1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25 /* Copyright (c) 1990, 1991 UNIX System Laboratories, Inc. */ 26 /* Copyright (c) 1984, 1986, 1987, 1988, 1989, 1990 AT&T */ 27 /* All Rights Reserved */ 28 29 /* Copyright (c) 1987, 1988 Microsoft Corporation */ 30 /* All Rights Reserved */ 31 32 #include <sys/param.h> 33 #include <sys/types.h> 34 #include <sys/sysmacros.h> 35 #include <sys/systm.h> 36 #include <sys/signal.h> 37 #include <sys/errno.h> 38 #include <sys/fault.h> 39 #include <sys/syscall.h> 40 #include <sys/cpuvar.h> 41 #include <sys/sysi86.h> 42 #include <sys/psw.h> 43 #include <sys/cred.h> 44 #include <sys/policy.h> 45 #include <sys/thread.h> 46 #include <sys/debug.h> 47 #include <sys/ontrap.h> 48 #include <sys/privregs.h> 49 #include <sys/x86_archext.h> 50 #include <sys/vmem.h> 51 #include <sys/kmem.h> 52 #include <sys/mman.h> 53 #include <sys/archsystm.h> 54 #include <vm/hat.h> 55 #include <vm/as.h> 56 #include <vm/seg.h> 57 #include <vm/seg_kmem.h> 58 #include <vm/faultcode.h> 59 #include <sys/fp.h> 60 #include <sys/cmn_err.h> 61 #include <sys/segments.h> 62 #include <sys/clock.h> 63 #if defined(__xpv) 64 #include <sys/hypervisor.h> 65 #include <sys/note.h> 66 #endif 67 68 static void ldt_alloc(proc_t *, uint_t); 69 static void ldt_free(proc_t *); 70 static void ldt_dup(proc_t *, proc_t *); 71 static void ldt_grow(proc_t *, uint_t); 72 73 /* 74 * sysi86 System Call 75 */ 76 77 /* ARGSUSED */ 78 int 79 sysi86(short cmd, uintptr_t arg1, uintptr_t arg2, uintptr_t arg3) 80 { 81 struct ssd ssd; 82 int error = 0; 83 int c; 84 proc_t *pp = curproc; 85 86 switch (cmd) { 87 88 /* 89 * The SI86V86 subsystem call of the SYSI86 system call 90 * supports only one subcode -- V86SC_IOPL. 91 */ 92 case SI86V86: 93 if (arg1 == V86SC_IOPL) { 94 struct regs *rp = lwptoregs(ttolwp(curthread)); 95 greg_t oldpl = rp->r_ps & PS_IOPL; 96 greg_t newpl = arg2 & PS_IOPL; 97 98 /* 99 * Must be privileged to run this system call 100 * if giving more io privilege. 101 */ 102 if (newpl > oldpl && (error = 103 secpolicy_sys_config(CRED(), B_FALSE)) != 0) 104 return (set_errno(error)); 105 #if defined(__xpv) 106 kpreempt_disable(); 107 installctx(curthread, NULL, xen_disable_user_iopl, 108 xen_enable_user_iopl, NULL, NULL, 109 xen_disable_user_iopl, NULL); 110 xen_enable_user_iopl(); 111 kpreempt_enable(); 112 #else 113 rp->r_ps ^= oldpl ^ newpl; 114 #endif 115 } else 116 error = EINVAL; 117 break; 118 119 /* 120 * Set a segment descriptor 121 */ 122 case SI86DSCR: 123 /* 124 * There are considerable problems here manipulating 125 * resources shared by many running lwps. Get everyone 126 * into a safe state before changing the LDT. 127 */ 128 if (curthread != pp->p_agenttp && !holdlwps(SHOLDFORK1)) { 129 error = EINTR; 130 break; 131 } 132 133 if (get_udatamodel() == DATAMODEL_LP64) { 134 error = EINVAL; 135 break; 136 } 137 138 if (copyin((caddr_t)arg1, &ssd, sizeof (ssd)) < 0) { 139 error = EFAULT; 140 break; 141 } 142 143 error = setdscr(&ssd); 144 145 mutex_enter(&pp->p_lock); 146 if (curthread != pp->p_agenttp) 147 continuelwps(pp); 148 mutex_exit(&pp->p_lock); 149 break; 150 151 case SI86FPHW: 152 c = fp_kind & 0xff; 153 if (suword32((void *)arg1, c) == -1) 154 error = EFAULT; 155 break; 156 157 case SI86FPSTART: 158 /* 159 * arg1 is the address of _fp_hw 160 * arg2 is the desired x87 FCW value 161 * arg3 is the desired SSE MXCSR value 162 * a return value of one means SSE hardware, else none. 163 */ 164 c = fp_kind & 0xff; 165 if (suword32((void *)arg1, c) == -1) { 166 error = EFAULT; 167 break; 168 } 169 fpsetcw((uint16_t)arg2, (uint32_t)arg3); 170 return ((fp_kind & __FP_SSE) ? 