2 * Copyright (C) 1994 Linus Torvalds
4 * 29 dec 2001 - Fixed oopses caused by unchecked access to the vm86
5 * stack - Manfred Spraul <manfred@colorfullife.com>
7 * 22 mar 2002 - Manfred detected the stackfaults, but didn't handle
8 * them correctly. Now the emulation will be in a
9 * consistent state after stackfaults - Kasper Dupont
10 * <kasperd@daimi.au.dk>
12 * 22 mar 2002 - Added missing clear_IF in set_vflags_* Kasper Dupont
13 * <kasperd@daimi.au.dk>
15 * ?? ??? 2002 - Fixed premature returns from handle_vm86_fault
16 * caused by Kasper Dupont's changes - Stas Sergeev
18 * 4 apr 2002 - Fixed CHECK_IF_IN_TRAP broken by Stas' changes.
19 * Kasper Dupont <kasperd@daimi.au.dk>
21 * 9 apr 2002 - Changed syntax of macros in handle_vm86_fault.
22 * Kasper Dupont <kasperd@daimi.au.dk>
24 * 9 apr 2002 - Changed stack access macros to jump to a label
25 * instead of returning to userspace. This simplifies
26 * do_int, and is needed by handle_vm6_fault. Kasper
27 * Dupont <kasperd@daimi.au.dk>
31 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
33 #include <linux/capability.h>
34 #include <linux/errno.h>
35 #include <linux/interrupt.h>
36 #include <linux/syscalls.h>
37 #include <linux/sched.h>
38 #include <linux/sched/task_stack.h>
39 #include <linux/kernel.h>
40 #include <linux/signal.h>
41 #include <linux/string.h>
43 #include <linux/smp.h>
44 #include <linux/highmem.h>
45 #include <linux/ptrace.h>
46 #include <linux/audit.h>
47 #include <linux/stddef.h>
48 #include <linux/slab.h>
49 #include <linux/security.h>
51 #include <linux/uaccess.h>
53 #include <asm/tlbflush.h>
55 #include <asm/traps.h>
61 * Interrupt handling is not guaranteed:
62 * - a real x86 will disable all interrupts for one instruction
63 * after a "mov ss,xx" to make stack handling atomic even without
64 * the 'lss' instruction. We can't guarantee this in v86 mode,
65 * as the next instruction might result in a page fault or similar.
66 * - a real x86 will have interrupts disabled for one instruction
67 * past the 'sti' that enables them. We don't bother with all the
70 * Let's hope these problems do not actually matter for anything.
75 * 8- and 16-bit register defines..
77 #define AL(regs) (((unsigned char *)&((regs)->pt.ax))[0])
78 #define AH(regs) (((unsigned char *)&((regs)->pt.ax))[1])
79 #define IP(regs) (*(unsigned short *)&((regs)->pt.ip))
80 #define SP(regs) (*(unsigned short *)&((regs)->pt.sp))
83 * virtual flags (16 and 32-bit versions)
85 #define VFLAGS (*(unsigned short *)&(current->thread.vm86->veflags))
86 #define VEFLAGS (current->thread.vm86->veflags)
88 #define set_flags(X, new, mask) \
89 ((X) = ((X) & ~(mask)) | ((new) & (mask)))
91 #define SAFE_MASK (0xDD5)
92 #define RETURN_MASK (0xDFF)
94 void save_v86_state(struct kernel_vm86_regs *regs, int retval)
96 struct tss_struct *tss;
97 struct task_struct *tsk = current;
98 struct vm86plus_struct __user *user;
99 struct vm86 *vm86 = current->thread.vm86;
103 * This gets called from entry.S with interrupts disabled, but
104 * from process context. Enable interrupts here, before trying
105 * to access user space.
109 if (!vm86 || !vm86->user_vm86) {
110 pr_alert("no user_vm86: BAD\n");
113 set_flags(regs->pt.flags, VEFLAGS, X86_EFLAGS_VIF | vm86->veflags_mask);
114 user = vm86->user_vm86;
116 if (!access_ok(VERIFY_WRITE, user, vm86->vm86plus.is_vm86pus ?
