Commit | Line | Data |
---|---|---|
b2441318 | 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
2df5e8bc SR |
2 | #ifndef _ARCH_POWERPC_UACCESS_H |
3 | #define _ARCH_POWERPC_UACCESS_H | |
4 | ||
24bfa6a9 | 5 | #include <asm/ppc_asm.h> |
2df5e8bc | 6 | #include <asm/processor.h> |
6bfd93c3 | 7 | #include <asm/page.h> |
527b5bae | 8 | #include <asm/extable.h> |
de78a9c4 | 9 | #include <asm/kup.h> |
2df5e8bc | 10 | |
2df5e8bc SR |
11 | /* |
12 | * The fs value determines whether argument validity checking should be | |
13 | * performed or not. If get_fs() == USER_DS, checking is performed, with | |
14 | * get_fs() == KERNEL_DS, checking is bypassed. | |
15 | * | |
16 | * For historical reasons, these macros are grossly misnamed. | |
17 | * | |
18 | * The fs/ds values are now the highest legal address in the "segment". | |
19 | * This simplifies the checking in the routines below. | |
20 | */ | |
21 | ||
22 | #define MAKE_MM_SEG(s) ((mm_segment_t) { (s) }) | |
23 | ||
5015b494 | 24 | #define KERNEL_DS MAKE_MM_SEG(~0UL) |
2df5e8bc | 25 | #ifdef __powerpc64__ |
5015b494 SR |
26 | /* We use TASK_SIZE_USER64 as TASK_SIZE is not constant */ |
27 | #define USER_DS MAKE_MM_SEG(TASK_SIZE_USER64 - 1) | |
2df5e8bc | 28 | #else |
2df5e8bc SR |
29 | #define USER_DS MAKE_MM_SEG(TASK_SIZE - 1) |
30 | #endif | |
31 | ||
ba0635fc | 32 | #define get_fs() (current->thread.addr_limit) |
3e378680 ME |
33 | |
34 | static inline void set_fs(mm_segment_t fs) | |
35 | { | |
36 | current->thread.addr_limit = fs; | |
37 | /* On user-mode return check addr_limit (fs) is correct */ | |
38 | set_thread_flag(TIF_FSCHECK); | |
39 | } | |
2df5e8bc SR |
40 | |
41 | #define segment_eq(a, b) ((a).seg == (b).seg) | |
42 | ||
1629372c PM |
43 | #define user_addr_max() (get_fs().seg) |
44 | ||
2df5e8bc SR |
45 | #ifdef __powerpc64__ |
46 | /* | |
5015b494 SR |
47 | * This check is sufficient because there is a large enough |
48 | * gap between user addresses and the kernel addresses | |
2df5e8bc SR |
49 | */ |
50 | #define __access_ok(addr, size, segment) \ | |
5015b494 | 51 | (((addr) <= (segment).seg) && ((size) <= (segment).seg)) |
2df5e8bc SR |
52 | |
53 | #else | |
54 | ||
ef85dffd MM |
55 | static inline int __access_ok(unsigned long addr, unsigned long size, |
56 | mm_segment_t seg) | |
57 | { | |
58 | if (addr > seg.seg) | |
59 | return 0; | |
60 | return (size == 0 || size - 1 <= seg.seg - addr); | |
61 | } | |
2df5e8bc SR |
62 | |
63 | #endif | |
64 | ||
96d4f267 | 65 | #define access_ok(addr, size) \ |
4caf4ebf | 66 | (__chk_user_ptr(addr), \ |
2df5e8bc SR |
67 | __access_ok((__force unsigned long)(addr), (size), get_fs())) |
68 | ||
2df5e8bc SR |
69 | /* |
70 | * These are the main single-value transfer routines. They automatically | |
71 | * use the right size if we just have the right pointer type. | |
72 | * | |
73 | * This gets kind of ugly. We want to return _two_ values in "get_user()" | |
74 | * and yet we don't want to do any pointers, because that is too much | |
75 | * of a performance impact. Thus we have a few rather ugly macros here, | |
76 | * and hide all the ugliness from the user. | |
77 | * | |
78 | * The "__xxx" versions of the user access functions are versions that | |
