aboutsummaryrefslogtreecommitdiffstats
path: root/arch/um/sys-x86_64
Commit message (Collapse)AuthorAge
* [PATCH] uml: Use klibc setjmp/longjmpJeff Dike2006-09-26
| | | | | | | | | | | | | | | | | | | This patch adds an implementation of setjmp and longjmp to UML, allowing access to the inside of a jmpbuf without needing the access macros formerly provided by libc. The implementation is stolen from klibc. I copy the relevant files into arch/um. I have another patch which avoids the copying, but requires klibc be in the tree. setjmp and longjmp users required some tweaking. Includes of <setjmp.h> were removed and includes of the UML longjmp.h were added where necessary. There are also replacements of siglongjmp with UML_LONGJMP which I somehow missed earlier. Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivialLinus Torvalds2006-06-30
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial: Remove obsolete #include <linux/config.h> remove obsolete swsusp_encrypt arch/arm26/Kconfig typos Documentation/IPMI typos Kconfig: Typos in net/sched/Kconfig v9fs: do not include linux/version.h Documentation/DocBook/mtdnand.tmpl: typo fixes typo fixes: specfic -> specific typo fixes in Documentation/networking/pktgen.txt typo fixes: occuring -> occurring typo fixes: infomation -> information typo fixes: disadvantadge -> disadvantage typo fixes: aquire -> acquire typo fixes: mecanism -> mechanism typo fixes: bandwith -> bandwidth fix a typo in the RTC_CLASS help text smb is no longer maintained Manually merged trivial conflict in arch/um/kernel/vmlinux.lds.S
| * Remove obsolete #include <linux/config.h>Jörn Engel2006-06-30
| | | | | | | | | | Signed-off-by: Jörn Engel <joern@wohnheim.fh-wedel.de> Signed-off-by: Adrian Bunk <bunk@stusta.de>
* | [PATCH] uml: remove unneeded time definitionsJeff Dike2006-06-30
|/ | | | | | | | | | Remove um_time() and um_stime() syscalls since they are identical to system-wide ones. Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: more __user annotationsAl Viro2006-06-05
| | | | | | | | | | | | From: Al Viro <viro@zeniv.linux.org.uk> uml __user annotations Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: __user annotation in arch_prctlAl Viro2006-06-05
| | | | | | | | | | | | | | From: Al Viro <viro@zeniv.linux.org.uk> fix uml/amd64 prctl() put_user() there should go to (long __user *)addr, not &addr Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: cleanup unprofile expression and build infrastructurePaolo 'Blaisorblade' Giarrusso2006-05-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | *) Rather than duplicate in various buggy ways the application of CFLAGS_NO_HARDENING and UNPROFILE (which apply to the same files), centralize it in Makefile.rules. UNPROFILE_OBJS mustn't be listed in USER_OBJS but are compiled as such. I've also verified that unprofile didn't work in the current form, because we set _c_flags directly (using CFLAGS and not USER_CFLAGS, which is wrong), which is normally used by c_flags, but we also override c_flags for all USER_OBJS, and there we don't call unprofile. Instead it only worked for unmap.o, the only one which wasn't a USER_OBJ. We need to set c_flags (which is not a public Kbuild API) to clear a lot of compilation flags like -nostdinc which Kbuild forces on everything. *) Rather than $(CFLAGS_$(notdir $@)), which expands to CFLAGS_anObj.s when building "anObj.s", use $(CFLAGS_$(*F).o) which always accesses CFLAGS_anObj.o, like done by Kbuild. *) Make c_flags apply to all targets having the same basename, rather than listing .s, .i, .lst and .o, with the use (which I tested) of $(USER_OBJS:.o=.%): c_flags = ... and of - $(obj)/unmap.c: _c_flags = ... + $(obj)/unmap.%: _c_flags = ... Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Acked-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: fix compilation and execution with hardened GCCPaolo 'Blaisorblade' Giarrusso2006-05-01
| | | | | | | | | | | | | | | | | | | To make some half-assembly stubs compile, disable various "hardened" GCC features: *) we can't make it build PIC code as we need %ebx to do syscalls and GCC wants it free for PIC *) we can't leave stack protection as the stub is moved (not relocated!) in memory so the RIP-relative access to the canary tries reading from an unmapped address and causes a segfault, since we move the stub of various megabytes (the exact amount will be decided at runtime) away from the link-time address. Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Acked-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: use Kbuild tracking for all files and fix compilation outputPaolo 'Blaisorblade' Giarrusso2006-05-01
