1// SPDX-License-Identifier: GPL-2.0
2/*
3 * This contains the io-permission bitmap code - written by obz, with changes
4 * by Linus. 32/64 bits code unification by Miguel Botón.
5 */
6
7#include <linux/sched.h>
8#include <linux/sched/task_stack.h>
9#include <linux/kernel.h>
10#include <linux/capability.h>
11#include <linux/errno.h>
12#include <linux/types.h>
13#include <linux/ioport.h>
14#include <linux/smp.h>
15#include <linux/stddef.h>
16#include <linux/slab.h>
17#include <linux/thread_info.h>
18#include <linux/syscalls.h>
19#include <linux/bitmap.h>
20#include <asm/syscalls.h>
21#include <asm/desc.h>
22
23/*
24 * this changes the io permissions bitmap in the current task.
25 */
26long ksys_ioperm(unsigned long from, unsigned long num, int turn_on)
27{
28 struct thread_struct *t = &current->thread;
29 struct tss_struct *tss;
30 unsigned int i, max_long, bytes, bytes_updated;
31
32 if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
33 return -EINVAL;
34 if (turn_on && !capable(CAP_SYS_RAWIO))
35 return -EPERM;
36
37 /*
38 * If it's the first ioperm() call in this thread's lifetime, set the
39 * IO bitmap up. ioperm() is much less timing critical than clone(),
40 * this is why we delay this operation until now:
41 */
42 if (!t->io_bitmap_ptr) {
43 unsigned long *bitmap = kmalloc(IO_BITMAP_BYTES, GFP_KERNEL);
44
45 if (!bitmap)
46 return -ENOMEM;
47
48 memset(bitmap, 0xff, IO_BITMAP_BYTES);
49 t->io_bitmap_ptr = bitmap;
50 set_thread_flag(TIF_IO_BITMAP);
51
52 /*
53 * Now that we have an IO bitmap, we need our TSS limit to be
54 * correct. It's fine if we are preempted after doing this:
55 * with TIF_IO_BITMAP set, context switches will keep our TSS
56 * limit correct.
57 */
58 preempt_disable();
59 refresh_tss_limit();
60 preempt_enable();
61 }
62
63 /*
64 * do it in the per-thread copy and in the TSS ...
65 *
66 * Disable preemption via get_cpu() - we must not switch away
67 * because the ->io_bitmap_max value must match the bitmap
68 * contents:
69 */
70 tss = &per_cpu(cpu_tss_rw, get_cpu());
71
72 if (turn_on)
73 bitmap_clear(t->io_bitmap_ptr, from, num);
74 else
75 bitmap_set(t->io_bitmap_ptr, from, num);
76
77 /*
78 * Search for a (possibly new) maximum. This is simple and stupid,
79 * to keep it obviously correct:
80 */
81 max_long = 0;
82 for (i = 0; i < IO_BITMAP_LONGS; i++)
83 if (t->io_bitmap_ptr[i] != ~0UL)
84 max_long = i;
85
86 bytes = (max_long + 1) * sizeof(unsigned long);
87 bytes_updated = max(bytes, t->io_bitmap_max);
88
89 t->io_bitmap_max = bytes;
90
91 /* Update the TSS: */
92 memcpy(tss->io_bitmap, t->io_bitmap_ptr, bytes_updated);
93
94 put_cpu();
95
96 return 0;
97}
98
99SYSCALL_DEFINE3(ioperm, unsigned long, from, unsigned long, num, int, turn_on)
100{
101 return ksys_ioperm(from, num, turn_on);
102}
103
104/*
105 * sys_iopl has to be used when you want to access the IO ports
106 * beyond the 0x3ff range: to get the full 65536 ports bitmapped
107 * you'd need 8kB of bitmaps/process, which is a bit excessive.
108 *
109 * Here we just change the flags value on the stack: we allow
110 * only the super-user to do it. This depends on the stack-layout
111 * on system-call entry - see also fork() and the signal handling
112 * code.
113 */
114SYSCALL_DEFINE1(iopl, unsigned int, level)
115{
116 struct pt_regs *regs = current_pt_regs();
117 struct thread_struct *t = &current->thread;
118
119 /*
120 * Careful: the IOPL bits in regs->flags are undefined under Xen PV
121 * and changing them has no effect.
122 */
123 unsigned int old = t->iopl >> X86_EFLAGS_IOPL_BIT;
124
125 if (level > 3)
126 return -EINVAL;
127 /* Trying to gain more privileges? */
128 if (level > old) {
129 if (!capable(CAP_SYS_RAWIO))
130 return -EPERM;
131 }
132 regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) |
133 (level << X86_EFLAGS_IOPL_BIT);
134 t->iopl = level << X86_EFLAGS_IOPL_BIT;
135 set_iopl_mask(t->iopl);
136
137 return 0;
138}
139