Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
vm86_32.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1994 Linus Torvalds
3  *
4  * 29 dec 2001 - Fixed oopses caused by unchecked access to the vm86
5  * stack - Manfred Spraul <[email protected]>
6  *
7  * 22 mar 2002 - Manfred detected the stackfaults, but didn't handle
8  * them correctly. Now the emulation will be in a
9  * consistent state after stackfaults - Kasper Dupont
10  * <[email protected]>
11  *
12  * 22 mar 2002 - Added missing clear_IF in set_vflags_* Kasper Dupont
13  * <[email protected]>
14  *
15  * ?? ??? 2002 - Fixed premature returns from handle_vm86_fault
16  * caused by Kasper Dupont's changes - Stas Sergeev
17  *
18  * 4 apr 2002 - Fixed CHECK_IF_IN_TRAP broken by Stas' changes.
19  * Kasper Dupont <[email protected]>
20  *
21  * 9 apr 2002 - Changed syntax of macros in handle_vm86_fault.
22  * Kasper Dupont <[email protected]>
23  *
24  * 9 apr 2002 - Changed stack access macros to jump to a label
25  * instead of returning to userspace. This simplifies
26  * do_int, and is needed by handle_vm6_fault. Kasper
27  * Dupont <[email protected]>
28  *
29  */
30 
31 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
32 
33 #include <linux/capability.h>
34 #include <linux/errno.h>
35 #include <linux/interrupt.h>
36 #include <linux/sched.h>
37 #include <linux/kernel.h>
38 #include <linux/signal.h>
39 #include <linux/string.h>
40 #include <linux/mm.h>
41 #include <linux/smp.h>
42 #include <linux/highmem.h>
43 #include <linux/ptrace.h>
44 #include <linux/audit.h>
45 #include <linux/stddef.h>
46 
47 #include <asm/uaccess.h>
48 #include <asm/io.h>
49 #include <asm/tlbflush.h>
50 #include <asm/irq.h>
51 #include <asm/syscalls.h>
52 
53 /*
54  * Known problems:
55  *
56  * Interrupt handling is not guaranteed:
57  * - a real x86 will disable all interrupts for one instruction
58  * after a "mov ss,xx" to make stack handling atomic even without
59  * the 'lss' instruction. We can't guarantee this in v86 mode,
60  * as the next instruction might result in a page fault or similar.
61  * - a real x86 will have interrupts disabled for one instruction
62  * past the 'sti' that enables them. We don't bother with all the
63  * details yet.
64  *
65  * Let's hope these problems do not actually matter for anything.
66  */
67 
68 
69 #define KVM86 ((struct kernel_vm86_struct *)regs)
70 #define VMPI KVM86->vm86plus
71 
72 
73 /*
74  * 8- and 16-bit register defines..
75  */
76 #define AL(regs) (((unsigned char *)&((regs)->pt.ax))[0])
77 #define AH(regs) (((unsigned char *)&((regs)->pt.ax))[1])
78 #define IP(regs) (*(unsigned short *)&((regs)->pt.ip))
79 #define SP(regs) (*(unsigned short *)&((regs)->pt.sp))
80 
81 /*
82  * virtual flags (16 and 32-bit versions)
83  */
84 #define VFLAGS (*(unsigned short *)&(current->thread.v86flags))
85 #define VEFLAGS (current->thread.v86flags)
86 
87 #define set_flags(X, new, mask) \
88 ((X) = ((X) & ~(mask)) | ((new) & (mask)))
89 
90 #define SAFE_MASK (0xDD5)
91 #define RETURN_MASK (0xDFF)
92 
93 /* convert kernel_vm86_regs to vm86_regs */
94 static int copy_vm86_regs_to_user(struct vm86_regs __user *user,
95  const struct kernel_vm86_regs *regs)
96 {
97  int ret = 0;
98 
99  /*
100  * kernel_vm86_regs is missing gs, so copy everything up to
101  * (but not including) orig_eax, and then rest including orig_eax.
