| 1 | /* |
|---|---|
| 2 | * Copyright (c) 2012-2013 Apple Inc. All rights reserved. |
| 3 | * |
| 4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
| 5 | * |
| 6 | * This file contains Original Code and/or Modifications of Original Code |
| 7 | * as defined in and that are subject to the Apple Public Source License |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in |
| 9 | * compliance with the License. The rights granted to you under the License |
| 10 | * may not be used to create, or enable the creation or redistribution of, |
| 11 | * unlawful or unlicensed copies of an Apple operating system, or to |
| 12 | * circumvent, violate, or enable the circumvention or violation of, any |
| 13 | * terms of an Apple operating system software license agreement. |
| 14 | * |
| 15 | * Please obtain a copy of the License at |
| 16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
| 17 | * |
| 18 | * The Original Code and all software distributed under the License are |
| 19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
| 20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
| 21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
| 22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
| 23 | * Please see the License for the specific language governing rights and |
| 24 | * limitations under the License. |
| 25 | * |
| 26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
| 27 | */ |
| 28 | |
| 29 | #include <arm/cpu_data_internal.h> |
| 30 | #include <arm/misc_protos.h> |
| 31 | #include <kern/thread.h> |
| 32 | #include <sys/errno.h> |
| 33 | #include <vm/pmap.h> |
| 34 | #include <vm/vm_map.h> |
| 35 | #include <san/kasan.h> |
| 36 | |
| 37 | #undef copyin |
| 38 | #undef copyout |
| 39 | |
| 40 | extern int _bcopyin(const char *src, char *dst, vm_size_t len); |
| 41 | extern int _bcopyinstr(const char *src, char *dst, vm_size_t max, vm_size_t *actual); |
| 42 | extern int _bcopyout(const char *src, char *dst, vm_size_t len); |
| 43 | extern int _copyin_word(const char *src, uint64_t *dst, vm_size_t len); |
| 44 | |
| 45 | extern pmap_t kernel_pmap; |
| 46 | |
| 47 | /* On by default, optionally disabled by boot-arg */ |
| 48 | extern boolean_t copyio_zalloc_check; |
| 49 | |
| 50 | typedef enum copyio_type { |
| 51 | COPYIO_IN, |
| 52 | COPYIO_IN_WORD, |
| 53 | COPYIO_INSTR, |
| 54 | COPYIO_OUT, |
| 55 | } copyio_type_t; |
| 56 | |
| 57 | static inline void |
| 58 | user_access_enable(void) |
| 59 | { |
| 60 | #if __ARM_PAN_AVAILABLE__ |
| 61 | __builtin_arm_wsr("pan", 0); |
| 62 | #endif /* __ARM_PAN_AVAILABLE__ */ |
| 63 | } |
| 64 | |
| 65 | static inline void |
| 66 | user_access_disable(void) |
| 67 | { |
| 68 | #if __ARM_PAN_AVAILABLE__ |
| 69 | __builtin_arm_wsr("pan", 1); |
| 70 | #endif /* __ARM_PAN_AVAILABLE__ */ |
| 71 | } |
| 72 | |
| 73 | static int |
| 74 | copyio(copyio_type_t copytype, const char *src, char *dst, |
| 75 | vm_size_t nbytes, vm_size_t *lencopied) |
| 76 | { |
| 77 | int result = 0; |
| 78 | vm_size_t bytes_copied = 0; |
| 79 | vm_size_t kernel_buf_size = 0; |
| 80 | void * kernel_addr = NULL; |
| 81 | |
| 82 | /* Reject TBI addresses */ |
| 83 | if (copytype == COPYIO_OUT) { |
| 84 | if ((uintptr_t)dst & TBI_MASK) |
| 85 | return EINVAL; |
| 86 | } else { |
| 87 | if ((uintptr_t)src & TBI_MASK) |
| 88 | return EINVAL; |
| 89 | } |
| 90 | |
| 91 | if (__probable(copyio_zalloc_check)) { |
