arch/arm64/kernel/vdso.c

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  * VDSO implementations.
   4  *
   5  * Copyright (C) 2012 ARM Limited
   6  *
   7  * Author: Will Deacon <will.deacon@arm.com>
   8  */
   9
  10 #include <linux/cache.h>
  11 #include <linux/clocksource.h>
  12 #include <linux/elf.h>
  13 #include <linux/err.h>
  14 #include <linux/errno.h>
  15 #include <linux/gfp.h>
  16 #include <linux/kernel.h>
  17 #include <linux/mm.h>
  18 #include <linux/sched.h>
  19 #include <linux/signal.h>
  20 #include <linux/slab.h>
  21 #include <linux/time_namespace.h>
  22 #include <linux/vmalloc.h>
  23 #include <vdso/datapage.h>
  24 #include <vdso/helpers.h>
  25 #include <vdso/vsyscall.h>
  26
  27 #include <asm/cacheflush.h>
  28 #include <asm/signal32.h>
  29 #include <asm/vdso.h>
  30
  31 enum vdso_abi {
  32         VDSO_ABI_AA64,
  33         VDSO_ABI_AA32,
  34 };
  35
  36 struct vdso_abi_info {
  37         const char *name;
  38         const char *vdso_code_start;
  39         const char *vdso_code_end;
  40         unsigned long vdso_pages;
  41         /* Code Mapping */
  42         struct vm_special_mapping *cm;
  43 };
  44
  45 static struct vdso_abi_info vdso_info[] __ro_after_init = {
  46         [VDSO_ABI_AA64] = {
  47                 .name = "vdso",
  48                 .vdso_code_start = vdso_start,
  49                 .vdso_code_end = vdso_end,
  50         },
  51 #ifdef CONFIG_COMPAT_VDSO
  52         [VDSO_ABI_AA32] = {
  53                 .name = "vdso32",
  54                 .vdso_code_start = vdso32_start,
  55                 .vdso_code_end = vdso32_end,
  56         },
  57 #endif /* CONFIG_COMPAT_VDSO */
  58 };
  59
  60 /*
  61  * The vDSO data page.
  62  */
  63 static union vdso_data_store vdso_data_store __page_aligned_data;
  64 struct vdso_data *vdso_data = vdso_data_store.data;
  65
  66 static int vdso_mremap(const struct vm_special_mapping *sm,
  67                 struct vm_area_struct *new_vma)
  68 {
  69         current->mm->context.vdso = (void *)new_vma->vm_start;
  70
  71         return 0;
  72 }
  73
  74 static int __init __vdso_init(enum vdso_abi abi)
  75 {
  76         int i;
  77         struct page **vdso_pagelist;
  78         unsigned long pfn;
  79
  80         if (memcmp(vdso_info[abi].vdso_code_start, "\177ELF", 4)) {
  81                 pr_err("vDSO is not a valid ELF object!\n");
  82                 return -EINVAL;
  83         }
  84
  85         vdso_info[abi].vdso_pages = (
  86                         vdso_info[abi].vdso_code_end -
  87                         vdso_info[abi].vdso_code_start) >>
  88                         PAGE_SHIFT;
  89
  90         vdso_pagelist = kcalloc(vdso_info[abi].vdso_pages,
  91                                 sizeof(struct page *),
  92                                 GFP_KERNEL);
  93         if (vdso_pagelist == NULL)
  94                 return -ENOMEM;
  95
  96         /* Grab the vDSO code pages. */
  97         pfn = sym_to_pfn(vdso_info[abi].vdso_code_start);
  98
  99         for (i = 0; i < vdso_info[abi].vdso_pages; i++)
 100                 vdso_pagelist[i] = pfn_to_page(pfn + i);
 101
 102         vdso_info[abi].cm->pages = vdso_pagelist;
 103
 104         return 0;
 105 }
 106
 107 #ifdef CONFIG_TIME_NS
 108 struct vdso_data *arch_get_vdso_data(void *vvar_page)
 109 {
 110         return (struct vdso_data *)(vvar_page);
 111 }
 112
 113 static const struct vm_special_mapping vvar_map;
 114
 115 /*
 116  * The vvar mapping contains data for a specific time namespace, so when a task
 117  * changes namespace we must unmap its vvar data for the old namespace.
