linux/arch/x86/kernel/ioport_32.c

/*
 * This contains the io-permission bitmap code - written by obz, with changes
 * by Linus.
 */

#include <linux/sched.h>
#include <linux/kernel.h>
#include <linux/capability.h>
#include <linux/errno.h>
#include <linux/types.h>
#include <linux/ioport.h>
#include <linux/smp.h>
#include <linux/stddef.h>
#include <linux/slab.h>
#include <linux/thread_info.h>
#include <linux/syscalls.h>

/* Set EXTENT bits starting at BASE in BITMAP to value TURN_ON. */
static void set_bitmap(unsigned long *bitmap, unsigned int base,
		       unsigned int extent, int new_value)
{
	unsigned int i;

	for (i = base; i < base + extent; i++) {
		if (new_value)
			__set_bit(i, bitmap);
		else
			__clear_bit(i, bitmap);
	}
}

/*
 * this changes the io permissions bitmap in the current task.
 */
asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
{
	struct thread_struct * t = &current->thread;
	struct tss_struct * tss;
	unsigned long i, max_long;

	if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
		return -EINVAL;
	if (turn_on && !capable(CAP_SYS_RAWIO))
		return -EPERM;

	/*
	 * If it's the first ioperm() call in this thread's lifetime, set the
	 * IO bitmap up. ioperm() is much less timing critical than clone(),
	 * this is why we delay this operation until now:
	 */
	if (!t->io_bitmap_ptr) {
		unsigned long *bitmap = kmalloc(IO_BITMAP_BYTES, GFP_KERNEL);

		if (!bitmap)
			return -ENOMEM;

		memset(bitmap, 0xff, IO_BITMAP_BYTES);
		t->io_bitmap_ptr = bitmap;
		set_thread_flag(TIF_IO_BITMAP);
	}

	/*
	 * do it in the per-thread copy and in the TSS ...
	 *
	 * Disable preemption via get_cpu() - we must not switch away
	 * because the ->io_bitmap_max value must match the bitmap
	 * contents:
	 */
	tss = &per_cpu(init_tss, get_cpu());

	set_bitmap(t->io_bitmap_ptr, from, num, !turn_on);

	/*
	 * Search for a (possibly new) maximum. This is simple and stupid,
	 * to keep it obviously correct:
	 */
	max_long = 0;
	for (i = 0; i < IO_BITMAP_LONGS; i++)
		if (t->io_bitmap_ptr[i] != ~0UL)
			max_long = i;

	t->io_bitmap_max = (max_long + 1) * sizeof(unsigned long);

	/*
	 * Sets the lazy trigger so that the next I/O operation will
	 * reload the correct bitmap.
	 * Reset the owner so that a process switch will not set
	 * tss->io_bitmap_base to IO_BITMAP_OFFSET.
	 */
	tss->x86_tss.io_bitmap_base = INVALID_IO_BITMAP_OFFSET_LAZY;
	tss->io_bitmap_owner = NULL;

	put_cpu();

	return 0;
}

/*
 * sys_iopl has to be used when you want to access the IO ports
 * beyond the 0x3ff range: to get the full 65536 ports bitmapped
 * you'd need 8kB of bitmaps/process, which is a bit excessive.
 *
 * Here we just change the eflags value on the stack: we allow
 * only the super-user to do it. This depends on the stack-layout
 * on system-call entry - see also fork() and the signal handling
 * code.
 */

asmlinkage long sys_iopl(unsigned long regsp)
{
	volatile struct pt_regs *regs = (struct pt_regs *)&regsp;
	unsigned int level = regs->ebx;
	unsigned int old = (regs->eflags >> 12) & 3;
	struct thread_struct *t = &current->thread;

	if (level > 3)
		return -EINVAL;
	/* Trying to gain more privileges? */
	if (level > old) {
		if (!capable(CAP_SYS_RAWIO))
			return -EPERM;
	}

	t->iopl = level << 12;
	regs->eflags = (regs->eflags & ~X86_EFLAGS_IOPL) | t->iopl;
	set_iopl_mask(t->iopl);

	return 0;
}
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-17 02:20:36 +04:00			`/*`
			`* This contains the io-permission bitmap code - written by obz, with changes`
			`* by Linus.`
			`*/`