1 : 0); 171 172 /* real time clock management commands */ 173 174 case WTODC: 175 if ((error = secpolicy_settime(CRED())) == 0) { 176 timestruc_t ts; 177 mutex_enter(&tod_lock); 178 gethrestime(&ts); 179 tod_set(ts); 180 mutex_exit(&tod_lock); 181 } 182 break; 183 184 /* Give some timezone playing room */ 185 #define ONEWEEK (7 * 24 * 60 * 60) 186 187 case SGMTL: 188 /* 189 * Called from 32 bit land, negative values 190 * are not sign extended, so we do that here 191 * by casting it to an int and back. We also 192 * clamp the value to within reason and detect 193 * when a 64 bit call overflows an int. 194 */ 195 if ((error = secpolicy_settime(CRED())) == 0) { 196 int newlag = (int)arg1; 197 198 #ifdef _SYSCALL32_IMPL 199 if (get_udatamodel() == DATAMODEL_NATIVE && 200 (long)newlag != (long)arg1) { 201 error = EOVERFLOW; 202 } else 203 #endif 204 if (newlag >= -ONEWEEK && newlag <= ONEWEEK) 205 sgmtl(newlag); 206 else 207 error = EOVERFLOW; 208 } 209 break; 210 211 case GGMTL: 212 if (get_udatamodel() == DATAMODEL_NATIVE) { 213 if (sulword((void *)arg1, ggmtl()) == -1) 214 error = EFAULT; 215 #ifdef _SYSCALL32_IMPL 216 } else { 217 time_t gmtl; 218 219 if ((gmtl = ggmtl()) > INT32_MAX) { 220 /* 221 * Since gmt_lag can at most be 222 * +/- 12 hours, something is 223 * *seriously* messed up here. 224 */ 225 error = EOVERFLOW; 226 } else if (suword32((void *)arg1, (int32_t)gmtl) == -1) 227 error = EFAULT; 228 #endif 229 } 230 break; 231 232 case RTCSYNC: 233 if ((error = secpolicy_settime(CRED())) == 0) 234 rtcsync(); 235 break; 236 237 /* END OF real time clock management commands */ 238 239 default: 240 error = EINVAL; 241 break; 242 } 243 return (error == 0 ? 0 : set_errno(error)); 244 } 245 246 void 247 usd_to_ssd(user_desc_t *usd, struct ssd *ssd, selector_t sel) 248 { 249 ssd->bo = USEGD_GETBASE(usd); 250 ssd->ls = USEGD_GETLIMIT(usd); 251 ssd->sel = sel; 252 253 /* 254 * set type, dpl and present bits. 255 */ 256 ssd->acc1 = usd->usd_type; 257 ssd->acc1 |= usd->usd_dpl << 5; 258 ssd->acc1 |= usd->usd_p << (5 + 2); 259 260 /* 261 * set avl, DB and granularity bits. 262 */ 263 ssd->acc2 = usd->usd_avl; 264 265 #if defined(__amd64) 266 ssd->acc2 |= usd->usd_long << 1; 267 #else 268 ssd->acc2 |= usd->usd_reserved << 1; 269 #endif 270 271 ssd->acc2 |= usd->usd_def32 << (1 + 1); 272 ssd->acc2 |= usd->usd_gran << (1 + 1 + 1); 273 } 274 275 static void 276 ssd_to_usd(struct ssd *ssd, user_desc_t *usd) 277 { 278 279 ASSERT(bcmp(usd, &null_udesc, sizeof (*usd)) == 0); 280 281 USEGD_SETBASE(usd, ssd->bo); 282 USEGD_SETLIMIT(usd, ssd->ls); 283 284 /* 285 * set type, dpl and present bits. 286 */ 287 usd->usd_type = ssd->acc1; 288 usd->usd_dpl = ssd->acc1 >> 5; 289 usd->usd_p = ssd->acc1 >> (5 + 2); 290 291 ASSERT(usd->usd_type >= SDT_MEMRO); 292 ASSERT(usd->usd_dpl == SEL_UPL); 293 294 /* 295 * 64-bit code selectors are never allowed in the LDT. 296 * Reserved bit is always 0 on 32-bit systems. 