1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Based on arch/arm/kernel/signal.c
4  *
5  * Copyright (C) 1995-2009 Russell King
6  * Copyright (C) 2012 ARM Ltd.
7  */
8 
9 #include <linux/cache.h>
10 #include <linux/compat.h>
11 #include <linux/errno.h>
12 #include <linux/kernel.h>
13 #include <linux/signal.h>
14 #include <linux/personality.h>
15 #include <linux/freezer.h>
16 #include <linux/stddef.h>
17 #include <linux/uaccess.h>
18 #include <linux/sizes.h>
19 #include <linux/string.h>
20 #include <linux/tracehook.h>
21 #include <linux/ratelimit.h>
22 #include <linux/syscalls.h>
23 
24 #include <asm/daifflags.h>
25 #include <asm/debug-monitors.h>
26 #include <asm/elf.h>
27 #include <asm/cacheflush.h>
28 #include <asm/ucontext.h>
29 #include <asm/unistd.h>
30 #include <asm/fpsimd.h>
31 #include <asm/ptrace.h>
32 #include <asm/signal32.h>
33 #include <asm/traps.h>
34 #include <asm/vdso.h>
35 
36 /*
37  * Do a signal return; undo the signal stack. These are aligned to 128-bit.
38  */
39 struct rt_sigframe {
40 	struct siginfo info;
41 	struct ucontext uc;
42 };
43 
44 struct frame_record {
45 	u64 fp;
46 	u64 lr;
47 };
48 
49 struct rt_sigframe_user_layout {
50 	struct rt_sigframe __user *sigframe;
51 	struct frame_record __user *next_frame;
52 
53 	unsigned long size;	/* size of allocated sigframe data */
54 	unsigned long limit;	/* largest allowed size */
55 
56 	unsigned long fpsimd_offset;
57 	unsigned long esr_offset;
58 	unsigned long sve_offset;
59 	unsigned long extra_offset;
60 	unsigned long end_offset;
61 };
62 
63 #define BASE_SIGFRAME_SIZE round_up(sizeof(struct rt_sigframe), 16)
64 #define TERMINATOR_SIZE round_up(sizeof(struct _aarch64_ctx), 16)
65 #define EXTRA_CONTEXT_SIZE round_up(sizeof(struct extra_context), 16)
66 
init_user_layout(struct rt_sigframe_user_layout * user)67 static void init_user_layout(struct rt_sigframe_user_layout *user)
68 {
69 	const size_t reserved_size =
70 		sizeof(user->sigframe->uc.uc_mcontext.__reserved);
71 
72 	memset(user, 0, sizeof(*user));
73 	user->size = offsetof(struct rt_sigframe, uc.uc_mcontext.__reserved);
74 
75 	user->limit = user->size + reserved_size;
76 
77 	user->limit -= TERMINATOR_SIZE;
78 	user->limit -= EXTRA_CONTEXT_SIZE;
79 	/* Reserve space for extension and terminator ^ */
80 }
81 
sigframe_size(struct rt_sigframe_user_layout const * user)82 static size_t sigframe_size(struct rt_sigframe_user_layout const *user)
83 {
84 	return round_up(max(user->size, sizeof(struct rt_sigframe)), 16);
85 }
86 
87 /*
88  * Sanity limit on the approximate maximum size of signal frame we'll
89  * try to generate.  Stack alignment padding and the frame record are
90  * not taken into account.  This limit is not a guarantee and is
91  * NOT ABI.
92  */
93 #define SIGFRAME_MAXSZ SZ_64K
94 
__sigframe_alloc(struct rt_sigframe_user_layout * user,unsigned long * offset,size_t size,bool extend)95 static int __sigframe_alloc(struct rt_sigframe_user_layout *user,
96 			    unsigned long *offset, size_t size, bool extend)
97 {
98 	size_t padded_size = round_up(size, 16);
99 
100 	if (padded_size > user->limit - user->size &&
101 	    !user->extra_offset &&
102 	    extend) {
103 		int ret;
104 
105 		user->limit += EXTRA_CONTEXT_SIZE;
106 		ret = __sigframe_alloc(user, &user->extra_offset,
107 				       sizeof(struct extra_context), false);
108 		if (ret) {
109 			user->limit -= EXTRA_CONTEXT_SIZE;
110 			return ret;
111 		}
112 
113 		/* Reserve space for the __reserved[] terminator */
114 		user->size += TERMINATOR_SIZE;
115 
116 		/*
117 		 * Allow expansion up to SIGFRAME_MAXSZ, ensuring space for
118 		 * the terminator:
119 		 */
120 		user->limit = SIGFRAME_MAXSZ - TERMINATOR_SIZE;
121 	}
122 
123 	/* Still not enough space?  Bad luck! */
124 	if (padded_size > user->limit - user->size)
125 		return -ENOMEM;
126 
127 	*offset = user->size;
128 	user->size += padded_size;
129 
130 	return 0;
131 }
132 
133 /*
134  * Allocate space for an optional record of <size> bytes in the user
135  * signal frame.  The offset from the signal frame base address to the
136  * allocated block is assigned to *offset.