117 sizeof(struct vm86plus_struct) :
118 sizeof(struct vm86_struct))) {
119 pr_alert("could not access userspace vm86 info\n");
124 put_user_ex(regs->pt.bx, &user->regs.ebx);
125 put_user_ex(regs->pt.cx, &user->regs.ecx);
126 put_user_ex(regs->pt.dx, &user->regs.edx);
127 put_user_ex(regs->pt.si, &user->regs.esi);
128 put_user_ex(regs->pt.di, &user->regs.edi);
129 put_user_ex(regs->pt.bp, &user->regs.ebp);
130 put_user_ex(regs->pt.ax, &user->regs.eax);
131 put_user_ex(regs->pt.ip, &user->regs.eip);
132 put_user_ex(regs->pt.cs, &user->regs.cs);
133 put_user_ex(regs->pt.flags, &user->regs.eflags);
134 put_user_ex(regs->pt.sp, &user->regs.esp);
135 put_user_ex(regs->pt.ss, &user->regs.ss);
136 put_user_ex(regs->es, &user->regs.es);
137 put_user_ex(regs->ds, &user->regs.ds);
138 put_user_ex(regs->fs, &user->regs.fs);
139 put_user_ex(regs->gs, &user->regs.gs);
141 put_user_ex(vm86->screen_bitmap, &user->screen_bitmap);
142 } put_user_catch(err);
144 pr_alert("could not access userspace vm86 info\n");
148 tss = &per_cpu(cpu_tss, get_cpu());
149 tsk->thread.sp0 = vm86->saved_sp0;
150 tsk->thread.sysenter_cs = __KERNEL_CS;
151 load_sp0(tss, &tsk->thread);
155 memcpy(®s->pt, &vm86->regs32, sizeof(struct pt_regs));
157 lazy_load_gs(vm86->regs32.gs);
159 regs->pt.ax = retval;
162 static void mark_screen_rdonly(struct mm_struct *mm)
164 struct vm_area_struct *vma;
172 down_write(&mm->mmap_sem);
173 pgd = pgd_offset(mm, 0xA0000);
174 if (pgd_none_or_clear_bad(pgd))
176 pud = pud_offset(pgd, 0xA0000);
177 if (pud_none_or_clear_bad(pud))
179 pmd = pmd_offset(pud, 0xA0000);
181 if (pmd_trans_huge(*pmd)) {
182 vma = find_vma(mm, 0xA0000);
183 split_huge_pmd(vma, pmd, 0xA0000);
185 if (pmd_none_or_clear_bad(pmd))
187 pte = pte_offset_map_lock(mm, pmd, 0xA0000, &ptl);
188 for (i = 0; i < 32; i++) {
189 if (pte_present(*pte))
190 set_pte(pte, pte_wrprotect(*pte));
193 pte_unmap_unlock(pte, ptl);
195 up_write(&mm->mmap_sem);
201 static int do_vm86_irq_handling(int subfunction, int irqnumber);
202 static long do_sys_vm86(struct vm86plus_struct __user *user_vm86, bool plus);
204 SYSCALL_DEFINE1(vm86old, struct vm86_struct __user *, user_vm86)
206 return do_sys_vm86((struct vm86plus_struct __user *) user_vm86, false);
210 SYSCALL_DEFINE2(vm86, unsigned long, cmd, unsigned long, arg)
213 case VM86_REQUEST_IRQ:
215 case VM86_GET_IRQ_BITS:
216 case VM86_GET_AND_RESET_IRQ:
217 return do_vm86_irq_handling(cmd, (int)arg);
218 case VM86_PLUS_INSTALL_CHECK:
220 * NOTE: on old vm86 stuff this will return the error
221 * from access_ok(), because the subfunction is
222 * interpreted as (invalid) address to vm86_struct.
223 * So the installation check works.
228 /* we come here only for functions VM86_ENTER, VM86_ENTER_NO_BYPASS */
229 return do_sys_vm86((struct vm86plus_struct __user *) arg, true);
233 static long do_sys_vm86(struct vm86plus_struct __user *user_vm86, bool plus)
235 struct tss_struct *tss;
236 struct task_struct *tsk = current;
237 struct vm86 *vm86 = tsk->thread.vm86;
238 struct kernel_vm86_regs vm86regs;
239 struct pt_regs *regs = current_pt_regs();
240 unsigned long err = 0;
242 err = security_mmap_addr(0);
245 * vm86 cannot virtualize the address space, so vm86 users
246 * need to manage the low 1MB themselves using mmap. Given
247 * that BIOS places important data in the first page, vm86
248 * is essentially useless if mmap_min_addr != 0. DOSEMU,
249 * for example, won't even bother trying to use vm86 if it
250 * can't map a page at virtual address 0.
252 * To reduce the available kernel attack surface, simply
253 * disallow vm86(old) for users who cannot mmap at va 0.