297 */ 298 #if defined(__amd64) 299 usd->usd_long = 0; 300 #else 301 usd->usd_reserved = 0; 302 #endif 303 304 /* 305 * set avl, DB and granularity bits. 306 */ 307 usd->usd_avl = ssd->acc2; 308 usd->usd_def32 = ssd->acc2 >> (1 + 1); 309 usd->usd_gran = ssd->acc2 >> (1 + 1 + 1); 310 } 311 312 313 #if defined(__i386) 314 315 static void 316 ssd_to_sgd(struct ssd *ssd, gate_desc_t *sgd) 317 { 318 319 ASSERT(bcmp(sgd, &null_sdesc, sizeof (*sgd)) == 0); 320 321 sgd->sgd_looffset = ssd->bo; 322 sgd->sgd_hioffset = ssd->bo >> 16; 323 324 sgd->sgd_selector = ssd->ls; 325 326 /* 327 * set type, dpl and present bits. 328 */ 329 sgd->sgd_type = ssd->acc1; 330 sgd->sgd_dpl = ssd->acc1 >> 5; 331 sgd->sgd_p = ssd->acc1 >> 7; 332 ASSERT(sgd->sgd_type == SDT_SYSCGT); 333 ASSERT(sgd->sgd_dpl == SEL_UPL); 334 sgd->sgd_stkcpy = 0; 335 } 336 337 #endif /* __i386 */ 338 339 /* 340 * Load LDT register with the current process's LDT. 341 */ 342 static void 343 ldt_load(void) 344 { 345 #if defined(__xpv) 346 xen_set_ldt(get_ssd_base(&curproc->p_ldt_desc), 347 curproc->p_ldtlimit + 1); 348 #else 349 *((system_desc_t *)&CPU->cpu_gdt[GDT_LDT]) = curproc->p_ldt_desc; 350 wr_ldtr(ULDT_SEL); 351 #endif 352 } 353 354 /* 355 * Store a NULL selector in the LDTR. All subsequent illegal references to 356 * the LDT will result in a #gp. 357 */ 358 void 359 ldt_unload(void) 360 { 361 #if defined(__xpv) 362 xen_set_ldt(NULL, 0); 363 #else 364 *((system_desc_t *)&CPU->cpu_gdt[GDT_LDT]) = null_sdesc; 365 wr_ldtr(0); 366 #endif 367 } 368 369 /*ARGSUSED*/ 370 static void 371 ldt_savectx(proc_t *p) 372 { 373 ASSERT(p->p_ldt != NULL); 374 ASSERT(p == curproc); 375 376 #if defined(__amd64) 377 /* 378 * The 64-bit kernel must be sure to clear any stale ldt 379 * selectors when context switching away from a process that 380 * has a private ldt. Consider the following example: 381 * 382 * Wine creats a ldt descriptor and points a segment register 383 * to it. 384 * 385 * We then context switch away from wine lwp to kernel 386 * thread and hit breakpoint in kernel with kmdb 387 * 388 * When we continue and resume from kmdb we will #gp 389 * fault since kmdb will have saved the stale ldt selector 390 * from wine and will try to restore it but we are no longer in 391 * the context of the wine process and do not have our 392 * ldtr register pointing to the private ldt. 393 */ 394 reset_sregs(); 395 #endif 396 397 ldt_unload(); 398 cpu_fast_syscall_enable(NULL); 399 } 400 401 static void 402 ldt_restorectx(proc_t *p) 403 { 404 ASSERT(p->p_ldt != NULL); 405 ASSERT(p == curproc); 406 407 ldt_load(); 408 cpu_fast_syscall_disable(NULL); 409 } 410 411 /* 412 * When a process with a private LDT execs, fast syscalls must be enabled for 413 * the new process image. 414 */ 415 /* ARGSUSED */ 416 static void 417 ldt_freectx(proc_t *p, int isexec) 418 { 419 ASSERT(p->p_ldt); 420 421 if (isexec) { 422 kpreempt_disable(); 423 cpu_fast_syscall_enable(NULL); 424 kpreempt_enable(); 425 } 426 427 /* 428 * ldt_free() will free the memory used by the private LDT, reset the 429 * process's descriptor, and re-program the LDTR. 430 */ 431 ldt_free(p); 432 } 433 434 /* 435 * Install ctx op that ensures syscall/sysenter are disabled. 