| 92 | if (copytype == COPYIO_IN || copytype == COPYIO_INSTR || copytype == COPYIO_IN_WORD) { |
| 93 | kernel_addr = (void*)dst; |
| 94 | } else if (copytype == COPYIO_OUT) { |
| 95 | kernel_addr = (void*)(uintptr_t)src; |
| 96 | } |
| 97 | if (kernel_addr) |
| 98 | kernel_buf_size = zone_element_size(kernel_addr, NULL); |
| 99 | if (__improbable(kernel_buf_size && kernel_buf_size < nbytes)) |
| 100 | panic("copyio: kernel buffer %p has size %lu < nbytes %lu", kernel_addr, kernel_buf_size, nbytes); |
| 101 | } |
| 102 | |
| 103 | #if KASAN |
| 104 | /* For user copies, asan-check the kernel-side buffer */ |
| 105 | if (copytype == COPYIO_IN || copytype == COPYIO_INSTR || copytype == COPYIO_IN_WORD) { |
| 106 | __asan_storeN((uintptr_t)dst, nbytes); |
| 107 | } else if (copytype == COPYIO_OUT) { |
| 108 | __asan_loadN((uintptr_t)src, nbytes); |
| 109 | } |
| 110 | #endif |
| 111 | |
| 112 | user_access_enable(); |
| 113 | |
| 114 | /* Select copy routines based on direction: |
| 115 | * COPYIO_IN - Use unprivileged loads to read from user address |
| 116 | * COPYIO_OUT - Use unprivleged stores to write to user address |
| 117 | */ |
| 118 | |
| 119 | switch (copytype) { |
| 120 | case COPYIO_IN: |
| 121 | result = _bcopyin(src, dst, nbytes); |
| 122 | break; |
| 123 | case COPYIO_INSTR: |
| 124 | result = _bcopyinstr(src, dst, nbytes, &bytes_copied); |
| 125 | if (result != EFAULT) { |
| 126 | *lencopied = bytes_copied; |
| 127 | } |
| 128 | break; |
| 129 | case COPYIO_IN_WORD: |
| 130 | result = _copyin_word(src, (uint64_t *)(uintptr_t)dst, nbytes); |
| 131 | break; |
| 132 | case COPYIO_OUT: |
| 133 | result = _bcopyout(src, dst, nbytes); |
| 134 | break; |
| 135 | default: |
| 136 | result = EINVAL; |
| 137 | } |
| 138 | |
| 139 | user_access_disable(); |
| 140 | return result; |
| 141 | } |
| 142 | |
| 143 | int |
| 144 | copyin_kern(const user_addr_t user_addr, char *kernel_addr, vm_size_t nbytes) |
| 145 | { |
| 146 | bcopy((const char*)(uintptr_t)user_addr, kernel_addr, nbytes); |
| 147 | |
| 148 | return 0; |
| 149 | } |
| 150 | |
| 151 | int |
| 152 | copyout_kern(const char *kernel_addr, user_addr_t user_addr, vm_size_t nbytes) |
| 153 | { |
| 154 | bcopy(kernel_addr, (char *)(uintptr_t)user_addr, nbytes); |
| 155 | |
| 156 | return 0; |
| 157 | } |
| 158 | |
| 159 | int |
| 160 | copyin(const user_addr_t user_addr, void *kernel_addr, vm_size_t nbytes) |
| 161 | { |
| 162 | int result; |
| 163 | |
| 164 | if (nbytes == 0) |
| 165 | return 0; |
| 166 | |
| 167 | result = copyin_validate(user_addr, (uintptr_t)kernel_addr, nbytes); |
| 168 | if (result) return result; |
| 169 | |
| 170 | if (current_thread()->map->pmap == kernel_pmap) |
| 171 | return copyin_kern(user_addr, kernel_addr, nbytes); |
| 172 | else |
| 173 | return copyio(COPYIO_IN, (const char *)(uintptr_t)user_addr, kernel_addr, nbytes, NULL); |
| 174 | } |
| 175 | |
| 176 | /* |
| 177 | * copyin_word |
| 178 | * Read an aligned value from userspace as a single memory transaction. |
| 179 | * This function supports userspace synchronization features |
| 180 | */ |
| 181 | int |
| 182 | copyin_word(const user_addr_t user_addr, uint64_t *kernel_addr, vm_size_t nbytes) |
| 183 | { |
| 184 | int result; |
| 185 | |
| 186 | /* Verify sizes */ |
| 187 | if ((nbytes != 4) && (nbytes != 8)) |
| 188 | return EINVAL; |
| 189 | |
| 190 | /* Test alignment */ |
| 191 | if (user_addr & (nbytes - 1)) |
| 192 | return EINVAL; |
| 193 | |
| 194 | result = copyin_validate(user_addr, (uintptr_t)kernel_addr, nbytes); |
