graphene-ipc.c 23 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988
  1. #include <linux/module.h>
  2. #include <linux/kallsyms.h>
  3. #include <linux/version.h>
  4. #include <linux/init.h>
  5. #include <linux/fs.h>
  6. #include <linux/mm_types.h>
  7. #include <linux/mm.h>
  8. #include <linux/mmu_notifier.h>
  9. #include <linux/slab.h>
  10. #include <linux/swap.h>
  11. #include <linux/swapops.h>
  12. #include <linux/miscdevice.h>
  13. #include <linux/sched.h>
  14. #include <linux/pagemap.h>
  15. #include <linux/bitmap.h>
  16. #include <asm/mman.h>
  17. #include <asm/tlb.h>
  18. #ifdef CONFIG_GRAPHENE_BULK_IPC
  19. # include "graphene.h"
  20. #endif
  21. #include "graphene-ipc.h"
  22. MODULE_LICENSE("Dual BSD/GPL");
  23. #define FILE_POISON LIST_POISON1
  24. struct kmem_cache *gipc_queue_cachep;
  25. struct kmem_cache *gipc_send_buffer_cachep;
  26. #define GIPC_DEBUG 0
  27. #if defined(GIPC_DEBUG) && GIPC_DEBUG == 1
  28. # define DEBUG(...) printk(KERN_INFO __VA_ARGS__)
  29. # define GIPC_BUG_ON(cond) BUG_ON(cond)
  30. #else
  31. # define DEBUG(...)
  32. # define GIPC_BUG_ON(cond)
  33. #endif
  34. #define LOOKUP_KALLSYMS(sym) \
  35. do { \
  36. my_##sym = (void *) kallsyms_lookup_name(#sym); \
  37. if (!my_##sym) { \
  38. printk(KERN_ERR "Graphene error: " \
  39. "can't find kernel function " #sym "\n");\
  40. return -ENOENT; \
  41. } else { \
  42. printk(KERN_INFO "resolved symbol " #sym " %p\n", \
  43. my_##sym); \
  44. } \
  45. } while (0)
  46. #if defined(CONFIG_GRAPHENE_BULK_IPC) || LINUX_VERSION_CODE < KERNEL_VERSION(3, 4, 0)
  47. # if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0)
  48. # define DO_MMAP_PGOFF(file, addr, len, prot, flags, pgoff) \
  49. ({ \
  50. unsigned long populate; \
  51. unsigned long rv = do_mmap_pgoff((file), (addr), (len), \
  52. (prot), (flags), \
  53. (pgoff), &populate); \
  54. rv; })
  55. # else
  56. # define DO_MMAP_PGOFF(file, addr, len, prot, flags, pgoff) \
  57. do_mmap_pgoff((file), (addr), (len), (prot), (flags), (pgoff))
  58. # endif /* kernel_version < 3.9.0 */
  59. #else
  60. # if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0)
  61. # define MY_DO_MMAP_PGOFF
  62. unsigned long (*my_do_mmap_pgoff) (struct file *, unsigned long,
  63. unsigned long, unsigned long,
  64. unsigned long, unsigned long,
  65. unsigned long *);
  66. # define DO_MMAP_PGOFF(file, addr, len, prot, flags, pgoff) \
  67. ({ \
  68. unsigned long populate; \
  69. unsigned long rv = my_do_mmap_pgoff((file), (addr), \
  70. (len), (prot), \
  71. (flags), (pgoff), \
  72. &populate); \
  73. rv; })
  74. # else
  75. # define MY_DO_MMAP_PGOFF
  76. unsigned long (*my_do_mmap_pgoff) (struct file *, unsigned long,
  77. unsigned long, unsigned long,
  78. unsigned long, unsigned long);
  79. # define DO_MMAP_PGOFF(file, addr, len, prot, flags, pgoff) \
  80. my_do_mmap_pgoff((file), (addr), (len), (prot), (flags), (pgoff))
  81. # endif /* kernel version < 3.9 */
  82. #endif /* !CONFIG_GRAPHENE_BULK_IPC && kernel version > 3.4.0 */
  83. #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 7, 0)
  84. # ifdef CONFIG_GRAPHENE_BULK_IPC
  85. # define FLUSH_TLB_MM_RANGE flush_tlb_mm_range
  86. # else
  87. # define MY_FLUSH_TLB_MM_RANGE
  88. void (*my_flush_tlb_mm_range) (struct mm_struct *, unsigned long,