255 * The implementation of security_mmap_addr will allow
256 * suitably privileged users to map va 0 even if
257 * vm.mmap_min_addr is set above 0, and we want this
258 * behavior for vm86 as well, as it ensures that legacy
259 * tools like vbetool will not fail just because of
262 pr_info_once("Denied a call to vm86(old) from %s[%d] (uid: %d). Set the vm.mmap_min_addr sysctl to 0 and/or adjust LSM mmap_min_addr policy to enable vm86 if you are using a vm86-based DOS emulator.\n",
263 current->comm, task_pid_nr(current),
264 from_kuid_munged(&init_user_ns, current_uid()));
269 if (!(vm86 = kzalloc(sizeof(*vm86), GFP_KERNEL)))
271 tsk->thread.vm86 = vm86;
276 if (!access_ok(VERIFY_READ, user_vm86, plus ?
277 sizeof(struct vm86_struct) :
278 sizeof(struct vm86plus_struct)))
281 memset(&vm86regs, 0, sizeof(vm86regs));
284 get_user_ex(vm86regs.pt.bx, &user_vm86->regs.ebx);
285 get_user_ex(vm86regs.pt.cx, &user_vm86->regs.ecx);
286 get_user_ex(vm86regs.pt.dx, &user_vm86->regs.edx);
287 get_user_ex(vm86regs.pt.si, &user_vm86->regs.esi);
288 get_user_ex(vm86regs.pt.di, &user_vm86->regs.edi);
289 get_user_ex(vm86regs.pt.bp, &user_vm86->regs.ebp);
290 get_user_ex(vm86regs.pt.ax, &user_vm86->regs.eax);
291 get_user_ex(vm86regs.pt.ip, &user_vm86->regs.eip);
292 get_user_ex(seg, &user_vm86->regs.cs);
293 vm86regs.pt.cs = seg;
294 get_user_ex(vm86regs.pt.flags, &user_vm86->regs.eflags);
295 get_user_ex(vm86regs.pt.sp, &user_vm86->regs.esp);
296 get_user_ex(seg, &user_vm86->regs.ss);
297 vm86regs.pt.ss = seg;
298 get_user_ex(vm86regs.es, &user_vm86->regs.es);
299 get_user_ex(vm86regs.ds, &user_vm86->regs.ds);
300 get_user_ex(vm86regs.fs, &user_vm86->regs.fs);
301 get_user_ex(vm86regs.gs, &user_vm86->regs.gs);
303 get_user_ex(vm86->flags, &user_vm86->flags);
304 get_user_ex(vm86->screen_bitmap, &user_vm86->screen_bitmap);
305 get_user_ex(vm86->cpu_type, &user_vm86->cpu_type);
306 } get_user_catch(err);
310 if (copy_from_user(&vm86->int_revectored,
311 &user_vm86->int_revectored,
312 sizeof(struct revectored_struct)))
314 if (copy_from_user(&vm86->int21_revectored,
315 &user_vm86->int21_revectored,
316 sizeof(struct revectored_struct)))
319 if (copy_from_user(&vm86->vm86plus, &user_vm86->vm86plus,
320 sizeof(struct vm86plus_info_struct)))
322 vm86->vm86plus.is_vm86pus = 1;
324 memset(&vm86->vm86plus, 0,
325 sizeof(struct vm86plus_info_struct));
327 memcpy(&vm86->regs32, regs, sizeof(struct pt_regs));
328 vm86->user_vm86 = user_vm86;
331 * The flags register is also special: we cannot trust that the user
332 * has set it up safely, so this makes sure interrupt etc flags are
333 * inherited from protected mode.
