1 /*- 2 * Copyright (c) 1988 University of Utah. 3 * Copyright (c) 1982, 1986, 1990 The Regents of the University of California. 4 * All rights reserved. 5 * 6 * This code is derived from software contributed to Berkeley by 7 * the Systems Programming Group of the University of Utah Computer 8 * Science Department, and code derived from software contributed to 9 * Berkeley by William Jolitz. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. All advertising materials mentioning features or use of this software 20 * must display the following acknowledgement: 21 * This product includes software developed by the University of 22 * California, Berkeley and its contributors. 23 * 4. Neither the name of the University nor the names of its contributors 24 * may be used to endorse or promote products derived from this software 25 * without specific prior written permission. 26 * 27 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 30 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * 39 * from: Utah $Hdr: mem.c 1.13 89/10/08$ 40 * from: @(#)mem.c 7.2 (Berkeley) 5/9/91 41 * $FreeBSD: src/sys/i386/i386/mem.c,v 1.79.2.9 2003/01/04 22:58:01 njl Exp $ 42 * $DragonFly: src/sys/kern/kern_memio.c,v 1.17 2006/07/28 02:17:39 dillon Exp $ 43 */ 44 45 /* 46 * Memory special file 47 */ 48 49 #include <sys/param.h> 50 #include <sys/systm.h> 51 #include <sys/buf.h> 52 #include <sys/conf.h> 53 #include <sys/fcntl.h> 54 #include <sys/filio.h> 55 #include <sys/ioccom.h> 56 #include <sys/kernel.h> 57 #include <sys/malloc.h> 58 #include <sys/memrange.h> 59 #include <sys/proc.h> 60 #include <sys/random.h> 61 #include <sys/signalvar.h> 62 #include <sys/uio.h> 63 #include <sys/vnode.h> 64 65 #include <machine/frame.h> 66 #include <machine/psl.h> 67 #include <machine/specialreg.h> 68 #include <i386/isa/intr_machdep.h> 69 70 #include <vm/vm.h> 71 #include <vm/pmap.h> 72 #include <vm/vm_extern.h> 73 74 75 static d_open_t mmopen; 76 static d_close_t mmclose; 77 static d_read_t mmread; 78 static d_write_t mmwrite; 79 static d_ioctl_t mmioctl; 80 static d_mmap_t memmmap; 81 static d_poll_t mmpoll; 82 83 #define CDEV_MAJOR 2 84 static struct dev_ops mem_ops = { 85 { "mem", CDEV_MAJOR, D_MEM }, 86 .d_open = mmopen, 87 .d_close = mmclose, 88 .d_read = mmread, 89 .d_write = mmwrite, 90 .d_ioctl = mmioctl, 91 .d_poll = mmpoll, 92 .d_mmap = memmmap, 93 }; 94 95 static int rand_bolt; 96 static caddr_t zbuf; 97 98 MALLOC_DEFINE(M_MEMDESC, "memdesc", "memory range descriptors"); 99 static int mem_ioctl (dev_t, u_long, caddr_t, int, struct ucred *); 100 static int random_ioctl (dev_t, u_long, caddr_t, int, struct ucred *); 101 102 struct mem_range_softc mem_range_softc; 103 104 105 static int 106 mmopen(struct dev_open_args *ap) 107 { 108 dev_t dev = ap->a_head.a_dev; 109 int error; 110 111 switch (minor(dev)) { 112 case 0: 113 case 1: 114 if ((ap->a_oflags & FWRITE) && securelevel > 0) 115 return (EPERM); 116 break; 117 case 14: 118 error = suser_cred(ap->a_cred, 0); 119 if (error != 0) 120 return (error); 121 if (securelevel > 0) 122 return (EPERM); 123 curproc->p_md.md_regs->tf_eflags |= PSL_IOPL; 124 break; 125 default: 126 break; 127 } 128 return (0); 129 } 130 131 static int 132 mmclose(struct dev_close_args *ap) 133 { 134 dev_t dev = ap->a_head.a_dev; 135 136 switch (minor(dev)) { 137 case 14: 138 curproc->p_md.md_regs->tf_eflags &= ~PSL_IOPL; 139 break; 140 default: 