  89. unsigned long, unsigned long);
  90. # define FLUSH_TLB_MM_RANGE my_flush_tlb_mm_range
  91. # endif
  92. #else /* LINUX_VERSION_CODE < 3.7.0 */
  93. # if defined(CONFIG_GRAPHENE_BULK_IPC) || LINUX_VERSION_CODE < KERNEL_VERSION(3, 2, 0)
  94. # define FLUSH_TLB_PAGE flush_tlb_page
  95. # else
  96. # define MY_FLUSH_TLB_PAGE
  97. void (*my_flush_tlb_page) (struct vm_area_struct *, unsigned long);
  98. # define FLUSH_TLB_PAGE my_flush_tlb_page
  99. # endif
  100. #endif
  101. #ifndef gipc_get_session
  102. u64 (*my_gipc_get_session) (struct task_struct *) = NULL;
  103. #endif
  104. struct gipc_queue {
  105. struct list_head list;
  106. s64 token;
  107. u64 owner;
  108. atomic_t count;
  109. struct mutex send_lock, recv_lock;
  110. wait_queue_head_t send, recv;
  111. volatile int next, last;
  112. struct {
  113. struct page *page;
  114. struct file *file;
  115. u64 pgoff;
  116. } pages[PAGE_QUEUE];
  117. };
  118. struct gipc_send_buffer {
  119. unsigned long page_bit_map[PAGE_BITS];
  120. struct page *pages[PAGE_QUEUE];
  121. struct vm_area_struct *vmas[PAGE_QUEUE];
  122. struct file *files[PAGE_QUEUE];
  123. unsigned long pgoffs[PAGE_QUEUE];
  124. };
  125. struct {
  126. spinlock_t lock;
  127. /*
  128. * For now, just make them monotonically increasing. XXX: At
  129. * some point, do something smarter for security.
  130. */
  131. u64 max_token;
  132. struct list_head channels; // gipc_queue structs
  133. } gdev;
  134. #ifdef gipc_get_session
  135. #define GIPC_OWNER gipc_get_session(current)
  136. #else
  137. #define GIPC_OWNER (my_gipc_get_session ? my_gipc_get_session(current) : 0)
  138. #endif
  139. static inline struct gipc_queue * create_gipc_queue(struct file *creator)
  140. {
  141. struct gipc_queue *gq = kmem_cache_alloc(gipc_queue_cachep, GFP_KERNEL);
  142. if (!gq)
  143. return gq;
  144. memset(gq, 0, sizeof(*gq));
  145. INIT_LIST_HEAD(&gq->list);
  146. mutex_init(&gq->send_lock);
  147. mutex_init(&gq->recv_lock);
  148. init_waitqueue_head(&gq->send);
  149. init_waitqueue_head(&gq->recv);
  150. gq->owner = GIPC_OWNER;
  151. creator->private_data = gq;
  152. atomic_set(&gq->count, 1);
  153. spin_lock(&gdev.lock);
  154. list_add(&gq->list, &gdev.channels);
  155. gq->token = gdev.max_token++;
  156. spin_unlock(&gdev.lock);
  157. return gq;
  158. }
  159. static inline void release_gipc_queue(struct gipc_queue *gq, bool locked)
  160. {
  161. int idx;
  162. if (!atomic_dec_and_test(&gq->count))
  163. return;
  164. if (!locked)
  165. spin_lock(&gdev.lock);
  166. while (gq->next != gq->last) {
  167. idx = gq->next;
  168. if (gq->pages[idx].page) {
  169. page_cache_release(gq->pages[idx].page);
  170. gq->pages[idx].page = NULL;
  171. }
  172. if (gq->pages[idx].file) {
  173. fput_atomic(gq->pages[idx].file);
  174. gq->pages[idx].file = NULL;
  175. gq->pages[idx].pgoff = 0;
  176. }
  177. gq->next++;
  178. gq->next &= (PAGE_QUEUE - 1);
  179. }
  180. list_del(&gq->list);
  181. if (!locked)
  182. spin_unlock(&gdev.lock);
  183. kmem_cache_free(gipc_queue_cachep, gq);
  184. }
  185. #if defined(SPLIT_RSS_COUNTING)
  186. static void add_mm_counter_fast(struct mm_struct *mm, int member, int val)
  187. {
  188. struct task_struct *task = current;
  189. if (likely(task->mm == mm))