| | | | | | | | | | | Move the build of user-offsets to arch/um/sys-$(SUBARCH), where it's located. So we can also build it via Kbuild with its dependency tracking rather than by hand. While hacking here, fix also a lot of little cosmetic things. Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Acked-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: add missing __volatile__Jeff Dike2006-04-19
| | | | | | | | | | | | | We were missing __volatile__ on some bits of asm in the segfault handlers. On x86_64, this was messing up the move from %rdx to uc because that was moved to after the GET_FAULTINFO_FROM_SC, which changed %rdx. Also changed the other bit of asm and the one in the i386 handler to prevent any similar occurrences. Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: fix critical typo for TT modePaolo 'Blaisorblade' Giarrusso2006-04-11
| | | | | | | | | | | Noticed this for a compilation-time warning, so I'm fixing it even for TT mode - this is not put_user, but copy_to_user, so we need a pointer to sp, not sp itself (we're trying to write the word pointed to by the "sp" var.). Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: implement {get,set}_thread_area for i386Paolo 'Blaisorblade' Giarrusso2006-03-31
| | | | | | | | | | | | | | | | | | | | | | Implement sys_[gs]et_thread_area and the corresponding ptrace operations for UML. This is the main chunk, additional parts follow. This implementation is now well tested and has run reliably for some time, and we've understood all the previously existing problems. Their implementation saves the new GDT content and then forwards the call to the host when appropriate, i.e. immediately when the target process is running or on context switch otherwise (i.e. on fork and on ptrace() calls). In SKAS mode, we must switch registers on each context switch (because SKAS does not switches tls_array together with current->mm). Also, added get_cpu() locking; this has been done for SKAS mode, since TT does not need it (it does not use smp_processor_id()). Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Acked-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: clean up remapping code build magicAl Viro2006-03-31
| | | | | | | | | | kills unmap magic Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: eliminate symlinks to host archAl Viro2006-03-31
| | | | | | | | | | kills symlinks in arch/um/sys-* Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: fix segfault on signal deliveryJeff Dike2006-03-27
| | | | | | | | | | | | | | | | | | | This fixes a process segfault where a signal was being delivered such that a new stack page needed to be allocated to hold the signal frame. This was tripping some logic in the page fault handler which wouldn't allocate the page if the faulting address was more that 32 bytes lower than the current stack pointer. Since a signal frame is greater than 32 bytes, this exercised that case. It's fixed by updating the SP in the pt_regs before starting to copy the signal frame. Since those are the registers that will be copied on to the stack, we have to be careful to put the original SP, not the new one which points to the signal frame, on the stack. Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: more carefully test whether we are in a system callBodo Stroesser2006-03-27
| | | | | | | | | | | | | | | | | | | | For security reasons, UML in is_syscall() needs to have access to code in vsyscall-page. The current implementation grants this access by explicitly allowing access to vsyscall in access_ok_skas(). With this change, copy_from_user() may be used to read the code. Ptrace access to vsyscall-page for debugging already was implemented in get_user_pages() by mainline. In i386, copy_from_user can't access vsyscall-page, but returns EFAULT. To make UML behave as i386 does, I changed is_syscall to use access_process_vm(current) to read the code from vsyscall-page. This doesn't hurt security, but simplifies the code and prepares implementation of stub-vmas. Signed-off-by: Bodo Stroesser <bstroesser@fujitsu-siemens.com> Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: move libc-dependent irq code to os-LinuxJeff Dike2006-03-27
| | | | | | | | | | | | The serial UML OS-abstraction layer patch (um/kernel dir). This moves all systemcalls from irq_user.c file under os-Linux dir Signed-off-by: Gennady Sharapov <Gennady.V.Sharapov@intel.com> Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: initialize process FP registers properlyJeff Dike2006-02-07
| | | | | | | | | | | | | We weren't making sure that we initialized the FP registers of new processes to sane values. This patch also moves some defines in the affected area closer to where they are used. Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: fix missing KBUILD_BASENAMEJeff Dike2006-01-11