 118  * Subsequent faults will map in data for the new namespace.
 119  *
 120  * For more details see timens_setup_vdso_data().
 121  */
 122 int vdso_join_timens(struct task_struct *task, struct time_namespace *ns)
 123 {
 124         struct mm_struct *mm = task->mm;
 125         struct vm_area_struct *vma;
 126         VMA_ITERATOR(vmi, mm, 0);
 127
 128         mmap_read_lock(mm);
 129
 130         for_each_vma(vmi, vma) {
 131                 if (vma_is_special_mapping(vma, &vvar_map))
 132                         zap_vma_pages(vma);
 133         }
 134
 135         mmap_read_unlock(mm);
 136         return 0;
 137 }
 138 #endif
 139
 140 static vm_fault_t vvar_fault(const struct vm_special_mapping *sm,
 141                              struct vm_area_struct *vma, struct vm_fault *vmf)
 142 {
 143         struct page *timens_page = find_timens_vvar_page(vma);
 144         unsigned long pfn;
 145
 146         switch (vmf->pgoff) {
 147         case VVAR_DATA_PAGE_OFFSET:
 148                 if (timens_page)
 149                         pfn = page_to_pfn(timens_page);
 150                 else
 151                         pfn = sym_to_pfn(vdso_data);
 152                 break;
 153 #ifdef CONFIG_TIME_NS
 154         case VVAR_TIMENS_PAGE_OFFSET:
 155                 /*
 156                  * If a task belongs to a time namespace then a namespace
 157                  * specific VVAR is mapped with the VVAR_DATA_PAGE_OFFSET and
 158                  * the real VVAR page is mapped with the VVAR_TIMENS_PAGE_OFFSET
 159                  * offset.
 160                  * See also the comment near timens_setup_vdso_data().
 161                  */
 162                 if (!timens_page)
 163                         return VM_FAULT_SIGBUS;
 164                 pfn = sym_to_pfn(vdso_data);
 165                 break;
 166 #endif /* CONFIG_TIME_NS */
 167         default:
 168                 return VM_FAULT_SIGBUS;
 169         }
 170
 171         return vmf_insert_pfn(vma, vmf->address, pfn);
 172 }
 173
 174 static const struct vm_special_mapping vvar_map = {
 175         .name   = "[vvar]",
 176         .fault = vvar_fault,
 177 };
 178
 179 static int __setup_additional_pages(enum vdso_abi abi,
 180                                     struct mm_struct *mm,
 181                                     struct linux_binprm *bprm,
 182                                     int uses_interp)
 183 {
 184         unsigned long vdso_base, vdso_text_len, vdso_mapping_len;
 185         unsigned long gp_flags = 0;
 186         void *ret;
 187
 188         BUILD_BUG_ON(VVAR_NR_PAGES != __VVAR_PAGES);
 189
 190         vdso_text_len = vdso_info[abi].vdso_pages << PAGE_SHIFT;
 191         /* Be sure to map the data page */
 192         vdso_mapping_len = vdso_text_len + VVAR_NR_PAGES * PAGE_SIZE;
 193
 194         vdso_base = get_unmapped_area(NULL, 0, vdso_mapping_len, 0, 0);
 195         if (IS_ERR_VALUE(vdso_base)) {
 196                 ret = ERR_PTR(vdso_base);
 197                 goto up_fail;
 198         }
 199
 200         ret = _install_special_mapping(mm, vdso_base, VVAR_NR_PAGES * PAGE_SIZE,
 201                                        VM_READ|VM_MAYREAD|VM_PFNMAP,
 202                                        &vvar_map);
 203         if (IS_ERR(ret))
 204                 goto up_fail;
 205
 206         if (system_supports_bti_kernel())
 207                 gp_flags = VM_ARM64_BTI;
 208
 209         vdso_base += VVAR_NR_PAGES * PAGE_SIZE;
 210         mm->context.vdso = (void *)vdso_base;
 211         ret = _install_special_mapping(mm, vdso_base, vdso_text_len,
 212                                        VM_READ|VM_EXEC|gp_flags|
 213                                        VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC,
 214                                        vdso_info[abi].cm);
 215         if (IS_ERR(ret))
 216                 goto up_fail;
 217
 218         return 0;
 219
 220 up_fail:
 221         mm->context.vdso = NULL;
 222         return PTR_ERR(ret);
 223 }
 224
 225 #ifdef CONFIG_COMPAT
 226 /*
 227  * Create and map the vectors page for AArch32 tasks.