79 | * do not verify the address space, that must have been done previously | |
80 | * with a separate "access_ok()" call (this is used when we do multiple | |
81 | * accesses to the same area of user memory). | |
82 | * | |
83 | * As we use the same address space for kernel and user data on the | |
84 | * PowerPC, we can just do these as direct assignments. (Of course, the | |
85 | * exception handling means that it's no longer "just"...) | |
86 | * | |
2df5e8bc SR |
87 | */ |
88 | #define get_user(x, ptr) \ | |
89 | __get_user_check((x), (ptr), sizeof(*(ptr))) | |
90 | #define put_user(x, ptr) \ | |
91 | __put_user_check((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr))) | |
92 | ||
93 | #define __get_user(x, ptr) \ | |
94 | __get_user_nocheck((x), (ptr), sizeof(*(ptr))) | |
95 | #define __put_user(x, ptr) \ | |
96 | __put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr))) | |
e68c825b | 97 | |
e68c825b BH |
98 | #define __get_user_inatomic(x, ptr) \ |
99 | __get_user_nosleep((x), (ptr), sizeof(*(ptr))) | |
100 | #define __put_user_inatomic(x, ptr) \ | |
101 | __put_user_nosleep((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr))) | |
102 | ||
2df5e8bc SR |
103 | extern long __put_user_bad(void); |
104 | ||
2df5e8bc SR |
105 | /* |
106 | * We don't tell gcc that we are accessing memory, but this is OK | |
107 | * because we do not write to any memory gcc knows about, so there | |
108 | * are no aliasing issues. | |
109 | */ | |
110 | #define __put_user_asm(x, addr, err, op) \ | |
111 | __asm__ __volatile__( \ | |
112 | "1: " op " %1,0(%2) # put_user\n" \ | |
113 | "2:\n" \ | |
114 | ".section .fixup,\"ax\"\n" \ | |
115 | "3: li %0,%3\n" \ | |
116 | " b 2b\n" \ | |
117 | ".previous\n" \ | |
24bfa6a9 | 118 | EX_TABLE(1b, 3b) \ |
2df5e8bc | 119 | : "=r" (err) \ |
551c3c04 | 120 | : "r" (x), "b" (addr), "i" (-EFAULT), "0" (err)) |
2df5e8bc | 121 | |
5015b494 SR |
122 | #ifdef __powerpc64__ |
123 | #define __put_user_asm2(x, ptr, retval) \ | |
124 | __put_user_asm(x, ptr, retval, "std") | |
125 | #else /* __powerpc64__ */ | |
2df5e8bc SR |
126 | #define __put_user_asm2(x, addr, err) \ |
127 | __asm__ __volatile__( \ | |
128 | "1: stw %1,0(%2)\n" \ | |
129 | "2: stw %1+1,4(%2)\n" \ | |
130 | "3:\n" \ | |
131 | ".section .fixup,\"ax\"\n" \ | |
132 | "4: li %0,%3\n" \ | |
133 | " b 3b\n" \ | |
134 | ".previous\n" \ | |
24bfa6a9 NP |
135 | EX_TABLE(1b, 4b) \ |
136 | EX_TABLE(2b, 4b) \ | |
2df5e8bc | 137 | : "=r" (err) \ |
551c3c04 | 138 | : "r" (x), "b" (addr), "i" (-EFAULT), "0" (err)) |
2df5e8bc SR |
139 | #endif /* __powerpc64__ */ |
140 | ||
141 | #define __put_user_size(x, ptr, size, retval) \ | |
142 | do { \ | |
143 | retval = 0; \ | |
de78a9c4 | 144 | allow_write_to_user(ptr, size); \ |
2df5e8bc SR |
145 | switch (size) { \ |
146 | case 1: __put_user_asm(x, ptr, retval, "stb"); break; \ | |
147 | case 2: __put_user_asm(x, ptr, retval, "sth"); break; \ | |
148 | case 4: __put_user_asm(x, ptr, retval, "stw"); break; \ | |
149 | case 8: __put_user_asm2(x, ptr, retval); break; \ | |
150 | default: __put_user_bad(); \ | |
151 | } \ | |
de78a9c4 | 152 | prevent_write_to_user(ptr, size); \ |
2df5e8bc SR |
153 | } while (0) |
154 | ||
155 | #define __put_user_nocheck(x, ptr, size) \ | |
