1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef _ASM_X86_UACCESS_H 3 #define _ASM_X86_UACCESS_H 4 /* 5 * User space memory access functions 6 */ 7 #include <linux/compiler.h> 8 #include <linux/instrumented.h> 9 #include <linux/kasan-checks.h> 10 #include <linux/mm_types.h> 11 #include <linux/string.h> 12 #include <linux/mmap_lock.h> 13 #include <asm/asm.h> 14 #include <asm/page.h> 15 #include <asm/smap.h> 16 #include <asm/extable.h> 17 #include <asm/tlbflush.h> 18 19 #ifdef CONFIG_ADDRESS_MASKING 20 /* 21 * Mask out tag bits from the address. 22 * 23 * Magic with the 'sign' allows to untag userspace pointer without any branches 24 * while leaving kernel addresses intact. 25 */ 26 static inline unsigned long __untagged_addr(unsigned long addr) 27 { 28 long sign; 29 30 /* 31 * Refer tlbstate_untag_mask directly to avoid RIP-relative relocation 32 * in alternative instructions. The relocation gets wrong when gets 33 * copied to the target place. 34 */ 35 asm (ALTERNATIVE("", 36 "sar $63, %[sign]\n\t" /* user_ptr ? 0 : -1UL */ 37 "or %%gs:tlbstate_untag_mask, %[sign]\n\t" 38 "and %[sign], %[addr]\n\t", X86_FEATURE_LAM) 39 : [addr] "+r" (addr), [sign] "=r" (sign) 40 : "m" (tlbstate_untag_mask), "[sign]" (addr)); 41 42 return addr; 43 } 44 45 #define untagged_addr(addr) ({ \ 46 unsigned long __addr = (__force unsigned long)(addr); \ 47 (__force __typeof__(addr))__untagged_addr(__addr); \ 48 }) 49 50 static inline unsigned long __untagged_addr_remote(struct mm_struct *mm, 51 unsigned long addr) 52 { 53 long sign = addr >> 63; 54 55 mmap_assert_locked(mm); 56 addr &= (mm)->context.untag_mask | sign; 57 58 return addr; 59 } 60 61 #define untagged_addr_remote(mm, addr) ({ \ 62 unsigned long __addr = (__force unsigned long)(addr); \ 63 (__force __typeof__(addr))__untagged_addr_remote(mm, __addr); \ 64 }) 65 66 #else 67 #define untagged_addr(addr) (addr) 68 #endif 69 70 #ifdef CONFIG_X86_64 71 /* 72 * On x86-64, we may have tag bits in the user pointer. Rather than 73 * mask them off, just change the rules for __access_ok(). 74 * 75 * Make the rule be that 'ptr+size' must not overflow, and must not 76 * have the high bit set. Compilers generally understand about 77 * unsigned overflow and the CF bit and generate reasonable code for 78 * this. Although it looks like the combination confuses at least 79 * clang (and instead of just doing an "add" followed by a test of 80 * SF and CF, you'll see that unnecessary comparison). 81 * 82 * For the common case of small sizes that can be checked at compile 83 * time, don't even bother with the addition, and just check that the 84 * base pointer is ok. 85 */ 86 static inline bool __access_ok(const void __user *ptr, unsigned long size) 87 { 88 if (__builtin_constant_p(size <= PAGE_SIZE) && size <= PAGE_SIZE) { 89 return (long)ptr >= 0; 90 } else { 91 unsigned long sum = size + (unsigned long)ptr; 92 return (long) sum >= 0 && sum >= (unsigned long)ptr; 93 } 94 } 95 #define __access_ok __access_ok 96 #endif 97 98 #include <asm-generic/access_ok.h> 99 100 extern int __get_user_1(void); 101 extern int __get_user_2(void); 102 extern int __get_user_4(void); 103 extern int __get_user_8(void); 104 extern int __get_user_nocheck_1(void); 105 extern int __get_user_nocheck_2(void); 