freebsd-nq/sys/amd64/include/trap.h
Bruce Evans 20415301cd Fix security holes in sigreturn(), ptrace() and procfs. sigreturn()
attempted to check for insecure and fatal eflags and segment
selectors, but missed many cases and got the IOPL check back to
front.  The other syscalls didn't check at all.

sys_process.c, machdep.c:
Only allow PT_WRITE_U to write to the registers (ordinary and FP).

psl.h, locore.s, machdep.c:
Eliminate PSL_MBZ, PSL_MBO and PSL_USERCLR.  We are not supposed
to assume anything about the reserved bits.  Use PSL_USERCHANGE
and PSL_KERNEL instead.  Rename PSL_USERSET to PSL_USER.

exception.s:
Define a private label for use by doreti when returning to user
mode fails.

machdep.c:
In syscalls, allow changing only the eflags that can be changed on
486's in user mode (no longer attempt to allow benign IOPL changes;
allow changing the nasty PSL_NT; don't allow changing the i586
bits).

Don't attempt to check all the cases involving invalid selectors
and %eip's.  Just check for privilege violations and let the invalid
things cause a trap.

procfs_machdep.c:
Call the ptrace register functions to do all the work for reading
and writing ordinary registers and for single stepping.

trap.c:
Ignore traps caused by PSL_NT being set.  Previously, users could
cause a fatal trap in user mode by setting PSL_NT and executing an
iret, and a fatal trap in kernel mode by setting PSL_NT and making
a syscall.  PSL_NT was cleared too late and not in enough modes to
fix the problem.

Make all traps in user mode (except T_NMI) nonfatal.

Recover from traps caused by attempting to load invalid user
registers in doreti by restarting the traps so that they appear to
occur in user mode.
---

Fix bogons that I noticed while fixing the above:

psl.h:
Fix some comments.

Uniformize idempotency ifdef.

exception.s, machdep.c:
Remove rsvd[0-14].  rsvd0 hasn't been reserved since the 486 came
out.  Replace rsvd0 by `align'.  rsvd[0-11] used wrong (magic
non-unique) trap numbers.  Replace rsvd[1-14] by rsvd.

locore.s:
Enable alignment check flag on 486's and 586's.

machdep.c:
Use a better type for kstack[].

Use TFREGP() to find the registers.

Reformat ptrace functions from SEF to something closer to KNF.

procfs_machdep.c:
The wrong pointer to the registers got fixed as a side effect.

Implement reading and writing of FP registers.

/proc/*/*regs now work (only) for processes that are in memory.

Clean up comments.

trap.c, trap.h:
Remove unused trap types.
1995-01-14 13:20:26 +00:00

97 lines
4.1 KiB
C

/*-
* Copyright (c) 1990 The Regents of the University of California.
* All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* William Jolitz.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* from: @(#)trap.h 5.4 (Berkeley) 5/9/91
* $Id: trap.h,v 1.3 1993/11/07 17:43:15 wollman Exp $
*/
#ifndef _MACHINE_TRAP_H_
#define _MACHINE_TRAP_H_
/*
* Trap type values
* also known in trap.c for name strings
*/
#define T_PRIVINFLT 1 /* privileged instruction */
#define T_BPTFLT 3 /* breakpoint instruction */
#define T_ARITHTRAP 6 /* arithmetic trap */
#define T_ASTFLT 7 /* system forced exception */
#define T_PROTFLT 9 /* protection fault */
#define T_TRCTRAP 10 /* debug exception (sic) */
#define T_PAGEFLT 12 /* page fault */
#define T_ALIGNFLT 14 /* alignment fault */
#define T_DIVIDE 18 /* integer divide fault */
#define T_NMI 19 /* non-maskable trap */
#define T_OFLOW 20 /* overflow trap */
#define T_BOUND 21 /* bound instruction fault */
#define T_DNA 22 /* device not available fault */
#define T_DOUBLEFLT 23 /* double fault */
#define T_FPOPFLT 24 /* fp coprocessor operand fetch fault */
#define T_TSSFLT 25 /* invalid tss fault */
#define T_SEGNPFLT 26 /* segment not present fault */
#define T_STKFLT 27 /* stack fault */
#define T_RESERVED 28 /* reserved (unknown) */
/* XXX most of the following codes aren't used, but could be. */
/* definitions for <sys/signal.h> */
#define ILL_RESAD_FAULT T_RESADFLT
#define ILL_PRIVIN_FAULT T_PRIVINFLT
#define ILL_RESOP_FAULT T_RESOPFLT
#define ILL_ALIGN_FAULT T_ALIGNFLT
#define ILL_FPOP_FAULT T_FPOPFLT /* coprocessor operand fault */
/* codes for SIGFPE/ARITHTRAP */
#define FPE_INTOVF_TRAP 0x1 /* integer overflow */
#define FPE_INTDIV_TRAP 0x2 /* integer divide by zero */
#define FPE_FLTDIV_TRAP 0x3 /* floating/decimal divide by zero */
#define FPE_FLTOVF_TRAP 0x4 /* floating overflow */
#define FPE_FLTUND_TRAP 0x5 /* floating underflow */
#define FPE_FPU_NP_TRAP 0x6 /* floating point unit not present */
#define FPE_SUBRNG_TRAP 0x7 /* subrange out of bounds */
/* codes for SIGBUS */
#define BUS_PAGE_FAULT T_PAGEFLT /* page fault protection base */
#define BUS_SEGNP_FAULT T_SEGNPFLT /* segment not present */
#define BUS_STK_FAULT T_STKFLT /* stack segment */
#define BUS_SEGM_FAULT T_RESERVED /* segment protection base */
/* Trap's coming from user mode */
#define T_USER 0x100
#endif /* !_MACHINE_TRAP_H_ */