| | | | | | | | | | | | | | | | | | | | | | | | | | 2.6.15-mm1 caused kernel-offsets.c to stop compiling with a syntax error in a header. The problem was with KBUILD_BASENAME, which didn't get a definition with the by-hand compilation in the main UML Makefile. This was OK before since the expansion was syntactically the same as the KBUILD_BASENAME token. With -mm1, the expansion is now a quote-delimited string, so there needs to be a definition of it. Since kernel-offsets.c is basically the same as other arches' asm-offsets.c, and those seem to build OK, this patch turns kernel-offsets.c into asm-offsets.c. kernel-offsets.c is in arch/um/sys-$(SUBARCH), i.e. sys-i386 and sys-x86_64, while kbuild expects it to be in arch/um/kernel. kernel-offsets.c is moved to arch/um/include/sysdep-$(SUBARCH)/kernel-offsets.h, which is included by arch/um/kernel/asm-offsets.c. With that, include/asm-um/asm-offsets.h is generated automatically. kernel-offsets.h continues to exist because it needs to be accessible to userspace UML code, and include/asm-um isn't. So, a symlink is made from arch/um/include/kernel-offsets.h to include/asm-um/asm-offsets.h. Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: fix compilation with CONFIG_MODE_TT disabledPaolo 'Blaisorblade' Giarrusso2005-12-29
| | | | | | | | | | | | Fix UML compilation when SKAS mode is disabled. Indeed, we were compiling SKAS-only object files, which failed due to some SKAS-only headers being excluded from the search path. Thanks to the bug report from Pekka J Enberg. Acked-by: Pekka J Enberg <penberg (at) cs ! helsinki ! fi> Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: properly invoke x86_64 system callsJeff Dike2005-11-22
| | | | | | | | | | | | | | This patch makes stub_segv use the stub_syscall macros. This was needed anyway, but the bug that prompted this was the discovery that gcc was storing stuff in RCX, which is trashed across a system call. This is exactly the sort of problem that the new macros fix. There is a stub_syscall0 for getpid. stub_segv was changed to be a libc file, and that caused some include changes. Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: maintain own LDT entriesBodo Stroesser2005-11-07
| | | | | | | | | | | | | | | | | | | | Patch imlements full LDT handling in SKAS: * UML holds it's own LDT table, used to deliver data on modify_ldt(READ) * UML disables the default_ldt, inherited from the host (SKAS3) or resets LDT entries, set by host's clib and inherited in SKAS0 * A new global variable skas_needs_stub is inserted, that can be used to decide, whether stub-pages must be supported or not. * Uses the syscall-stub to replace missing PTRACE_LDT (therefore, write_ldt_entry needs to be modified) Signed-off-by: Bodo Stroesser <bstroesser@fujitsu-siemens.com> Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: fix x86_64 with !CONFIG_FRAME_POINTERJeff Dike2005-10-10
| | | | | | | | | | | UML/x86_64 doesn't run when built with frame pointers disabled. There was an implicit frame pointer assumption in the stub segfault handler. With frame pointers disabled, UML dies on handling its first page fault. The container-of part of this is from Paolo Giarrusso <blaisorblade@yahoo.it>. Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml makefiles sanitizedAl Viro2005-09-29
| | | | | | | | | | | | | | | UML makefiles sanitized: - number of generated headers reduced to 2 (from user-offsets.c and kernel-offsets.c resp.). The rest is made constant and simply includes those two. - mk_... helpers are gone now that we don't need to generate these headers - arch/um/include2 removed since everything under arch/um/include/sysdep is constant now and symlink can point straight to source tree. - dependencies seriously simplified. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] bogus symbol used in arch/um/os-Linux/elf_aux.cviro@ZenIV.linux.org.uk2005-09-07
| | | | | | | | elf_aux is userland code; it uses symbol (ELF_CLASS) that doesn't exist in userland headers; pulled into kernel-offsets.h, switched elf_aux to using it. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: skas0 stubs now check system call return valuesBodo Stroesser2005-09-05
| | | | | | | | | | | | | | | | | | | | | Change syscall-stub's data to include a "expected retval". Stub now checks syscalls retval and aborts execution of syscall list, if retval != expected retval. run_syscall_stub prints the data of the failed syscall, using the data pointer and retval written by the stub to the beginning of the stack. one_syscall_stub is removed, to simplify code, because only some instructions are saved by one_syscall_stub, no host-syscall. Using the stub with additional data (modify_ldt via stub) is prepared also. Signed-off-by: Bodo Stroesser <bstroesser@fujitsu-siemens.com> Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: build cleanupsAl Viro2005-09-05