335 VEFLAGS = vm86regs.pt.flags;
336 vm86regs.pt.flags &= SAFE_MASK;
337 vm86regs.pt.flags |= regs->flags & ~SAFE_MASK;
338 vm86regs.pt.flags |= X86_VM_MASK;
340 vm86regs.pt.orig_ax = regs->orig_ax;
342 switch (vm86->cpu_type) {
344 vm86->veflags_mask = 0;
347 vm86->veflags_mask = X86_EFLAGS_NT | X86_EFLAGS_IOPL;
350 vm86->veflags_mask = X86_EFLAGS_AC | X86_EFLAGS_NT | X86_EFLAGS_IOPL;
353 vm86->veflags_mask = X86_EFLAGS_ID | X86_EFLAGS_AC | X86_EFLAGS_NT | X86_EFLAGS_IOPL;
360 vm86->saved_sp0 = tsk->thread.sp0;
361 lazy_save_gs(vm86->regs32.gs);
363 tss = &per_cpu(cpu_tss, get_cpu());
364 /* make room for real-mode segments */
365 tsk->thread.sp0 += 16;
367 if (static_cpu_has(X86_FEATURE_SEP))
368 tsk->thread.sysenter_cs = 0;
370 load_sp0(tss, &tsk->thread);
373 if (vm86->flags & VM86_SCREEN_BITMAP)
374 mark_screen_rdonly(tsk->mm);
376 memcpy((struct kernel_vm86_regs *)regs, &vm86regs, sizeof(vm86regs));
381 static inline void set_IF(struct kernel_vm86_regs *regs)
383 VEFLAGS |= X86_EFLAGS_VIF;
386 static inline void clear_IF(struct kernel_vm86_regs *regs)
388 VEFLAGS &= ~X86_EFLAGS_VIF;
391 static inline void clear_TF(struct kernel_vm86_regs *regs)
393 regs->pt.flags &= ~X86_EFLAGS_TF;
396 static inline void clear_AC(struct kernel_vm86_regs *regs)
398 regs->pt.flags &= ~X86_EFLAGS_AC;
402 * It is correct to call set_IF(regs) from the set_vflags_*
403 * functions. However someone forgot to call clear_IF(regs)
404 * in the opposite case.
405 * After the command sequence CLI PUSHF STI POPF you should
406 * end up with interrupts disabled, but you ended up with
407 * interrupts enabled.
408 * ( I was testing my own changes, but the only bug I
409 * could find was in a function I had not changed. )
413 static inline void set_vflags_long(unsigned long flags, struct kernel_vm86_regs *regs)
415 set_flags(VEFLAGS, flags, current->thread.vm86->veflags_mask);
416 set_flags(regs->pt.flags, flags, SAFE_MASK);
417 if (flags & X86_EFLAGS_IF)
423 static inline void set_vflags_short(unsigned short flags, struct kernel_vm86_regs *regs)
425 set_flags(VFLAGS, flags, current->thread.vm86->veflags_mask);
426 set_flags(regs->pt.flags, flags, SAFE_MASK);
427 if (flags & X86_EFLAGS_IF)
433 static inline unsigned long get_vflags(struct kernel_vm86_regs *regs)
435 unsigned long flags = regs->pt.flags & RETURN_MASK;
437 if (VEFLAGS & X86_EFLAGS_VIF)
438 flags |= X86_EFLAGS_IF;
439 flags |= X86_EFLAGS_IOPL;
440 return flags | (VEFLAGS & current->thread.vm86->veflags_mask);
443 static inline int is_revectored(int nr, struct revectored_struct *bitmap)
445 return test_bit(nr, bitmap->__map);
448 #define val_byte(val, n) (((__u8 *)&val)[n])
450 #define pushb(base, ptr, val, err_label) \
454 if (put_user(__val, base + ptr) < 0) \
458 #define pushw(base, ptr, val, err_label) \
462 if (put_user(val_byte(__val, 1), base + ptr) < 0) \
465 if (put_user(val_byte(__val, 0), base + ptr) < 0) \
469 #define pushl(base, ptr, val, err_label) \
473 if (put_user(val_byte(__val, 3), base + ptr) < 0) \
476 if (put_user(val_byte(__val, 2), base + ptr) < 0) \
479 if (put_user(val_byte(__val, 1), base + ptr) < 0) \
482 if (put_user(val_byte(__val, 0), base + ptr) < 0) \
486 #define popb(base, ptr, err_label) \
489 if (get_user(__res, base + ptr) < 0) \
495 #define popw(base, ptr, err_label) \
498 if (get_user(val_byte(__res, 0), base + ptr) < 0) \
501 if (get_user(val_byte(__res, 1), base + ptr) < 0) \
507 #define popl(base, ptr, err_label) \
510 if (get_user(val_byte(__res, 0), base + ptr) < 0) \
513 if (get_user(val_byte(__res, 1), base + ptr) < 0) \
516 if (get_user(val_byte(__res, 2), base + ptr) < 0) \
519 if (get_user(val_byte(__res, 3), base + ptr) < 0) \