141 break; 142 } 143 return (0); 144 } 145 146 147 static int 148 mmrw(dev_t dev, struct uio *uio, int flags) 149 { 150 int o; 151 u_int c, v; 152 u_int poolsize; 153 struct iovec *iov; 154 int error = 0; 155 caddr_t buf = NULL; 156 157 while (uio->uio_resid > 0 && error == 0) { 158 iov = uio->uio_iov; 159 if (iov->iov_len == 0) { 160 uio->uio_iov++; 161 uio->uio_iovcnt--; 162 if (uio->uio_iovcnt < 0) 163 panic("mmrw"); 164 continue; 165 } 166 switch (minor(dev)) { 167 case 0: 168 /* 169 * minor device 0 is physical memory, /dev/mem 170 */ 171 v = uio->uio_offset; 172 v &= ~PAGE_MASK; 173 pmap_kenter((vm_offset_t)ptvmmap, v); 174 o = (int)uio->uio_offset & PAGE_MASK; 175 c = (u_int)(PAGE_SIZE - ((int)iov->iov_base & PAGE_MASK)); 176 c = min(c, (u_int)(PAGE_SIZE - o)); 177 c = min(c, (u_int)iov->iov_len); 178 error = uiomove((caddr_t)&ptvmmap[o], (int)c, uio); 179 pmap_kremove((vm_offset_t)ptvmmap); 180 continue; 181 182 case 1: { 183 /* 184 * minor device 1 is kernel memory, /dev/kmem 185 */ 186 vm_offset_t addr, eaddr; 187 c = iov->iov_len; 188 189 /* 190 * Make sure that all of the pages are currently 191 * resident so that we don't create any zero-fill 192 * pages. 193 */ 194 addr = trunc_page(uio->uio_offset); 195 eaddr = round_page(uio->uio_offset + c); 196 197 if (addr < (vm_offset_t)VADDR(PTDPTDI, 0)) 198 return EFAULT; 199 if (eaddr >= (vm_offset_t)VADDR(APTDPTDI, 0)) 200 return EFAULT; 201 for (; addr < eaddr; addr += PAGE_SIZE) 202 if (pmap_extract(kernel_pmap, addr) == 0) 203 return EFAULT; 204 205 if (!kernacc((caddr_t)(int)uio->uio_offset, c, 206 uio->uio_rw == UIO_READ ? 207 VM_PROT_READ : VM_PROT_WRITE)) 208 return (EFAULT); 209 error = uiomove((caddr_t)(int)uio->uio_offset, (int)c, uio); 210 continue; 211 } 212 case 2: 213 /* 214 * minor device 2 is EOF/RATHOLE 215 */ 216 if (uio->uio_rw == UIO_READ) 217 return (0); 218 c = iov->iov_len; 219 break; 220 case 3: 221 /* 222 * minor device 3 (/dev/random) is source of filth 223 * on read, seeder on write 224 */ 225 if (buf == NULL) 226 buf = malloc(PAGE_SIZE, M_TEMP, M_WAITOK); 227 c = min(iov->iov_len, PAGE_SIZE); 228 if (uio->uio_rw == UIO_WRITE) { 229 error = uiomove(buf, (int)c, uio); 230 if (error == 0) 231 error = add_buffer_randomness(buf, c); 232 } else { 233 poolsize = read_random(buf, c); 234 if (poolsize == 0) { 235 if (buf) 236 free(buf, M_TEMP); 237 if ((flags & IO_NDELAY) != 0) 238 return (EWOULDBLOCK); 239 return (0); 240 } 241 c = min(c, poolsize); 242 error = uiomove(buf, (int)c, uio); 243 } 244 continue; 245 case 4: 246 /* 247 * minor device 4 (/dev/urandom) is source of muck 248 * on read, writes are disallowed. 249 */ 250 c = min(iov->iov_len, PAGE_SIZE); 251 if (uio->uio_rw == UIO_WRITE) { 252 error = EPERM; 253 break; 254 } 255 if (CURSIG(curproc) != 0) { 256 /* 257 * Use tsleep() to get the error code right. 258 * It should return immediately. 259 */ 260 error = tsleep(&rand_bolt, PCATCH, "urand", 1); 261 if (error != 0 && error != EWOULDBLOCK) 262 continue; 263 } 264 if (buf == NULL) 265 buf = malloc(PAGE_SIZE, M_TEMP, M_WAITOK); 266 poolsize = read_random_unlimited(buf, c); 267 c = min(c, poolsize); 268 error = uiomove(buf, (int)c, uio); 269 continue; 270 case 12: 271 /* 272 * minor device 12 (/dev/zero) is source of nulls 273 * on read, write are disallowed. 