  190. task->rss_stat.count[member] += val;
  191. else
  192. add_mm_counter(mm, member, val);
  193. }
  194. #else
  195. #define add_mm_counter_fast(mm, member, val) add_mm_counter(mm, member, val)
  196. #endif
  197. #define inc_mm_counter_fast(mm, member) add_mm_counter_fast(mm, member, 1)
  198. #define dec_mm_counter_fast(mm, member) add_mm_counter_fast(mm, member, -1)
  199. inline int make_page_cow(struct mm_struct *mm, struct vm_area_struct *vma,
  200. unsigned long addr)
  201. {
  202. pgd_t *pgd;
  203. pud_t *pud;
  204. pmd_t *pmd;
  205. pte_t *pte;
  206. spinlock_t *ptl;
  207. pgd = pgd_offset(mm, addr);
  208. if (pgd_none(*pgd) || unlikely(pgd_bad(*pgd)))
  209. goto no_page;
  210. pud = pud_offset(pgd, addr);
  211. if (pud_none(*pud) || unlikely(pud_bad(*pud)))
  212. goto no_page;
  213. pmd = pmd_offset(pud, addr);
  214. if (pmd_none(*pmd) || unlikely(pmd_bad(*pmd)))
  215. goto no_page;
  216. BUG_ON(pmd_trans_huge(*pmd));
  217. pte = pte_offset_map_lock(mm, pmd, addr, &ptl);
  218. if (!pte_present(*pte)) {
  219. spin_unlock(ptl);
  220. goto no_page;
  221. }
  222. ptep_set_wrprotect(mm, addr, pte);
  223. spin_unlock(ptl);
  224. DEBUG("make page COW at %lx\n", addr);
  225. return 0;
  226. no_page:
  227. return -EFAULT;
  228. }
  229. static void fill_page_bit_map(struct mm_struct *mm,
  230. unsigned long addr, unsigned long nr_pages,
  231. unsigned long page_bit_map[PAGE_BITS])
  232. {
  233. int i = 0;
  234. DEBUG("GIPC_SEND fill_page_bit_map %lx - %lx\n",
  235. addr, addr + (nr_pages << PAGE_SHIFT));
  236. do {
  237. struct vm_area_struct *vma;
  238. pgd_t *pgd;
  239. pud_t *pud;
  240. pmd_t *pmd;
  241. pte_t *pte;
  242. spinlock_t *ptl;
  243. bool has_page = false;
  244. vma = find_vma(mm, addr);
  245. if (!vma)
  246. goto next;
  247. BUG_ON(vma->vm_flags & VM_HUGETLB);
  248. pgd = pgd_offset(mm, addr);
  249. if (pgd_none(*pgd) || pgd_bad(*pgd))
  250. goto next;
  251. pud = pud_offset(pgd, addr);
  252. if (pud_none(*pud) || pud_bad(*pud))
  253. goto next;
  254. pmd = pmd_offset(pud, addr);
  255. if (pmd_none(*pmd))
  256. goto next;
  257. if (unlikely(pmd_trans_huge(*pmd))) {
  258. has_page = true;
  259. goto next;
  260. }
  261. if (pmd_bad(*pmd))
  262. goto next;
  263. pte = pte_offset_map_lock(mm, pmd, addr, &ptl);
  264. if (pte_none(*pte))
  265. goto next_locked;
  266. if (unlikely(!pte_present(*pte)) && pte_file(*pte))
  267. goto next_locked;
  268. has_page = true;
  269. next_locked:
  270. spin_unlock(ptl);
  271. next:
  272. if (has_page) {
  273. DEBUG("found a page at %lx\n", addr);
  274. set_bit(i, page_bit_map);
  275. } else {
  276. clear_bit(i, page_bit_map);
  277. }
  278. } while (i++, addr += PAGE_SIZE, i < nr_pages);
  279. }
  280. static int get_pages (struct task_struct *task, unsigned long start,
  281. unsigned long nr_pages,
  282. unsigned long page_bit_map[PAGE_BITS],
  283. struct page *pages[PAGE_QUEUE],
  284. struct vm_area_struct *vmas[PAGE_QUEUE])
  285. {
  286. struct mm_struct *mm = task->mm;
  287. struct vm_area_struct *vma = NULL;
  288. unsigned long addr = start, nr;
  289. int i = 0, j, rv;
  290. while (i < nr_pages) {
  291. unsigned long flushed, vmflags;
  292. int last = i;
  293. if (test_bit(last, page_bit_map)) {