106 extern int __get_user_nocheck_4(void); 107 extern int __get_user_nocheck_8(void); 108 extern int __get_user_bad(void); 109 110 #define __uaccess_begin() stac() 111 #define __uaccess_end() clac() 112 #define __uaccess_begin_nospec() \ 113 ({ \ 114 stac(); \ 115 barrier_nospec(); \ 116 }) 117 118 /* 119 * This is the smallest unsigned integer type that can fit a value 120 * (up to 'long long') 121 */ 122 #define __inttype(x) __typeof__( \ 123 __typefits(x,char, \ 124 __typefits(x,short, \ 125 __typefits(x,int, \ 126 __typefits(x,long,0ULL))))) 127 128 #define __typefits(x,type,not) \ 129 __builtin_choose_expr(sizeof(x)<=sizeof(type),(unsigned type)0,not) 130 131 /* 132 * This is used for both get_user() and __get_user() to expand to 133 * the proper special function call that has odd calling conventions 134 * due to returning both a value and an error, and that depends on 135 * the size of the pointer passed in. 136 * 137 * Careful: we have to cast the result to the type of the pointer 138 * for sign reasons. 139 * 140 * The use of _ASM_DX as the register specifier is a bit of a 141 * simplification, as gcc only cares about it as the starting point 142 * and not size: for a 64-bit value it will use %ecx:%edx on 32 bits 143 * (%ecx being the next register in gcc's x86 register sequence), and 144 * %rdx on 64 bits. 145 * 146 * Clang/LLVM cares about the size of the register, but still wants 147 * the base register for something that ends up being a pair. 148 */ 149 #define do_get_user_call(fn,x,ptr) \ 150 ({ \ 151 int __ret_gu; \ 152 register __inttype(*(ptr)) __val_gu asm("%"_ASM_DX); \ 153 __chk_user_ptr(ptr); \ 154 asm volatile("call __" #fn "_%P4" \ 155 : "=a" (__ret_gu), "=r" (__val_gu), \ 156 ASM_CALL_CONSTRAINT \ 157 : "0" (ptr), "i" (sizeof(*(ptr)))); \ 158 instrument_get_user(__val_gu); \ 159 (x) = (__force __typeof__(*(ptr))) __val_gu; \ 160 __builtin_expect(__ret_gu, 0); \ 161 }) 162 163 /** 164 * get_user - Get a simple variable from user space. 165 * @x: Variable to store result. 166 * @ptr: Source address, in user space. 167 * 168 * Context: User context only. This function may sleep if pagefaults are 169 * enabled. 170 * 171 * This macro copies a single simple variable from user space to kernel 172 * space. It supports simple types like char and int, but not larger 173 * data types like structures or arrays. 174 * 175 * @ptr must have pointer-to-simple-variable type, and the result of 176 * dereferencing @ptr must be assignable to @x without a cast. 177 * 178 * Return: zero on success, or -EFAULT on error. 179 * On error, the variable @x is set to zero. 180 */ 181 #define get_user(x,ptr) ({ might_fault(); do_get_user_call(get_user,x,ptr); }) 182 183 /** 184 * __get_user - Get a simple variable from user space, with less checking. 185 * @x: Variable to store result. 186 * @ptr: Source address, in user space. 187 * 188 * Context: User context only. This function may sleep if pagefaults are 189 * enabled. 190 * 191 * This macro copies a single simple variable from user space to kernel 192 * space. It supports simple types like char and int, but not larger 193 * data types like structures or arrays. 