156 | ({ \ | |
157 | long __pu_err; \ | |
6bfd93c3 PM |
158 | __typeof__(*(ptr)) __user *__pu_addr = (ptr); \ |
159 | if (!is_kernel_addr((unsigned long)__pu_addr)) \ | |
1af1717d | 160 | might_fault(); \ |
2df5e8bc | 161 | __chk_user_ptr(ptr); \ |
6bfd93c3 | 162 | __put_user_size((x), __pu_addr, (size), __pu_err); \ |
2df5e8bc SR |
163 | __pu_err; \ |
164 | }) | |
165 | ||
166 | #define __put_user_check(x, ptr, size) \ | |
167 | ({ \ | |
168 | long __pu_err = -EFAULT; \ | |
169 | __typeof__(*(ptr)) __user *__pu_addr = (ptr); \ | |
1af1717d | 170 | might_fault(); \ |
96d4f267 | 171 | if (access_ok(__pu_addr, size)) \ |
2df5e8bc SR |
172 | __put_user_size((x), __pu_addr, (size), __pu_err); \ |
173 | __pu_err; \ | |
174 | }) | |
175 | ||
e68c825b BH |
176 | #define __put_user_nosleep(x, ptr, size) \ |
177 | ({ \ | |
178 | long __pu_err; \ | |
179 | __typeof__(*(ptr)) __user *__pu_addr = (ptr); \ | |
180 | __chk_user_ptr(ptr); \ | |
181 | __put_user_size((x), __pu_addr, (size), __pu_err); \ | |
182 | __pu_err; \ | |
183 | }) | |
184 | ||
185 | ||
2df5e8bc SR |
186 | extern long __get_user_bad(void); |
187 | ||
5080332c MN |
188 | /* |
189 | * This does an atomic 128 byte aligned load from userspace. | |
190 | * Upto caller to do enable_kernel_vmx() before calling! | |
191 | */ | |
192 | #define __get_user_atomic_128_aligned(kaddr, uaddr, err) \ | |
193 | __asm__ __volatile__( \ | |
194 | "1: lvx 0,0,%1 # get user\n" \ | |
195 | " stvx 0,0,%2 # put kernel\n" \ | |
196 | "2:\n" \ | |
197 | ".section .fixup,\"ax\"\n" \ | |
198 | "3: li %0,%3\n" \ | |
199 | " b 2b\n" \ | |
200 | ".previous\n" \ | |
201 | EX_TABLE(1b, 3b) \ | |
202 | : "=r" (err) \ | |
203 | : "b" (uaddr), "b" (kaddr), "i" (-EFAULT), "0" (err)) | |
204 | ||
2df5e8bc SR |
205 | #define __get_user_asm(x, addr, err, op) \ |
206 | __asm__ __volatile__( \ | |
5015b494 | 207 | "1: "op" %1,0(%2) # get_user\n" \ |
2df5e8bc SR |
208 | "2:\n" \ |
209 | ".section .fixup,\"ax\"\n" \ | |
210 | "3: li %0,%3\n" \ | |
211 | " li %1,0\n" \ | |
212 | " b 2b\n" \ | |
213 | ".previous\n" \ | |
24bfa6a9 | 214 | EX_TABLE(1b, 3b) \ |
2df5e8bc | 215 | : "=r" (err), "=r" (x) \ |
551c3c04 | 216 | : "b" (addr), "i" (-EFAULT), "0" (err)) |
2df5e8bc | 217 | |
5015b494 SR |
218 | #ifdef __powerpc64__ |
219 | #define __get_user_asm2(x, addr, err) \ | |
220 | __get_user_asm(x, addr, err, "ld") | |
221 | #else /* __powerpc64__ */ | |
222 | #define __get_user_asm2(x, addr, err) \ | |
2df5e8bc SR |
223 | __asm__ __volatile__( \ |
224 | "1: lwz %1,0(%2)\n" \ | |
225 | "2: lwz %1+1,4(%2)\n" \ | |
226 | "3:\n" \ | |
227 | ".section .fixup,\"ax\"\n" \ | |
228 | "4: li %0,%3\n" \ | |
229 | " li %1,0\n" \ | |
230 | " li %1+1,0\n" \ | |
231 | " b 3b\n" \ | |
232 | ".previous\n" \ | |
24bfa6a9 NP |
233 | EX_TABLE(1b, 4b) \ |
234 | EX_TABLE(2b, 4b) \ | |
2df5e8bc | 235 | : "=r" (err), "=&r" (x) \ |
551c3c04 | 236 | : "b" (addr), "i" (-EFAULT), "0" (err)) |
2df5e8bc SR |
237 | #endif /* __powerpc64__ */ |
238 | ||
239 | #define __get_user_size(x, ptr, size, retval) \ | |
240 | do { \ | |
241 | retval = 0; \ | |
242 | __chk_user_ptr(ptr); \ | |
5015b494 SR |
243 | if (size > sizeof(x)) \ |
244 | (x) = __get_user_bad(); \ | |
de78a9c4 | 245 | allow_read_from_user(ptr, size); \ |