436 * See comments below. 437 * 438 * When a thread with a private LDT forks, the new process 439 * must have the LDT context ops installed. 440 */ 441 /* ARGSUSED */ 442 static void 443 ldt_installctx(proc_t *p, proc_t *cp) 444 { 445 proc_t *targ = p; 446 kthread_t *t; 447 448 /* 449 * If this is a fork, operate on the child process. 450 */ 451 if (cp != NULL) { 452 targ = cp; 453 ldt_dup(p, cp); 454 } 455 456 /* 457 * The process context ops expect the target process as their argument. 458 */ 459 ASSERT(removepctx(targ, targ, ldt_savectx, ldt_restorectx, 460 ldt_installctx, ldt_savectx, ldt_freectx) == 0); 461 462 installpctx(targ, targ, ldt_savectx, ldt_restorectx, 463 ldt_installctx, ldt_savectx, ldt_freectx); 464 465 /* 466 * We've just disabled fast system call and return instructions; take 467 * the slow path out to make sure we don't try to use one to return 468 * back to user. We must set t_post_sys for every thread in the 469 * process to make sure none of them escape out via fast return. 470 */ 471 472 mutex_enter(&targ->p_lock); 473 t = targ->p_tlist; 474 do { 475 t->t_post_sys = 1; 476 } while ((t = t->t_forw) != targ->p_tlist); 477 mutex_exit(&targ->p_lock); 478 } 479 480 int 481 setdscr(struct ssd *ssd) 482 { 483 ushort_t seli; /* selector index */ 484 user_desc_t *ldp; /* descriptor pointer */ 485 user_desc_t ndesc; /* new descriptor */ 486 proc_t *pp = ttoproc(curthread); 487 int rc = 0; 488 489 /* 490 * LDT segments: executable and data at DPL 3 only. 491 */ 492 if (!SELISLDT(ssd->sel) || !SELISUPL(ssd->sel)) 493 return (EINVAL); 494 495 /* 496 * check the selector index. 497 */ 498 seli = SELTOIDX(ssd->sel); 499 if (seli >= MAXNLDT || seli < LDT_UDBASE) 500 return (EINVAL); 501 502 ndesc = null_udesc; 503 mutex_enter(&pp->p_ldtlock); 504 505 /* 506 * If this is the first time for this process then setup a 507 * private LDT for it. 508 */ 509 if (pp->p_ldt == NULL) { 510 ldt_alloc(pp, seli); 511 512 /* 513 * Now that this process has a private LDT, the use of 514 * the syscall/sysret and sysenter/sysexit instructions 515 * is forbidden for this processes because they destroy 516 * the contents of %cs and %ss segment registers. 517 * 518 * Explicity disable them here and add a context handler 519 * to the process. Note that disabling 520 * them here means we can't use sysret or sysexit on 521 * the way out of this system call - so we force this 522 * thread to take the slow path (which doesn't make use 523 * of sysenter or sysexit) back out. 524 */ 525 kpreempt_disable(); 526 ldt_installctx(pp, NULL); 527 cpu_fast_syscall_disable(NULL); 528 ASSERT(curthread->t_post_sys != 0); 529 kpreempt_enable(); 530 531 } else if (seli > pp->p_ldtlimit) { 532 533 /* 534 * Increase size of ldt to include seli. 535 */ 536 ldt_grow(pp, seli); 537 } 538 539 ASSERT(seli <= pp->p_ldtlimit); 540 ldp = &pp->p_ldt[seli]; 541 542 /* 543 * On the 64-bit kernel, this is where things get more subtle. 