525 /* There are so many possible reasons for this function to return
526 * VM86_INTx, so adding another doesn't bother me. We can expect
527 * userspace programs to be able to handle it. (Getting a problem
528 * in userspace is always better than an Oops anyway.) [KD]
530 static void do_int(struct kernel_vm86_regs *regs, int i,
531 unsigned char __user *ssp, unsigned short sp)
533 unsigned long __user *intr_ptr;
534 unsigned long segoffs;
535 struct vm86 *vm86 = current->thread.vm86;
537 if (regs->pt.cs == BIOSSEG)
539 if (is_revectored(i, &vm86->int_revectored))
541 if (i == 0x21 && is_revectored(AH(regs), &vm86->int21_revectored))
543 intr_ptr = (unsigned long __user *) (i << 2);
544 if (get_user(segoffs, intr_ptr))
546 if ((segoffs >> 16) == BIOSSEG)
548 pushw(ssp, sp, get_vflags(regs), cannot_handle);
549 pushw(ssp, sp, regs->pt.cs, cannot_handle);
550 pushw(ssp, sp, IP(regs), cannot_handle);
551 regs->pt.cs = segoffs >> 16;
553 IP(regs) = segoffs & 0xffff;
560 save_v86_state(regs, VM86_INTx + (i << 8));
563 int handle_vm86_trap(struct kernel_vm86_regs *regs, long error_code, int trapno)
565 struct vm86 *vm86 = current->thread.vm86;
567 if (vm86->vm86plus.is_vm86pus) {
568 if ((trapno == 3) || (trapno == 1)) {
569 save_v86_state(regs, VM86_TRAP + (trapno << 8));
572 do_int(regs, trapno, (unsigned char __user *) (regs->pt.ss << 4), SP(regs));
576 return 1; /* we let this handle by the calling routine */
577 current->thread.trap_nr = trapno;
578 current->thread.error_code = error_code;
579 force_sig(SIGTRAP, current);
583 void handle_vm86_fault(struct kernel_vm86_regs *regs, long error_code)
585 unsigned char opcode;
586 unsigned char __user *csp;
587 unsigned char __user *ssp;
588 unsigned short ip, sp, orig_flags;
589 int data32, pref_done;
590 struct vm86plus_info_struct *vmpi = ¤t->thread.vm86->vm86plus;
592 #define CHECK_IF_IN_TRAP \
593 if (vmpi->vm86dbg_active && vmpi->vm86dbg_TFpendig) \
594 newflags |= X86_EFLAGS_TF
596 orig_flags = *(unsigned short *)®s->pt.flags;
598 csp = (unsigned char __user *) (regs->pt.cs << 4);
599 ssp = (unsigned char __user *) (regs->pt.ss << 4);
606 switch (opcode = popb(csp, ip, simulate_sigsegv)) {
607 case 0x66: /* 32-bit data */ data32 = 1; break;
608 case 0x67: /* 32-bit address */ break;
609 case 0x2e: /* CS */ break;
610 case 0x3e: /* DS */ break;
611 case 0x26: /* ES */ break;
612 case 0x36: /* SS */ break;
613 case 0x65: /* GS */ break;
614 case 0x64: /* FS */ break;
615 case 0xf2: /* repnz */ break;
616 case 0xf3: /* rep */ break;
617 default: pref_done = 1;
619 } while (!pref_done);
626 pushl(ssp, sp, get_vflags(regs), simulate_sigsegv);
629 pushw(ssp, sp, get_vflags(regs), simulate_sigsegv);
633 goto vm86_fault_return;
638 unsigned long newflags;
640 newflags = popl(ssp, sp, simulate_sigsegv);
643 newflags = popw(ssp, sp, simulate_sigsegv);
649 set_vflags_long(newflags, regs);
651 set_vflags_short(newflags, regs);
658 int intno = popb(csp, ip, simulate_sigsegv);
660 if (vmpi->vm86dbg_active) {
661 if ((1 << (intno & 7)) & vmpi->vm86dbg_intxxtab[intno >> 3]) {
662 save_v86_state(regs, VM86_INTx + (intno << 8));
666 do_int(regs, intno, ssp, sp);
675 unsigned long newflags;
677 newip = popl(ssp, sp, simulate_sigsegv);
678 newcs = popl(ssp, sp, simulate_sigsegv);
679 newflags = popl(ssp, sp, simulate_sigsegv);
682 newip = popw(ssp, sp, simulate_sigsegv);
683 newcs = popw(ssp, sp, simulate_sigsegv);
684 newflags = popw(ssp, sp, simulate_sigsegv);
691 set_vflags_long(newflags, regs);
693 set_vflags_short(newflags, regs);
702 goto vm86_fault_return;
706 * Damn. This is incorrect: the 'sti' instruction should actually
707 * enable interrupts after the /next/ instruction. Not good.