 228  */
 229 enum aarch32_map {
 230         AA32_MAP_VECTORS, /* kuser helpers */
 231         AA32_MAP_SIGPAGE,
 232         AA32_MAP_VDSO,
 233 };
 234
 235 static struct page *aarch32_vectors_page __ro_after_init;
 236 static struct page *aarch32_sig_page __ro_after_init;
 237
 238 static int aarch32_sigpage_mremap(const struct vm_special_mapping *sm,
 239                                   struct vm_area_struct *new_vma)
 240 {
 241         current->mm->context.sigpage = (void *)new_vma->vm_start;
 242
 243         return 0;
 244 }
 245
 246 static struct vm_special_mapping aarch32_vdso_maps[] = {
 247         [AA32_MAP_VECTORS] = {
 248                 .name   = "[vectors]", /* ABI */
 249                 .pages  = &aarch32_vectors_page,
 250         },
 251         [AA32_MAP_SIGPAGE] = {
 252                 .name   = "[sigpage]", /* ABI */
 253                 .pages  = &aarch32_sig_page,
 254                 .mremap = aarch32_sigpage_mremap,
 255         },
 256         [AA32_MAP_VDSO] = {
 257                 .name = "[vdso]",
 258                 .mremap = vdso_mremap,
 259         },
 260 };
 261
 262 static int aarch32_alloc_kuser_vdso_page(void)
 263 {
 264         extern char __kuser_helper_start[], __kuser_helper_end[];
 265         int kuser_sz = __kuser_helper_end - __kuser_helper_start;
 266         unsigned long vdso_page;
 267
 268         if (!IS_ENABLED(CONFIG_KUSER_HELPERS))
 269                 return 0;
 270
 271         vdso_page = get_zeroed_page(GFP_KERNEL);
 272         if (!vdso_page)
 273                 return -ENOMEM;
 274
 275         memcpy((void *)(vdso_page + 0x1000 - kuser_sz), __kuser_helper_start,
 276                kuser_sz);
 277         aarch32_vectors_page = virt_to_page((void *)vdso_page);
 278         return 0;
 279 }
 280
 281 #define COMPAT_SIGPAGE_POISON_WORD      0xe7fddef1
 282 static int aarch32_alloc_sigpage(void)
 283 {
 284         extern char __aarch32_sigret_code_start[], __aarch32_sigret_code_end[];
 285         int sigret_sz = __aarch32_sigret_code_end - __aarch32_sigret_code_start;
 286         __le32 poison = cpu_to_le32(COMPAT_SIGPAGE_POISON_WORD);
 287         void *sigpage;
 288
 289         sigpage = (void *)__get_free_page(GFP_KERNEL);
 290         if (!sigpage)
 291                 return -ENOMEM;
 292
 293         memset32(sigpage, (__force u32)poison, PAGE_SIZE / sizeof(poison));
 294         memcpy(sigpage, __aarch32_sigret_code_start, sigret_sz);
 295         aarch32_sig_page = virt_to_page(sigpage);
 296         return 0;
 297 }
 298
 299 static int __init __aarch32_alloc_vdso_pages(void)
 300 {
 301
 302         if (!IS_ENABLED(CONFIG_COMPAT_VDSO))
 303                 return 0;
 304
 305         vdso_info[VDSO_ABI_AA32].cm = &aarch32_vdso_maps[AA32_MAP_VDSO];
 306
 307         return __vdso_init(VDSO_ABI_AA32);
 308 }
 309
 310 static int __init aarch32_alloc_vdso_pages(void)
 311 {
 312         int ret;
 313
 314         ret = __aarch32_alloc_vdso_pages();
 315         if (ret)
 316                 return ret;
 317
 318         ret = aarch32_alloc_sigpage();
 319         if (ret)
 320                 return ret;
 321
 322         return aarch32_alloc_kuser_vdso_page();
 323 }
 324 arch_initcall(aarch32_alloc_vdso_pages);
 325
 326 static int aarch32_kuser_helpers_setup(struct mm_struct *mm)
 327 {
 328         void *ret;
 329
 330         if (!IS_ENABLED(CONFIG_KUSER_HELPERS))
 331                 return 0;
 332
 333         /*
 334          * Avoid VM_MAYWRITE for compatibility with arch/arm/, where it's
 335          * not safe to CoW the page containing the CPU exception vectors.