| | | | | | | | | | | | | | Added missing include list to uml AFLAGS Killed magic for stubs. [So] - it was needed only because of messed AFLAGS Switched segv_stubs.c to kernel CFLAGS sans profile, instead of user ones Killed STUBS_CFLAGS - it's not needed and the only remaining use had been gratitious - it only polluted CFLAGS Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: TLB operation batchingJeff Dike2005-09-05
| | | | | | | | | | | | | | | | | | | | | | This adds VM op batching to skas0. Rather than having a context switch to and from the userspace stub for each address space change, we write a number of operations to the stub data page and invoke a different stub which loops over them and executes them all in one go. The operations are stored as [ system call number, arg1, arg2, ... ] tuples. The set is terminated by a system call number of 0. Single operations, i.e. page faults, are handled in the old way, since that is slightly more efficient. For a kernel build, a minority (~1/4) of the operations are part of a set. These sets averaged ~100 in length, so for this quarter, the context switching overhead is greatly reduced. Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: build cleanupAl Viro2005-09-05
| | | | | | | | | Build cleanups Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: fix signal frame copy_userAl Viro2005-09-05
| | | | | | | | The copy_user stuff in the signal frame code was broke. Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] unify x86/x86-64 semaphore codeBenjamin LaHaise2005-09-05
| | | | | | | | | | | | | This patch moves the common code in x86 and x86-64's semaphore.c into a single file in lib/semaphore-sleepers.c. The arch specific asm stubs are left in the arch tree (in semaphore.c for i386 and in the asm for x86-64). There should be no changes in code/functionality with this patch. Signed-off-by: Benjamin LaHaise <benjamin.c.lahaise@intel.com> Cc: Andi Kleen <ak@muc.de> Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: workaround host bug in "TT mode vs. NPTL link fix"Paolo 'Blaisorblade' Giarrusso2005-07-14
| | | | | | | | | | | | | | | | | | | A big bug has been diagnosed on hosts running the SKAS patch and built with CONFIG_REGPARM, due to some missing prevent_tail_call(). On these hosts, this workaround is needed to avoid triggering that bug, because "to" is kept by GCC only in EBX, which is corrupted at the return of mmap2(). Since to trigger this bug int 0x80 must be used when doing the call, it rarely manifests itself, so I'd prefer to get this merged to workaround that host bug, since it should cause no functional change. Still, you might prefer to drop it, I'll leave this to you. Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: fix lvalue for gcc4Paolo 'Blaisorblade' Giarrusso2005-07-14
| | | | | | | | | | | | | | | | | | | | | | Russell King <rmk+lkml@arm.linux.org.uk> This construct is refused by GCC 4, so here's the (corrected) fix. Thanks to Russell for noticing a stupid mistake I did when first sending this. As he noted, the code is largely suboptimal however it currently works, and will be fixed shortly. Just read the access_ok check on fp which is NULL, or the pointer arithmetic below which should be done with a cast to void*: frame = (struct rt_sigframe __user *) round_down(stack_top - sizeof(struct rt_sigframe), 16) - 8; The code shows clearly that has been taken from arch/x86_64/kernel/signal.c:setup_rt_frame(), maybe in a bit of a hurry. Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: skas0 - separate kernel address space on stock hostsJeff Dike2005-07-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | UML has had two modes of operation - an insecure, slow mode (tt mode) in which the kernel is mapped into every process address space which requires no host kernel modifications, and a secure, faster mode (skas mode) in which the UML kernel is in a separate host address space, which requires a patch to the host kernel. This patch implements something very close to skas mode for hosts which don't support skas - I'm calling this skas0. It provides the security of the skas host patch, and some of the performance gains. The two main things that are provided by the skas patch, /proc/mm and PTRACE_FAULTINFO, are implemented in a way that require no host patch. For the remote address space changing stuff (mmap, munmap, and mprotect), we set aside two pages in the process above its stack, one of which contains a little bit of code which can call mmap et al. To update the address space, the system call information (system call number and arguments) are written to the stub page above the code. The %esp is set to the beginning of the data, the %eip is set the