544 * Recall that in the 64-bit kernel, when we enter the kernel we 545 * deliberately -don't- reload the segment selectors we came in on 546 * for %ds, %es, %fs or %gs. Messing with selectors is expensive, 547 * and the underlying descriptors are essentially ignored by the 548 * hardware in long mode - except for the base that we override with 549 * the gsbase MSRs. 550 * 551 * However, there's one unfortunate issue with this rosy picture -- 552 * a descriptor that's not marked as 'present' will still generate 553 * an #np when loading a segment register. 554 * 555 * Consider this case. An lwp creates a harmless LDT entry, points 556 * one of it's segment registers at it, then tells the kernel (here) 557 * to delete it. In the 32-bit kernel, the #np will happen on the 558 * way back to userland where we reload the segment registers, and be 559 * handled in kern_gpfault(). In the 64-bit kernel, the same thing 560 * will happen in the normal case too. However, if we're trying to 561 * use a debugger that wants to save and restore the segment registers, 562 * and the debugger things that we have valid segment registers, we 563 * have the problem that the debugger will try and restore the 564 * segment register that points at the now 'not present' descriptor 565 * and will take a #np right there. 566 * 567 * We should obviously fix the debugger to be paranoid about 568 * -not- restoring segment registers that point to bad descriptors; 569 * however we can prevent the problem here if we check to see if any 570 * of the segment registers are still pointing at the thing we're 571 * destroying; if they are, return an error instead. (That also seems 572 * a lot better failure mode than SIGKILL and a core file 573 * from kern_gpfault() too.) 574 */ 575 if (SI86SSD_PRES(ssd) == 0) { 576 kthread_t *t; 577 int bad = 0; 578 579 /* 580 * Look carefully at the segment registers of every lwp 581 * in the process (they're all stopped by our caller). 582 * If we're about to invalidate a descriptor that's still 583 * being referenced by *any* of them, return an error, 584 * rather than having them #gp on their way out of the kernel. 585 */ 586 ASSERT(pp->p_lwprcnt == 1); 587 588 mutex_enter(&pp->p_lock); 589 t = pp->p_tlist; 590 do { 591 klwp_t *lwp = ttolwp(t); 592 struct regs *rp = lwp->lwp_regs; 593 #if defined(__amd64) 594 pcb_t *pcb = &lwp->lwp_pcb; 595 #endif 596 597 if (ssd->sel == rp->r_cs || ssd->sel == rp->r_ss) { 598 bad = 1; 599 break; 600 } 601 602 #if defined(__amd64) 603 if (pcb->pcb_rupdate == 1) { 604 if (ssd->sel == pcb->pcb_ds || 605 ssd->sel == pcb->pcb_es || 606 ssd->sel == pcb->pcb_fs || 607 ssd->sel == pcb->pcb_gs) { 608 bad = 1; 609 break; 610 } 611 } else 612 #endif 613 { 614 if (ssd->sel == rp->r_ds || 615 ssd->sel == rp->r_es || 616 ssd->sel == rp->r_fs || 617 ssd->sel == rp->r_gs) { 618 bad = 1; 619 break; 620 } 621 } 622 623 } while ((t = t->t_forw) != pp->p_tlist); 624 mutex_exit(&pp->p_lock); 625 626 if (bad) { 627 mutex_exit(&pp->p_ldtlock); 628 return (EBUSY); 629 } 630 } 631 632 /* 633 * If acc1 is zero, clear the descriptor (including the 'present' bit) 634 */ 635 if (ssd->acc1 == 0) { 636 rc = ldt_update_segd(ldp, &null_udesc); 637 mutex_exit(&pp->p_ldtlock); 638 return (rc); 639 } 640 641 /* 642 * Check segment type, allow segment not present and 643 * only user DPL (3). 