137  */
sigframe_alloc(struct rt_sigframe_user_layout * user,unsigned long * offset,size_t size)138 static int sigframe_alloc(struct rt_sigframe_user_layout *user,
139 			  unsigned long *offset, size_t size)
140 {
141 	return __sigframe_alloc(user, offset, size, true);
142 }
143 
144 /* Allocate the null terminator record and prevent further allocations */
sigframe_alloc_end(struct rt_sigframe_user_layout * user)145 static int sigframe_alloc_end(struct rt_sigframe_user_layout *user)
146 {
147 	int ret;
148 
149 	/* Un-reserve the space reserved for the terminator: */
150 	user->limit += TERMINATOR_SIZE;
151 
152 	ret = sigframe_alloc(user, &user->end_offset,
153 			     sizeof(struct _aarch64_ctx));
154 	if (ret)
155 		return ret;
156 
157 	/* Prevent further allocation: */
158 	user->limit = user->size;
159 	return 0;
160 }
161 
apply_user_offset(struct rt_sigframe_user_layout const * user,unsigned long offset)162 static void __user *apply_user_offset(
163 	struct rt_sigframe_user_layout const *user, unsigned long offset)
164 {
165 	char __user *base = (char __user *)user->sigframe;
166 
167 	return base + offset;
168 }
169 
preserve_fpsimd_context(struct fpsimd_context __user * ctx)170 static int preserve_fpsimd_context(struct fpsimd_context __user *ctx)
171 {
172 	struct user_fpsimd_state const *fpsimd =
173 		&current->thread.uw.fpsimd_state;
174 	int err;
175 
176 	/* copy the FP and status/control registers */
177 	err = __copy_to_user(ctx->vregs, fpsimd->vregs, sizeof(fpsimd->vregs));
178 	__put_user_error(fpsimd->fpsr, &ctx->fpsr, err);
179 	__put_user_error(fpsimd->fpcr, &ctx->fpcr, err);
180 
181 	/* copy the magic/size information */
182 	__put_user_error(FPSIMD_MAGIC, &ctx->head.magic, err);
183 	__put_user_error(sizeof(struct fpsimd_context), &ctx->head.size, err);
184 
185 	return err ? -EFAULT : 0;
186 }
187 
restore_fpsimd_context(struct fpsimd_context __user * ctx)188 static int restore_fpsimd_context(struct fpsimd_context __user *ctx)
189 {
190 	struct user_fpsimd_state fpsimd;
191 	__u32 magic, size;
192 	int err = 0;
193 
194 	/* check the magic/size information */
195 	__get_user_error(magic, &ctx->head.magic, err);
196 	__get_user_error(size, &ctx->head.size, err);
197 	if (err)
198 		return -EFAULT;
199 	if (magic != FPSIMD_MAGIC || size != sizeof(struct fpsimd_context))
200 		return -EINVAL;
201 
202 	/* copy the FP and status/control registers */
203 	err = __copy_from_user(fpsimd.vregs, ctx->vregs,
204 			       sizeof(fpsimd.vregs));
205 	__get_user_error(fpsimd.fpsr, &ctx->fpsr, err);
206 	__get_user_error(fpsimd.fpcr, &ctx->fpcr, err);
207 
208 	clear_thread_flag(TIF_SVE);
209 
210 	/* load the hardware registers from the fpsimd_state structure */
211 	if (!err)
212 		fpsimd_update_current_state(&fpsimd);
213 
214 	return err ? -EFAULT : 0;
215 }
216 
217 
218 struct user_ctxs {
219 	struct fpsimd_context __user *fpsimd;
220 	struct sve_context __user *sve;
221 };
222 
223 #ifdef CONFIG_ARM64_SVE
224 
preserve_sve_context(struct sve_context __user * ctx)225 static int preserve_sve_context(struct sve_context __user *ctx)
226 {
227 	int err = 0;
228 	u16 reserved[ARRAY_SIZE(ctx->__reserved)];
229 	unsigned int vl = current->thread.sve_vl;
230 	unsigned int vq = 0;
231 
232 	if (test_thread_flag(TIF_SVE))
233 		vq = sve_vq_from_vl(vl);
234 
235 	memset(reserved, 0, sizeof(reserved));
236 
237 	__put_user_error(SVE_MAGIC, &ctx->head.magic, err);
238 	__put_user_error(round_up(SVE_SIG_CONTEXT_SIZE(vq), 16),
239 			 &ctx->head.size, err);
240 	__put_user_error(vl, &ctx->vl, err);
241 	BUILD_BUG_ON(sizeof(ctx->__reserved) != sizeof(reserved));
242 	err |= __copy_to_user(&ctx->__reserved, reserved, sizeof(reserved));
243 
244 	if (vq) {
245 		/*
246 		 * This assumes that the SVE state has already been saved to
247 		 * the task struct by calling the function
248 		 * fpsimd_signal_preserve_current_state().