the start of the stub, and it repeatedly pops the information into its registers and makes the system call until it sees a system call number of zero. This is to amortize the cost of the context switch across multiple address space updates. When the updates are done, it SIGSTOPs itself, and the kernel process continues what it was doing. For a PTRACE_FAULTINFO replacement, we set up a SIGSEGV handler in the child, and let it handle segfaults rather than nullifying them. The handler is in the same page as the mmap stub. The second page is used as the stack. The handler reads cr2 and err from the sigcontext, sticks them at the base of the stack in a faultinfo struct, and SIGSTOPs itself. The kernel then reads the faultinfo and handles the fault. A complication on x86_64 is that this involves resetting the registers to the segfault values when the process is inside the kill system call. This breaks on x86_64 because %rcx will contain %rip because you tell SYSRET where to return to by putting the value in %rcx. So, this corrupts $rcx on return from the segfault. To work around this, I added an arch_finish_segv, which on x86 does nothing, but which on x86_64 ptraces the child back through the sigreturn. This causes %rcx to be restored by sigreturn and avoids the corruption. Ultimately, I think I will replace this with the trick of having it send itself a blocked signal which will be unblocked by the sigreturn. This will allow it to be stopped just after the sigreturn, and PTRACE_SYSCALLed without all the back-and-forth of PTRACE_SYSCALLing it through sigreturn. This runs on a stock host, so theoretically (and hopefully), tt mode isn't needed any more. We need to make sure that this is better in every way than tt mode, though. I'm concerned about the speed of address space updates and page fault handling, since they involve extra round-trips to the child. We can amortize the round-trip cost for large address space updates by writing all of the operations to the data page and having the child execute them all at the same time. This will help fork and exec, but not page faults, since they involve only one page. I can't think of any way to help page faults, except to add something like PTRACE_FAULTINFO to the host. There is PTRACE_SIGINFO, but UML doesn't use siginfo for SIGSEGV (or anything else) because there isn't enough information in the siginfo struct to handle page faults (the faulting operation type is missing). Adding that would make PTRACE_SIGINFO a usable equivalent to PTRACE_FAULTINFO. As for the code itself: - The system call stub is in arch/um/kernel/sys-$(SUBARCH)/stub.S. It is put in its own section of the binary along with stub_segv_handler in arch/um/kernel/skas/process.c. This is manipulated with run_syscall_stub in arch/um/kernel/skas/mem_user.c. syscall_stub will execute any system call at all, but it's only used for mmap, munmap, and mprotect. - The x86_64 stub calls sigreturn by hand rather than allowing the normal sigreturn to happen, because the normal sigreturn is a SA_RESTORER in UML's address space provided by libc. Needless to say, this is not available in the child's address space. Also, it does a couple of odd pops before that which restore the stack to the state it was in at the time the signal handler was called. - There is a new field in the arch mmu_context, which is now a union. This is the pid to be manipulated rather than the /proc/mm file descriptor. Code which deals with this now checks proc_mm to see whether it should use the usual skas code or the new code. - userspace_tramp is now used to create a new host process for every UML process, rather than one per UML processor. It checks proc_mm and ptrace_faultinfo to decide whether to map in the pages above its stack. - start_userspace now makes CLONE_VM conditional on proc_mm since we need separate address spaces now. - switch_mm_skas now just sets userspace_pid[0] to the new pid rather than PTRACE_SWITCH_MM. There is an addition to userspace which updates its idea of the pid being manipulated each time around the loop. This is important on exec, when the pid will change underneath userspace(). - The stub page has a pte, but it can't be mapped in using tlb_flush because it is part of tlb_flush. This is why it's required for it to be mapped in by userspace_tramp. Other random things: - The stub section in uml.lds.S is page aligned. This page is written out to the backing vm file in setup_physmem because it is mapped from there into user processes. - There's some confusion with TASK_SIZE now that there are a couple of extra pages that the process can't use. TASK_SIZE is considered by the elf code to be the usable process memory, which is reasonable, so it is decreased by two pages. This confuses the definition