1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Copyright (C) 2015 Thomas Meyer (thomas@m3y3r.de) 4 * Copyright (C) 2002- 2007 Jeff Dike (jdike@{addtoit,linux.intel}.com) 5 */ 6 7#include <stdlib.h> 8#include <stdbool.h> 9#include <unistd.h> 10#include <sched.h> 11#include <errno.h> 12#include <string.h> 13#include <sys/mman.h> 14#include <sys/wait.h> 15#include <asm/unistd.h> 16#include <as-layout.h> 17#include <init.h> 18#include <kern_util.h> 19#include <mem.h> 20#include <os.h> 21#include <ptrace_user.h> 22#include <registers.h> 23#include <skas.h> 24#include <sysdep/stub.h> 25#include <linux/threads.h> 26 27int is_skas_winch(int pid, int fd, void *data) 28{ 29 return pid == getpgrp(); 30} 31 32static int ptrace_dump_regs(int pid) 33{ 34 unsigned long regs[MAX_REG_NR]; 35 int i; 36 37 if (ptrace(PTRACE_GETREGS, pid, 0, regs) < 0) 38 return -errno; 39 40 printk(UM_KERN_ERR "Stub registers -\n"); 41 for (i = 0; i < ARRAY_SIZE(regs); i++) 42 printk(UM_KERN_ERR "\t%d - %lx\n", i, regs[i]); 43 44 return 0; 45} 46 47/* 48 * Signals that are OK to receive in the stub - we'll just continue it. 49 * SIGWINCH will happen when UML is inside a detached screen. 50 */ 51#define STUB_SIG_MASK ((1 << SIGALRM) | (1 << SIGWINCH)) 52 53/* Signals that the stub will finish with - anything else is an error */ 54#define STUB_DONE_MASK (1 << SIGTRAP) 55 56void wait_stub_done(int pid) 57{ 58 int n, status, err; 59 60 while (1) { 61 CATCH_EINTR(n = waitpid(pid, &status, WUNTRACED | __WALL)); 62 if ((n < 0) || !WIFSTOPPED(status)) 63 goto bad_wait; 64 65 if (((1 << WSTOPSIG(status)) & STUB_SIG_MASK) == 0) 66 break; 67 68 err = ptrace(PTRACE_CONT, pid, 0, 0); 69 if (err) { 70 printk(UM_KERN_ERR "wait_stub_done : continue failed, " 71 "errno = %d\n", errno); 72 fatal_sigsegv(); 73 } 74 } 75 76 if (((1 << WSTOPSIG(status)) & STUB_DONE_MASK) != 0) 77 return; 78 79bad_wait: 80 err = ptrace_dump_regs(pid); 81 if (err) 82 printk(UM_KERN_ERR "Failed to get registers from stub, " 83 "errno = %d\n", -err); 84 printk(UM_KERN_ERR "wait_stub_done : failed to wait for SIGTRAP, " 85 "pid = %d, n = %d, errno = %d, status = 0x%x\n", pid, n, errno, 86 status); 87 fatal_sigsegv(); 88} 89 90extern unsigned long current_stub_stack(void); 91 92static void get_skas_faultinfo(int pid, struct faultinfo *fi, unsigned long *aux_fp_regs) 93{ 94 int err; 95 96 err = get_fp_registers(pid, aux_fp_regs); 97 if (err < 0) { 98 printk(UM_KERN_ERR "save_fp_registers returned %d\n", 99 err); 100 fatal_sigsegv(); 101 } 102 err = ptrace(PTRACE_CONT, pid, 0, SIGSEGV); 103 if (err) { 104 printk(UM_KERN_ERR "Failed to continue stub, pid = %d, " 105 "errno = %d\n", pid, errno); 106 fatal_sigsegv(); 107 } 108 wait_stub_done(pid); 109 110 /* 111 * faultinfo is prepared by the stub_segv_handler at start of 112 * the stub stack page. We just have to copy it. 113 */ 114 memcpy(fi, (void *)current_stub_stack(), sizeof(*fi)); 115 116 err = put_fp_registers(pid, aux_fp_regs); 117 if (err < 0) { 118 printk(UM_KERN_ERR "put_fp_registers returned %d\n", 119 err); 120 fatal_sigsegv(); 121 } 122} 123 124static void handle_segv(int pid, struct