249 		 */
250 		err |= __copy_to_user((char __user *)ctx + SVE_SIG_REGS_OFFSET,
251 				      current->thread.sve_state,
252 				      SVE_SIG_REGS_SIZE(vq));
253 	}
254 
255 	return err ? -EFAULT : 0;
256 }
257 
restore_sve_fpsimd_context(struct user_ctxs * user)258 static int restore_sve_fpsimd_context(struct user_ctxs *user)
259 {
260 	int err;
261 	unsigned int vq;
262 	struct user_fpsimd_state fpsimd;
263 	struct sve_context sve;
264 
265 	if (__copy_from_user(&sve, user->sve, sizeof(sve)))
266 		return -EFAULT;
267 
268 	if (sve.vl != current->thread.sve_vl)
269 		return -EINVAL;
270 
271 	if (sve.head.size <= sizeof(*user->sve)) {
272 		clear_thread_flag(TIF_SVE);
273 		goto fpsimd_only;
274 	}
275 
276 	vq = sve_vq_from_vl(sve.vl);
277 
278 	if (sve.head.size < SVE_SIG_CONTEXT_SIZE(vq))
279 		return -EINVAL;
280 
281 	/*
282 	 * Careful: we are about __copy_from_user() directly into
283 	 * thread.sve_state with preemption enabled, so protection is
284 	 * needed to prevent a racing context switch from writing stale
285 	 * registers back over the new data.
286 	 */
287 
288 	fpsimd_flush_task_state(current);
289 	/* From now, fpsimd_thread_switch() won't touch thread.sve_state */
290 
291 	sve_alloc(current);
292 	err = __copy_from_user(current->thread.sve_state,
293 			       (char __user const *)user->sve +
294 					SVE_SIG_REGS_OFFSET,
295 			       SVE_SIG_REGS_SIZE(vq));
296 	if (err)
297 		return -EFAULT;
298 
299 	set_thread_flag(TIF_SVE);
300 
301 fpsimd_only:
302 	/* copy the FP and status/control registers */
303 	/* restore_sigframe() already checked that user->fpsimd != NULL. */
304 	err = __copy_from_user(fpsimd.vregs, user->fpsimd->vregs,
305 			       sizeof(fpsimd.vregs));
306 	__get_user_error(fpsimd.fpsr, &user->fpsimd->fpsr, err);
307 	__get_user_error(fpsimd.fpcr, &user->fpsimd->fpcr, err);
308 
309 	/* load the hardware registers from the fpsimd_state structure */
310 	if (!err)
311 		fpsimd_update_current_state(&fpsimd);
312 
313 	return err ? -EFAULT : 0;
314 }
315 
316 #else /* ! CONFIG_ARM64_SVE */
317 
318 /* Turn any non-optimised out attempts to use these into a link error: */
319 extern int preserve_sve_context(void __user *ctx);
320 extern int restore_sve_fpsimd_context(struct user_ctxs *user);
321 
322 #endif /* ! CONFIG_ARM64_SVE */
323 
324 
parse_user_sigframe(struct user_ctxs * user,struct rt_sigframe __user * sf)325 static int parse_user_sigframe(struct user_ctxs *user,
326 			       struct rt_sigframe __user *sf)
327 {
328 	struct sigcontext __user *const sc = &sf->uc.uc_mcontext;
329 	struct _aarch64_ctx __user *head;
330 	char __user *base = (char __user *)&sc->__reserved;
331 	size_t offset = 0;
332 	size_t limit = sizeof(sc->__reserved);
333 	bool have_extra_context = false;
334 	char const __user *const sfp = (char const __user *)sf;
335 
336 	user->fpsimd = NULL;
337 	user->sve = NULL;
338 
339 	if (!IS_ALIGNED((unsigned long)base, 16))
340 		goto invalid;
341 
342 	while (1) {
343 		int err = 0;
344 		u32 magic, size;
345 		char const __user *userp;
346 		struct extra_context const __user *extra;
347 		u64 extra_datap;
348 		u32 extra_size;
349 		struct _aarch64_ctx const __user *end;
350 		u32 end_magic, end_size;
351 
352 		if (limit - offset < sizeof(*head))
353 			goto invalid;
354 
355 		if (!IS_ALIGNED(offset, 16))
356 			goto invalid;
357 
358 		head = (struct _aarch64_ctx __user *)(base + offset);
359 		__get_user_error(magic, &head->magic, err);
