Merge tag 'vfio-v6.4-rc1' of https://github.com/awilliam/linux-vfio
[linux-block.git] / arch / x86 / kernel / tls.c
CommitLineData
b2441318 1// SPDX-License-Identifier: GPL-2.0
1da177e4
LT
2#include <linux/kernel.h>
3#include <linux/errno.h>
4#include <linux/sched.h>
5#include <linux/user.h>
4c79a2d8 6#include <linux/regset.h>
2cf09666 7#include <linux/syscalls.h>
993773d1 8#include <linux/nospec.h>
1da177e4 9
7c0f6ba6 10#include <linux/uaccess.h>
1da177e4 11#include <asm/desc.h>
1da177e4
LT
12#include <asm/ldt.h>
13#include <asm/processor.h>
14#include <asm/proto.h>
ae53fa18 15#include <asm/gsseg.h>
1da177e4 16
4c79a2d8
RM
17#include "tls.h"
18
1da177e4
LT
19/*
20 * sys_alloc_thread_area: get a yet unused TLS descriptor index.
21 */
22static int get_free_idx(void)
23{
24 struct thread_struct *t = &current->thread;
25 int idx;
26
27 for (idx = 0; idx < GDT_ENTRY_TLS_ENTRIES; idx++)
efd1ca52 28 if (desc_empty(&t->tls_array[idx]))
1da177e4
LT
29 return idx + GDT_ENTRY_TLS_MIN;
30 return -ESRCH;
31}
32
41bdc785
AL
33static bool tls_desc_okay(const struct user_desc *info)
34{
3669ef9f
AL
35 /*
36 * For historical reasons (i.e. no one ever documented how any
37 * of the segmentation APIs work), user programs can and do
38 * assume that a struct user_desc that's all zeros except for
39 * entry_number means "no segment at all". This never actually
40 * worked. In fact, up to Linux 3.19, a struct user_desc like
41 * this would create a 16-bit read-write segment with base and
42 * limit both equal to zero.
43 *
44 * That was close enough to "no segment at all" until we
45 * hardened this function to disallow 16-bit TLS segments. Fix
46 * it up by interpreting these zeroed segments the way that they
47 * were almost certainly intended to be interpreted.
48 *
49 * The correct way to ask for "no segment at all" is to specify
50 * a user_desc that satisfies LDT_empty. To keep everything
51 * working, we accept both.
52 *
53 * Note that there's a similar kludge in modify_ldt -- look at
54 * the distinction between modes 1 and 0x11.
55 */
56 if (LDT_empty(info) || LDT_zero(info))
41bdc785
AL
57 return true;
58
59 /*
60 * espfix is required for 16-bit data segments, but espfix
61 * only works for LDT segments.
62 */
63 if (!info->seg_32bit)
64 return false;
65
0e58af4e
AL
66 /* Only allow data segments in the TLS array. */
67 if (info->contents > 1)
68 return false;
69
70 /*
71 * Non-present segments with DPL 3 present an interesting attack
72 * surface. The kernel should handle such segments correctly,
73 * but TLS is very difficult to protect in a sandbox, so prevent
74 * such segments from being created.
75 *
76 * If userspace needs to remove a TLS entry, it can still delete
77 * it outright.
78 */
79 if (info->seg_not_present)
80 return false;
81
41bdc785
AL
82 return true;
83}
84
1bd5718c 85static void set_tls_desc(struct task_struct *p, int idx,
4c79a2d8 86 const struct user_desc *info, int n)
1bd5718c
RM
87{
88 struct thread_struct *t = &p->thread;
89 struct desc_struct *desc = &t->tls_array[idx - GDT_ENTRY_TLS_MIN];
90 int cpu;
91
92 /*
93 * We must not get preempted while modifying the TLS.
94 */
95 cpu = get_cpu();
96
4c79a2d8 97 while (n-- > 0) {
9f5cb6b3 98 if (LDT_empty(info) || LDT_zero(info))
9a98e778 99 memset(desc, 0, sizeof(*desc));
9f5cb6b3 100 else
4c79a2d8
RM
101 fill_ldt(desc, info);
102 ++info;
103 ++desc;
104 }
1bd5718c
RM
105
106 if (t == &current->thread)
107 load_TLS(t, cpu);
108
109 put_cpu();
110}
111
1da177e4
LT
112/*
113 * Set a given TLS descriptor:
1da177e4 114 */
efd1ca52
RM
115int do_set_thread_area(struct task_struct *p, int idx,
116 struct user_desc __user *u_info,
117 int can_allocate)
1da177e4
LT
118{
119 struct user_desc info;
c9867f86 120 unsigned short __maybe_unused sel, modified_sel;
1da177e4
LT
121
122 if (copy_from_user(&info, u_info, sizeof(info)))
123 return -EFAULT;
124
41bdc785
AL
125 if (!tls_desc_okay(&info))
126 return -EINVAL;
127
efd1ca52
RM
128 if (idx == -1)
129 idx = info.entry_number;
1da177e4
LT
130
131 /*
132 * index -1 means the kernel should try to find and
133 * allocate an empty descriptor:
134 */
efd1ca52 135 if (idx == -1 && can_allocate) {
1da177e4
LT
136 idx = get_free_idx();
137 if (idx < 0)
138 return idx;
139 if (put_user(idx, &u_info->entry_number))
140 return -EFAULT;
141 }
142
143 if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
144 return -EINVAL;
145
4c79a2d8 146 set_tls_desc(p, idx, &info, 1);
1da177e4 147
c9867f86
AL
148 /*
149 * If DS, ES, FS, or GS points to the modified segment, forcibly
150 * refresh it. Only needed on x86_64 because x86_32 reloads them
151 * on return to user mode.