  294. i = find_next_zero_bit(page_bit_map, PAGE_QUEUE,
  295. last + 1);
  296. if (i > nr_pages)
  297. i = nr_pages;
  298. nr = i - last;
  299. DEBUG("GIPC_SEND get_user_pages %ld pages at %lx\n",
  300. addr, nr);
  301. rv = __get_user_pages(task, mm, addr, nr,
  302. FOLL_GET|FOLL_FORCE|FOLL_SPLIT,
  303. pages + last, vmas + last, NULL);
  304. if (rv <= 0) {
  305. printk(KERN_ERR "Graphene error: "
  306. "get_user_pages at 0x%016lx-0x%016lx\n",
  307. addr, addr + (nr << PAGE_SHIFT));
  308. return rv;
  309. }
  310. if (rv != nr) {
  311. printk(KERN_ERR "Graphene error: "
  312. "get_user_pages at 0x%016lx\n",
  313. addr + (rv << PAGE_SHIFT));
  314. return -EACCES;
  315. }
  316. flushed = addr;
  317. vmflags = 0;
  318. for (j = 0; j < nr; j++) {
  319. unsigned long target = addr + (j << PAGE_SHIFT);
  320. /* Mark source COW */
  321. rv = make_page_cow(mm, vmas[last + j],
  322. target);
  323. if (rv)
  324. return rv;
  325. if (PageAnon(pages[last + j])) {
  326. /* Fix up the counters */
  327. inc_mm_counter_fast(mm, MM_FILEPAGES);
  328. dec_mm_counter_fast(mm, MM_ANONPAGES);
  329. pages[last + j]->mapping = NULL;
  330. }
  331. #ifdef FLUSH_TLB_MM_RANGE
  332. if (vmflags == vmas[last + j]->vm_flags)
  333. continue;
  334. if (flushed < target)
  335. FLUSH_TLB_MM_RANGE(mm, flushed, target,
  336. vmflags);
  337. flushed = target;
  338. vmflags = vmas[last + j]->vm_flags;
  339. #else
  340. FLUSH_TLB_PAGE(vmas[last + j], target);
  341. #endif
  342. }
  343. #ifdef FLUSH_TLB_MM_RANGE
  344. if (flushed < addr + (nr << PAGE_SHIFT))
  345. FLUSH_TLB_MM_RANGE(mm, flushed,
  346. addr + (nr << PAGE_SHIFT),
  347. vmflags);
  348. #endif
  349. vma = vmas[i - 1];
  350. addr += nr << PAGE_SHIFT;
  351. } else {
  352. /* This is the case where a page (or pages) are not
  353. * currently mapped.
  354. * Handle the hole appropriately. */
  355. i = find_next_bit(page_bit_map, PAGE_QUEUE, last + 1);
  356. if (i > nr_pages)
  357. i = nr_pages;
  358. nr = i - last;
  359. DEBUG("GIPC_SEND skip %ld pages at %lx\n", addr, nr);
  360. for (j = 0; j < nr; j++) {
  361. if (!vma) {
  362. vma = find_vma(mm, addr);
  363. } else {
  364. /* DEP 6/17/13 - these addresses should
  365. * be monotonically increasing. */
  366. for (; vma && addr >= vma->vm_end;
  367. vma = vma->vm_next);
  368. /* Leverage monotonic increasing vmas
  369. * to more quickly detect holes in the
  370. * address space. */
  371. if (vma && addr < vma->vm_start)
  372. vma = NULL;
  373. }
  374. pages[last + j] = NULL;
  375. vmas[last + j] = vma;
  376. addr += PAGE_SIZE;
  377. }
  378. }
  379. }
  380. return i;
  381. }
  382. static int do_gipc_send(struct task_struct *task, struct gipc_queue *gq,
  383. struct gipc_send_buffer *gbuf,
  384. unsigned long __user *uaddr, unsigned long __user *ulen,
  385. unsigned long *copied_pages)
  386. {
  387. struct mm_struct *mm = task->mm;
  388. unsigned long addr, len, nr_pages;
  389. int rv, i;
  390. DEBUG("GIPC_SEND uaddr = %p, ulen = %p\n", uaddr, ulen);
  391. rv = copy_from_user(&addr, uaddr, sizeof(unsigned long));
  392. if (rv) {
  393. printk(KERN_ALERT "Graphene SEND: bad buffer %p\n", uaddr);
  394. return -EFAULT;
  395. }
  396. rv = copy_from_user(&len, ulen, sizeof(unsigned long));
  397. if (rv) {