102  */
103  ret += copy_to_user(user, regs, offsetof(struct kernel_vm86_regs, pt.orig_ax));
104  ret += copy_to_user(&user->orig_eax, &regs->pt.orig_ax,
105  sizeof(struct kernel_vm86_regs) -
106  offsetof(struct kernel_vm86_regs, pt.orig_ax));
107 
108  return ret;
109 }
110 
111 /* convert vm86_regs to kernel_vm86_regs */
112 static int copy_vm86_regs_from_user(struct kernel_vm86_regs *regs,
113  const struct vm86_regs __user *user,
114  unsigned extra)
115 {
116  int ret = 0;
117 
118  /* copy ax-fs inclusive */
119  ret += copy_from_user(regs, user, offsetof(struct kernel_vm86_regs, pt.orig_ax));
120  /* copy orig_ax-__gsh+extra */
121  ret += copy_from_user(&regs->pt.orig_ax, &user->orig_eax,
122  sizeof(struct kernel_vm86_regs) -
123  offsetof(struct kernel_vm86_regs, pt.orig_ax) +
124  extra);
125  return ret;
126 }
127 
128 struct pt_regs *save_v86_state(struct kernel_vm86_regs *regs)
129 {
130  struct tss_struct *tss;
131  struct pt_regs *ret;
132  unsigned long tmp;
133 
134  /*
135  * This gets called from entry.S with interrupts disabled, but
136  * from process context. Enable interrupts here, before trying
137  * to access user space.
138  */
139  local_irq_enable();
140 
141  if (!current->thread.vm86_info) {
142  pr_alert("no vm86_info: BAD\n");
143  do_exit(SIGSEGV);
144  }
145  set_flags(regs->pt.flags, VEFLAGS, X86_EFLAGS_VIF | current->thread.v86mask);
146  tmp = copy_vm86_regs_to_user(&current->thread.vm86_info->regs, regs);
147  tmp += put_user(current->thread.screen_bitmap, &current->thread.vm86_info->screen_bitmap);
148  if (tmp) {
149  pr_alert("could not access userspace vm86_info\n");
150  do_exit(SIGSEGV);
151  }
152 
153  tss = &per_cpu(init_tss, get_cpu());
154  current->thread.sp0 = current->thread.saved_sp0;
155  current->thread.sysenter_cs = __KERNEL_CS;
156  load_sp0(tss, &current->thread);
157  current->thread.saved_sp0 = 0;
158  put_cpu();
159 
160  ret = KVM86->regs32;
161 
162  ret->fs = current->thread.saved_fs;
163  set_user_gs(ret, current->thread.saved_gs);
164 
165  return ret;
166 }
167 
168 static void mark_screen_rdonly(struct mm_struct *mm)
169 {
170  pgd_t *pgd;
171  pud_t *pud;
172  pmd_t *pmd;
173  pte_t *pte;
174  spinlock_t *ptl;
175  int i;
176 
177  down_write(&mm->mmap_sem);
178  pgd = pgd_offset(mm, 0xA0000);
179  if (pgd_none_or_clear_bad(pgd))
180  goto out;
181  pud = pud_offset(pgd, 0xA0000);
182  if (pud_none_or_clear_bad(pud))
183  goto out;
184  pmd = pmd_offset(pud, 0xA0000);
185  split_huge_page_pmd(mm, pmd);
186  if (pmd_none_or_clear_bad(pmd))
187  goto out;
188  pte = pte_offset_map_lock(mm, pmd, 0xA0000, &ptl);
189  for (i = 0; i < 32; i++) {
190  if (pte_present(*pte))
191  set_pte(pte, pte_wrprotect(*pte));
192  pte++;
193  }
194  pte_unmap_unlock(pte, ptl);
195 out:
196  up_write(&mm->mmap_sem);
197  flush_tlb();
198 }
199 
200 
201 
202 static int do_vm86_irq_handling(int subfunction, int irqnumber);
203 static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk);
204 
205 int sys_vm86old(struct vm86_struct __user *v86, struct pt_regs *regs)
206 {
207  struct kernel_vm86_struct info; /* declare this _on top_,
208  * this avoids wasting of stack space.
