/*===========================================================================* * do_privctl * *===========================================================================*/ PUBLIC int do_privctl(struct proc * caller, message * m_ptr) { /* Handle sys_privctl(). Update a process' privileges. If the process is not * yet a system process, make sure it gets its own privilege structure. */ struct proc *rp; proc_nr_t proc_nr; sys_id_t priv_id; int ipc_to_m, kcalls; int i, r; struct io_range io_range; struct mem_range mem_range; struct priv priv; int irq; /* Check whether caller is allowed to make this call. Privileged proceses * can only update the privileges of processes that are inhibited from * running by the RTS_NO_PRIV flag. This flag is set when a privileged process * forks. */ if (! (priv(caller)->s_flags & SYS_PROC)) return(EPERM); if(m_ptr->CTL_ENDPT == SELF) proc_nr = _ENDPOINT_P(caller->p_endpoint); else if(!isokendpt(m_ptr->CTL_ENDPT, &proc_nr)) return(EINVAL); rp = proc_addr(proc_nr); switch(m_ptr->CTL_REQUEST) { case SYS_PRIV_ALLOW: /* Allow process to run. Make sure its privilege structure has already * been set. */ if (!RTS_ISSET(rp, RTS_NO_PRIV) || priv(rp)->s_proc_nr == NONE) { return(EPERM); } RTS_UNSET(rp, RTS_NO_PRIV); return(OK); case SYS_PRIV_YIELD: /* Allow process to run and suspend the caller. */ if (!RTS_ISSET(rp, RTS_NO_PRIV) || priv(rp)->s_proc_nr == NONE) { return(EPERM); } RTS_SET(caller, RTS_NO_PRIV); RTS_UNSET(rp, RTS_NO_PRIV); return(OK); case SYS_PRIV_DISALLOW: /* Disallow process from running. */ if (RTS_ISSET(rp, RTS_NO_PRIV)) return(EPERM); RTS_SET(rp, RTS_NO_PRIV); return(OK); case SYS_PRIV_SET_SYS: /* Set a privilege structure of a blocked system process. */ if (! RTS_ISSET(rp, RTS_NO_PRIV)) return(EPERM); /* Check whether a static or dynamic privilege id must be allocated. */ priv_id = NULL_PRIV_ID; if (m_ptr->CTL_ARG_PTR) { /* Copy privilege structure from caller */ if((r=data_copy(caller->p_endpoint, (vir_bytes) m_ptr->CTL_ARG_PTR, KERNEL, (vir_bytes) &priv, sizeof(priv))) != OK) return r; /* See if the caller wants to assign a static privilege id. */ if(!(priv.s_flags & DYN_PRIV_ID)) { priv_id = priv.s_id; } } /* Make sure this process has its own privileges structure. This may * fail, since there are only a limited number of system processes. * Then copy privileges from the caller and restore some defaults. */ if ((i=get_priv(rp, priv_id)) != OK) { printf("do_privctl: unable to allocate priv_id %d: %d\n", priv_id, i); return(i); } priv_id = priv(rp)->s_id; /* backup privilege id */ *priv(rp) = *priv(caller); /* copy from caller */ priv(rp)->s_id = priv_id; /* restore privilege id */ priv(rp)->s_proc_nr = proc_nr; /* reassociate process nr */ for (i=0; i< NR_SYS_CHUNKS; i++) /* remove pending: */ priv(rp)->s_notify_pending.chunk[i] = 0; /* - notifications */ priv(rp)->s_int_pending = 0; /* - interrupts */ (void) sigemptyset(&priv(rp)->s_sig_pending); /* - signals */ reset_timer(&priv(rp)->s_alarm_timer); /* - alarm */ priv(rp)->s_asyntab= -1; /* - asynsends */ priv(rp)->s_asynsize= 0; /* Set defaults for privilege bitmaps. */ priv(rp)->s_flags= DSRV_F; /* privilege flags */ priv(rp)->s_trap_mask= DSRV_T; /* allowed traps */ ipc_to_m = DSRV_M; /* allowed targets */ fill_sendto_mask(rp, ipc_to_m); kcalls = DSRV_KC; /* allowed kernel calls */ for(i = 0; i < SYS_CALL_MASK_SIZE; i++) { priv(rp)->s_k_call_mask[i] = (kcalls == NO_C ? 0 : (~0)); } /* Set the default signal managers. */ priv(rp)->s_sig_mgr = DSRV_SM; priv(rp)->s_bak_sig_mgr = NONE; /* Set defaults for resources: no I/O resources, no memory resources, * no IRQs, no grant table */ priv(rp)->s_nr_io_range= 0; priv(rp)->s_nr_mem_range= 0; priv(rp)->s_nr_irq= 0; priv(rp)->s_grant_table= 0; priv(rp)->s_grant_entries= 0; /* Override defaults if the caller has supplied a privilege structure. */ if (m_ptr->CTL_ARG_PTR) { if((r = update_priv(rp, &priv)) != OK) { return r; } } return(OK); case SYS_PRIV_SET_USER: /* Set a privilege structure of a blocked user process. */ if (!RTS_ISSET(rp, RTS_NO_PRIV)) return(EPERM); /* Link the process to the privilege structure of the root user * process all the user processes share. */ priv(rp) = priv_addr(USER_PRIV_ID); return(OK); case SYS_PRIV_ADD_IO: if (RTS_ISSET(rp, RTS_NO_PRIV)) return(EPERM); /* Only system processes get I/O resources? */ if (!(priv(rp)->s_flags & SYS_PROC)) return EPERM; #if 0 /* XXX -- do we need a call for this? */ if (strcmp(rp->p_name, "fxp") == 0 || strcmp(rp->p_name, "rtl8139") == 0) { printf("setting ipc_stats_target to %d\n", rp->p_endpoint); ipc_stats_target= rp->p_endpoint; } #endif /* Get the I/O range */ data_copy(caller->p_endpoint, (vir_bytes) m_ptr->CTL_ARG_PTR, KERNEL, (vir_bytes) &io_range, sizeof(io_range)); priv(rp)->s_flags |= CHECK_IO_PORT; /* Check I/O accesses */ i= priv(rp)->s_nr_io_range; if (i >= NR_IO_RANGE) { printf("do_privctl: %d already has %d i/o ranges.\n", rp->p_endpoint, i); return ENOMEM; } priv(rp)->s_io_tab[i].ior_base= io_range.ior_base; priv(rp)->s_io_tab[i].ior_limit= io_range.ior_limit; priv(rp)->s_nr_io_range++; return OK; case SYS_PRIV_ADD_MEM: if (RTS_ISSET(rp, RTS_NO_PRIV)) return(EPERM); /* Only system processes get memory resources? */ if (!(priv(rp)->s_flags & SYS_PROC)) return EPERM; /* Get the memory range */ if((r=data_copy(caller->p_endpoint, (vir_bytes) m_ptr->CTL_ARG_PTR, KERNEL, (vir_bytes) &mem_range, sizeof(mem_range))) != OK) return r; priv(rp)->s_flags |= CHECK_MEM; /* Check memory mappings */ i= priv(rp)->s_nr_mem_range; if (i >= NR_MEM_RANGE) { printf("do_privctl: %d already has %d mem ranges.\n", rp->p_endpoint, i); return ENOMEM; } priv(rp)->s_mem_tab[i].mr_base= mem_range.mr_base; priv(rp)->s_mem_tab[i].mr_limit= mem_range.mr_limit; priv(rp)->s_nr_mem_range++; return OK; case SYS_PRIV_ADD_IRQ: if (RTS_ISSET(rp, RTS_NO_PRIV)) return(EPERM); /* Only system processes get IRQs? */ if (!