  398. printk(KERN_ALERT "Graphene SEND: bad buffer %p\n", ulen);
  399. return -EFAULT;
  400. }
  401. if (addr > addr + len) {
  402. printk(KERN_ALERT "Graphene SEND: attempt to send %p - %p "
  403. " by thread %d FAIL: bad argument\n",
  404. (void *) addr, (void *) (addr + len), task->pid);
  405. return -EINVAL;
  406. }
  407. DEBUG("GIPC_SEND addr = %lx, len = %ld\n", addr, len);
  408. nr_pages = len >> PAGE_SHIFT;
  409. if (!access_ok(VERIFY_READ, addr, len)) {
  410. printk(KERN_ALERT "Graphene SEND:"
  411. " attempt to send %p - %p (%ld pages) "
  412. " by thread %d FAIL: bad permission\n",
  413. (void *) addr, (void *) (addr + len), nr_pages,
  414. task->pid);
  415. return -EFAULT;
  416. }
  417. DEBUG(" %p - %p (%ld pages) sent by thread %d\n",
  418. (void *) addr, (void *) (addr + len), nr_pages, task->pid);
  419. while (nr_pages) {
  420. unsigned long nr =
  421. (nr_pages <= PAGE_QUEUE) ? nr_pages : PAGE_QUEUE;
  422. /* for each of these addresses - check if
  423. * demand faulting will be triggered
  424. * if vma is present, but there is no page
  425. * present(pmd/pud not present or PTE_PRESENT
  426. * is off) then get_user_pages will trigger
  427. * the creation of those */
  428. down_write(&mm->mmap_sem);
  429. fill_page_bit_map(mm, addr, nr, gbuf->page_bit_map);
  430. rv = get_pages(task, addr, nr,
  431. gbuf->page_bit_map,
  432. gbuf->pages,
  433. gbuf->vmas);
  434. if (rv < 0) {
  435. up_write(&mm->mmap_sem);
  436. break;
  437. }
  438. for (i = 0; i < nr; i++) {
  439. BUG_ON((!gbuf->vmas[i]) && (!!gbuf->pages[i]));
  440. if (gbuf->vmas[i] && gbuf->vmas[i]->vm_file) {
  441. gbuf->files[i] = get_file(gbuf->vmas[i]->vm_file);
  442. gbuf->pgoffs[i] =
  443. ((addr - gbuf->vmas[i]->vm_start) >> PAGE_SHIFT)
  444. + gbuf->vmas[i]->vm_pgoff;
  445. } else {
  446. gbuf->files[i] = NULL;
  447. gbuf->pgoffs[i] = 0;
  448. }
  449. addr += PAGE_SIZE;
  450. }
  451. up_write(&mm->mmap_sem);
  452. for (i = 0; i < nr ; i++) {
  453. /* Put in the pending buffer*/
  454. if (((gq->last + 1) & (PAGE_QUEUE - 1)) == gq->next) {
  455. /* The blocking condition for send
  456. * and recv can't both be true! */
  457. wake_up_all(&gq->recv);
  458. wait_event_interruptible(gq->send,
  459. ((gq->last + 1) & (PAGE_QUEUE - 1)) != gq->next);
  460. if (signal_pending(task)) {
  461. rv = -ERESTARTSYS;
  462. goto out;
  463. }
  464. }
  465. gq->pages[gq->last].page = gbuf->pages[i];
  466. gq->pages[gq->last].file = gbuf->files[i];
  467. gq->pages[gq->last].pgoff = gbuf->pgoffs[i];
  468. gq->last++;
  469. gq->last &= PAGE_QUEUE - 1;
  470. (*copied_pages)++;
  471. }
  472. wake_up_all(&gq->recv);
  473. nr_pages -= nr;
  474. }
  475. out:
  476. return rv;
  477. }
  478. static inline
  479. int recv_next (struct task_struct *task, struct gipc_queue *gq)
  480. {
  481. if (gq->next == gq->last) {
  482. /* The blocking condition for send & recv can't both be true */
  483. wake_up_all(&gq->send);
  484. wait_event_interruptible(gq->recv, gq->next != gq->last);
  485. if (signal_pending(task))
  486. return -ERESTARTSYS;
  487. }
  488. return gq->next;
  489. }
  490. static int do_gipc_recv(struct task_struct *task, struct gipc_queue *gq,
  491. unsigned long __user *uaddr, unsigned long __user *ulen,
  492. unsigned long __user *uprot,
  493. unsigned long *copied_pages)