			`#include <linux/sched.h>`
			`#include <linux/kernel.h>`
[PATCH] capable/capability.h (arch/) arch: Use <linux/capability.h> where capable() is used. Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 2006-01-11 23:17:48 +03:00			`#include <linux/capability.h>`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-17 02:20:36 +04:00			`#include <linux/errno.h>`
			`#include <linux/types.h>`
			`#include <linux/ioport.h>`
			`#include <linux/smp.h>`
			`#include <linux/stddef.h>`
			`#include <linux/slab.h>`
			`#include <linux/thread_info.h>`
[PATCH] x86: sys_ioperm() prototype cleanup - there's no reason for duplicating the prototype from include/linux/syscalls.h in include/asm-x86_64/unistd.h - every file should #include the headers containing the prototypes for it's global functions Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Andi Kleen <ak@suse.de> 2007-05-02 21:27:10 +04:00			`#include <linux/syscalls.h>`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-17 02:20:36 +04:00
			`/* Set EXTENT bits starting at BASE in BITMAP to value TURN_ON. */`
x86: simplify set_bitmap in ioport_32.c Simplify set_bitmap(). This is not in a hotpath and we really can use the straight forward loop through those bits. A similar implementation is used in the 64 bit code as well. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu> 2008-01-30 15:30:23 +03:00			`static void set_bitmap(unsigned long *bitmap, unsigned int base,`
			`unsigned int extent, int new_value)`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-17 02:20:36 +04:00			`{`
x86: simplify set_bitmap in ioport_32.c Simplify set_bitmap(). This is not in a hotpath and we really can use the straight forward loop through those bits. A similar implementation is used in the 64 bit code as well. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu> 2008-01-30 15:30:23 +03:00			`unsigned int i;`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-17 02:20:36 +04:00
x86: simplify set_bitmap in ioport_32.c Simplify set_bitmap(). This is not in a hotpath and we really can use the straight forward loop through those bits. A similar implementation is used in the 64 bit code as well. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu> 2008-01-30 15:30:23 +03:00			`for (i = base; i < base + extent; i++) {`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-17 02:20:36 +04:00			`if (new_value)`
x86: simplify set_bitmap in ioport_32.c Simplify set_bitmap(). This is not in a hotpath and we really can use the straight forward loop through those bits. A similar implementation is used in the 64 bit code as well. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu> 2008-01-30 15:30:23 +03:00			`__set_bit(i, bitmap);`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-17 02:20:36 +04:00			`else`
x86: simplify set_bitmap in ioport_32.c Simplify set_bitmap(). This is not in a hotpath and we really can use the straight forward loop through those bits. A similar implementation is used in the 64 bit code as well. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu> 2008-01-30 15:30:23 +03:00			`__clear_bit(i, bitmap);`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-17 02:20:36 +04:00			`}`
			`}`

			`/*`
			`* this changes the io permissions bitmap in the current task.`
			`*/`
			`asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)`
			`{`
			`struct thread_struct * t = &current->thread;`
			`struct tss_struct * tss;`
x86: clean up ioport_32.c Remove unused variables, rename the "unused" argument to regp. It is used ! Codingstyle fixes. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu> 2008-01-30 15:30:24 +03:00			`unsigned long i, max_long;`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-17 02:20:36 +04:00
			`if ((from + num <= from) \|\| (from + num > IO_BITMAP_BITS))`
			`return -EINVAL;`
			`if (turn_on && !capable(CAP_SYS_RAWIO))`
			`return -EPERM;`

			`/*`
			`* If it's the first ioperm() call in this thread's lifetime, set the`
			`* IO bitmap up. ioperm() is much less timing critical than clone(),`
			`* this is why we delay this operation until now:`
			`*/`
			`if (!t->io_bitmap_ptr) {`
x86: clean up ioport_32.c Remove unused variables, rename the "unused" argument to regp. It is used ! Codingstyle fixes. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu> 2008-01-30 15:30:24 +03:00			`unsigned long *bitmap = kmalloc(IO_BITMAP_BYTES, GFP_KERNEL);`

Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-17 02:20:36 +04:00			`if (!bitmap)`
			`return -ENOMEM;`