360 		__get_user_error(size, &head->size, err);
361 		if (err)
362 			return err;
363 
364 		if (limit - offset < size)
365 			goto invalid;
366 
367 		switch (magic) {
368 		case 0:
369 			if (size)
370 				goto invalid;
371 
372 			goto done;
373 
374 		case FPSIMD_MAGIC:
375 			if (!system_supports_fpsimd())
376 				goto invalid;
377 			if (user->fpsimd)
378 				goto invalid;
379 
380 			if (size < sizeof(*user->fpsimd))
381 				goto invalid;
382 
383 			user->fpsimd = (struct fpsimd_context __user *)head;
384 			break;
385 
386 		case ESR_MAGIC:
387 			/* ignore */
388 			break;
389 
390 		case SVE_MAGIC:
391 			if (!system_supports_sve())
392 				goto invalid;
393 
394 			if (user->sve)
395 				goto invalid;
396 
397 			if (size < sizeof(*user->sve))
398 				goto invalid;
399 
400 			user->sve = (struct sve_context __user *)head;
401 			break;
402 
403 		case EXTRA_MAGIC:
404 			if (have_extra_context)
405 				goto invalid;
406 
407 			if (size < sizeof(*extra))
408 				goto invalid;
409 
410 			userp = (char const __user *)head;
411 
412 			extra = (struct extra_context const __user *)userp;
413 			userp += size;
414 
415 			__get_user_error(extra_datap, &extra->datap, err);
416 			__get_user_error(extra_size, &extra->size, err);
417 			if (err)
418 				return err;
419 
420 			/* Check for the dummy terminator in __reserved[]: */
421 
422 			if (limit - offset - size < TERMINATOR_SIZE)
423 				goto invalid;
424 
425 			end = (struct _aarch64_ctx const __user *)userp;
426 			userp += TERMINATOR_SIZE;
427 
428 			__get_user_error(end_magic, &end->magic, err);
429 			__get_user_error(end_size, &end->size, err);
430 			if (err)
431 				return err;
432 
433 			if (end_magic || end_size)
434 				goto invalid;
435 
436 			/* Prevent looping/repeated parsing of extra_context */
437 			have_extra_context = true;
438 
439 			base = (__force void __user *)extra_datap;
440 			if (!IS_ALIGNED((unsigned long)base, 16))
441 				goto invalid;
442 
443 			if (!IS_ALIGNED(extra_size, 16))
444 				goto invalid;
445 
446 			if (base != userp)
447 				goto invalid;
448 
449 			/* Reject "unreasonably large" frames: */
450 			if (extra_size > sfp + SIGFRAME_MAXSZ - userp)
451 				goto invalid;
452 
453 			/*
454 			 * Ignore trailing terminator in __reserved[]
455 			 * and start parsing extra data:
456 			 */
457 			offset = 0;
458 			limit = extra_size;
459 
460 			if (!access_ok(base, limit))
461 				goto invalid;
462 
463 			continue;
464 
465 		default:
466 			goto invalid;
467 		}
468 
469 		if (size < sizeof(*head))
470 			goto invalid;
471 
472 		if (limit - offset < size)
473 			goto invalid;
474 
475 		offset += size;
476 	}
477 
478 done:
479 	return 0;
480 
481 invalid:
482 	return -EINVAL;
483 }
484 
restore_sigframe(struct pt_regs * regs,struct rt_sigframe __user * sf)485 static int restore_sigframe(struct pt_regs *regs,
486 			    struct rt_sigframe __user *sf)
487 {
488 	sigset_t set;
489 	int i, err;
490 	struct user_ctxs user;
491 
492 	err = __copy_from_user(&set, &sf->uc.uc_sigmask, sizeof(set));
493 	if (err == 0)
494 		set_current_blocked(&set);
495 
496 	for (i = 0; i < 31; i++)
497 		__get_user_error(regs->regs[i], &sf->uc.uc_mcontext.regs[i],
498 				 err);
499 	__get_user_error(regs->sp, &sf->uc.uc_mcontext.sp, err);
500 	__get_user_error(regs->pc, &sf->uc.uc_mcontext.pc, err);
501 	__get_user_error(regs->pstate, &sf->uc.uc_mcontext.pstate, err);
502 
503 	/*
504 	 * Avoid sys_rt_sigreturn() restarting.