194 * 195 * @ptr must have pointer-to-simple-variable type, and the result of 196 * dereferencing @ptr must be assignable to @x without a cast. 197 * 198 * Caller must check the pointer with access_ok() before calling this 199 * function. 200 * 201 * Return: zero on success, or -EFAULT on error. 202 * On error, the variable @x is set to zero. 203 */ 204 #define __get_user(x,ptr) do_get_user_call(get_user_nocheck,x,ptr) 205 206 207 #ifdef CONFIG_X86_32 208 #define __put_user_goto_u64(x, addr, label) \ 209 asm_volatile_goto("\n" \ 210 "1: movl %%eax,0(%1)\n" \ 211 "2: movl %%edx,4(%1)\n" \ 212 _ASM_EXTABLE_UA(1b, %l2) \ 213 _ASM_EXTABLE_UA(2b, %l2) \ 214 : : "A" (x), "r" (addr) \ 215 : : label) 216 217 #else 218 #define __put_user_goto_u64(x, ptr, label) \ 219 __put_user_goto(x, ptr, "q", "er", label) 220 #endif 221 222 extern void __put_user_bad(void); 223 224 /* 225 * Strange magic calling convention: pointer in %ecx, 226 * value in %eax(:%edx), return value in %ecx. clobbers %rbx 227 */ 228 extern void __put_user_1(void); 229 extern void __put_user_2(void); 230 extern void __put_user_4(void); 231 extern void __put_user_8(void); 232 extern void __put_user_nocheck_1(void); 233 extern void __put_user_nocheck_2(void); 234 extern void __put_user_nocheck_4(void); 235 extern void __put_user_nocheck_8(void); 236 237 /* 238 * ptr must be evaluated and assigned to the temporary __ptr_pu before 239 * the assignment of x to __val_pu, to avoid any function calls 240 * involved in the ptr expression (possibly implicitly generated due 241 * to KASAN) from clobbering %ax. 242 */ 243 #define do_put_user_call(fn,x,ptr) \ 244 ({ \ 245 int __ret_pu; \ 246 void __user *__ptr_pu; \ 247 register __typeof__(*(ptr)) __val_pu asm("%"_ASM_AX); \ 248 __typeof__(*(ptr)) __x = (x); /* eval x once */ \ 249 __typeof__(ptr) __ptr = (ptr); /* eval ptr once */ \ 250 __chk_user_ptr(__ptr); \ 251 __ptr_pu = __ptr; \ 252 __val_pu = __x; \ 253 asm volatile("call __" #fn "_%P[size]" \ 254 : "=c" (__ret_pu), \ 255 ASM_CALL_CONSTRAINT \ 256 : "0" (__ptr_pu), \ 257 "r" (__val_pu), \ 258 [size] "i" (sizeof(*(ptr))) \ 259 :"ebx"); \ 260 instrument_put_user(__x, __ptr, sizeof(*(ptr))); \ 261 __builtin_expect(__ret_pu, 0); \ 262 }) 263 264 /** 265 * put_user - Write a simple value into user space. 266 * @x: Value to copy to user space. 267 * @ptr: Destination address, in user space. 268 * 269 * Context: User context only. This function may sleep if pagefaults are 270 * enabled. 271 * 272 * This macro copies a single simple value from kernel space to user 273 * space. It supports simple types like char and int, but not larger 274 * data types like structures or arrays. 275 * 276 * @ptr must have pointer-to-simple-variable type, and @x must be assignable 277 * to the result of dereferencing @ptr. 278 * 279 * Return: zero on success, or -EFAULT on error. 280 */ 281 #define put_user(x, ptr) ({ might_fault(); do_put_user_call(put_user,x,ptr); }) 282 283 /** 284 * __put_user - Write a simple value into user space, with less checking. 285 * @x: Value to copy to user space. 286 * @ptr: Destination address, in user space. 287 * 288 * Context: User context only. This function may sleep if pagefaults are 289 * enabled. 290 * 291 * This macro copies a single simple value from kernel space to user 292 * space. It supports simple types like char and int, but not larger 293 * data types like structures or arrays. 