152 */
153 modified_sel = (idx << 3) | 3;
154
155 if (p == current) {
156#ifdef CONFIG_X86_64
157 savesegment(ds, sel);
158 if (sel == modified_sel)
159 loadsegment(ds, sel);
160
161 savesegment(es, sel);
162 if (sel == modified_sel)
163 loadsegment(es, sel);
164
165 savesegment(fs, sel);
166 if (sel == modified_sel)
167 loadsegment(fs, sel);
c9867f86
AL
168#endif
169
c9867f86
AL
170 savesegment(gs, sel);
171 if (sel == modified_sel)
3fb0fdb3 172 load_gs_index(sel);
c9867f86
AL
173 } else {
174#ifdef CONFIG_X86_64
175 if (p->thread.fsindex == modified_sel)
176 p->thread.fsbase = info.base_addr;
177
178 if (p->thread.gsindex == modified_sel)
179 p->thread.gsbase = info.base_addr;
180#endif
181 }
182
1da177e4
LT
183 return 0;
184}
185
2cf09666 186SYSCALL_DEFINE1(set_thread_area, struct user_desc __user *, u_info)
13abd0e5 187{
2cf09666 188 return do_set_thread_area(current, -1, u_info, 1);
13abd0e5 189}
1da177e4
LT
190
191
192/*
193 * Get the current Thread-Local Storage area:
194 */
195
1bd5718c
RM
196static void fill_user_desc(struct user_desc *info, int idx,
197 const struct desc_struct *desc)
198
199{
200 memset(info, 0, sizeof(*info));
201 info->entry_number = idx;
202 info->base_addr = get_desc_base(desc);
203 info->limit = get_desc_limit(desc);
204 info->seg_32bit = desc->d;
205 info->contents = desc->type >> 2;
206 info->read_exec_only = !(desc->type & 2);
207 info->limit_in_pages = desc->g;
208 info->seg_not_present = !desc->p;
209 info->useable = desc->avl;
210#ifdef CONFIG_X86_64
211 info->lm = desc->l;
212#endif
213}
efd1ca52
RM
214
215int do_get_thread_area(struct task_struct *p, int idx,
216 struct user_desc __user *u_info)
1da177e4
LT
217{
218 struct user_desc info;
993773d1 219 int index;
1da177e4 220
efd1ca52 221 if (idx == -1 && get_user(idx, &u_info->entry_number))
1da177e4 222 return -EFAULT;
1bd5718c 223
1da177e4
LT
224 if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
225 return -EINVAL;
226
993773d1
DC
227 index = idx - GDT_ENTRY_TLS_MIN;
228 index = array_index_nospec(index,
229 GDT_ENTRY_TLS_MAX - GDT_ENTRY_TLS_MIN + 1);
230
231 fill_user_desc(&info, idx, &p->thread.tls_array[index]);
1da177e4
LT
232
233 if (copy_to_user(u_info, &info, sizeof(info)))
234 return -EFAULT;
235 return 0;
236}
237
2cf09666 238SYSCALL_DEFINE1(get_thread_area, struct user_desc __user *, u_info)
1da177e4 239{
2cf09666 240 return do_get_thread_area(current, -1, u_info);
1da177e4 241}
4c79a2d8
RM
242
243int regset_tls_active(struct task_struct *target,
244 const struct user_regset *regset)
245{
246 struct thread_struct *t = &target->thread;
247 int n = GDT_ENTRY_TLS_ENTRIES;
248 while (n > 0 && desc_empty(&t->tls_array[n - 1]))
249 --n;
250 return n;
251}
252
253int regset_tls_get(struct task_struct *target, const struct user_regset *regset,
0557d64d 254 struct membuf to)
4c79a2d8
RM
255{
256 const struct desc_struct *tls;
0557d64d
AV
257 struct user_desc v;
258 int pos;
4c79a2d8 259
0557d64d
AV
260 for (pos = 0, tls = target->thread.tls_array; to.left; pos++, tls++) {
261 fill_user_desc(&v, GDT_ENTRY_TLS_MIN + pos, tls);
262 membuf_write(&to, &v, sizeof(v));
4c79a2d8 263 }
4c79a2d8
RM
264 return 0;
265}
266
267int regset_tls_set(struct task_struct *target, const struct user_regset *regset,
268 unsigned int pos, unsigned int count,
269 const void *kbuf, const void __user *ubuf)
270{
271 struct user_desc infobuf[GDT_ENTRY_TLS_ENTRIES];
272 const struct user_desc *info;
41bdc785 273 int i;
4c79a2d8 274
8f0750f1 275 if (pos >= GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) ||
4c79a2d8
RM
276 (pos % sizeof(struct user_desc)) != 0 ||
277 (count % sizeof(struct user_desc)) != 0)
278 return -EINVAL;
279
280 if (kbuf)
281 info = kbuf;
282 else if (__copy_from_user(infobuf, ubuf, count))
283 return -EFAULT;
284 else
285 info = infobuf;
286
41bdc785
AL
287 for (i = 0; i < count / sizeof(struct user_desc); i++)
288 if (!tls_desc_okay(info + i))
289 return -EINVAL;
290
4c79a2d8
RM
291 set_tls_desc(target,
292 GDT_ENTRY_TLS_MIN + (pos / sizeof(struct user_desc)),
293 info, count / sizeof(struct user_desc));
294
295 return 0;
296}