274 */ 275 if (uio->uio_rw == UIO_WRITE) { 276 c = iov->iov_len; 277 break; 278 } 279 if (zbuf == NULL) { 280 zbuf = (caddr_t) 281 malloc(PAGE_SIZE, M_TEMP, M_WAITOK); 282 bzero(zbuf, PAGE_SIZE); 283 } 284 c = min(iov->iov_len, PAGE_SIZE); 285 error = uiomove(zbuf, (int)c, uio); 286 continue; 287 default: 288 return (ENODEV); 289 } 290 if (error) 291 break; 292 iov->iov_base += c; 293 iov->iov_len -= c; 294 uio->uio_offset += c; 295 uio->uio_resid -= c; 296 } 297 if (buf) 298 free(buf, M_TEMP); 299 return (error); 300 } 301 302 static int 303 mmread(struct dev_read_args *ap) 304 { 305 return(mmrw(ap->a_head.a_dev, ap->a_uio, ap->a_ioflag)); 306 } 307 308 static int 309 mmwrite(struct dev_write_args *ap) 310 { 311 return(mmrw(ap->a_head.a_dev, ap->a_uio, ap->a_ioflag)); 312 } 313 314 315 316 317 318 /*******************************************************\ 319 * allow user processes to MMAP some memory sections * 320 * instead of going through read/write * 321 \*******************************************************/ 322 323 static int 324 memmmap(struct dev_mmap_args *ap) 325 { 326 dev_t dev = ap->a_head.a_dev; 327 328 switch (minor(dev)) { 329 case 0: 330 /* 331 * minor device 0 is physical memory 332 */ 333 ap->a_result = i386_btop(ap->a_offset); 334 return 0; 335 case 1: 336 /* 337 * minor device 1 is kernel memory 338 */ 339 ap->a_result = i386_btop(vtophys(ap->a_offset)); 340 return 0; 341 342 default: 343 return EINVAL; 344 } 345 } 346 347 static int 348 mmioctl(struct dev_ioctl_args *ap) 349 { 350 dev_t dev = ap->a_head.a_dev; 351 352 switch (minor(dev)) { 353 case 0: 354 return mem_ioctl(dev, ap->a_cmd, ap->a_data, 355 ap->a_fflag, ap->a_cred); 356 case 3: 357 case 4: 358 return random_ioctl(dev, ap->a_cmd, ap->a_data, 359 ap->a_fflag, ap->a_cred); 360 } 361 return (ENODEV); 362 } 363 364 /* 365 * Operations for changing memory attributes. 366 * 367 * This is basically just an ioctl shim for mem_range_attr_get 368 * and mem_range_attr_set. 369 */ 370 static int 371 mem_ioctl(dev_t dev, u_long cmd, caddr_t data, int flags, struct ucred *cred) 372 { 373 int nd, error = 0; 374 struct mem_range_op *mo = (struct mem_range_op *)data; 375 struct mem_range_desc *md; 376 377 /* is this for us? */ 378 if ((cmd != MEMRANGE_GET) && 379 (cmd != MEMRANGE_SET)) 380 return (ENOTTY); 381 382 /* any chance we can handle this? */ 383 if (mem_range_softc.mr_op == NULL) 384 return (EOPNOTSUPP); 385 386 /* do we have any descriptors? */ 387 if (mem_range_softc.mr_ndesc == 0) 388 return (ENXIO); 389 390 switch (cmd) { 391 case MEMRANGE_GET: 392 nd = imin(mo->mo_arg[0], mem_range_softc.mr_ndesc); 393 if (nd > 0) { 394 md = (struct mem_range_desc *) 395 malloc(nd * sizeof(struct mem_range_desc), 396 M_MEMDESC, M_WAITOK); 397 error = mem_range_attr_get(md, &nd); 398 if (!error) 399 error = copyout(md, mo->mo_desc, 400 nd * sizeof(struct mem_range_desc)); 401 free(md, M_MEMDESC); 402 } else { 403 nd = mem_range_softc.mr_ndesc; 404 } 405 mo->mo_arg[0] = nd; 406 break; 407 408 case MEMRANGE_SET: 409 md = (struct mem_range_desc *)malloc(sizeof(struct mem_range_desc), 410 M_MEMDESC, M_WAITOK); 411 error = copyin(mo->mo_desc, md, sizeof(struct mem_range_desc)); 412 /* clamp description string */ 413 md->mr_owner[sizeof(md->mr_owner) - 1] = 0; 414 if (error == 0) 415 error = mem_range_attr_set(md, &mo->mo_arg[0]); 416 free(md, M_MEMDESC); 417 break; 418 } 419 return (error); 420 } 421 422 /* 423 * Implementation-neutral, kernel-callable functions for manipulating 424 * memory range attributes. 