map,
356		    ctob(IOPAGES+1));
357		if (tssp == NULL)
358			return (ENOMEM);
359		iomap = (char *)&tssp[1];
360		addr = (u_long *)iomap;
361		for (i = 0; i < (ctob(IOPAGES) + 1) / sizeof(u_long); i++)
362			*addr++ = ~0;
363		critical_enter();
364		/* Takes care of tss_rsp0. */
365		memcpy(tssp, &common_tss[PCPU_GET(cpuid)],
366		    sizeof(struct amd64tss));
367		tssp->tss_iobase = sizeof(*tssp);
368		pcb->pcb_tssp = tssp;
369		tss_sd = PCPU_GET(tss);
370		tss_sd->sd_lobase = (u_long)tssp & 0xffffff;
371		tss_sd->sd_hibase = ((u_long)tssp >> 24) & 0xfffffffffful;
372		tss_sd->sd_type = SDT_SYSTSS;
373		ltr(GSEL(GPROC0_SEL, SEL_KPL));
374		PCPU_SET(tssp, tssp);
375		critical_exit();
376	} else
377		iomap = (char *)&pcb->pcb_tssp[1];
378	for (i = uap->start; i < uap->start + uap->length; i++) {
379		if (uap->enable)
380			iomap[i >> 3] &= ~(1 << (i & 7));
381		else
382			iomap[i >> 3] |= (1 << (i & 7));
383	}
384	return (error);
385}
386
387int
388amd64_get_ioperm(td, uap)
389	struct thread *td;
390	struct i386_ioperm_args *uap;
391{
392	int i, state;
393	char *iomap;
394
395	if (uap->start >= IOPAGES * PAGE_SIZE * NBBY)
396		return (EINVAL);
397	if (td->td_pcb->pcb_tssp == NULL) {
398		uap->length = 0;
399		goto done;
400	}
401
402	iomap = (char *)&td->td_pcb->pcb_tssp[1];
403
404	i = uap->start;
405	state = (iomap[i >> 3] >> (i & 7)) & 1;
406	uap->enable = !state;
407	uap->length = 1;
408
409	for (i = uap->start + 1; i < IOPAGES * PAGE_SIZE * NBBY; i++) {
410		if (state != ((iomap[i >> 3] >> (i & 7)) & 1))
411			break;
412		uap->length++;
413	}
414
415done:
416	return (0);
417}
418
419/*
420 * Update the GDT entry pointing to the LDT to point to the LDT of the
421 * current process.
422 */
423void
424set_user_ldt(struct mdproc *mdp)
425{
426
427	critical_enter();
428	*PCPU_GET(ldt) = mdp->md_ldt_sd;
429	lldt(GSEL(GUSERLDT_SEL, SEL_KPL));
430	critical_exit();
431}
432
433#ifdef notyet
434#ifdef SMP
435static void
436set_user_ldt_rv(struct vmspace *vmsp)
437{
438	struct thread *td;
439
440	td = curthread;
441	if (vmsp != td->td_proc->p_vmspace)
442		return;
443
444	set_user_ldt(&td->td_proc->p_md);
445}
446#endif
447#endif
448
449struct proc_ldt *
450user_ldt_alloc(struct proc *p, int force)
451{
452	struct proc_ldt *pldt, *new_ldt;
453	struct mdproc *mdp;
454	struct soft_segment_descriptor sldt;
455
456	mtx_assert(&dt_lock, MA_OWNED);
457	mdp = &p->p_md;
458	if (!force && mdp->md_ldt != NULL)
459		return (mdp->md_ldt);
460	mtx_unlock(&dt_lock);
461	new_ldt = malloc(sizeof(struct proc_ldt), M_SUBPROC, M_WAITOK);
462	new_ldt->ldt_base = (caddr_t)kmem_alloc(kernel_map,
463	     max_ldt_segment * sizeof(struct user_segment_descriptor));
464	if (new_ldt->ldt_base == NULL) {
465		FREE(new_ldt, M_SUBPROC);
466		mtx_lock(&dt_lock);
467		return (NULL);
468	}
469	new_ldt->ldt_refcnt = 1;
470	sldt.ssd_base = (uint64_t)new_ldt->ldt_base;
471	sldt.ssd_limit = max_ldt_segment *
472	    sizeof(struct user_segment_descriptor) - 1;
473	sldt.ssd_type = SDT_SYSLDT;
474	sldt.ssd_dpl = SEL_KPL;
475	sldt.ssd_p = 1;
476	sldt.ssd_long = 0;
477	sldt.ssd_def32 = 0;
478	sldt.ssd_gran = 0;
479	mtx_lock(&dt_lock);
480	pldt = mdp->md_ldt;
481	if (pldt != NULL && !force) {
482		kmem_free(kernel_map, (vm_offset_t)new_ldt->ldt_base,
483		    max_ldt_segment * sizeof(struct user_segment_descriptor));
484		free(new_ldt, M_SUBPROC);
485		return (pldt);
486	}
487
488	if (pldt != NULL) {
489		bcopy(pldt->ldt_base, new_ldt->ldt_base, max_ldt_segment *
490		    sizeof(struct user_segment_descriptor));
491		user_ldt_derefl(pldt);
492	}
493	ssdtosyssd(&sldt, &p->p_md.md_ldt_sd);
494	atomic_store_rel_ptr((volatile uintptr_t *)&mdp->md_ldt,
495	    (uintptr_t)new_ldt);
496	if (p == curproc)
497		set_user_ldt(mdp);
498
499	return (mdp->md_ldt);
500}
501
502void
503user_ldt_free(struct thread *td)
504{
505	struct proc *p = td->td_proc;
506	struct mdproc *mdp = &p->p_md;
507	struct proc_ldt *pldt;
508
509	mtx_assert(&dt_lock, MA_OWNED);
510	if ((pldt = mdp->md_ldt) == NULL) {