2df5e8bc SR |
246 | switch (size) { \ |
247 | case 1: __get_user_asm(x, ptr, retval, "lbz"); break; \ | |
248 | case 2: __get_user_asm(x, ptr, retval, "lhz"); break; \ | |
249 | case 4: __get_user_asm(x, ptr, retval, "lwz"); break; \ | |
250 | case 8: __get_user_asm2(x, ptr, retval); break; \ | |
251 | default: (x) = __get_user_bad(); \ | |
252 | } \ | |
de78a9c4 | 253 | prevent_read_from_user(ptr, size); \ |
2df5e8bc SR |
254 | } while (0) |
255 | ||
f7a6947c ME |
256 | /* |
257 | * This is a type: either unsigned long, if the argument fits into | |
258 | * that type, or otherwise unsigned long long. | |
259 | */ | |
260 | #define __long_type(x) \ | |
261 | __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) | |
262 | ||
2df5e8bc SR |
263 | #define __get_user_nocheck(x, ptr, size) \ |
264 | ({ \ | |
265 | long __gu_err; \ | |
f7a6947c | 266 | __long_type(*(ptr)) __gu_val; \ |
e00d93ac | 267 | __typeof__(*(ptr)) __user *__gu_addr = (ptr); \ |
2df5e8bc | 268 | __chk_user_ptr(ptr); \ |
6bfd93c3 | 269 | if (!is_kernel_addr((unsigned long)__gu_addr)) \ |
1af1717d | 270 | might_fault(); \ |
ddf35cf3 | 271 | barrier_nospec(); \ |
6bfd93c3 | 272 | __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \ |
2df5e8bc SR |
273 | (x) = (__typeof__(*(ptr)))__gu_val; \ |
274 | __gu_err; \ | |
275 | }) | |
276 | ||
2df5e8bc SR |
277 | #define __get_user_check(x, ptr, size) \ |
278 | ({ \ | |
279 | long __gu_err = -EFAULT; \ | |
f7a6947c | 280 | __long_type(*(ptr)) __gu_val = 0; \ |
e00d93ac | 281 | __typeof__(*(ptr)) __user *__gu_addr = (ptr); \ |
1af1717d | 282 | might_fault(); \ |
96d4f267 | 283 | if (access_ok(__gu_addr, (size))) { \ |
ddf35cf3 | 284 | barrier_nospec(); \ |
2df5e8bc | 285 | __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \ |
ddf35cf3 | 286 | } \ |
505e4283 | 287 | (x) = (__force __typeof__(*(ptr)))__gu_val; \ |
2df5e8bc SR |
288 | __gu_err; \ |
289 | }) | |
290 | ||
e68c825b BH |
291 | #define __get_user_nosleep(x, ptr, size) \ |
292 | ({ \ | |
293 | long __gu_err; \ | |
f7a6947c | 294 | __long_type(*(ptr)) __gu_val; \ |
e00d93ac | 295 | __typeof__(*(ptr)) __user *__gu_addr = (ptr); \ |
e68c825b | 296 | __chk_user_ptr(ptr); \ |
ddf35cf3 | 297 | barrier_nospec(); \ |
e68c825b | 298 | __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \ |
505e4283 | 299 | (x) = (__force __typeof__(*(ptr)))__gu_val; \ |
e68c825b BH |
300 | __gu_err; \ |
301 | }) | |
302 | ||
303 | ||
2df5e8bc SR |
304 | /* more complex routines */ |
305 | ||
306 | extern unsigned long __copy_tofrom_user(void __user *to, | |
307 | const void __user *from, unsigned long size); | |
308 | ||
d6bd8194 | 309 | #ifdef __powerpc64__ |
3448890c AV |
310 | static inline unsigned long |
311 | raw_copy_in_user(void __user *to, const void __user *from, unsigned long n) | |
312 | { | |
de78a9c4 CL |
313 | unsigned long ret; |
314 | ||
315 | allow_user_access(to, from, n); | |
316 | ret = __copy_tofrom_user(to, from, n); | |
317 | prevent_user_access(to, from, n); | |
318 | return ret; | |
3448890c | 319 | } |
48fe4871 SR |
320 | #endif /* __powerpc64__ */ |
321 | ||
3448890c | 322 | static inline unsigned long raw_copy_from_user(void *to, |
5015b494 | 323 | const void __user *from, unsigned long n) |