505 	 */
506 	forget_syscall(regs);
507 
508 	err |= !valid_user_regs(&regs->user_regs, current);
509 	if (err == 0)
510 		err = parse_user_sigframe(&user, sf);
511 
512 	if (err == 0 && system_supports_fpsimd()) {
513 		if (!user.fpsimd)
514 			return -EINVAL;
515 
516 		if (user.sve) {
517 			if (!system_supports_sve())
518 				return -EINVAL;
519 
520 			err = restore_sve_fpsimd_context(&user);
521 		} else {
522 			err = restore_fpsimd_context(user.fpsimd);
523 		}
524 	}
525 
526 	return err;
527 }
528 
SYSCALL_DEFINE0(rt_sigreturn)529 SYSCALL_DEFINE0(rt_sigreturn)
530 {
531 	struct pt_regs *regs = current_pt_regs();
532 	struct rt_sigframe __user *frame;
533 
534 	/* Always make any pending restarted system calls return -EINTR */
535 	current->restart_block.fn = do_no_restart_syscall;
536 
537 	/*
538 	 * Since we stacked the signal on a 128-bit boundary, then 'sp' should
539 	 * be word aligned here.
540 	 */
541 	if (regs->sp & 15)
542 		goto badframe;
543 
544 	frame = (struct rt_sigframe __user *)regs->sp;
545 
546 	if (!access_ok(frame, sizeof (*frame)))
547 		goto badframe;
548 
549 	if (restore_sigframe(regs, frame))
550 		goto badframe;
551 
552 	if (restore_altstack(&frame->uc.uc_stack))
553 		goto badframe;
554 
555 	return regs->regs[0];
556 
557 badframe:
558 	arm64_notify_segfault(regs->sp);
559 	return 0;
560 }
561 
562 /*
563  * Determine the layout of optional records in the signal frame
564  *
565  * add_all: if true, lays out the biggest possible signal frame for
566  *	this task; otherwise, generates a layout for the current state
567  *	of the task.
568  */
setup_sigframe_layout(struct rt_sigframe_user_layout * user,bool add_all)569 static int setup_sigframe_layout(struct rt_sigframe_user_layout *user,
570 				 bool add_all)
571 {
572 	int err;
573 
574 	err = sigframe_alloc(user, &user->fpsimd_offset,
575 			     sizeof(struct fpsimd_context));
576 	if (err)
577 		return err;
578 
579 	/* fault information, if valid */
580 	if (add_all || current->thread.fault_code) {
581 		err = sigframe_alloc(user, &user->esr_offset,
582 				     sizeof(struct esr_context));
583 		if (err)
584 			return err;
585 	}
586 
587 	if (system_supports_sve()) {
588 		unsigned int vq = 0;
589 
590 		if (add_all || test_thread_flag(TIF_SVE)) {
591 			int vl = sve_max_vl;
592 
593 			if (!add_all)
594 				vl = current->thread.sve_vl;
595 
596 			vq = sve_vq_from_vl(vl);
597 		}
598 
599 		err = sigframe_alloc(user, &user->sve_offset,
600 				     SVE_SIG_CONTEXT_SIZE(vq));
601 		if (err)
602 			return err;
603 	}
604 
605 	return sigframe_alloc_end(user);
606 }
607 
setup_sigframe(struct rt_sigframe_user_layout * user,struct pt_regs * regs,sigset_t * set)608 static int setup_sigframe(struct rt_sigframe_user_layout *user,
609 			  struct pt_regs *regs, sigset_t *set)
610 {
611 	int i, err = 0;
612 	struct rt_sigframe __user *sf = user->sigframe;
613 
614 	/* set up the stack frame for unwinding */
615 	__put_user_error(regs->regs[29], &user->next_frame->fp, err);
616 	__put_user_error(regs->regs[30], &user->next_frame->lr, err);
617 
618 	for (i = 0; i < 31; i++)
619 		__put_user_error(regs->regs[i], &sf->uc.uc_mcontext.regs[i],
620 				 err);
621 	__put_user_error(regs->sp, &sf->uc.uc_mcontext.sp, err);
622 	__put_user_error(regs->pc, &sf->uc.uc_mcontext.pc, err);
623 	__put_user_error(regs->pstate, &sf->uc.uc_mcontext.pstate, err);
624 
625 	__put_user_error(current->thread.fault_address, &sf->uc.uc_mcontext.fault_address, err);
626 
627 	err |= __copy_to_user(&sf->uc.uc_sigmask, set, sizeof(*set));
628 
629 	if (err == 0 && system_supports_fpsimd()) {
630 		struct fpsimd_context __user *fpsimd_ctx =
631 			apply_user_offset(user, user->fpsimd_offset);
632 		err |= preserve_fpsimd_context(fpsimd_ctx);