511		mtx_unlock(&dt_lock);
512		return;
513	}
514
515	mdp->md_ldt = NULL;
516	bzero(&mdp->md_ldt_sd, sizeof(mdp->md_ldt_sd));
517	if (td == curthread)
518		lldt(GSEL(GNULL_SEL, SEL_KPL));
519	user_ldt_deref(pldt);
520}
521
522static void
523user_ldt_derefl(struct proc_ldt *pldt)
524{
525
526	if (--pldt->ldt_refcnt == 0) {
527		kmem_free(kernel_map, (vm_offset_t)pldt->ldt_base,
528		    max_ldt_segment * sizeof(struct user_segment_descriptor));
529		free(pldt, M_SUBPROC);
530	}
531}
532
533void
534user_ldt_deref(struct proc_ldt *pldt)
535{
536
537	mtx_assert(&dt_lock, MA_OWNED);
538	user_ldt_derefl(pldt);
539	mtx_unlock(&dt_lock);
540}
541
542/*
543 * Note for the authors of compat layers (linux, etc): copyout() in
544 * the function below is not a problem since it presents data in
545 * arch-specific format (i.e. i386-specific in this case), not in
546 * the OS-specific one.
547 */
548int
549amd64_get_ldt(td, uap)
550	struct thread *td;
551	struct i386_ldt_args *uap;
552{
553	int error = 0;
554	struct proc_ldt *pldt;
555	int num;
556	struct user_segment_descriptor *lp;
557
558#ifdef	DEBUG
559	printf("amd64_get_ldt: start=%d num=%d descs=%p\n",
560	    uap->start, uap->num, (void *)uap->descs);
561#endif
562
563	if ((pldt = td->td_proc->p_md.md_ldt) != NULL) {
564		lp = &((struct user_segment_descriptor *)(pldt->ldt_base))
565		    [uap->start];
566		num = min(uap->num, max_ldt_segment);
567	} else
568		return (EINVAL);
569
570	if ((uap->start > (unsigned int)max_ldt_segment) ||
571	    ((unsigned int)num > (unsigned int)max_ldt_segment) ||
572	    ((unsigned int)(uap->start + num) > (unsigned int)max_ldt_segment))
573		return(EINVAL);
574
575	error = copyout(lp, uap->descs, num *
576	    sizeof(struct user_segment_descriptor));
577	if (!error)
578		td->td_retval[0] = num;
579
580	return(error);
581}
582
583int
584amd64_set_ldt(td, uap, descs)
585	struct thread *td;
586	struct i386_ldt_args *uap;
587	struct user_segment_descriptor *descs;
588{
589	int error = 0;
590	unsigned int largest_ld, i;
591	struct mdproc *mdp = &td->td_proc->p_md;
592	struct proc_ldt *pldt;
593	struct user_segment_descriptor *dp;
594	struct proc *p;
595
596#ifdef	DEBUG
597	printf("amd64_set_ldt: start=%d num=%d descs=%p\n",
598	    uap->start, uap->num, (void *)uap->descs);
599#endif
600
601	set_pcb_flags(td->td_pcb, PCB_FULL_IRET);
602	p = td->td_proc;
603	if (descs == NULL) {
604		/* Free descriptors */
605		if (uap->start == 0 && uap->num == 0)
606			uap->num = max_ldt_segment;
607		if (uap->num == 0)
608			return (EINVAL);
609		if ((pldt = mdp->md_ldt) == NULL ||
610		    uap->start >= max_ldt_segment)
611			return (0);
612		largest_ld = uap->start + uap->num;
613		if (largest_ld > max_ldt_segment)
614			largest_ld = max_ldt_segment;
615		i = largest_ld - uap->start;
616		mtx_lock(&dt_lock);
617		bzero(&((struct user_segment_descriptor *)(pldt->ldt_base))
618		    [uap->start], sizeof(struct user_segment_descriptor) * i);
619		mtx_unlock(&dt_lock);
620		return (0);
621	}
622
623	if (!(uap->start == LDT_AUTO_ALLOC && uap->num == 1)) {
624		/* verify range of descriptors to modify */
625		largest_ld = uap->start + uap->num;
626		if (uap->start >= max_ldt_segment ||
627		    largest_ld > max_ldt_segment)
628			return (EINVAL);
629	}
630
631	/* Check descriptors for access violations */
632	for (i = 0; i < uap->num; i++) {
633		dp = &descs[i];
634
635		switch (dp->sd_type) {
636		case SDT_SYSNULL:	/* system null */
637			dp->sd_p = 0;
638			break;
639		case SDT_SYS286TSS:
640		case SDT_SYSLDT:
641		case SDT_SYS286BSY:
642		case SDT_SYS286CGT:
643		case SDT_SYSTASKGT:
644		case SDT_SYS286IGT:
645		case SDT_SYS286TGT:
646		case SDT_SYSNULL2:
647		case SDT_SYSTSS:
648		case SDT_SYSNULL3:
649		case SDT_SYSBSY:
650		case SDT_SYSCGT:
651		case SDT_SYSNULL4:
652		case SDT_SYSIGT:
653		case SDT_SYSTGT:
654			/* I can't think of any reason to allow a user proc
655			 * to create a segment of these types.  They are
656			 * for OS use only.