uml_pt_regs *regs, unsigned long *aux_fp_regs) 125{ 126 get_skas_faultinfo(pid, ®s->faultinfo, aux_fp_regs); 127 segv(regs->faultinfo, 0, 1, NULL); 128} 129 130/* 131 * To use the same value of using_sysemu as the caller, ask it that value 132 * (in local_using_sysemu 133 */ 134static void handle_trap(int pid, struct uml_pt_regs *regs, 135 int local_using_sysemu) 136{ 137 int err, status; 138 139 if ((UPT_IP(regs) >= STUB_START) && (UPT_IP(regs) < STUB_END)) 140 fatal_sigsegv(); 141 142 if (!local_using_sysemu) 143 { 144 err = ptrace(PTRACE_POKEUSER, pid, PT_SYSCALL_NR_OFFSET, 145 __NR_getpid); 146 if (err < 0) { 147 printk(UM_KERN_ERR "handle_trap - nullifying syscall " 148 "failed, errno = %d\n", errno); 149 fatal_sigsegv(); 150 } 151 152 err = ptrace(PTRACE_SYSCALL, pid, 0, 0); 153 if (err < 0) { 154 printk(UM_KERN_ERR "handle_trap - continuing to end of " 155 "syscall failed, errno = %d\n", errno); 156 fatal_sigsegv(); 157 } 158 159 CATCH_EINTR(err = waitpid(pid, &status, WUNTRACED | __WALL)); 160 if ((err < 0) || !WIFSTOPPED(status) || 161 (WSTOPSIG(status) != SIGTRAP + 0x80)) { 162 err = ptrace_dump_regs(pid); 163 if (err) 164 printk(UM_KERN_ERR "Failed to get registers " 165 "from process, errno = %d\n", -err); 166 printk(UM_KERN_ERR "handle_trap - failed to wait at " 167 "end of syscall, errno = %d, status = %d\n", 168 errno, status); 169 fatal_sigsegv(); 170 } 171 } 172 173 handle_syscall(regs); 174} 175 176extern char __syscall_stub_start[]; 177 178/** 179 * userspace_tramp() - userspace trampoline 180 * @stack: pointer to the new userspace stack page, can be NULL, if? FIXME: 181 * 182 * The userspace trampoline is used to setup a new userspace process in start_userspace() after it was clone()'ed. 183 * This function will run on a temporary stack page. 184 * It ptrace()'es itself, then 185 * Two pages are mapped into the userspace address space: 186 * - STUB_CODE (with EXEC), which contains the skas stub code 187 * - STUB_DATA (with R/W), which contains a data page that is used to transfer certain data between the UML userspace process and the UML kernel. 188 * Also for the userspace process a SIGSEGV handler is installed to catch pagefaults in the userspace process. 189 * And last the process stops itself to give control to the UML kernel for this userspace process. 190 * 191 * Return: Always zero, otherwise the current userspace process is ended with non null exit() call 192 */ 193static int userspace_tramp(void *stack) 194{ 195 void *addr; 196 int fd; 197 unsigned long long offset; 198 199 ptrace(PTRACE_TRACEME, 0, 0, 0); 200 201 signal(SIGTERM, SIG_DFL); 202 signal(SIGWINCH, SIG_IGN); 203 204 /* 205 * This has a pte, but it can't be mapped in with the usual 206 * tlb_flush mechanism because this is part of that mechanism 207 */ 208 fd = phys_mapping(to_phys(__syscall_stub_start), &offset); 209 addr = mmap64((void *) STUB_CODE, UM_KERN_PAGE_SIZE, 210 PROT_EXEC, MAP_FIXED | MAP_PRIVATE, fd, offset); 211 if (addr == MAP_FAILED) { 212 printk(UM_KERN_ERR "mapping mmap stub at 0x%lx failed, " 213 "errno = %d\n", STUB_CODE, errno); 214 exit(1); 215 } 216 217 if (stack != NULL) { 218 fd = phys_mapping(to_phys(stack), &offset); 219 addr = mmap((void *) STUB_DATA, 220 UM_KERN_PAGE_SIZE, PROT_READ | PROT_WRITE, 221 MAP_FIXED | MAP_SHARED, fd, offset); 222 if (addr == MAP_FAILED) { 223 printk(UM_KERN_ERR "mapping segfault stack " 224 "at 0x%lx failed, errno = %d\n", 225 STUB_DATA, errno); 226 exit(1); 227 } 228 } 229 if (stack != NULL) { 230 struct sigaction sa; 231 232 unsigned long v = STUB_CODE + 233 (unsigned long) stub_segv_handler - 234 (unsigned long) __syscall_stub_start; 235 236 set_sigstack((void *) STUB_DATA, UM_KERN_PAGE_SIZE); 237 sigemptyset(&sa.sa_mask); 238 sa.sa_flags = SA_ONSTACK | SA_NODEFER | SA_SIGINFO; 239 sa.sa_sigaction = (void *) v; 240 sa.sa_restorer = NULL; 241 if (sigaction(SIGSEGV, &sa, NULL) < 0) { 242 printk(UM_KERN_ERR "userspace_tramp - setting SIGSEGV " 243 "handler failed - errno = %d\n", errno); 244 exit(1); 245 } 246 } 247 248 kill(os_getpid(), SIGSTOP); 249 return 0; 250} 251 252int userspace_pid[NR_CPUS]; 253int kill_userspace_mm[NR_CPUS]; 254 255/** 256 * start_userspace() - prepare a new userspace process 257 * @stub_stack: pointer to the stub stack. Can be NULL, if? FIXME: 258 * 259 * Setups a new temporary stack page that is used while userspace_tramp() runs 260 * Clones the kernel process into a new userspace process, with FDs only. 261 * 262 * Return: When positive: the process id of the new userspace process, 263 * when negative: an error number. 264 * FIXME: can PIDs become negative?! 265 */ 266int start_userspace(unsigned long stub_stack) 267{ 268 void *stack; 269 unsigned long sp; 270 int pid, status, n, flags, err; 271 272 /* setup a temporary stack page */ 273 stack = mmap(NULL, UM_KERN_PAGE_SIZE, 274 PROT_READ | PROT_WRITE | PROT_EXEC, 275 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 276 if (stack == MAP_FAILED) { 277 err = -errno; 278 printk(UM_KERN_ERR "start_userspace : mmap failed, " 279 "errno = %d\n", errno); 280 return err; 281 } 282 283 /* set stack pointer to the end of the stack page, so it can grow downwards */ 284 sp = (unsigned long) stack + UM_KERN_PAGE_SIZE - sizeof(void *); 285 286 flags = CLONE_FILES | SIGCHLD; 287 288 /* clone into new userspace process */ 289 pid = clone(userspace_tramp, (void *) sp, flags, (void *) stub_stack); 290 if (pid < 0) { 291 err = -errno; 292 printk(UM_KERN_ERR "start_userspace : clone failed, " 293 "errno = %d\n", errno); 294 return err; 295 } 296 297 do { 298 CATCH_EINTR(n = waitpid(pid, &status, WUNTRACED | __WALL)); 299 if (n < 0) { 300 err = -errno; 301 printk(UM_KERN_ERR "start_userspace : wait failed, " 302 "errno = %d\n", errno); 303 goto out_kill; 304 } 305 } while (WIFSTOPPED(status) && (WSTOPSIG(status) == SIGALRM)); 306 307 if (!WIFSTOPPED(status) || (WSTOPSIG(status) != SIGSTOP)) { 308 err = -EINVAL; 309 printk(UM_KERN_ERR "start_userspace : expected SIGSTOP, got " 310 "status = %d\n", status); 311 goto out_kill; 312 } 313 314 if (ptrace(PTRACE_OLDSETOPTIONS, pid, NULL, 315 (void *) PTRACE_O_TRACESYSGOOD) < 0) { 316 err = -errno; 317 printk(UM_KERN_ERR "start_userspace : PTRACE_OLDSETOPTIONS " 318 "failed, errno = %d\n", errno); 319 goto out_kill; 320 } 321 322 if (munmap(stack, UM_KERN_PAGE_SIZE) < 0) { 323 err = -errno; 324 printk(UM_KERN_ERR "start_userspace : munmap failed, " 325 "errno = %d\n", errno); 326 goto out_kill; 327 } 328 329 return pid; 330 331 out_kill: 332 os_kill_ptraced_process(pid, 1); 333 return err; 334} 335 336void userspace(struct uml_pt_regs *regs, unsigned long *aux_fp_regs) 337{ 338 int err, status, op, pid = userspace_pid[0]; 339 /* To prevent races if using_sysemu changes under us.*/ 340 int local_using_sysemu; 341 siginfo_t si; 342 343 /* Handle any immediate reschedules or signals */ 344 interrupt_end(); 345 346 while (1) { 347 if (kill_userspace_mm[0]) 348 fatal_sigsegv(); 349 350 /* 351 * This can legitimately fail if the process loads a 352 * bogus value into a segment register. It will 353 * segfault and PTRACE_GETREGS will read that value 354 * out of the process. However, PTRACE_SETREGS will 355 * fail. In this case, there is nothing to do but 356 * just kill the process. 357 */ 358 if (ptrace(PTRACE_SETREGS, pid, 0, regs->gp)) { 359 printk(UM_KERN_ERR "userspace - ptrace set regs " 360 "failed, errno = %d\n", errno); 361 fatal_sigsegv(); 362 } 363 364 if (put_fp_registers(pid, regs->fp)) { 365 printk(UM_KERN_ERR "userspace - ptrace set fp regs " 366 "failed, errno = %d\n", errno); 367 fatal_sigsegv(); 368 } 369 370 /* Now we set local_using_sysemu to be used for one loop */ 371 local_using_sysemu = get_using_sysemu(); 372 373 op = SELECT_PTRACE_OPERATION(local_using_sysemu, 374 singlestepping(NULL)); 375 376 if (ptrace(op, pid, 0, 0)) { 377 printk(UM_KERN_ERR "userspace - ptrace continue " 378 "failed, op = %d, errno = %d\n", op, errno); 379 fatal_sigsegv(); 380 } 381 382 CATCH_EINTR(err = waitpid(pid, &status, WUNTRACED | __WALL)); 383 if (err < 0) { 384 printk(UM_KERN_ERR "userspace - wait failed, " 385 "errno = %d\n", errno); 386 fatal_sigsegv(); 387 } 388 389 regs->is_user = 1; 390 if (ptrace(PTRACE_GETREGS, pid, 0, regs->gp)) { 391 printk(UM_KERN_ERR "userspace - PTRACE_GETREGS failed, " 392 "errno = %d\n", errno); 393 fatal_sigsegv(); 394 } 395 396 if (get_fp_registers(pid, regs->fp)) { 397 printk(UM_KERN_ERR "userspace - get_fp_registers failed, " 398 "errno = %d\n", errno); 399 fatal_sigsegv(); 400 } 401 402 UPT_SYSCALL_NR(regs) = -1; /* Assume: It's not a syscall */ 403 404 if (WIFSTOPPED(status)) { 405 int sig = WSTOPSIG(status); 406 407 ptrace(PTRACE_GETSIGINFO, pid, 0, (struct siginfo *)&si); 408 409 switch (sig) { 410 case SIGSEGV: 411 if (PTRACE_FULL_FAULTINFO) { 412 get_skas_faultinfo(pid, 413 ®s->faultinfo, aux_fp_regs); 414 (*sig_info[SIGSEGV])(SIGSEGV, (struct siginfo *)&si, 415 regs); 416 } 417 else handle_segv(pid, regs, aux_fp_regs); 418 break; 419 case SIGTRAP + 0x80: 420 handle_trap(pid, regs, local_using_sysemu); 421 break; 422 case SIGTRAP: 423 relay_signal(SIGTRAP, (struct siginfo *)&si, regs); 424 break; 425 case SIGALRM: 426 break; 427 case SIGIO: 428 case SIGILL: 429 case SIGBUS: 430 case SIGFPE: 431 case SIGWINCH: 432 block_signals_trace(); 433 (*sig_info[sig])(sig, (struct siginfo *)&si, regs); 434 unblock_signals_trace(); 