633 	}
634 
635 	/* fault information, if valid */
636 	if (err == 0 && user->esr_offset) {
637 		struct esr_context __user *esr_ctx =
638 			apply_user_offset(user, user->esr_offset);
639 
640 		__put_user_error(ESR_MAGIC, &esr_ctx->head.magic, err);
641 		__put_user_error(sizeof(*esr_ctx), &esr_ctx->head.size, err);
642 		__put_user_error(current->thread.fault_code, &esr_ctx->esr, err);
643 	}
644 
645 	/* Scalable Vector Extension state, if present */
646 	if (system_supports_sve() && err == 0 && user->sve_offset) {
647 		struct sve_context __user *sve_ctx =
648 			apply_user_offset(user, user->sve_offset);
649 		err |= preserve_sve_context(sve_ctx);
650 	}
651 
652 	if (err == 0 && user->extra_offset) {
653 		char __user *sfp = (char __user *)user->sigframe;
654 		char __user *userp =
655 			apply_user_offset(user, user->extra_offset);
656 
657 		struct extra_context __user *extra;
658 		struct _aarch64_ctx __user *end;
659 		u64 extra_datap;
660 		u32 extra_size;
661 
662 		extra = (struct extra_context __user *)userp;
663 		userp += EXTRA_CONTEXT_SIZE;
664 
665 		end = (struct _aarch64_ctx __user *)userp;
666 		userp += TERMINATOR_SIZE;
667 
668 		/*
669 		 * extra_datap is just written to the signal frame.
670 		 * The value gets cast back to a void __user *
671 		 * during sigreturn.
672 		 */
673 		extra_datap = (__force u64)userp;
674 		extra_size = sfp + round_up(user->size, 16) - userp;
675 
676 		__put_user_error(EXTRA_MAGIC, &extra->head.magic, err);
677 		__put_user_error(EXTRA_CONTEXT_SIZE, &extra->head.size, err);
678 		__put_user_error(extra_datap, &extra->datap, err);
679 		__put_user_error(extra_size, &extra->size, err);
680 
681 		/* Add the terminator */
682 		__put_user_error(0, &end->magic, err);
683 		__put_user_error(0, &end->size, err);
684 	}
685 
686 	/* set the "end" magic */
687 	if (err == 0) {
688 		struct _aarch64_ctx __user *end =
689 			apply_user_offset(user, user->end_offset);
690 
691 		__put_user_error(0, &end->magic, err);
692 		__put_user_error(0, &end->size, err);
693 	}
694 
695 	return err;
696 }
697 
get_sigframe(struct rt_sigframe_user_layout * user,struct ksignal * ksig,struct pt_regs * regs)698 static int get_sigframe(struct rt_sigframe_user_layout *user,
699 			 struct ksignal *ksig, struct pt_regs *regs)
700 {
701 	unsigned long sp, sp_top;
702 	int err;
703 
704 	init_user_layout(user);
705 	err = setup_sigframe_layout(user, false);
706 	if (err)
707 		return err;
708 
709 	sp = sp_top = sigsp(regs->sp, ksig);
710 
711 	sp = round_down(sp - sizeof(struct frame_record), 16);
712 	user->next_frame = (struct frame_record __user *)sp;
713 
714 	sp = round_down(sp, 16) - sigframe_size(user);
715 	user->sigframe = (struct rt_sigframe __user *)sp;
716 
717 	/*
718 	 * Check that we can actually write to the signal frame.
719 	 */
720 	if (!access_ok(user->sigframe, sp_top - sp))
721 		return -EFAULT;
722 
723 	return 0;
724 }
725 
setup_return(struct pt_regs * regs,struct k_sigaction * ka,struct rt_sigframe_user_layout * user,int usig)726 static void setup_return(struct pt_regs *regs, struct k_sigaction *ka,
727 			 struct rt_sigframe_user_layout *user, int usig)
728 {
729 	__sigrestore_t sigtramp;
730 
731 	regs->regs[0] = usig;
732 	regs->sp = (unsigned long)user->sigframe;
733 	regs->regs[29] = (unsigned long)&user->next_frame->fp;
734 	regs->pc = (unsigned long)ka->sa.sa_handler;
735 
736 	/*
737 	 * Signal delivery is a (wacky) indirect function call in
738 	 * userspace, so simulate the same setting of BTYPE as a BLR
739 	 * <register containing the signal handler entry point>.
740 	 * Signal delivery to a location in a PROT_BTI guarded page
741 	 * that is not a function entry point will now trigger a
742 	 * SIGILL in userspace.