 336          */
 337         ret = _install_special_mapping(mm, AARCH32_VECTORS_BASE, PAGE_SIZE,
 338                                        VM_READ | VM_EXEC |
 339                                        VM_MAYREAD | VM_MAYEXEC,
 340                                        &aarch32_vdso_maps[AA32_MAP_VECTORS]);
 341
 342         return PTR_ERR_OR_ZERO(ret);
 343 }
 344
 345 static int aarch32_sigreturn_setup(struct mm_struct *mm)
 346 {
 347         unsigned long addr;
 348         void *ret;
 349
 350         addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, 0);
 351         if (IS_ERR_VALUE(addr)) {
 352                 ret = ERR_PTR(addr);
 353                 goto out;
 354         }
 355
 356         /*
 357          * VM_MAYWRITE is required to allow gdb to Copy-on-Write and
 358          * set breakpoints.
 359          */
 360         ret = _install_special_mapping(mm, addr, PAGE_SIZE,
 361                                        VM_READ | VM_EXEC | VM_MAYREAD |
 362                                        VM_MAYWRITE | VM_MAYEXEC,
 363                                        &aarch32_vdso_maps[AA32_MAP_SIGPAGE]);
 364         if (IS_ERR(ret))
 365                 goto out;
 366
 367         mm->context.sigpage = (void *)addr;
 368
 369 out:
 370         return PTR_ERR_OR_ZERO(ret);
 371 }
 372
 373 int aarch32_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
 374 {
 375         struct mm_struct *mm = current->mm;
 376         int ret;
 377
 378         if (mmap_write_lock_killable(mm))
 379                 return -EINTR;
 380
 381         ret = aarch32_kuser_helpers_setup(mm);
 382         if (ret)
 383                 goto out;
 384
 385         if (IS_ENABLED(CONFIG_COMPAT_VDSO)) {
 386                 ret = __setup_additional_pages(VDSO_ABI_AA32, mm, bprm,
 387                                                uses_interp);
 388                 if (ret)
 389                         goto out;
 390         }
 391
 392         ret = aarch32_sigreturn_setup(mm);
 393 out:
 394         mmap_write_unlock(mm);
 395         return ret;
 396 }
 397 #endif /* CONFIG_COMPAT */
 398
 399 static struct vm_special_mapping aarch64_vdso_map __ro_after_init = {
 400         .name   = "[vdso]",
 401         .mremap = vdso_mremap,
 402 };
 403
 404 static int __init vdso_init(void)
 405 {
 406         vdso_info[VDSO_ABI_AA64].cm = &aarch64_vdso_map;
 407
 408         return __vdso_init(VDSO_ABI_AA64);
 409 }
 410 arch_initcall(vdso_init);
 411
 412 int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
 413 {
 414         struct mm_struct *mm = current->mm;
 415         int ret;
 416
 417         if (mmap_write_lock_killable(mm))
 418                 return -EINTR;
 419
 420         ret = __setup_additional_pages(VDSO_ABI_AA64, mm, bprm, uses_interp);
 421         mmap_write_unlock(mm);
 422
 423         return ret;
 424 }