(priv(rp)->s_flags & SYS_PROC)) return EPERM; data_copy(caller->p_endpoint, (vir_bytes) m_ptr->CTL_ARG_PTR, KERNEL, (vir_bytes) &irq, sizeof(irq)); priv(rp)->s_flags |= CHECK_IRQ; /* Check IRQs */ i= priv(rp)->s_nr_irq; if (i >= NR_IRQ) { printf("do_privctl: %d already has %d irq's.\n", rp->p_endpoint, i); return ENOMEM; } priv(rp)->s_irq_tab[i]= irq; priv(rp)->s_nr_irq++; return OK; case SYS_PRIV_QUERY_MEM: { phys_bytes addr, limit; struct priv *sp; /* See if a certain process is allowed to map in certain physical * memory. */ addr = (phys_bytes) m_ptr->CTL_PHYSSTART; limit = addr + (phys_bytes) m_ptr->CTL_PHYSLEN - 1; if(limit < addr) return EPERM; if(!(sp = priv(rp))) return EPERM; if (!(sp->s_flags & SYS_PROC)) return EPERM; for(i = 0; i < sp->s_nr_mem_range; i++) { if(addr >= sp->s_mem_tab[i].mr_base && limit <= sp->s_mem_tab[i].mr_limit) return OK; } return EPERM; } case SYS_PRIV_UPDATE_SYS: /* Update the privilege structure of a system process. */ if(!m_ptr->CTL_ARG_PTR) return EINVAL; /* Copy privilege structure from caller */ if((r=data_copy(caller->p_endpoint, (vir_bytes) m_ptr->CTL_ARG_PTR, KERNEL, (vir_bytes) &priv, sizeof(priv))) != OK) return r; /* Override settings in existing privilege structure. */ if((r = update_priv(rp, &priv)) != OK) { return r; } return(OK); default: printf("do_privctl: bad request %d\n", m_ptr->CTL_REQUEST); return EINVAL; } }
/*===========================================================================* * do_fork * *===========================================================================*/ int do_fork(struct proc * caller, message * m_ptr) { /* Handle sys_fork(). * m_lsys_krn_sys_fork.endpt has forked. * The child is m_lsys_krn_sys_fork.slot. */ #if defined(__i386__) char *old_fpu_save_area_p; #endif register struct proc *rpc; /* child process pointer */ struct proc *rpp; /* parent process pointer */ int gen; int p_proc; int namelen; if(!isokendpt(m_ptr->m_lsys_krn_sys_fork.endpt, &p_proc)) return EINVAL; rpp = proc_addr(p_proc); rpc = proc_addr(m_ptr->m_lsys_krn_sys_fork.slot); if (isemptyp(rpp) || ! isemptyp(rpc)) return(EINVAL); assert(!(rpp->p_misc_flags & MF_DELIVERMSG)); /* needs to be receiving so we know where the message buffer is */ if(!RTS_ISSET(rpp, RTS_RECEIVING)) { printf("kernel: fork not done synchronously?\n"); return EINVAL; } /* make sure that the FPU context is saved in parent before copy */ save_fpu(rpp); /* Copy parent 'proc' struct to child. And reinitialize some fields. */ gen = _ENDPOINT_G(rpc->p_endpoint); #if defined(__i386__) old_fpu_save_area_p = rpc->p_seg.fpu_state; #endif *rpc = *rpp; /* copy 'proc' struct */ #if defined(__i386__) rpc->p_seg.fpu_state = old_fpu_save_area_p; if(proc_used_fpu(rpp)) memcpy(rpc->p_seg.fpu_state, rpp->p_seg.fpu_state, FPU_XFP_SIZE); #endif if(++gen >= _ENDPOINT_MAX_GENERATION) /* increase generation */ gen = 1; /* generation number wraparound */ rpc->p_nr = m_ptr->m_lsys_krn_sys_fork.slot; /* this was obliterated by copy */ rpc->p_endpoint = _ENDPOINT(gen, rpc->p_nr); /* new endpoint of slot */ rpc->p_reg.retreg = 0; /* child sees pid = 0 to know it is child */ rpc->p_user_time = 0; /* set all the accounting times to 0 */ rpc->p_sys_time = 0; rpc->p_misc_flags &= ~(MF_VIRT_TIMER | MF_PROF_TIMER | MF_SC_TRACE | MF_SPROF_SEEN | MF_STEP); rpc->p_virt_left = 0; /* disable, clear the process-virtual timers */ rpc->p_prof_left = 0; /* Mark process name as being a forked copy */ namelen = strlen(rpc->p_name); #define FORKSTR "*F" if(namelen+strlen(FORKSTR) < sizeof(rpc->p_name)) strcat(rpc->p_name, FORKSTR); /* the child process is not runnable until it's scheduled. */ RTS_SET(rpc, RTS_NO_QUANTUM); reset_proc_accounting(rpc); rpc->p_cpu_time_left = 0; rpc->p_cycles = 0; rpc->p_kcall_cycles = 0; rpc->p_kipc_cycles = 0; rpc->p_signal_received = 0; /* If the parent is a privileged process, take away the privileges from the * child process and inhibit it from running by setting the NO_PRIV flag. * The caller should explicitly set the new privileges before executing. */ if (priv(rpp)->s_flags & SYS_PROC) { rpc->p_priv = priv_addr(USER_PRIV_ID); rpc->p_rts_flags |= RTS_NO_PRIV; } /* Calculate endpoint identifier, so caller knows what it is. */ m_ptr->m_krn_lsys_sys_fork.endpt = rpc->p_endpoint; m_ptr->m_krn_lsys_sys_fork.msgaddr = rpp->p_delivermsg_vir; /* Don't schedule process in VM mode until it has a new pagetable. */ if(m_ptr->m_lsys_krn_sys_fork.flags & PFF_VMINHIBIT) { RTS_SET(rpc, RTS_VMINHIBIT); } /* * Only one in group should have RTS_SIGNALED, child doesn't inherit tracing. */ RTS_UNSET(rpc, (RTS_SIGNALED | RTS_SIG_PENDING | RTS_P_STOP)); (void) sigemptyset(&rpc->p_pending); #if defined(__i386__) rpc->p_seg.p_cr3 = 0; rpc->p_seg.p_cr3_v = NULL; #elif defined(__arm__) rpc->p_seg.p_ttbr = 0; rpc->p_seg.p_ttbr_v = NULL; #endif return OK; }
/*===========================================================================* * do_getinfo * *===========================================================================*/ int do_getinfo(struct proc * caller, message * m_ptr) { /* Request system information to be copied to caller's address space. This * call simply copies entire data structures to the caller. */ size_t length; vir_bytes src_vir; int nr_e, nr, r; int wipe_rnd_bin = -1; struct proc *p; /* Set source address and length based on request type. */ switch (m_ptr->I_REQUEST) { case GET_MACHINE: { length = sizeof(struct machine); src_vir = (vir_bytes) &machine; break; } case GET_KINFO: { length = sizeof(struct kinfo); src_vir = (vir_bytes) &kinfo; break; } case GET_LOADINFO: { length = sizeof(struct loadinfo); src_vir = (vir_bytes) &kloadinfo; break; } case GET_CPUINFO: { length = sizeof(cpu_info); src_vir = (vir_bytes) &cpu_info; break; } case GET_HZ: { length = sizeof(system_hz); src_vir = (vir_bytes) &system_hz; break; } case GET_IMAGE: { length = sizeof(struct boot_image) * NR_BOOT_PROCS; src_vir = (vir_bytes) image; break; } case GET_IRQHOOKS: { length = sizeof(struct irq_hook) * NR_IRQ_HOOKS; src_vir = (vir_bytes) irq_hooks; break; } case GET_PROCTAB: { update_idle_time(); length = sizeof(struct proc) * (NR_PROCS + NR_TASKS); src_vir = (vir_bytes) proc; break; } case GET_PRIVTAB: { length = sizeof(struct priv) * (NR_SYS_PROCS); src_vir = (vir_bytes) priv; break; } case GET_PROC: { nr_e = (m_ptr->I_VAL_LEN2_E == SELF) ? caller->p_endpoint : m_ptr->I_VAL_LEN2_E; if(!isokendpt(nr_e, &nr)) return EINVAL; /* validate request */ length = sizeof(struct proc); src_vir = (vir_bytes) proc_addr(nr); break; } case GET_PRIV: { nr_e = (m_ptr->I_VAL_LEN2_E == SELF) ? caller->p_endpoint : m_ptr->I_VAL_LEN2_E; if(!isokendpt(nr_e, &nr)) return EINVAL; /* validate request */ length = sizeof(struct priv); src_vir = (vir_bytes) priv_addr(nr_to_id(nr)); break; } case GET_REGS: { nr_e = (m_ptr->I_VAL_LEN2_E == SELF) ? caller->p_endpoint : m_ptr->I_VAL_LEN2_E; if(!isokendpt(nr_e, &nr)) return EINVAL; /* validate request */ p = proc_addr(nr); length = sizeof(p->p_reg); src_vir = (vir_bytes) &p->p_reg; break; } case GET_WHOAMI: { int len; /* GET_WHOAMI uses m3 and only uses the message contents for info. */ m_ptr->GIWHO_EP = caller->p_endpoint; len = MIN(sizeof(m_ptr->GIWHO_NAME), sizeof(caller->p_name))-1; strncpy(m_ptr->GIWHO_NAME, caller->p_name, len); m_ptr->GIWHO_NAME[len] = '\0'; m_ptr->GIWHO_PRIVFLAGS = priv(caller)->s_flags; return OK; } case GET_MONPARAMS: { src_vir = (vir_bytes) params_buffer; length = sizeof(params_buffer); break; } case GET_RANDOMNESS: { static struct k_randomness copy; /* copy to keep counters */ int i; copy = krandom; for (i= 0; i<RANDOM_SOURCES; i++) { krandom.bin[i].r_size = 0; /* invalidate random data */ krandom.bin[i].r_next = 0; } length = sizeof(copy); src_vir = (vir_bytes) © break; } case GET_RANDOMNESS_BIN: { int bin = m_ptr->I_VAL_LEN2_E; if(bin < 0 || bin >= RANDOM_SOURCES) { printf("SYSTEM: GET_RANDOMNESS_BIN: %d out of range\n", bin); return EINVAL; } if(krandom.bin[bin].r_size < RANDOM_ELEMENTS) return ENOENT; length = sizeof(krandom.bin[bin]); src_vir = (vir_bytes) &krandom.bin[bin]; wipe_rnd_bin = bin; break; } case GET_KMESSAGES: { length = sizeof(struct kmessages); src_vir = (vir_bytes) &kmess; break; } case GET_IRQACTIDS: { length = sizeof(irq_actids); src_vir = (vir_bytes) irq_actids; break; } case GET_IDLETSC: { struct proc * idl; update_idle_time(); idl = proc_addr(IDLE); length = sizeof(idl->p_cycles); src_vir = (vir_bytes) &idl->p_cycles; break; } default: printf("do_getinfo: invalid request %d\n", m_ptr->I_REQUEST); return(EINVAL); } /* Try to make the actual copy for the requested data. */ if (m_ptr->I_VAL_LEN > 0 && length > m_ptr->I_VAL_LEN) return (E2BIG); r = data_copy_vmcheck(caller, KERNEL, src_vir, caller->p_endpoint, (vir_bytes) m_ptr->I_VAL_PTR, length); if(r != OK) return r; if(wipe_rnd_bin >= 0 && wipe_rnd_bin < RANDOM_SOURCES) { krandom.bin[wipe_rnd_bin].r_size = 0; krandom.bin[wipe_rnd_bin].r_next = 0; } return(OK); }