209  * This remains on the stack until we
210  * return to 32 bit user space.
211  */
212  struct task_struct *tsk;
213  int tmp, ret = -EPERM;
214 
215  tsk = current;
216  if (tsk->thread.saved_sp0)
217  goto out;
218  tmp = copy_vm86_regs_from_user(&info.regs, &v86->regs,
219  offsetof(struct kernel_vm86_struct, vm86plus) -
220  sizeof(info.regs));
221  ret = -EFAULT;
222  if (tmp)
223  goto out;
224  memset(&info.vm86plus, 0, (int)&info.regs32 - (int)&info.vm86plus);
225  info.regs32 = regs;
226  tsk->thread.vm86_info = v86;
227  do_sys_vm86(&info, tsk);
228  ret = 0; /* we never return here */
229 out:
230  return ret;
231 }
232 
233 
234 int sys_vm86(unsigned long cmd, unsigned long arg, struct pt_regs *regs)
235 {
236  struct kernel_vm86_struct info; /* declare this _on top_,
237  * this avoids wasting of stack space.
238  * This remains on the stack until we
239  * return to 32 bit user space.
240  */
241  struct task_struct *tsk;
242  int tmp, ret;
243  struct vm86plus_struct __user *v86;
244 
245  tsk = current;
246  switch (cmd) {
247  case VM86_REQUEST_IRQ:
248  case VM86_FREE_IRQ:
249  case VM86_GET_IRQ_BITS:
250  case VM86_GET_AND_RESET_IRQ:
251  ret = do_vm86_irq_handling(cmd, (int)arg);
252  goto out;
253  case VM86_PLUS_INSTALL_CHECK:
254  /*
255  * NOTE: on old vm86 stuff this will return the error
256  * from access_ok(), because the subfunction is
257  * interpreted as (invalid) address to vm86_struct.
258  * So the installation check works.
259  */
260  ret = 0;
261  goto out;
262  }
263 
264  /* we come here only for functions VM86_ENTER, VM86_ENTER_NO_BYPASS */
265  ret = -EPERM;
266  if (tsk->thread.saved_sp0)
267  goto out;
268  v86 = (struct vm86plus_struct __user *)arg;
269  tmp = copy_vm86_regs_from_user(&info.regs, &v86->regs,
270  offsetof(struct kernel_vm86_struct, regs32) -
271  sizeof(info.regs));
272  ret = -EFAULT;
273  if (tmp)
274  goto out;
275  info.regs32 = regs;
276  info.vm86plus.is_vm86pus = 1;
277  tsk->thread.vm86_info = (struct vm86_struct __user *)v86;
278  do_sys_vm86(&info, tsk);
279  ret = 0; /* we never return here */
280 out:
281  return ret;
282 }
283 
284 
285 static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk)
286 {
287  struct tss_struct *tss;
288 /*
289  * make sure the vm86() system call doesn't try to do anything silly
290  */
291  info->regs.pt.ds = 0;
292  info->regs.pt.es = 0;
293  info->regs.pt.fs = 0;
294 #ifndef CONFIG_X86_32_LAZY_GS
295  info->regs.pt.gs = 0;
296 #endif
297 
298 /*
299  * The flags register is also special: we cannot trust that the user
300  * has set it up safely, so this makes sure interrupt etc flags are
301  * inherited from protected mode.