  494. {
  495. struct mm_struct *mm = task->mm;
  496. struct vm_area_struct *vma = NULL;
  497. unsigned long start, addr, len, nr_pages, prot, pgoff;
  498. struct page *page = NULL;
  499. struct file *file = NULL;
  500. int i = 0, rv;
  501. rv = copy_from_user(&addr, uaddr, sizeof(unsigned long));
  502. if (rv) {
  503. printk(KERN_ALERT "Graphene RECV: bad buffer %p\n", uaddr);
  504. return -EFAULT;
  505. }
  506. rv = copy_from_user(&len, ulen, sizeof(unsigned long));
  507. if (rv) {
  508. printk(KERN_ALERT "Graphene RECV: bad buffer %p\n", ulen);
  509. return -EFAULT;
  510. }
  511. rv = copy_from_user(&prot, uprot, sizeof(unsigned long));
  512. if (rv) {
  513. printk(KERN_ALERT "Graphene RECV: bad buffer %p\n", uprot);
  514. return -EFAULT;
  515. }
  516. nr_pages = len >> PAGE_SHIFT;
  517. start = addr;
  518. down_write(&mm->mmap_sem);
  519. while (i < nr_pages) {
  520. int found = recv_next(task, gq);
  521. int need_map = 1;
  522. if (found < 0) {
  523. rv = found;
  524. goto finish;
  525. }
  526. page = gq->pages[found].page;
  527. file = gq->pages[found].file;
  528. pgoff = gq->pages[found].pgoff;
  529. gq->next++;
  530. gq->next &= PAGE_QUEUE - 1;
  531. wake_up_all(&gq->send);
  532. if (vma) {
  533. need_map = 0;
  534. if (vma->vm_file != file)
  535. need_map = 1;
  536. if (file && vma->vm_start +
  537. ((pgoff - vma->vm_pgoff) << PAGE_SHIFT)
  538. != addr)
  539. need_map = 1;
  540. if (prot != (vma->vm_flags & (VM_READ|VM_WRITE|VM_EXEC)))
  541. need_map = 1;
  542. }
  543. if (need_map) {
  544. unsigned long flags = MAP_PRIVATE;
  545. if (addr)
  546. flags |= MAP_FIXED;
  547. if (file)
  548. flags |= MAP_FILE;
  549. else
  550. flags |= MAP_ANONYMOUS;
  551. addr = DO_MMAP_PGOFF(file, addr,
  552. (nr_pages - i) << PAGE_SHIFT,
  553. prot, flags, pgoff);
  554. if (IS_ERR_VALUE(addr)) {
  555. rv = PTR_ERR((void *) addr);
  556. printk(KERN_ERR
  557. "Graphene error: failed to mmap (%d)\n",
  558. -rv);
  559. goto finish;
  560. }
  561. if (file)
  562. DEBUG("map %08lx-%08lx file %p\n", addr,
  563. addr + ((nr_pages - i) << PAGE_SHIFT),
  564. file);
  565. else
  566. DEBUG("map %08lx-%08lx\n", addr,
  567. addr + ((nr_pages - i) << PAGE_SHIFT));
  568. if (!start)
  569. start = addr;
  570. vma = find_vma(mm, addr);
  571. if (!vma) {
  572. printk(KERN_ERR
  573. "Graphene error: can't find vma at %p\n",
  574. (void *) addr);
  575. rv = -ENOENT;
  576. goto finish;
  577. }
  578. } else {
  579. BUG_ON(!vma);
  580. }
  581. if (page) {
  582. rv = vm_insert_page(vma, addr, page);
  583. if (rv) {
  584. printk(KERN_ERR "Graphene error: "
  585. "fail to insert page %d\n", rv);
  586. goto finish;
  587. }
  588. rv = make_page_cow(mm, vma, addr);
  589. if (rv) {
  590. printk(KERN_ERR "Graphene error: "
  591. "can't make vma copy-on-write at %p\n",
  592. (void *) addr);
  593. goto finish;
  594. }
  595. }
  596. finish:
  597. /* Drop the kernel's reference to this page */
  598. if (page)
  599. page_cache_release(page);
  600. if (file)
  601. fput_atomic(file);
  602. if (rv)
  603. break;
  604. i++;
  605. addr += PAGE_SIZE;
  606. (*copied_pages)++;
  607. }
  608. up_write(&mm->mmap_sem);
  609. if (i)
  610. DEBUG(" %p - %p (%d pages) received by thread %d\n",