			`memset(bitmap, 0xff, IO_BITMAP_BYTES);`
			`t->io_bitmap_ptr = bitmap;`
[PATCH] i386: use thread_info flags for debug regs and IO bitmaps Use thread info flags to track use of debug registers and IO bitmaps. - add TIF_DEBUG to track when debug registers are active - add TIF_IO_BITMAP to track when I/O bitmap is used - modify __switch_to() to use the new TIF flags Performance tested on Pentium II, ten runs of LMbench context switch benchmark (smaller is better:) before after avg 3.65 3.39 min 3.55 3.33 Signed-off-by: Stephane Eranian <eranian@hpl.hp.com> Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com> Acked-by: Andi Kleen <ak@suse.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 2006-07-10 05:12:39 +04:00			`set_thread_flag(TIF_IO_BITMAP);`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-17 02:20:36 +04:00			`}`

			`/*`
			`* do it in the per-thread copy and in the TSS ...`
			`*`
			`* Disable preemption via get_cpu() - we must not switch away`
			`* because the ->io_bitmap_max value must match the bitmap`
			`* contents:`
			`*/`
			`tss = &per_cpu(init_tss, get_cpu());`

			`set_bitmap(t->io_bitmap_ptr, from, num, !turn_on);`

			`/*`
			`* Search for a (possibly new) maximum. This is simple and stupid,`
			`* to keep it obviously correct:`
			`*/`
			`max_long = 0;`
			`for (i = 0; i < IO_BITMAP_LONGS; i++)`
			`if (t->io_bitmap_ptr[i] != ~0UL)`
			`max_long = i;`

x86: clean up ioport_32.c Remove unused variables, rename the "unused" argument to regp. It is used ! Codingstyle fixes. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu> 2008-01-30 15:30:24 +03:00			`t->io_bitmap_max = (max_long + 1) * sizeof(unsigned long);`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-17 02:20:36 +04:00
			`/*`
			`* Sets the lazy trigger so that the next I/O operation will`
			`* reload the correct bitmap.`
[PATCH] reset tss->io_bitmap_owner in sys_ioperm() my patch "x86: initialise tss->io_bitmap_owner to something" (commit ID d5cd4aadd3d220afac8e3e6d922e333592551f7d) introduced a problem with a program (DOSEMU) that called ioperm after already doing some port i/o. The problem is that a process switch return causes tss->io_bitmap_base to be set to IO_BITMAP_OFFSET so that the fault (that really sets the io bitmap) never triggers. This fixes that regression. Signed-off-by: Bart Oldeman <bartoldeman@users.sourceforge.net> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 2005-11-06 02:54:07 +03:00			`* Reset the owner so that a process switch will not set`
			`* tss->io_bitmap_base to IO_BITMAP_OFFSET.`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-17 02:20:36 +04:00			`*/`
[PATCH] i386: i386 separate hardware-defined TSS from Linux additions On Thu, 2007-03-29 at 13:16 +0200, Andi Kleen wrote: > Please clean it up properly with two structs. Not sure about this, now I've done it. Running it here. If you like it, I can do x86-64 as well. == lguest defines its own TSS struct because the "struct tss_struct" contains linux-specific additions. Andi asked me to split the struct in processor.h. Unfortunately it makes usage a little awkward. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Andi Kleen <ak@suse.de> 2007-05-02 21:27:13 +04:00			`tss->x86_tss.io_bitmap_base = INVALID_IO_BITMAP_OFFSET_LAZY;`
[PATCH] reset tss->io_bitmap_owner in sys_ioperm() my patch "x86: initialise tss->io_bitmap_owner to something" (commit ID d5cd4aadd3d220afac8e3e6d922e333592551f7d) introduced a problem with a program (DOSEMU) that called ioperm after already doing some port i/o. The problem is that a process switch return causes tss->io_bitmap_base to be set to IO_BITMAP_OFFSET so that the fault (that really sets the io bitmap) never triggers. This fixes that regression. Signed-off-by: Bart Oldeman <bartoldeman@users.sourceforge.net> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 2005-11-06 02:54:07 +03:00			`tss->io_bitmap_owner = NULL;`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-17 02:20:36 +04:00
			`put_cpu();`