302  */
303  VEFLAGS = info->regs.pt.flags;
304  info->regs.pt.flags &= SAFE_MASK;
305  info->regs.pt.flags |= info->regs32->flags & ~SAFE_MASK;
306  info->regs.pt.flags |= X86_VM_MASK;
307 
308  switch (info->cpu_type) {
309  case CPU_286:
310  tsk->thread.v86mask = 0;
311  break;
312  case CPU_386:
313  tsk->thread.v86mask = X86_EFLAGS_NT | X86_EFLAGS_IOPL;
314  break;
315  case CPU_486:
316  tsk->thread.v86mask = X86_EFLAGS_AC | X86_EFLAGS_NT | X86_EFLAGS_IOPL;
317  break;
318  default:
319  tsk->thread.v86mask = X86_EFLAGS_ID | X86_EFLAGS_AC | X86_EFLAGS_NT | X86_EFLAGS_IOPL;
320  break;
321  }
322 
323 /*
324  * Save old state, set default return value (%ax) to 0 (VM86_SIGNAL)
325  */
326  info->regs32->ax = VM86_SIGNAL;
327  tsk->thread.saved_sp0 = tsk->thread.sp0;
328  tsk->thread.saved_fs = info->regs32->fs;
329  tsk->thread.saved_gs = get_user_gs(info->regs32);
330 
331  tss = &per_cpu(init_tss, get_cpu());
332  tsk->thread.sp0 = (unsigned long) &info->VM86_TSS_ESP0;
333  if (cpu_has_sep)
334  tsk->thread.sysenter_cs = 0;
335  load_sp0(tss, &tsk->thread);
336  put_cpu();
337 
338  tsk->thread.screen_bitmap = info->screen_bitmap;
339  if (info->flags & VM86_SCREEN_BITMAP)
340  mark_screen_rdonly(tsk->mm);
341 
342  /*call __audit_syscall_exit since we do not exit via the normal paths */
343 #ifdef CONFIG_AUDITSYSCALL
344  if (unlikely(current->audit_context))
345  __audit_syscall_exit(1, 0);
346 #endif
347 
348  __asm__ __volatile__(
349  "movl %0,%%esp\n\t"
350  "movl %1,%%ebp\n\t"
351 #ifdef CONFIG_X86_32_LAZY_GS
352  "mov %2, %%gs\n\t"
353 #endif
354  "jmp resume_userspace"
355  : /* no outputs */
356  :"r" (&info->regs), "r" (task_thread_info(tsk)), "r" (0));
357  /* we never return here */
358 }
359 
360 static inline void return_to_32bit(struct kernel_vm86_regs *regs16, int retval)
361 {
362  struct pt_regs *regs32;
363 
364  regs32 = save_v86_state(regs16);
365  regs32->ax = retval;
366  __asm__ __volatile__("movl %0,%%esp\n\t"
367  "movl %1,%%ebp\n\t"
368  "jmp resume_userspace"
369  : : "r" (regs32), "r" (current_thread_info()));
370 }
371 
372 static inline void set_IF(struct kernel_vm86_regs *regs)
373 {
374  VEFLAGS |= X86_EFLAGS_VIF;
375  if (VEFLAGS & X86_EFLAGS_VIP)
376  return_to_32bit(regs, VM86_STI);
377 }
378 
379 static inline void clear_IF(struct kernel_vm86_regs *regs)
380 {
381  VEFLAGS &= ~X86_EFLAGS_VIF;
382 }
383 
384 static inline void clear_TF(struct kernel_vm86_regs *regs)
385 {
386  regs->pt.flags &= ~X86_EFLAGS_TF;
387 }
388 
389 static inline void clear_AC(struct kernel_vm86_regs *regs)
390 {
391  regs->pt.flags &= ~X86_EFLAGS_AC;
392 }
393 
394 /*
395  * It is correct to call set_IF(regs) from the set_vflags_*
396  * functions. However someone forgot to call clear_IF(regs)
397  * in the opposite case.
398  * After the command sequence CLI PUSHF STI POPF you should
399  * end up with interrupts disabled, but you ended up with
400  * interrupts enabled.