2df5e8bc | 324 | { |
de78a9c4 | 325 | unsigned long ret; |
2df5e8bc | 326 | if (__builtin_constant_p(n) && (n <= 8)) { |
de78a9c4 | 327 | ret = 1; |
2df5e8bc SR |
328 | |
329 | switch (n) { | |
330 | case 1: | |
ddf35cf3 | 331 | barrier_nospec(); |
2df5e8bc SR |
332 | __get_user_size(*(u8 *)to, from, 1, ret); |
333 | break; | |
334 | case 2: | |
ddf35cf3 | 335 | barrier_nospec(); |
2df5e8bc SR |
336 | __get_user_size(*(u16 *)to, from, 2, ret); |
337 | break; | |
338 | case 4: | |
ddf35cf3 | 339 | barrier_nospec(); |
2df5e8bc SR |
340 | __get_user_size(*(u32 *)to, from, 4, ret); |
341 | break; | |
342 | case 8: | |
ddf35cf3 | 343 | barrier_nospec(); |
2df5e8bc SR |
344 | __get_user_size(*(u64 *)to, from, 8, ret); |
345 | break; | |
346 | } | |
48fe4871 SR |
347 | if (ret == 0) |
348 | return 0; | |
2df5e8bc | 349 | } |
1d3c1324 | 350 | |
ddf35cf3 | 351 | barrier_nospec(); |
de78a9c4 CL |
352 | allow_read_from_user(from, n); |
353 | ret = __copy_tofrom_user((__force void __user *)to, from, n); | |
354 | prevent_read_from_user(from, n); | |
355 | return ret; | |
2df5e8bc SR |
356 | } |
357 | ||
3448890c | 358 | static inline unsigned long raw_copy_to_user(void __user *to, |
5015b494 | 359 | const void *from, unsigned long n) |
2df5e8bc | 360 | { |
de78a9c4 | 361 | unsigned long ret; |
2df5e8bc | 362 | if (__builtin_constant_p(n) && (n <= 8)) { |
de78a9c4 | 363 | ret = 1; |
2df5e8bc SR |
364 | |
365 | switch (n) { | |
366 | case 1: | |
367 | __put_user_size(*(u8 *)from, (u8 __user *)to, 1, ret); | |
368 | break; | |
369 | case 2: | |
370 | __put_user_size(*(u16 *)from, (u16 __user *)to, 2, ret); | |
371 | break; | |
372 | case 4: | |
373 | __put_user_size(*(u32 *)from, (u32 __user *)to, 4, ret); | |
374 | break; | |
375 | case 8: | |
376 | __put_user_size(*(u64 *)from, (u64 __user *)to, 8, ret); | |
377 | break; | |
378 | } | |
48fe4871 SR |
379 | if (ret == 0) |
380 | return 0; | |
2df5e8bc | 381 | } |
81409e9e | 382 | |
de78a9c4 CL |
383 | allow_write_to_user(to, n); |
384 | ret = __copy_tofrom_user(to, (__force const void __user *)from, n); | |
385 | prevent_write_to_user(to, n); | |
386 | return ret; | |
2df5e8bc SR |
387 | } |
388 | ||
2df5e8bc SR |
389 | extern unsigned long __clear_user(void __user *addr, unsigned long size); |
390 | ||
391 | static inline unsigned long clear_user(void __user *addr, unsigned long size) | |
392 | { | |
de78a9c4 | 393 | unsigned long ret = size; |
1af1717d | 394 | might_fault(); |
de78a9c4 CL |
395 | if (likely(access_ok(addr, size))) { |
396 | allow_write_to_user(addr, size); | |
397 | ret = __clear_user(addr, size); | |
398 | prevent_write_to_user(addr, size); | |
399 | } | |
400 | return ret; | |
2df5e8bc SR |
401 | } |
402 | ||
1629372c | 403 | extern long strncpy_from_user(char *dst, const char __user *src, long count); |
1629372c | 404 | extern __must_check long strnlen_user(const char __user *str, long n); |
2df5e8bc | 405 | |
6c44741d OH |
406 | extern long __copy_from_user_flushcache(void *dst, const void __user *src, |
407 | unsigned size); | |
408 | extern void memcpy_page_flushcache(char *to, struct page *page, size_t offset, | |
409 | size_t len); | |
410 | ||
2df5e8bc | 411 | #endif /* _ARCH_POWERPC_UACCESS_H */ |