743 	 *
744 	 * If the signal handler entry point is not in a PROT_BTI
745 	 * guarded page, this is harmless.
746 	 */
747 	if (system_supports_bti()) {
748 		regs->pstate &= ~PSR_BTYPE_MASK;
749 		regs->pstate |= PSR_BTYPE_C;
750 	}
751 
752 	/* TCO (Tag Check Override) always cleared for signal handlers */
753 	regs->pstate &= ~PSR_TCO_BIT;
754 
755 	if (ka->sa.sa_flags & SA_RESTORER)
756 		sigtramp = ka->sa.sa_restorer;
757 	else
758 		sigtramp = VDSO_SYMBOL(current->mm->context.vdso, sigtramp);
759 
760 	regs->regs[30] = (unsigned long)sigtramp;
761 }
762 
setup_rt_frame(int usig,struct ksignal * ksig,sigset_t * set,struct pt_regs * regs)763 static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set,
764 			  struct pt_regs *regs)
765 {
766 	struct rt_sigframe_user_layout user;
767 	struct rt_sigframe __user *frame;
768 	int err = 0;
769 
770 	fpsimd_signal_preserve_current_state();
771 
772 	if (get_sigframe(&user, ksig, regs))
773 		return 1;
774 
775 	frame = user.sigframe;
776 
777 	__put_user_error(0, &frame->uc.uc_flags, err);
778 	__put_user_error(NULL, &frame->uc.uc_link, err);
779 
780 	err |= __save_altstack(&frame->uc.uc_stack, regs->sp);
781 	err |= setup_sigframe(&user, regs, set);
782 	if (err == 0) {
783 		setup_return(regs, &ksig->ka, &user, usig);
784 		if (ksig->ka.sa.sa_flags & SA_SIGINFO) {
785 			err |= copy_siginfo_to_user(&frame->info, &ksig->info);
786 			regs->regs[1] = (unsigned long)&frame->info;
787 			regs->regs[2] = (unsigned long)&frame->uc;
788 		}
789 	}
790 
791 	return err;
792 }
793 
setup_restart_syscall(struct pt_regs * regs)794 static void setup_restart_syscall(struct pt_regs *regs)
795 {
796 	if (is_compat_task())
797 		compat_setup_restart_syscall(regs);
798 	else
799 		regs->regs[8] = __NR_restart_syscall;
800 }
801 
802 /*
803  * OK, we're invoking a handler
804  */
handle_signal(struct ksignal * ksig,struct pt_regs * regs)805 static void handle_signal(struct ksignal *ksig, struct pt_regs *regs)
806 {
807 	sigset_t *oldset = sigmask_to_save();
808 	int usig = ksig->sig;
809 	int ret;
810 
811 	rseq_signal_deliver(ksig, regs);
812 
813 	/*
814 	 * Set up the stack frame
815 	 */
816 	if (is_compat_task()) {
817 		if (ksig->ka.sa.sa_flags & SA_SIGINFO)
818 			ret = compat_setup_rt_frame(usig, ksig, oldset, regs);
819 		else
820 			ret = compat_setup_frame(usig, ksig, oldset, regs);
821 	} else {
822 		ret = setup_rt_frame(usig, ksig, oldset, regs);
823 	}
824 
825 	/*
826 	 * Check that the resulting registers are actually sane.
827 	 */
828 	ret |= !valid_user_regs(&regs->user_regs, current);
829 
830 	/* Step into the signal handler if we are stepping */
831 	signal_setup_done(ret, ksig, test_thread_flag(TIF_SINGLESTEP));
832 }
833 
834 /*
835  * Note that 'init' is a special process: it doesn't get signals it doesn't
836  * want to handle. Thus you cannot kill init even with a SIGKILL even by
837  * mistake.
838  *
839  * Note that we go through the signals twice: once to check the signals that
840  * the kernel can handle, and then we build all the user-level signal handling
841  * stack-frames in one go after that.
842  */
do_signal(struct pt_regs * regs)843 static void do_signal(struct pt_regs *regs)
844 {
845 	unsigned long continue_addr = 0, restart_addr = 0;
846 	int retval = 0;
847 	struct ksignal ksig;
848 	bool syscall = in_syscall(regs);
849 
850 	/*
851 	 * If we were from a system call, check for system call restarting...
852 	 */
853 	if (syscall) {
854 		continue_addr = regs->pc;
855 		restart_addr = continue_addr - (compat_thumb_mode(regs) ? 2 : 4);
856 		retval = regs->regs[0];
857 
858 		/*
859 		 * Avoid additional syscall restarting via ret_to_user.