  611. (void *) start, (void *) start + (i << PAGE_SHIFT), i,
  612. task->pid);
  613. if (start) {
  614. rv = copy_to_user(uaddr, &start, sizeof(unsigned long));
  615. if (rv) {
  616. printk(KERN_ERR "Graphene error: bad buffer %p\n",
  617. uaddr);
  618. return -EFAULT;
  619. }
  620. }
  621. return rv;
  622. }
  623. static long gipc_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
  624. {
  625. struct task_struct *task = current;
  626. struct gipc_queue *gq = NULL;
  627. long rv = 0;
  628. switch (cmd) {
  629. case GIPC_SEND: {
  630. struct gipc_send gs;
  631. struct gipc_send_buffer *gbuf;
  632. int i;
  633. unsigned long nr_pages = 0;
  634. rv = copy_from_user(&gs, (void *) arg, sizeof(gs));
  635. if (rv) {
  636. printk(KERN_ALERT "Graphene SEND: bad buffer %p\n",
  637. (void *) arg);
  638. return -EFAULT;
  639. }
  640. /* Find/allocate the gipc_pages struct for our recipient */
  641. gq = (struct gipc_queue *) file->private_data;
  642. if (!gq)
  643. return -EFAULT;
  644. gbuf = kmem_cache_alloc(gipc_send_buffer_cachep, GFP_KERNEL);
  645. if (!gbuf)
  646. return -ENOMEM;
  647. DEBUG("GIPC_SEND %ld entries to token %lld by thread %d\n",
  648. gs.entries, gq->token, task->pid);
  649. mutex_lock(&gq->send_lock);
  650. for (i = 0; i < gs.entries; i++) {
  651. rv = do_gipc_send(task, gq, gbuf, gs.addr + i,
  652. gs.len + i, &nr_pages);
  653. if (rv < 0)
  654. break;
  655. }
  656. mutex_unlock(&gq->send_lock);
  657. DEBUG("GIPC_SEND return to thread %d, %ld pages are sent\n",
  658. task->pid, nr_pages);
  659. kmem_cache_free(gipc_send_buffer_cachep, gbuf);
  660. rv = nr_pages ? : rv;
  661. break;
  662. }
  663. case GIPC_RECV: {
  664. struct gipc_recv gr;
  665. int i;
  666. unsigned long nr_pages = 0;
  667. rv = copy_from_user(&gr, (void *) arg, sizeof(gr));
  668. if (rv) {
  669. printk(KERN_ERR "Graphene error: bad buffer %p\n",
  670. (void *) arg);
  671. return -EFAULT;
  672. }
  673. gq = (struct gipc_queue *) file->private_data;
  674. if (!gq)
  675. return -EBADF;
  676. DEBUG("GIPC_RECV %ld entries to token %lld by thread %d\n",
  677. gr.entries, gq->token, task->pid);
  678. mutex_lock(&gq->recv_lock);
  679. for (i = 0; i < gr.entries; i++) {
  680. rv = do_gipc_recv(task, gq, gr.addr + i, gr.len + i,
  681. gr.prot + i, &nr_pages);
  682. if (rv < 0)
  683. break;
  684. }
  685. mutex_unlock(&gq->recv_lock);
  686. DEBUG("GIPC_RECV return to thread %d, %ld pages are received\n",
  687. task->pid, nr_pages);
  688. rv = nr_pages ? : rv;
  689. break;
  690. }
  691. case GIPC_CREATE: {
  692. gq = create_gipc_queue(file);
  693. if (!gq) {
  694. rv = -ENOMEM;
  695. break;
  696. }
  697. DEBUG("GIPC_CREATE token %lld by thread %d\n", gq->token,
  698. task->pid);
  699. rv = gq->token;
  700. break;
  701. }
  702. case GIPC_JOIN: {
  703. struct gipc_queue *q;
  704. u64 token = arg;
  705. u64 session = GIPC_OWNER;
  706. if (file->private_data != NULL)
  707. return -EBUSY;
  708. /* Search for this token */
  709. spin_lock(&gdev.lock);
  710. list_for_each_entry(q, &gdev.channels, list) {
  711. if (q->token == token) {
  712. gq = q;
  713. break;
  714. }
  715. }
  716. /* Fail if we didn't find it */
  717. if (!gq) {
  718. spin_unlock(&gdev.lock);
  719. return -ENOENT;
  720. }
  721. if (gq->owner != session) {