			`return 0;`
			`}`

			`/*`
			`* sys_iopl has to be used when you want to access the IO ports`
			`* beyond the 0x3ff range: to get the full 65536 ports bitmapped`
			`* you'd need 8kB of bitmaps/process, which is a bit excessive.`
			`*`
			`* Here we just change the eflags value on the stack: we allow`
			`* only the super-user to do it. This depends on the stack-layout`
			`* on system-call entry - see also fork() and the signal handling`
			`* code.`
			`*/`

x86: clean up ioport_32.c Remove unused variables, rename the "unused" argument to regp. It is used ! Codingstyle fixes. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu> 2008-01-30 15:30:24 +03:00			`asmlinkage long sys_iopl(unsigned long regsp)`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-17 02:20:36 +04:00			`{`
x86: clean up ioport_32.c Remove unused variables, rename the "unused" argument to regp. It is used ! Codingstyle fixes. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu> 2008-01-30 15:30:24 +03:00			`volatile struct pt_regs regs = (struct pt_regs )&regsp;`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-17 02:20:36 +04:00			`unsigned int level = regs->ebx;`
			`unsigned int old = (regs->eflags >> 12) & 3;`
[PATCH] x86: make IOPL explicit The pushf/popf in switch_to are ONLY used to switch IOPL. Making this explicit in C code is more clear. This pushf/popf pair was added as a bugfix for leaking IOPL to unprivileged processes when using sysenter/sysexit based system calls (sysexit does not restore flags). When requesting an IOPL change in sys_iopl(), it is just as easy to change the current flags and the flags in the stack image (in case an IRET is required), but there is no reason to force an IRET if we came in from the SYSENTER path. This change is the minimal solution for supporting a paravirtualized Linux kernel that allows user processes to run with I/O privilege. Other solutions require radical rewrites of part of the low level fault / system call handling code, or do not fully support sysenter based system calls. Unfortunately, this added one field to the thread_struct. But as a bonus, on P4, the fastest time measured for switch_to() went from 312 to 260 cycles, a win of about 17% in the fast case through this performance critical path. Signed-off-by: Zachary Amsden <zach@vmware.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 2005-09-04 02:56:44 +04:00			`struct thread_struct *t = &current->thread;`
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-17 02:20:36 +04:00
			`if (level > 3)`
			`return -EINVAL;`
			`/* Trying to gain more privileges? */`
			`if (level > old) {`
			`if (!capable(CAP_SYS_RAWIO))`
			`return -EPERM;`
			`}`
x86: clean up ioport_32.c Remove unused variables, rename the "unused" argument to regp. It is used ! Codingstyle fixes. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu> 2008-01-30 15:30:24 +03:00
[PATCH] x86: make IOPL explicit The pushf/popf in switch_to are ONLY used to switch IOPL. Making this explicit in C code is more clear. This pushf/popf pair was added as a bugfix for leaking IOPL to unprivileged processes when using sysenter/sysexit based system calls (sysexit does not restore flags). When requesting an IOPL change in sys_iopl(), it is just as easy to change the current flags and the flags in the stack image (in case an IRET is required), but there is no reason to force an IRET if we came in from the SYSENTER path. This change is the minimal solution for supporting a paravirtualized Linux kernel that allows user processes to run with I/O privilege. Other solutions require radical rewrites of part of the low level fault / system call handling code, or do not fully support sysenter based system calls. Unfortunately, this added one field to the thread_struct. But as a bonus, on P4, the fastest time measured for switch_to() went from 312 to 260 cycles, a win of about 17% in the fast case through this performance critical path. Signed-off-by: Zachary Amsden <zach@vmware.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 2005-09-04 02:56:44 +04:00			`t->iopl = level << 12;`
			`regs->eflags = (regs->eflags & ~X86_EFLAGS_IOPL) \| t->iopl;`
			`set_iopl_mask(t->iopl);`
x86: clean up ioport_32.c Remove unused variables, rename the "unused" argument to regp. It is used ! Codingstyle fixes. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu> 2008-01-30 15:30:24 +03:00
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip! 2005-04-17 02:20:36 +04:00			`return 0;`
			`}`