401  * ( I was testing my own changes, but the only bug I
402  * could find was in a function I had not changed. )
403  * [KD]
404  */
405 
406 static inline void set_vflags_long(unsigned long flags, struct kernel_vm86_regs *regs)
407 {
408  set_flags(VEFLAGS, flags, current->thread.v86mask);
409  set_flags(regs->pt.flags, flags, SAFE_MASK);
410  if (flags & X86_EFLAGS_IF)
411  set_IF(regs);
412  else
413  clear_IF(regs);
414 }
415 
416 static inline void set_vflags_short(unsigned short flags, struct kernel_vm86_regs *regs)
417 {
418  set_flags(VFLAGS, flags, current->thread.v86mask);
419  set_flags(regs->pt.flags, flags, SAFE_MASK);
420  if (flags & X86_EFLAGS_IF)
421  set_IF(regs);
422  else
423  clear_IF(regs);
424 }
425 
426 static inline unsigned long get_vflags(struct kernel_vm86_regs *regs)
427 {
428  unsigned long flags = regs->pt.flags & RETURN_MASK;
429 
430  if (VEFLAGS & X86_EFLAGS_VIF)
431  flags |= X86_EFLAGS_IF;
432  flags |= X86_EFLAGS_IOPL;
433  return flags | (VEFLAGS & current->thread.v86mask);
434 }
435 
436 static inline int is_revectored(int nr, struct revectored_struct *bitmap)
437 {
438  __asm__ __volatile__("btl %2,%1\n\tsbbl %0,%0"
439  :"=r" (nr)
440  :"m" (*bitmap), "r" (nr));
441  return nr;
442 }
443 
444 #define val_byte(val, n) (((__u8 *)&val)[n])
445 
446 #define pushb(base, ptr, val, err_label) \
447  do { \
448  __u8 __val = val; \
449  ptr--; \
450  if (put_user(__val, base + ptr) < 0) \
451  goto err_label; \
452  } while (0)
453 
454 #define pushw(base, ptr, val, err_label) \
455  do { \
456  __u16 __val = val; \
457  ptr--; \
458  if (put_user(val_byte(__val, 1), base + ptr) < 0) \
459  goto err_label; \
460  ptr--; \
461  if (put_user(val_byte(__val, 0), base + ptr) < 0) \
462  goto err_label; \
463  } while (0)
464 
465 #define pushl(base, ptr, val, err_label) \
466  do { \
467  __u32 __val = val; \
468  ptr--; \
469  if (put_user(val_byte(__val, 3), base + ptr) < 0) \
470  goto err_label; \
471  ptr--; \
472  if (put_user(val_byte(__val, 2), base + ptr) < 0) \
473  goto err_label; \
474  ptr--; \
475  if (put_user(val_byte(__val, 1), base + ptr) < 0) \
476  goto err_label; \
477  ptr--; \
478  if (put_user(val_byte(__val, 0), base + ptr) < 0) \
479  goto err_label; \
480  } while (0)
481 
482 #define popb(base, ptr, err_label) \
483  ({ \
484  __u8 __res; \
485  if (get_user(__res, base + ptr) < 0) \
486  goto err_label; \
487  ptr++; \
488  __res; \
489  })
490 
491 #define popw(base, ptr, err_label) \
492  ({ \
493  __u16 __res; \
494  if (get_user(val_byte(__res, 0), base + ptr) < 0) \
495  goto err_label; \
496  ptr++; \
497  if (get_user(val_byte(__res, 1), base + ptr) < 0) \
498  goto err_label; \
499  ptr++; \
500  __res; \
501  })
502 
503 #define popl(base, ptr, err_label) \
504  ({ \
505  __u32 __res; \
506  if (get_user(val_byte(__res, 0), base + ptr) < 0) \
507  goto err_label; \
508  ptr++; \
509  if (get_user(val_byte(__res, 1), base + ptr) < 0) \
510  goto err_label; \
511  ptr++; \
512  if (get_user(val_byte(__res, 2), base + ptr) < 0) \
513  goto err_label; \
514  ptr++; \