425 */ 426 int 427 mem_range_attr_get(mrd, arg) 428 struct mem_range_desc *mrd; 429 int *arg; 430 { 431 /* can we handle this? */ 432 if (mem_range_softc.mr_op == NULL) 433 return (EOPNOTSUPP); 434 435 if (*arg == 0) { 436 *arg = mem_range_softc.mr_ndesc; 437 } else { 438 bcopy(mem_range_softc.mr_desc, mrd, (*arg) * sizeof(struct mem_range_desc)); 439 } 440 return (0); 441 } 442 443 int 444 mem_range_attr_set(mrd, arg) 445 struct mem_range_desc *mrd; 446 int *arg; 447 { 448 /* can we handle this? */ 449 if (mem_range_softc.mr_op == NULL) 450 return (EOPNOTSUPP); 451 452 return (mem_range_softc.mr_op->set(&mem_range_softc, mrd, arg)); 453 } 454 455 #ifdef SMP 456 void 457 mem_range_AP_init(void) 458 { 459 if (mem_range_softc.mr_op && mem_range_softc.mr_op->initAP) 460 return (mem_range_softc.mr_op->initAP(&mem_range_softc)); 461 } 462 #endif 463 464 static int 465 random_ioctl(dev_t dev, u_long cmd, caddr_t data, int flags, struct ucred *cred) 466 { 467 int error; 468 int intr; 469 470 /* 471 * Even inspecting the state is privileged, since it gives a hint 472 * about how easily the randomness might be guessed. 473 */ 474 error = 0; 475 476 switch (cmd) { 477 /* Really handled in upper layer */ 478 case FIOASYNC: 479 break; 480 case MEM_SETIRQ: 481 intr = *(int16_t *)data; 482 if ((error = suser_cred(cred, 0)) != 0) 483 break; 484 if (intr < 0 || intr >= MAX_INTS) 485 return (EINVAL); 486 register_randintr(intr); 487 break; 488 case MEM_CLEARIRQ: 489 intr = *(int16_t *)data; 490 if ((error = suser_cred(cred, 0)) != 0) 491 break; 492 if (intr < 0 || intr >= MAX_INTS) 493 return (EINVAL); 494 unregister_randintr(intr); 495 break; 496 case MEM_RETURNIRQ: 497 error = ENOTSUP; 498 break; 499 case MEM_FINDIRQ: 500 intr = *(int16_t *)data; 501 if ((error = suser_cred(cred, 0)) != 0) 502 break; 503 if (intr < 0 || intr >= MAX_INTS) 504 return (EINVAL); 505 intr = next_registered_randintr(intr); 506 if (intr == MAX_INTS) 507 return (ENOENT); 508 *(u_int16_t *)data = intr; 509 break; 510 default: 511 error = ENOTSUP; 512 break; 513 } 514 return (error); 515 } 516 517 int 518 mmpoll(struct dev_poll_args *ap) 519 { 520 dev_t dev = ap->a_head.a_dev; 521 int revents; 522 523 switch (minor(dev)) { 524 case 3: /* /dev/random */ 525 revents = random_poll(dev, ap->a_events); 526 break; 527 case 4: /* /dev/urandom */ 528 default: 529 revents = seltrue(dev, ap->a_events); 530 break; 531 } 532 ap->a_events = revents; 533 return (0); 534 } 535 536 int 537 iszerodev(dev) 538 dev_t dev; 539 { 540 return ((major(dev) == mem_ops.head.maj) 541 && minor(dev) == 12); 542 } 543 544 static void 545 mem_drvinit(void *unused) 546 { 547 548 /* Initialise memory range handling */ 549 if (mem_range_softc.mr_op != NULL) 550 mem_range_softc.mr_op->init(&mem_range_softc); 551 552 dev_ops_add(&mem_ops, 0xf0, 0); 553 make_dev(&mem_ops, 0, UID_ROOT, GID_KMEM, 0640, "mem"); 554 make_dev(&mem_ops, 1, UID_ROOT, GID_KMEM, 0640, "kmem"); 555 make_dev(&mem_ops, 2, UID_ROOT, GID_WHEEL, 0666, "null"); 556 make_dev(&mem_ops, 3, UID_ROOT, GID_WHEEL, 0644, "random"); 557 make_dev(&mem_ops, 4, UID_ROOT, GID_WHEEL, 0644, "urandom"); 558 make_dev(&mem_ops, 12, UID_ROOT, GID_WHEEL, 0666, "zero"); 559 make_dev(&mem_ops, 14, UID_ROOT, GID_WHEEL, 0600, "io"); 560 } 561 562 SYSINIT(memdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,mem_drvinit,NULL) 563 564