657			 */
658			return (EACCES);
659			/*NOTREACHED*/
660
661		/* memory segment types */
662		case SDT_MEMEC:   /* memory execute only conforming */
663		case SDT_MEMEAC:  /* memory execute only accessed conforming */
664		case SDT_MEMERC:  /* memory execute read conforming */
665		case SDT_MEMERAC: /* memory execute read accessed conforming */
666			 /* Must be "present" if executable and conforming. */
667			if (dp->sd_p == 0)
668				return (EACCES);
669			break;
670		case SDT_MEMRO:   /* memory read only */
671		case SDT_MEMROA:  /* memory read only accessed */
672		case SDT_MEMRW:   /* memory read write */
673		case SDT_MEMRWA:  /* memory read write accessed */
674		case SDT_MEMROD:  /* memory read only expand dwn limit */
675		case SDT_MEMRODA: /* memory read only expand dwn lim accessed */
676		case SDT_MEMRWD:  /* memory read write expand dwn limit */
677		case SDT_MEMRWDA: /* memory read write expand dwn lim acessed */
678		case SDT_MEME:    /* memory execute only */
679		case SDT_MEMEA:   /* memory execute only accessed */
680		case SDT_MEMER:   /* memory execute read */
681		case SDT_MEMERA:  /* memory execute read accessed */
682			break;
683		default:
684			return(EINVAL);
685			/*NOTREACHED*/
686		}
687
688		/* Only user (ring-3) descriptors may be present. */
689		if ((dp->sd_p != 0) && (dp->sd_dpl != SEL_UPL))
690			return (EACCES);
691	}
692
693	if (uap->start == LDT_AUTO_ALLOC && uap->num == 1) {
694		/* Allocate a free slot */
695		mtx_lock(&dt_lock);
696		pldt = user_ldt_alloc(p, 0);
697		if (pldt == NULL) {
698			mtx_unlock(&dt_lock);
699			return (ENOMEM);
700		}
701
702		/*
703		 * start scanning a bit up to leave room for NVidia and
704		 * Wine, which still user the "Blat" method of allocation.
705		 */
706		i = 16;
707		dp = &((struct user_segment_descriptor *)(pldt->ldt_base))[i];
708		for (; i < max_ldt_segment; ++i, ++dp) {
709			if (dp->sd_type == SDT_SYSNULL)
710				break;
711		}
712		if (i >= max_ldt_segment) {
713			mtx_unlock(&dt_lock);
714			return (ENOSPC);
715		}
716		uap->start = i;
717		error = amd64_set_ldt_data(td, i, 1, descs);
718		mtx_unlock(&dt_lock);
719	} else {
720		largest_ld = uap->start + uap->num;
721		if (largest_ld > max_ldt_segment)
722			return (EINVAL);
723		mtx_lock(&dt_lock);
724		if (user_ldt_alloc(p, 0) != NULL) {
725			error = amd64_set_ldt_data(td, uap->start, uap->num,
726			    descs);
727		}
728		mtx_unlock(&dt_lock);
729	}
730	if (error == 0)
731		td->td_retval[0] = uap->start;
732	return (error);
733}
734
735int
736amd64_set_ldt_data(struct thread *td, int start, int num,
737    struct user_segment_descriptor *descs)
738{
739	struct mdproc *mdp = &td->td_proc->p_md;
740	struct proc_ldt *pldt = mdp->md_ldt;
741
742	mtx_assert(&dt_lock, MA_OWNED);
743
744	/* Fill in range */
745	bcopy(descs,
746	    &((struct user_segment_descriptor *)(pldt->ldt_base))[start],
747	    num * sizeof(struct user_segment_descriptor));
748	return (0);
749}
750