515  if (get_user(val_byte(__res, 3), base + ptr) < 0) \
516  goto err_label; \
517  ptr++; \
518  __res; \
519  })
520 
521 /* There are so many possible reasons for this function to return
522  * VM86_INTx, so adding another doesn't bother me. We can expect
523  * userspace programs to be able to handle it. (Getting a problem
524  * in userspace is always better than an Oops anyway.) [KD]
525  */
526 static void do_int(struct kernel_vm86_regs *regs, int i,
527  unsigned char __user *ssp, unsigned short sp)
528 {
529  unsigned long __user *intr_ptr;
530  unsigned long segoffs;
531 
532  if (regs->pt.cs == BIOSSEG)
533  goto cannot_handle;
534  if (is_revectored(i, &KVM86->int_revectored))
535  goto cannot_handle;
536  if (i == 0x21 && is_revectored(AH(regs), &KVM86->int21_revectored))
537  goto cannot_handle;
538  intr_ptr = (unsigned long __user *) (i << 2);
539  if (get_user(segoffs, intr_ptr))
540  goto cannot_handle;
541  if ((segoffs >> 16) == BIOSSEG)
542  goto cannot_handle;
543  pushw(ssp, sp, get_vflags(regs), cannot_handle);
544  pushw(ssp, sp, regs->pt.cs, cannot_handle);
545  pushw(ssp, sp, IP(regs), cannot_handle);
546  regs->pt.cs = segoffs >> 16;
547  SP(regs) -= 6;
548  IP(regs) = segoffs & 0xffff;
549  clear_TF(regs);
550  clear_IF(regs);
551  clear_AC(regs);
552  return;
553 
554 cannot_handle:
555  return_to_32bit(regs, VM86_INTx + (i << 8));
556 }
557 
558 int handle_vm86_trap(struct kernel_vm86_regs *regs, long error_code, int trapno)
559 {
560  if (VMPI.is_vm86pus) {
561  if ((trapno == 3) || (trapno == 1)) {
562  KVM86->regs32->ax = VM86_TRAP + (trapno << 8);
563  /* setting this flag forces the code in entry_32.S to
564  the path where we call save_v86_state() and change
565  the stack pointer to KVM86->regs32 */
566  set_thread_flag(TIF_NOTIFY_RESUME);
567  return 0;
568  }
569  do_int(regs, trapno, (unsigned char __user *) (regs->pt.ss << 4), SP(regs));
570  return 0;
571  }
572  if (trapno != 1)
573  return 1; /* we let this handle by the calling routine */
574  current->thread.trap_nr = trapno;
575  current->thread.error_code = error_code;
576  force_sig(SIGTRAP, current);
577  return 0;
578 }
579 
580 void handle_vm86_fault(struct kernel_vm86_regs *regs, long error_code)
581 {
582  unsigned char opcode;
583  unsigned char __user *csp;
584  unsigned char __user *ssp;
585  unsigned short ip, sp, orig_flags;
586  int data32, pref_done;
587 
588 #define CHECK_IF_IN_TRAP \
589  if (VMPI.vm86dbg_active && VMPI.vm86dbg_TFpendig) \
590  newflags |= X86_EFLAGS_TF
591 #define VM86_FAULT_RETURN do { \
592  if (VMPI.force_return_for_pic && (VEFLAGS & (X86_EFLAGS_IF | X86_EFLAGS_VIF))) \
593  return_to_32bit(regs, VM86_PICRETURN); \
594  if (orig_flags & X86_EFLAGS_TF) \
595  handle_vm86_trap(regs, 0, 1); \
596  return; } while (0)
597 
598  orig_flags = *(unsigned short *)&regs->pt.flags;
599 
600  csp = (unsigned char __user *) (regs->pt.cs << 4);
601  ssp = (unsigned char __user *) (regs->pt.ss << 4);
602  sp = SP(regs);
603  ip = IP(regs);
604 
605  data32 = 0;
606  pref_done = 0;
607  do {