of USER_PGDS_IN_LAST_PML4, making it too small because of the rounding down of the uneven division. So we round it to the nearest PGDIR_SIZE rather than the lower one. - I added a missing PT_SYSCALL_ARG6_OFFSET macro. - um_mmu.h was made into a userspace-usable file. - proc_mm and ptrace_faultinfo are globals which say whether the host supports these features. - There is a bad interaction between the mm.nr_ptes check at the end of exit_mmap, stack randomization, and skas0. exit_mmap will stop freeing pages at the PGDIR_SIZE boundary after the last vma. If the stack isn't on the last page table page, the last pte page won't be freed, as it should be since the stub ptes are there, and exit_mmap will BUG because there is an unfreed page. To get around this, TASK_SIZE is set to the next lowest PGDIR_SIZE boundary and mm->nr_ptes is decremented after the calls to init_stub_pte. This ensures that we know the process stack (and all other process mappings) will be below the top page table page, and thus we know that mm->nr_ptes will be one too many, and can be decremented. Things that need fixing: - We may need better assurrences that the stub code is PIC. - The stub pte is set up in init_new_context_skas. - alloc_pgdir is probably the right place. Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: fork cleanupJeff Dike2005-06-25
| | | | | | | | | | | | | | | | Fix the do_fork calling convention: normal arch pass the regs and the new sp value to do_fork instead of NULL. Currently the arch-independent code ignores these values, while the UML code (actually it's copy_thread) gets the right values by itself. With this patch, things are fixed up. Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: fix linkage of tt mode against NPTLPaolo 'Blaisorblade' Giarrusso2005-06-21
| | | | | | | | | | | | | | | | | With Al Viro <viro@parcelfarce.linux.theplanet.co.uk> To make sure switcheroo() can execute when we remap all the executable image, we used a trick to make it use a local copy of errno... this trick does not work with NPTL glibc, only with LinuxThreads, so use another (simpler) one to make it work anyway. Hopefully, a lot improved thanks to merging with the version of Al Viro (which had his part of problems, though, i.e. removing a fix to another bug and not fixing the problem on i386). Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: fixlet for arch_prctl_skasPaolo 'Blaisorblade' Giarrusso2005-05-28
| | | | | | | | | | | | | Fix it a bit (after some cross checking with "man arch_prctl"). There were: *) typos FS/GS and back *) FS in place of FS_BASE (and the same for GS) *) the procedure used put_user on &addr, where addr was the parameter (i.e. changed its param with put_user, completely useless) rather than interpreting addr as a pointer, as requested in this case (see the man page). Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: stack dump fixPaolo 'Blaisorblade' Giarrusso2005-05-28
| | | | | | | | | Copy (and adapt) to UML the stack code dumper used in i386 when CONFIG_FRAME_POINTER is enabled. Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: Delay loop cleanupsJeff Dike2005-05-20
| | | | | | | | | | This patch cleans up the delay implementations a bit, makes the loops unoptimizable, and exports __udelay and __const_udelay. Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: small fixes left over from rc4Jeff Dike2005-05-20
| | | | | | | | | | | | | | | | | | Some changes that I sent in didn't make 2.6.12-rc4 for some reason. This adds them back. We have an x86_64 definition of TOP_ADDR a reimplementation of the x86_64 csum_partial_copy_from_user some syntax fixes in arch/um/kernel/ptrace.c removal of a CFLAGS definition in the x86_64 Makefile some include changes in the x86_64 ptrace.c and user-offsets.h a syntax fix in elf-x86_64.h Also moved an include in the i386 and x86_64 Makefiles to make the symlinks work, and some small fixes from Al Viro. Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: x86_64 fixesJeff Dike2005-05-07
| | | | | | | | | | | | | | | | | | | | This fixes some x86_64 bugs - - maybe_map returns -1 on error instead of 0, which is interpreted as physical address 0 - removed an include of ipc.h, which isn't needed - fixed the calculation of signal frame location - the signal delivery code is now immune to the stack expansion check - added a missing include Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: S390 preparation, peekusr/pokeusr defined by subarchBodo Stroesser2005-05-07