644 */ 645 if (SI86SSD_DPL(ssd) != SEL_UPL) { 646 mutex_exit(&pp->p_ldtlock); 647 return (EINVAL); 648 } 649 650 #if defined(__amd64) 651 /* 652 * Do not allow 32-bit applications to create 64-bit mode code 653 * segments. 654 */ 655 if (SI86SSD_ISUSEG(ssd) && ((SI86SSD_TYPE(ssd) >> 3) & 1) == 1 && 656 SI86SSD_ISLONG(ssd)) { 657 mutex_exit(&pp->p_ldtlock); 658 return (EINVAL); 659 } 660 #endif /* __amd64 */ 661 662 /* 663 * Set up a code or data user segment descriptor. 664 */ 665 if (SI86SSD_ISUSEG(ssd)) { 666 ssd_to_usd(ssd, &ndesc); 667 rc = ldt_update_segd(ldp, &ndesc); 668 mutex_exit(&pp->p_ldtlock); 669 return (rc); 670 } 671 672 #if defined(__i386) 673 /* 674 * Allow a call gate only if the destination is in the LDT 675 * and the system is running in 32-bit legacy mode. 676 * 677 * In long mode 32-bit call gates are redefined as 64-bit call 678 * gates and the hw enforces that the target code selector 679 * of the call gate must be 64-bit selector. A #gp fault is 680 * generated if otherwise. Since we do not allow 32-bit processes 681 * to switch themselves to 64-bits we never allow call gates 682 * on 64-bit system system. 683 */ 684 if (SI86SSD_TYPE(ssd) == SDT_SYSCGT && SELISLDT(ssd->ls)) { 685 686 687 ssd_to_sgd(ssd, (gate_desc_t *)&ndesc); 688 rc = ldt_update_segd(ldp, &ndesc); 689 mutex_exit(&pp->p_ldtlock); 690 return (rc); 691 } 692 #endif /* __i386 */ 693 694 mutex_exit(&pp->p_ldtlock); 695 return (EINVAL); 696 } 697 698 /* 699 * Allocate new LDT for process just large enough to contain seli. 700 * Note we allocate and grow LDT in PAGESIZE chunks. We do this 701 * to simplify the implementation and because on the hypervisor it's 702 * required, since the LDT must live on pages that have PROT_WRITE 703 * removed and which are given to the hypervisor. 704 */ 705 static void 706 ldt_alloc(proc_t *pp, uint_t seli) 707 { 708 user_desc_t *ldt; 709 size_t ldtsz; 710 uint_t nsels; 711 712 ASSERT(MUTEX_HELD(&pp->p_ldtlock)); 713 ASSERT(pp->p_ldt == NULL); 714 ASSERT(pp->p_ldtlimit == 0); 715 716 /* 717 * Allocate new LDT just large enough to contain seli. 718 */ 719 ldtsz = P2ROUNDUP((seli + 1) * sizeof (user_desc_t), PAGESIZE); 720 nsels = ldtsz / sizeof (user_desc_t); 721 ASSERT(nsels >= MINNLDT && nsels <= MAXNLDT); 722 723 ldt = kmem_zalloc(ldtsz, KM_SLEEP); 724 ASSERT(IS_P2ALIGNED(ldt, PAGESIZE)); 725 726 #if defined(__xpv) 727 if (xen_ldt_setprot(ldt, ldtsz, PROT_READ)) 728 panic("ldt_alloc:xen_ldt_setprot(PROT_READ) failed"); 729 #endif 730 731 pp->p_ldt = ldt; 732 pp->p_ldtlimit = nsels - 1; 733 set_syssegd(&pp->p_ldt_desc, ldt, ldtsz - 1, SDT_SYSLDT, SEL_KPL); 734 735 if (pp == curproc) { 736 kpreempt_disable(); 737 ldt_load(); 738 kpreempt_enable(); 739 } 740 } 741 742 static void 743 ldt_free(proc_t *pp) 744 { 745 user_desc_t *ldt; 746 size_t ldtsz; 747 748 ASSERT(pp->p_ldt != NULL); 749 750 mutex_enter(&pp->p_ldtlock); 751 ldt = pp->p_ldt; 752 ldtsz = (pp->p_ldtlimit + 1) * sizeof (user_desc_t); 753 754 ASSERT(IS_P2ALIGNED(ldtsz, PAGESIZE)); 755 756 pp->p_ldt = NULL; 757 pp->p_ldtlimit = 0; 758 pp->p_ldt_desc = null_sdesc; 759 mutex_exit(&pp->p_ldtlock); 760 761 if (pp == curproc) { 762 kpreempt_disable(); 763 ldt_unload(); 764 kpreempt_enable(); 765 } 766 767 #if defined(__xpv) 768 /* 769 * We are not allowed to make the ldt writable until after 770 * we tell the hypervisor to unload it. 771 */ 772 if (xen_ldt_setprot(ldt, ldtsz, PROT_READ | PROT_WRITE)) 773 panic("ldt_free:xen_ldt_setprot(PROT_READ|PROT_WRITE) failed"); 774 #endif 775 776 kmem_free(ldt, ldtsz); 777 } 778 779 /* 780 * On fork copy new ldt for child. 781 */ 782 static void 783 ldt_dup(proc_t *pp, proc_t *cp) 784 { 785 size_t ldtsz; 786 787 ASSERT(pp->p_ldt != NULL); 788 ASSERT(cp != curproc); 789 790 /* 791 * I assume the parent's ldt can't increase since we're in a fork. 792 */ 793 mutex_enter(&pp->p_ldtlock); 794 mutex_enter(&cp->p_ldtlock); 795 796 ldtsz = (pp->p_ldtlimit + 1) * sizeof (user_desc_t); 797 798 ldt_alloc(cp, pp->p_ldtlimit); 799 800 #if defined(__xpv) 801 /* 802 * Make child's ldt writable so it can be copied into from 803 * parent's ldt. This works since ldt_alloc above did not load 804 * the ldt since its for the child process. If we tried to make 805 * an LDT writable that is loaded in hw the setprot operation 806 * would fail. 807 */ 808 if (xen_ldt_setprot(cp->p_ldt, ldtsz, PROT_READ | PROT_WRITE)) 809 panic("ldt_dup:xen_ldt_setprot(PROT_READ|PROT_WRITE) failed"); 810 #endif 811 812 bcopy(pp->p_ldt, cp->p_ldt, ldtsz); 813 814 #if defined(__xpv) 815 if (xen_ldt_setprot(cp->p_ldt, ldtsz, PROT_READ)) 816 panic("ldt_dup:xen_ldt_setprot(PROT_READ) failed"); 817 #endif 818 mutex_exit(&cp->p_ldtlock); 819 mutex_exit(&pp->p_ldtlock); 820 821 } 822 823 static void 824 ldt_grow(proc_t *pp, uint_t seli) 825 { 826 user_desc_t *oldt, *nldt; 827 uint_t nsels; 828 size_t oldtsz, nldtsz; 829 830 ASSERT(MUTEX_HELD(&pp->p_ldtlock)); 831 ASSERT(pp->p_ldt != NULL); 832 ASSERT(pp->p_ldtlimit != 0); 833 834 /* 835 * Allocate larger LDT just large enough to contain seli. 836 */ 837 nldtsz = P2ROUNDUP((seli + 1) * sizeof (user_desc_t), PAGESIZE); 838 nsels = nldtsz / sizeof (user_desc_t); 839 ASSERT(nsels >= MINNLDT && nsels <= MAXNLDT); 840 ASSERT(nsels > pp->p_ldtlimit); 841 842 oldt = pp->p_ldt; 843 oldtsz = (pp->p_ldtlimit + 1) * sizeof (user_desc_t); 844 845 nldt = kmem_zalloc(nldtsz, KM_SLEEP); 846 ASSERT(IS_P2ALIGNED(nldt, PAGESIZE)); 847 848 bcopy(oldt, nldt, oldtsz); 849 850 /* 851 * unload old ldt. 852 */ 853 kpreempt_disable(); 854 ldt_unload(); 855 kpreempt_enable(); 856 857 #if defined(__xpv) 858 859 /* 860 * Make old ldt writable and new ldt read only. 861 */ 862 if (xen_ldt_setprot(oldt, oldtsz, PROT_READ | PROT_WRITE)) 863 panic("ldt_grow:xen_ldt_setprot(PROT_READ|PROT_WRITE) failed"); 864 865 if (xen_ldt_setprot(nldt, nldtsz, PROT_READ)) 866 panic("ldt_grow:xen_ldt_setprot(PROT_READ) failed"); 867 #endif 868 869 pp->p_ldt = nldt; 870 pp->p_ldtlimit = nsels - 1; 871 872 /* 873 * write new ldt segment descriptor. 874 */ 875 set_syssegd(&pp->p_ldt_desc, nldt, nldtsz - 1, SDT_SYSLDT, SEL_KPL); 876 877 /* 878 * load the new ldt. 879 */ 880 kpreempt_disable(); 881 ldt_load(); 882 kpreempt_enable(); 883 884 kmem_free(oldt, oldtsz); 885 }