608  switch (opcode = popb(csp, ip, simulate_sigsegv)) {
609  case 0x66: /* 32-bit data */ data32 = 1; break;
610  case 0x67: /* 32-bit address */ break;
611  case 0x2e: /* CS */ break;
612  case 0x3e: /* DS */ break;
613  case 0x26: /* ES */ break;
614  case 0x36: /* SS */ break;
615  case 0x65: /* GS */ break;
616  case 0x64: /* FS */ break;
617  case 0xf2: /* repnz */ break;
618  case 0xf3: /* rep */ break;
619  default: pref_done = 1;
620  }
621  } while (!pref_done);
622 
623  switch (opcode) {
624 
625  /* pushf */
626  case 0x9c:
627  if (data32) {
628  pushl(ssp, sp, get_vflags(regs), simulate_sigsegv);
629  SP(regs) -= 4;
630  } else {
631  pushw(ssp, sp, get_vflags(regs), simulate_sigsegv);
632  SP(regs) -= 2;
633  }
634  IP(regs) = ip;
635  VM86_FAULT_RETURN;
636 
637  /* popf */
638  case 0x9d:
639  {
640  unsigned long newflags;
641  if (data32) {
642  newflags = popl(ssp, sp, simulate_sigsegv);
643  SP(regs) += 4;
644  } else {
645  newflags = popw(ssp, sp, simulate_sigsegv);
646  SP(regs) += 2;
647  }
648  IP(regs) = ip;
649  CHECK_IF_IN_TRAP;
650  if (data32)
651  set_vflags_long(newflags, regs);
652  else
653  set_vflags_short(newflags, regs);
654 
655  VM86_FAULT_RETURN;
656  }
657 
658  /* int xx */
659  case 0xcd: {
660  int intno = popb(csp, ip, simulate_sigsegv);
661  IP(regs) = ip;
662  if (VMPI.vm86dbg_active) {
663  if ((1 << (intno & 7)) & VMPI.vm86dbg_intxxtab[intno >> 3])
664  return_to_32bit(regs, VM86_INTx + (intno << 8));
665  }
666  do_int(regs, intno, ssp, sp);
667  return;
668  }
669 
670  /* iret */
671  case 0xcf:
672  {
673  unsigned long newip;
674  unsigned long newcs;
675  unsigned long newflags;
676  if (data32) {
677  newip = popl(ssp, sp, simulate_sigsegv);
678  newcs = popl(ssp, sp, simulate_sigsegv);
679  newflags = popl(ssp, sp, simulate_sigsegv);
680  SP(regs) += 12;
681  } else {
682  newip = popw(ssp, sp, simulate_sigsegv);
683  newcs = popw(ssp, sp, simulate_sigsegv);
684  newflags = popw(ssp, sp, simulate_sigsegv);
685  SP(regs) += 6;
686  }
687  IP(regs) = newip;
688  regs->pt.cs = newcs;
689  CHECK_IF_IN_TRAP;
690  if (data32) {
691  set_vflags_long(newflags, regs);
692  } else {
693  set_vflags_short(newflags, regs);
694  }
695  VM86_FAULT_RETURN;
696  }
697 
698  /* cli */
699  case 0xfa:
700  IP(regs) = ip;
701  clear_IF(regs);
702  VM86_FAULT_RETURN;
703 
704  /* sti */
705  /*
706  * Damn. This is incorrect: the 'sti' instruction should actually
707  * enable interrupts after the /next/ instruction. Not good.
708  *
709  * Probably needs some horsing around with the TF flag. Aiee..
710  */
711  case 0xfb:
712  IP(regs) = ip;
713  set_IF(regs);
714  VM86_FAULT_RETURN;
715 
716  default:
717  return_to_32bit(regs, VM86_UNKNOWN);
718  }
719 
720  return;
721 
722 simulate_sigsegv:
723  /* FIXME: After a long discussion with Stas we finally
724  * agreed, that this is wrong. Here we should
725  * really send a SIGSEGV to the user program.
726  * But how do we create the correct context? We
727  * are inside a general protection fault handler
728  * and has just returned from a page fault handler.