| | | | | | | | | | | | | | | | | | | | | | | | s390 needs to change some parts of arch/um/kernel/ptrace.c. Thus, the code regarding PEEKUSER and POKEUSER are shifted to arch/um/sys-<subarch>/ptrace.c. Also s390 debug registers need to be updated, when singlestepping is switched on / off. Thus, setting/resetting of singlestepping is centralized in the new function set_singlestep(), which also inserts the macro SUBARCH_SET_SINGLESTEP(mode), if defined. Finally, s390 has the "ieee_instruction_pointer" in its registers, which also is allowed to be read via ptrace( PTRACE_PEEKUSER, getpid(), PT_IEEE_IP, 0); To implement this feature, sys_ptrace inserts the macro SUBARCH_PTRACE_SPECIAL, if defined. Signed-off-by: Bodo Stroesser <bstroesser@fujitsu-siemens.com> Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: s390 preparation, delay moved to archBodo Stroesser2005-05-05
| | | | | | | | | | | s390 has fast read access to realtime clock (nanosecond resolution). So it makes sense to have an arch-specific implementation not only of __delay, but __udelay also. Signed-off-by: Bodo Stroesser <bstroesser@fujitsu-siemens.com> Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: S390 preparation, abstract host page fault dataBodo Stroesser2005-05-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch removes the arch-specific fault/trap-infos from thread and skas-regs. It adds a new struct faultinfo, that is arch-specific defined in sysdep/faultinfo.h. The structure is inserted in thread.arch and thread.regs.skas and thread.regs.tt Now, segv and other trap-handlers can copy the contents from regs.X.faultinfo to thread.arch.faultinfo with one simple assignment. Also, the number of macros necessary is reduced to FAULT_ADDRESS(struct faultinfo) extracts the faulting address from faultinfo FAULT_WRITE(struct faultinfo) extracts the "is_write" flag SEGV_IS_FIXABLE(struct faultinfo) is true for the fixable segvs, i.e. (TRAP == 14) on i386 UPT_FAULTINFO(regs) result is (struct faultinfo *) to the faultinfo in regs->skas.faultinfo GET_FAULTINFO_FROM_SC(struct faultinfo, struct sigcontext *) copies the relevant parts of the sigcontext to struct faultinfo. On SIGSEGV, call user_signal() instead of handle_segv(), if the architecture provides the information needed in PTRACE_FAULTINFO, or if PTRACE_FAULTINFO is missing, because segv-stub will provide the info. The benefit of the change is, that in case of a non-fixable SIGSEGV, we can give user processes a SIGSEGV, instead of possibly looping on pagefault handling. Since handle_segv() sikked arch_fixup() implicitly by passing ip==0 to segv(), I changed segv() to call arch_fixup() only, if !is_user. Signed-off-by: Bodo Stroesser <bstroesser@fujitsu-siemens.com> Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: fix missing subdir in x86_64Al Viro2005-05-05
| | | | | | | | | | | make distclean et.al. are missing arch/um/sys-x86_64/utils; fixed the same way we have it done for sys-i386 counterpart. Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: cross-build support : mk_threadAl Viro2005-05-05
| | | | | | | | | | mk_thread converted Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: cross-build support : kernel_offsetsAl Viro2005-05-05
| | | | | | | | | | | | | The next group of helpers is a bit trickier - they want the constants similar to those in user-offsets.h, but we need target sc.h for it. So we can't put that into user-offsets (sc.h depends on it) and need the second generated header for that stuff (kernel-offsets.h. BFD... Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: cross-build support: mk_scAl Viro2005-05-05
| | | | | | | | | Ditto for mk_sc Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml: start cross-build support : mk_user_constantsAl Viro2005-05-05
| | | | | | | | | | | | | | | | | | | | Beginning of cross-build fixes. Instead of expecting that mk_user_constants (compiled and executed on the build box) will see the sizeof, etc. for target box, we do what every architecture already does for asm-offsets. Namely, have user-offsets.c compiled *for* *target* into user-offsets.s and sed it into the header with relevant constants. We don't need to reinvent any wheels - all tools are already there. This patch deals with mk_user_constants. It doesn't assume any relationship between target and build environment anymore - we pick all defines we need from user-offsets.h. Later patches will deal with the rest of mk_... helpers in the same way. Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] uml kbuild: avoid useless rebuildsPaolo 'Blaisorblade' Giarrusso2005-05-05
| | | | | | | | | | | | | | | | - Fix some problems with usage of $(targets) (sometimes missing, sometimes used badly) that trigger partial rebuilds when doing a rebuild. - At that purpose, also factor out some common code for symlinks creation. - Fix a x86-64 build warning, caused by -L/usr/lib, which is anyway useless, and invalid in the x86-64 case. Tested on x86_64 and x86. Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>