  722. spin_unlock(&gdev.lock);
  723. return -EPERM;
  724. }
  725. atomic_inc(&gq->count);
  726. file->private_data = gq;
  727. /* Hold the lock until we allocate so only one process
  728. * gets the queue */
  729. spin_unlock(&gdev.lock);
  730. DEBUG("GIPC_JOIN token %lld by thread %d\n", token, task->pid);
  731. rv = 0;
  732. break;
  733. }
  734. default:
  735. printk(KERN_ALERT "Graphene unknown ioctl %u %lu\n", cmd, arg);
  736. rv = -ENOSYS;
  737. break;
  738. }
  739. return rv;
  740. }
  741. static int gipc_release(struct inode *inode, struct file *file)
  742. {
  743. struct gipc_queue *gq = (struct gipc_queue *) file->private_data;
  744. if (!gq)
  745. return 0;
  746. file->private_data = NULL;
  747. release_gipc_queue(gq, false);
  748. return 0;
  749. }
  750. static int gipc_open(struct inode *inode, struct file *file)
  751. {
  752. file->private_data = NULL;
  753. return 0;
  754. }
  755. static struct file_operations gipc_fops = {
  756. .owner = THIS_MODULE,
  757. .release = gipc_release,
  758. .open = gipc_open,
  759. .unlocked_ioctl = gipc_ioctl,
  760. .compat_ioctl = gipc_ioctl,
  761. .llseek = noop_llseek,
  762. };
  763. static struct miscdevice gipc_dev = {
  764. .minor = GIPC_MINOR,
  765. .name = "gipc",
  766. .fops = &gipc_fops,
  767. .mode = 0666,
  768. };
  769. static int __init gipc_init(void)
  770. {
  771. int rv = 0;
  772. #ifdef MY_DO_MMAP_PGOFF
  773. LOOKUP_KALLSYMS(do_mmap_pgoff);
  774. #endif
  775. #ifdef MY_FLUSH_TLB_MM_RANGE
  776. LOOKUP_KALLSYMS(flush_tlb_mm_range);
  777. #endif
  778. #ifdef MY_FLUSH_TLB_PAGE
  779. LOOKUP_KALLSYMS(flush_tlb_page);
  780. #endif
  781. #ifndef gipc_get_session
  782. my_gipc_get_session = (void *) kallsyms_lookup_name("gipc_get_session");
  783. #endif
  784. /* Register the kmem cache */
  785. gipc_queue_cachep = kmem_cache_create("gipc queue",
  786. sizeof(struct gipc_queue),
  787. 0,
  788. SLAB_HWCACHE_ALIGN|
  789. SLAB_DESTROY_BY_RCU,
  790. NULL);
  791. if (!gipc_queue_cachep) {
  792. printk(KERN_ERR "Graphene error: "
  793. "failed to create a gipc queues cache\n");
  794. return -ENOMEM;
  795. }
  796. gipc_send_buffer_cachep = kmem_cache_create("gipc send buffer",
  797. sizeof(struct gipc_send_buffer),
  798. 0,
  799. SLAB_HWCACHE_ALIGN|
  800. SLAB_DESTROY_BY_RCU,
  801. NULL);
  802. if (!gipc_send_buffer_cachep) {
  803. printk(KERN_ERR "Graphene error: "
  804. "failed to create a gipc buffers cache\n");
  805. return -ENOMEM;
  806. }
  807. INIT_LIST_HEAD(&gdev.channels);
  808. spin_lock_init(&gdev.lock);
  809. gdev.max_token = 1;
  810. rv = misc_register(&gipc_dev);
  811. if (rv) {
  812. printk(KERN_ERR "Graphene error: "
  813. "failed to add a char device (rv=%d)\n", rv);
  814. return rv;
  815. }
  816. printk(KERN_ALERT "Graphene IPC: Hello, world\n");
  817. return 0;
  818. }
  819. static void __exit gipc_exit(void)
  820. {
  821. struct gipc_queue *gq, *n;
  822. spin_lock(&gdev.lock);
  823. list_for_each_entry_safe(gq, n, &gdev.channels, list)
  824. release_gipc_queue(gq, true);
  825. spin_unlock(&gdev.lock);
  826. misc_deregister(&gipc_dev);
  827. kmem_cache_destroy(gipc_queue_cachep);
  828. printk(KERN_ALERT "Graphene IPC: Goodbye, cruel world\n");
  829. }
  830. module_init(gipc_init);
  831. module_exit(gipc_exit);