860 		 */
861 		forget_syscall(regs);
862 
863 		/*
864 		 * Prepare for system call restart. We do this here so that a
865 		 * debugger will see the already changed PC.
866 		 */
867 		switch (retval) {
868 		case -ERESTARTNOHAND:
869 		case -ERESTARTSYS:
870 		case -ERESTARTNOINTR:
871 		case -ERESTART_RESTARTBLOCK:
872 			regs->regs[0] = regs->orig_x0;
873 			regs->pc = restart_addr;
874 			break;
875 		}
876 	}
877 
878 	/*
879 	 * Get the signal to deliver. When running under ptrace, at this point
880 	 * the debugger may change all of our registers.
881 	 */
882 	if (get_signal(&ksig)) {
883 		/*
884 		 * Depending on the signal settings, we may need to revert the
885 		 * decision to restart the system call, but skip this if a
886 		 * debugger has chosen to restart at a different PC.
887 		 */
888 		if (regs->pc == restart_addr &&
889 		    (retval == -ERESTARTNOHAND ||
890 		     retval == -ERESTART_RESTARTBLOCK ||
891 		     (retval == -ERESTARTSYS &&
892 		      !(ksig.ka.sa.sa_flags & SA_RESTART)))) {
893 			regs->regs[0] = -EINTR;
894 			regs->pc = continue_addr;
895 		}
896 
897 		handle_signal(&ksig, regs);
898 		return;
899 	}
900 
901 	/*
902 	 * Handle restarting a different system call. As above, if a debugger
903 	 * has chosen to restart at a different PC, ignore the restart.
904 	 */
905 	if (syscall && regs->pc == restart_addr) {
906 		if (retval == -ERESTART_RESTARTBLOCK)
907 			setup_restart_syscall(regs);
908 		user_rewind_single_step(current);
909 	}
910 
911 	restore_saved_sigmask();
912 }
913 
do_notify_resume(struct pt_regs * regs,unsigned long thread_flags)914 asmlinkage void do_notify_resume(struct pt_regs *regs,
915 				 unsigned long thread_flags)
916 {
917 	/*
918 	 * The assembly code enters us with IRQs off, but it hasn't
919 	 * informed the tracing code of that for efficiency reasons.
920 	 * Update the trace code with the current status.
921 	 */
922 	trace_hardirqs_off();
923 
924 	do {
925 		/* Check valid user FS if needed */
926 		addr_limit_user_check();
927 
928 		if (thread_flags & _TIF_NEED_RESCHED) {
929 			/* Unmask Debug and SError for the next task */
930 			local_daif_restore(DAIF_PROCCTX_NOIRQ);
931 
932 			schedule();
933 		} else {
934 			local_daif_restore(DAIF_PROCCTX);
935 
936 			if (thread_flags & _TIF_UPROBE)
937 				uprobe_notify_resume(regs);
938 
939 			if (thread_flags & _TIF_MTE_ASYNC_FAULT) {
940 				clear_thread_flag(TIF_MTE_ASYNC_FAULT);
941 				send_sig_fault(SIGSEGV, SEGV_MTEAERR,
942 					       (void __user *)NULL, current);
943 			}
944 
945 			if (thread_flags & _TIF_SIGPENDING)
946 				do_signal(regs);
947 
948 			if (thread_flags & _TIF_NOTIFY_RESUME) {
949 				tracehook_notify_resume(regs);
950 				rseq_handle_notify_resume(NULL, regs);
951 			}
952 
953 			if (thread_flags & _TIF_FOREIGN_FPSTATE)
954 				fpsimd_restore_current_state();
955 		}
956 
957 		local_daif_mask();
958 		thread_flags = READ_ONCE(current_thread_info()->flags);
959 	} while (thread_flags & _TIF_WORK_MASK);
960 }
961 
962 unsigned long __ro_after_init signal_minsigstksz;
963 
964 /*
965  * Determine the stack space required for guaranteed signal devliery.
966  * This function is used to populate AT_MINSIGSTKSZ at process startup.
967  * cpufeatures setup is assumed to be complete.
968  */
minsigstksz_setup(void)969 void __init minsigstksz_setup(void)
970 {
971 	struct rt_sigframe_user_layout user;
972 
973 	init_user_layout(&user);
974 
975 	/*
976 	 * If this fails, SIGFRAME_MAXSZ needs to be enlarged.  It won't
977 	 * be big enough, but it's our best guess:
978 	 */
979 	if (WARN_ON(setup_sigframe_layout(&user, true)))
980 		return;
981 
982 	signal_minsigstksz = sigframe_size(&user) +
983 		round_up(sizeof(struct frame_record), 16) +
984 		16; /* max alignment padding */
985 }
986