| 195 | if (result) |
| 196 | return result; |
| 197 | |
| 198 | return copyio(COPYIO_IN_WORD, (const char *)user_addr, (char *)(uintptr_t)kernel_addr, nbytes, NULL); |
| 199 | } |
| 200 | |
| 201 | int |
| 202 | copyinstr(const user_addr_t user_addr, char *kernel_addr, vm_size_t nbytes, vm_size_t *lencopied) |
| 203 | { |
| 204 | int result; |
| 205 | |
| 206 | *lencopied = 0; |
| 207 | if (nbytes == 0) |
| 208 | return ENAMETOOLONG; |
| 209 | |
| 210 | result = copyin_validate(user_addr, (uintptr_t)kernel_addr, nbytes); |
| 211 | |
| 212 | if (result) return result; |
| 213 | |
| 214 | return copyio(COPYIO_INSTR, (const char *)(uintptr_t)user_addr, kernel_addr, nbytes, lencopied); |
| 215 | } |
| 216 | |
| 217 | int |
| 218 | copyout(const void *kernel_addr, user_addr_t user_addr, vm_size_t nbytes) |
| 219 | { |
| 220 | int result; |
| 221 | |
| 222 | if (nbytes == 0) |
| 223 | return 0; |
| 224 | |
| 225 | result = copyout_validate((uintptr_t)kernel_addr, user_addr, nbytes); |
| 226 | if (result) return result; |
| 227 | |
| 228 | if (current_thread()->map->pmap == kernel_pmap) |
| 229 | return copyout_kern(kernel_addr, user_addr, nbytes); |
| 230 | else |
| 231 | return copyio(COPYIO_OUT, kernel_addr, (char *)(uintptr_t)user_addr, nbytes, NULL); |
| 232 | } |
| 233 | |
| 234 | |
| 235 | /* |
| 236 | * Copy sizes bigger than this value will cause a kernel panic. |
| 237 | * |
| 238 | * Yes, this is an arbitrary fixed limit, but it's almost certainly |
| 239 | * a programming error to be copying more than this amount between |
| 240 | * user and wired kernel memory in a single invocation on this |
| 241 | * platform. |
| 242 | */ |
| 243 | const int copysize_limit_panic = (64 * 1024 * 1024); |
| 244 | |
| 245 | /* |
| 246 | * Validate the arguments to copy{in,out} on this platform. |
| 247 | */ |
| 248 | static int |
| 249 | copy_validate(const user_addr_t user_addr, |
| 250 | uintptr_t kernel_addr, vm_size_t nbytes) |
| 251 | { |
| 252 | uintptr_t kernel_addr_last = kernel_addr + nbytes; |
| 253 | |
| 254 | if (__improbable(kernel_addr < VM_MIN_KERNEL_ADDRESS || |
| 255 | kernel_addr > VM_MAX_KERNEL_ADDRESS || |
| 256 | kernel_addr_last < kernel_addr || |
| 257 | kernel_addr_last > VM_MAX_KERNEL_ADDRESS)) |
| 258 | panic("%s(%p, %p, %lu) - kaddr not in kernel", __func__, |
| 259 | (void *)user_addr, (void *)kernel_addr, nbytes); |
| 260 | |
| 261 | user_addr_t user_addr_last = user_addr + nbytes; |
| 262 | |
| 263 | if (__improbable((user_addr_last < user_addr) || ((user_addr + nbytes) > vm_map_max(current_thread()->map)) || |
| 264 | (user_addr < vm_map_min(current_thread()->map)))) |
| 265 | return (EFAULT); |
| 266 | |
| 267 | if (__improbable(nbytes > copysize_limit_panic)) |
| 268 | panic("%s(%p, %p, %lu) - transfer too large", __func__, |
| 269 | (void *)user_addr, (void *)kernel_addr, nbytes); |
| 270 | |
| 271 | return (0); |
| 272 | } |
| 273 | |
| 274 | int |
| 275 | copyin_validate(const user_addr_t ua, uintptr_t ka, vm_size_t nbytes) |
| 276 | { |
| 277 | return (copy_validate(ua, ka, nbytes)); |
| 278 | } |
| 279 | |
| 280 | int |
| 281 | copyout_validate(uintptr_t ka, const user_addr_t ua, vm_size_t nbytes) |
| 282 | { |
| 283 | return (copy_validate(ua, ka, nbytes)); |
| 284 | } |
| 285 | |
| 286 |
Generated on 2018-Dec-24 from project xnu revision 4903.221.2
Powered by 
Code Browser 2.1
Generator usage only permitted with license.