729  * The correct context for the signal handler
730  * should be a mixture of the two, but how do we
731  * get the information? [KD]
732  */
733  return_to_32bit(regs, VM86_UNKNOWN);
734 }
735 
736 /* ---------------- vm86 special IRQ passing stuff ----------------- */
737 
738 #define VM86_IRQNAME "vm86irq"
739 
740 static struct vm86_irqs {
741  struct task_struct *tsk;
742  int sig;
743 } vm86_irqs[16];
744 
745 static DEFINE_SPINLOCK(irqbits_lock);
746 static int irqbits;
747 
748 #define ALLOWED_SIGS (1 /* 0 = don't send a signal */ \
749  | (1 << SIGUSR1) | (1 << SIGUSR2) | (1 << SIGIO) | (1 << SIGURG) \
750  | (1 << SIGUNUSED))
751 
752 static irqreturn_t irq_handler(int intno, void *dev_id)
753 {
754  int irq_bit;
755  unsigned long flags;
756 
757  spin_lock_irqsave(&irqbits_lock, flags);
758  irq_bit = 1 << intno;
759  if ((irqbits & irq_bit) || !vm86_irqs[intno].tsk)
760  goto out;
761  irqbits |= irq_bit;
762  if (vm86_irqs[intno].sig)
763  send_sig(vm86_irqs[intno].sig, vm86_irqs[intno].tsk, 1);
764  /*
765  * IRQ will be re-enabled when user asks for the irq (whether
766  * polling or as a result of the signal)
767  */
768  disable_irq_nosync(intno);
769  spin_unlock_irqrestore(&irqbits_lock, flags);
770  return IRQ_HANDLED;
771 
772 out:
773  spin_unlock_irqrestore(&irqbits_lock, flags);
774  return IRQ_NONE;
775 }
776 
777 static inline void free_vm86_irq(int irqnumber)
778 {
779  unsigned long flags;
780 
781  free_irq(irqnumber, NULL);
782  vm86_irqs[irqnumber].tsk = NULL;
783 
784  spin_lock_irqsave(&irqbits_lock, flags);
785  irqbits &= ~(1 << irqnumber);
786  spin_unlock_irqrestore(&irqbits_lock, flags);
787 }
788 
789 void release_vm86_irqs(struct task_struct *task)
790 {
791  int i;
792  for (i = FIRST_VM86_IRQ ; i <= LAST_VM86_IRQ; i++)
793  if (vm86_irqs[i].tsk == task)
794  free_vm86_irq(i);
795 }
796 
797 static inline int get_and_reset_irq(int irqnumber)
798 {
799  int bit;
800  unsigned long flags;
801  int ret = 0;
802 
803  if (invalid_vm86_irq(irqnumber)) return 0;
804  if (vm86_irqs[irqnumber].tsk != current) return 0;
805  spin_lock_irqsave(&irqbits_lock, flags);
806  bit = irqbits & (1 << irqnumber);
807  irqbits &= ~bit;
808  if (bit) {
809  enable_irq(irqnumber);
810  ret = 1;
811  }
812 
813  spin_unlock_irqrestore(&irqbits_lock, flags);
814  return ret;
815 }
816 
817 
818 static int do_vm86_irq_handling(int subfunction, int irqnumber)
819 {
820  int ret;
821  switch (subfunction) {
822  case VM86_GET_AND_RESET_IRQ: {
823  return get_and_reset_irq(irqnumber);
824  }
825  case VM86_GET_IRQ_BITS: {
826  return irqbits;
827  }
828  case VM86_REQUEST_IRQ: {
829  int sig = irqnumber >> 8;
830  int irq = irqnumber & 255;
831  if (!capable(CAP_SYS_ADMIN)) return -EPERM;
832  if (!((1 << sig) & ALLOWED_SIGS)) return -EPERM;
833  if (invalid_vm86_irq(irq)) return -EPERM;
834  if (vm86_irqs[irq].tsk) return -EPERM;
835  ret = request_irq(irq, &irq_handler, 0, VM86_IRQNAME, NULL);
836  if (ret) return ret;
837  vm86_irqs[irq].sig = sig;
838  vm86_irqs[irq].tsk = current;
839  return irq;
840  }
841  case VM86_FREE_IRQ: {
842  if (invalid_vm86_irq(irqnumber)) return -EPERM;
843  if (!vm86_irqs[irqnumber].tsk) return 0;
844  if (vm86_irqs[irqnumber].tsk != current) return -EPERM;
845  free_vm86_irq(irqnumber);
846  return 0;
847  }
848  }
849  return -EINVAL;
850 }
851 
Generated on Thu Jan 10 2013 13:21:07 for Linux Kernel by   doxygen 1.8.2