435 break; 436 default: 437 printk(UM_KERN_ERR "userspace - child stopped " 438 "with signal %d\n", sig); 439 fatal_sigsegv(); 440 } 441 pid = userspace_pid[0]; 442 interrupt_end(); 443 444 /* Avoid -ERESTARTSYS handling in host */ 445 if (PT_SYSCALL_NR_OFFSET != PT_SYSCALL_RET_OFFSET) 446 PT_SYSCALL_NR(regs->gp) = -1; 447 } 448 } 449} 450 451static unsigned long thread_regs[MAX_REG_NR]; 452static unsigned long thread_fp_regs[FP_SIZE]; 453 454static int __init init_thread_regs(void) 455{ 456 get_safe_registers(thread_regs, thread_fp_regs); 457 /* Set parent's instruction pointer to start of clone-stub */ 458 thread_regs[REGS_IP_INDEX] = STUB_CODE + 459 (unsigned long) stub_clone_handler - 460 (unsigned long) __syscall_stub_start; 461 thread_regs[REGS_SP_INDEX] = STUB_DATA + UM_KERN_PAGE_SIZE - 462 sizeof(void *); 463#ifdef __SIGNAL_FRAMESIZE 464 thread_regs[REGS_SP_INDEX] -= __SIGNAL_FRAMESIZE; 465#endif 466 return 0; 467} 468 469__initcall(init_thread_regs); 470 471int copy_context_skas0(unsigned long new_stack, int pid) 472{ 473 int err; 474 unsigned long current_stack = current_stub_stack(); 475 struct stub_data *data = (struct stub_data *) current_stack; 476 struct stub_data *child_data = (struct stub_data *) new_stack; 477 unsigned long long new_offset; 478 int new_fd = phys_mapping(to_phys((void *)new_stack), &new_offset); 479 480 /* 481 * prepare offset and fd of child's stack as argument for parent's 482 * and child's mmap2 calls 483 */ 484 *data = ((struct stub_data) { 485 .offset = MMAP_OFFSET(new_offset), 486 .fd = new_fd 487 }); 488 489 err = ptrace_setregs(pid, thread_regs); 490 if (err < 0) { 491 err = -errno; 492 printk(UM_KERN_ERR "copy_context_skas0 : PTRACE_SETREGS " 493 "failed, pid = %d, errno = %d\n", pid, -err); 494 return err; 495 } 496 497 err = put_fp_registers(pid, thread_fp_regs); 498 if (err < 0) { 499 printk(UM_KERN_ERR "copy_context_skas0 : put_fp_registers " 500 "failed, pid = %d, err = %d\n", pid, err); 501 return err; 502 } 503 504 /* set a well known return code for detection of child write failure */ 505 child_data->err = 12345678; 506 507 /* 508 * Wait, until parent has finished its work: read child's pid from 509 * parent's stack, and check, if bad result. 510 */ 511 err = ptrace(PTRACE_CONT, pid, 0, 0); 512 if (err) { 513 err = -errno; 514 printk(UM_KERN_ERR "Failed to continue new process, pid = %d, " 515 "errno = %d\n", pid, errno); 516 return err; 517 } 518 519 wait_stub_done(pid); 520 521 pid = data->err; 522 if (pid < 0) { 523 printk(UM_KERN_ERR "copy_context_skas0 - stub-parent reports " 524 "error %d\n", -pid); 525 return pid; 526 } 527 528 /* 529 * Wait, until child has finished too: read child's result from 530 * child's stack and check it. 531 */ 532 wait_stub_done(pid); 533 if (child_data->err != STUB_DATA) { 534 printk(UM_KERN_ERR "copy_context_skas0 - stub-child reports " 535 "error %ld\n", child_data->err); 536 err = child_data->err; 537 goto out_kill; 538 } 539 540 if (ptrace(PTRACE_OLDSETOPTIONS, pid, NULL, 541 (void *)PTRACE_O_TRACESYSGOOD) < 0) { 542 err = -errno; 543 printk(UM_KERN_ERR "copy_context_skas0 : PTRACE_OLDSETOPTIONS " 544 "failed, errno = %d\n", errno); 545 goto out_kill; 546 } 547 548 return pid; 549 550 out_kill: 551 os_kill_ptraced_process(pid, 1); 552 return err; 553} 554 555void new_thread(void *stack, jmp_buf *buf, void (*handler)(void)) 556{ 557 (*buf)[0].JB_IP = (unsigned long) handler; 558 (*buf)[0].JB_SP = (unsigned long) stack + UM_THREAD_SIZE - 559 sizeof(void *); 560} 561 562#define INIT_JMP_NEW_THREAD 0 563#define INIT_JMP_CALLBACK 1 564#define INIT_JMP_HALT 2 565#define INIT_JMP_REBOOT 3 566 567void switch_threads(jmp_buf *me, jmp_buf *you) 568{ 569 if (UML_SETJMP(me) == 0) 570 UML_LONGJMP(you, 1); 571} 572 573static jmp_buf initial_jmpbuf; 574 575/* XXX Make these percpu */ 576static void (*cb_proc)(void *arg); 577static void *cb_arg; 578static jmp_buf *cb_back; 579 580int start_idle_thread(void *stack, jmp_buf *switch_buf) 581{ 582 int n; 583 584 set_handler(SIGWINCH); 585 586 /* 587 * Can't use UML_SETJMP or UML_LONGJMP here because they save 588 * and restore signals, with the possible side-effect of 589 * trying to handle any signals which came when they were 590 * blocked, which can't be done on this stack. 591 * Signals must be blocked when jumping back here and restored 592 * after returning to the jumper. 593 */ 594 n = setjmp(initial_jmpbuf); 595 switch (n) { 596 case INIT_JMP_NEW_THREAD: 597 (*switch_buf)[0].JB_IP = (unsigned long) uml_finishsetup; 598 (*switch_buf)[0].JB_SP = (unsigned long) stack + 599 UM_THREAD_SIZE - sizeof(void *); 600 break; 601 case INIT_JMP_CALLBACK: 602 (*cb_proc)(cb_arg); 603 longjmp(*cb_back, 1); 604 break; 605 case INIT_JMP_HALT: 606 kmalloc_ok = 0; 607 return 0; 608 case INIT_JMP_REBOOT: 609 kmalloc_ok = 0; 610 return 1; 611 default: 612 printk(UM_KERN_ERR "Bad sigsetjmp return in " 613 "start_idle_thread - %d\n", n); 614 fatal_sigsegv(); 615 } 616 longjmp(*switch_buf, 1); 617 618 /* unreachable */ 619 printk(UM_KERN_ERR "impossible long jump!"); 620 fatal_sigsegv(); 621 return 0; 622} 623 624void initial_thread_cb_skas(void (*proc)(void *), void *arg) 625{ 626 jmp_buf here; 627 628 cb_proc = proc; 629 cb_arg = arg; 630 cb_back = &here; 631 632 block_signals_trace(); 633 if (UML_SETJMP(&here) == 0) 634 UML_LONGJMP(&initial_jmpbuf, INIT_JMP_CALLBACK); 635 unblock_signals_trace(); 636 637 cb_proc = NULL; 638 cb_arg = NULL; 639 cb_back = NULL; 640} 641 642void halt_skas(void) 643{ 644 block_signals_trace(); 645 UML_LONGJMP(&initial_jmpbuf, INIT_JMP_HALT); 646} 647 648static bool noreboot; 649 650static int __init noreboot_cmd_param(char *str, int *add) 651{ 652 noreboot = true; 653 return 0; 654} 655 656__uml_setup("noreboot", noreboot_cmd_param, 657"noreboot\n" 658" Rather than rebooting, exit always, akin to QEMU's -no-reboot option.\n" 659" This is useful if you're using CONFIG_PANIC_TIMEOUT in order to catch\n" 660" crashes in CI\n"); 661 662void reboot_skas(void) 663{ 664 block_signals_trace(); 665 UML_LONGJMP(&initial_jmpbuf, noreboot ? INIT_JMP_HALT : INIT_JMP_REBOOT); 666} 667 668void __switch_mm(struct mm_id *mm_idp) 669{ 670 userspace_pid[0] = mm_idp->u.pid; 671 kill_userspace_mm[0] = mm_idp->kill; 672} 673