709 * Probably needs some horsing around with the TF flag. Aiee..
717 save_v86_state(regs, VM86_UNKNOWN);
723 if (VEFLAGS & X86_EFLAGS_VIP) {
724 save_v86_state(regs, VM86_STI);
729 if (vmpi->force_return_for_pic && (VEFLAGS & (X86_EFLAGS_IF | X86_EFLAGS_VIF))) {
730 save_v86_state(regs, VM86_PICRETURN);
733 if (orig_flags & X86_EFLAGS_TF)
734 handle_vm86_trap(regs, 0, X86_TRAP_DB);
738 /* FIXME: After a long discussion with Stas we finally
739 * agreed, that this is wrong. Here we should
740 * really send a SIGSEGV to the user program.
741 * But how do we create the correct context? We
742 * are inside a general protection fault handler
743 * and has just returned from a page fault handler.
744 * The correct context for the signal handler
745 * should be a mixture of the two, but how do we
746 * get the information? [KD]
748 save_v86_state(regs, VM86_UNKNOWN);
751 /* ---------------- vm86 special IRQ passing stuff ----------------- */
753 #define VM86_IRQNAME "vm86irq"
755 static struct vm86_irqs {
756 struct task_struct *tsk;
760 static DEFINE_SPINLOCK(irqbits_lock);
763 #define ALLOWED_SIGS (1 /* 0 = don't send a signal */ \
764 | (1 << SIGUSR1) | (1 << SIGUSR2) | (1 << SIGIO) | (1 << SIGURG) \
767 static irqreturn_t irq_handler(int intno, void *dev_id)
772 spin_lock_irqsave(&irqbits_lock, flags);
773 irq_bit = 1 << intno;
774 if ((irqbits & irq_bit) || !vm86_irqs[intno].tsk)
777 if (vm86_irqs[intno].sig)
778 send_sig(vm86_irqs[intno].sig, vm86_irqs[intno].tsk, 1);
780 * IRQ will be re-enabled when user asks for the irq (whether
781 * polling or as a result of the signal)
783 disable_irq_nosync(intno);
784 spin_unlock_irqrestore(&irqbits_lock, flags);
788 spin_unlock_irqrestore(&irqbits_lock, flags);
792 static inline void free_vm86_irq(int irqnumber)
796 free_irq(irqnumber, NULL);
797 vm86_irqs[irqnumber].tsk = NULL;
799 spin_lock_irqsave(&irqbits_lock, flags);
800 irqbits &= ~(1 << irqnumber);
801 spin_unlock_irqrestore(&irqbits_lock, flags);
804 void release_vm86_irqs(struct task_struct *task)
807 for (i = FIRST_VM86_IRQ ; i <= LAST_VM86_IRQ; i++)
808 if (vm86_irqs[i].tsk == task)
812 static inline int get_and_reset_irq(int irqnumber)
818 if (invalid_vm86_irq(irqnumber)) return 0;
819 if (vm86_irqs[irqnumber].tsk != current) return 0;
820 spin_lock_irqsave(&irqbits_lock, flags);
821 bit = irqbits & (1 << irqnumber);
824 enable_irq(irqnumber);
828 spin_unlock_irqrestore(&irqbits_lock, flags);
833 static int do_vm86_irq_handling(int subfunction, int irqnumber)
836 switch (subfunction) {
837 case VM86_GET_AND_RESET_IRQ: {
838 return get_and_reset_irq(irqnumber);
840 case VM86_GET_IRQ_BITS: {
843 case VM86_REQUEST_IRQ: {
844 int sig = irqnumber >> 8;
845 int irq = irqnumber & 255;
846 if (!capable(CAP_SYS_ADMIN)) return -EPERM;
847 if (!((1 << sig) & ALLOWED_SIGS)) return -EPERM;
848 if (invalid_vm86_irq(irq)) return -EPERM;
849 if (vm86_irqs[irq].tsk) return -EPERM;
850 ret = request_irq(irq, &irq_handler, 0, VM86_IRQNAME, NULL);
852 vm86_irqs[irq].sig = sig;
853 vm86_irqs[irq].tsk = current;
856 case VM86_FREE_IRQ: {
857 if (invalid_vm86_irq(irqnumber)) return -EPERM;
858 if (!vm86_irqs[irqnumber].tsk) return 0;
859 if (vm86_irqs[irqnumber].tsk != current) return -EPERM;
860 free_vm86_irq(irqnumber);
projects / karo-tx-linux.git / blob