294 * 295 * @ptr must have pointer-to-simple-variable type, and @x must be assignable 296 * to the result of dereferencing @ptr. 297 * 298 * Caller must check the pointer with access_ok() before calling this 299 * function. 300 * 301 * Return: zero on success, or -EFAULT on error. 302 */ 303 #define __put_user(x, ptr) do_put_user_call(put_user_nocheck,x,ptr) 304 305 #define __put_user_size(x, ptr, size, label) \ 306 do { \ 307 __typeof__(*(ptr)) __x = (x); /* eval x once */ \ 308 __typeof__(ptr) __ptr = (ptr); /* eval ptr once */ \ 309 __chk_user_ptr(__ptr); \ 310 switch (size) { \ 311 case 1: \ 312 __put_user_goto(__x, __ptr, "b", "iq", label); \ 313 break; \ 314 case 2: \ 315 __put_user_goto(__x, __ptr, "w", "ir", label); \ 316 break; \ 317 case 4: \ 318 __put_user_goto(__x, __ptr, "l", "ir", label); \ 319 break; \ 320 case 8: \ 321 __put_user_goto_u64(__x, __ptr, label); \ 322 break; \ 323 default: \ 324 __put_user_bad(); \ 325 } \ 326 instrument_put_user(__x, __ptr, size); \ 327 } while (0) 328 329 #ifdef CONFIG_CC_HAS_ASM_GOTO_OUTPUT 330 331 #ifdef CONFIG_X86_32 332 #define __get_user_asm_u64(x, ptr, label) do { \ 333 unsigned int __gu_low, __gu_high; \ 334 const unsigned int __user *__gu_ptr; \ 335 __gu_ptr = (const void __user *)(ptr); \ 336 __get_user_asm(__gu_low, __gu_ptr, "l", "=r", label); \ 337 __get_user_asm(__gu_high, __gu_ptr+1, "l", "=r", label); \ 338 (x) = ((unsigned long long)__gu_high << 32) | __gu_low; \ 339 } while (0) 340 #else 341 #define __get_user_asm_u64(x, ptr, label) \ 342 __get_user_asm(x, ptr, "q", "=r", label) 343 #endif 344 345 #define __get_user_size(x, ptr, size, label) \ 346 do { \ 347 __chk_user_ptr(ptr); \ 348 switch (size) { \ 349 case 1: { \ 350 unsigned char x_u8__; \ 351 __get_user_asm(x_u8__, ptr, "b", "=q", label); \ 352 (x) = x_u8__; \ 353 break; \ 354 } \ 355 case 2: \ 356 __get_user_asm(x, ptr, "w", "=r", label); \ 357 break; \ 358 case 4: \ 359 __get_user_asm(x, ptr, "l", "=r", label); \ 360 break; \ 361 case 8: \ 362 __get_user_asm_u64(x, ptr, label); \ 363 break; \ 364 default: \ 365 (x) = __get_user_bad(); \ 366 } \ 367 instrument_get_user(x); \ 368 } while (0) 369 370 #define __get_user_asm(x, addr, itype, ltype, label) \ 371 asm_volatile_goto("\n" \ 372 "1: mov"itype" %[umem],%[output]\n" \ 373 _ASM_EXTABLE_UA(1b, %l2) \ 374 : [output] ltype(x) \ 375 : [umem] "m" (__m(addr)) \ 376 : : label) 377 378 #else // !CONFIG_CC_HAS_ASM_GOTO_OUTPUT 379 380 #ifdef CONFIG_X86_32 381 #define __get_user_asm_u64(x, ptr, retval) \ 382 ({ \ 383 __typeof__(ptr) __ptr = (ptr); \ 384 asm volatile("\n" \ 385 "1: movl %[lowbits],%%eax\n" \ 386 "2: movl %[highbits],%%edx\n" \ 387 "3:\n" \ 388 _ASM_EXTABLE_TYPE_REG(1b, 3b, EX_TYPE_EFAULT_REG | \ 389 EX_FLAG_CLEAR_AX_DX, \ 390 %[errout]) \ 391 _ASM_EXTABLE_TYPE_REG(2b, 3b, EX_TYPE_EFAULT_REG | \ 392 EX_FLAG_CLEAR_AX_DX, \ 393 %[errout]) \ 394 : [errout] "=r" (retval), \ 395 [output] "=&A"(x) \ 396 : [lowbits] "m" (__m(__ptr)), \ 397 [highbits] "m" __m(((u32 __user *)(__ptr)) + 1), \ 398 "0" (retval)); \ 399 }) 400 401 #else 402 #define __get_user_asm_u64(x, ptr, retval) \ 403 __get_user_asm(x, ptr, retval, "q") 404 #endif 405 406 #define __get_user_size(x, ptr, size, retval) \ 407 do { \ 408 unsigned char x_u8__; \ 409 \ 410 retval = 0; \ 411 __chk_user_ptr(ptr); \ 412 switch (size) { \ 413 case 1: \ 414 __get_user_asm(x_u8__, ptr, retval, "b"); \ 415 (x) = x_u8__; \ 416 break; \ 417 case 2: \ 418 __get_user_asm(x, ptr, retval, "w"); \ 419 break; \ 420 case 4: \ 421 __get_user_asm(x, ptr, retval, "l"); \ 422 break; \ 423 case 8: \ 424 __get_user_asm_u64(x, ptr, retval); \ 425 break; \ 426 default: \ 427 (x) = __get_user_bad(); \ 428 } \ 429 } while (0) 430 431 #define __get_user_asm(x, addr, err, itype) \ 432 asm volatile("\n" \ 433 "1: mov"itype" %[umem],%[output]\n" \ 434 "2:\n" \ 435 _ASM_EXTABLE_TYPE_REG(1b, 2b, EX_TYPE_EFAULT_REG | \ 436 EX_FLAG_CLEAR_AX, \ 437 %[errout]) \ 438 : [errout] "=r" (err), \ 439 [output] "=a" (x) \ 440 : [umem] "m" (__m(addr)), \ 441 "0" (err)) 442 443 #endif // CONFIG_CC_HAS_ASM_GOTO_OUTPUT 444 445 #ifdef CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT 446 #define __try_cmpxchg_user_asm(itype, ltype, _ptr, _pold, _new, label) ({ \ 447 bool success; \ 448 __typeof__(_ptr) _old = (__typeof__(_ptr))(_pold); \ 449 __typeof__(*(_ptr)) __old = *_old; \ 450 __typeof__(*(_ptr)) __new = (_new); \ 451 asm_volatile_goto("\n" \ 452 "1: " LOCK_PREFIX "cmpxchg"itype" %[new], %[ptr]\n"\ 453 _ASM_EXTABLE_UA(1b, %l[label]) \ 454 : CC_OUT(z) (success), \ 455 [ptr] "+m" (*_ptr), \ 456 [old] "+a" (__old) \ 457 : [new] ltype (__new) \ 458 : "memory" \ 459 : label); \ 460 if (unlikely(!success)) \ 461 *_old = __old; \ 462 likely(success); }) 463 464 #ifdef CONFIG_X86_32 465 #define __try_cmpxchg64_user_asm(_ptr, _pold, _new, label) ({ \ 466 bool success; \ 467 __typeof__(_ptr) _old = (__typeof__(_ptr))(_pold); \ 468 __typeof__(*(_ptr)) __old = *_old; \ 469 __typeof__(*(_ptr)) __new = (_new); \ 470 asm_volatile_goto("\n" \ 471 "1: " LOCK_PREFIX "cmpxchg8b %[ptr]\n" \ 472 _ASM_EXTABLE_UA(1b, %l[label]) \ 473 : CC_OUT(z) (success), \ 474 "+A" (__old), \ 475 [ptr] "+m" (*_ptr) \ 476 : "b" ((u32)__new), \ 477 "c" ((u32)((u64)__new >> 32)) \ 478 : "memory" \ 479 : label); \ 480 if (unlikely(!success)) \ 481 *_old = __old; \ 482 likely(success); }) 483 #endif // CONFIG_X86_32 484 #else // !CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT 485 #define __try_cmpxchg_user_asm(itype, ltype, _ptr, _pold, _new, label) ({ \ 486 int __err = 0; \ 487 bool success; \ 488 __typeof__(_ptr) _old = (__typeof__(_ptr))(_pold); \ 489 __typeof__(*(_ptr)) __old = *_old; \ 490 __typeof__(*(_ptr)) __new = (_new); \ 491 asm volatile("\n" \ 492 "1: " LOCK_PREFIX "cmpxchg"itype" %[new], %[ptr]\n"\ 493 CC_SET(z) \ 494 "2:\n" \ 495 _ASM_EXTABLE_TYPE_REG(1b, 2b, EX_TYPE_EFAULT_REG, \ 496 %[errout]) \ 497 : CC_OUT(z) (success), \ 498 [errout] "+r" (__err), \ 499 [ptr] "+m" (*_ptr), \ 500 [old] "+a" (__old) \ 501 : [new] ltype (__new) \ 502 : "memory"); \ 503 if (unlikely(__err)) \ 504 goto label; \ 505 if (unlikely(!success)) \ 506 *_old = __old; \ 507 likely(success); }) 508 509 #ifdef CONFIG_X86_32 510 /* 511 * Unlike the normal CMPXCHG, use output GPR for both success/fail and error. 512 * There are only six GPRs available and four (EAX, EBX, ECX, and EDX) are 513 * hardcoded by CMPXCHG8B, leaving only ESI and EDI. If the compiler uses 514 * both ESI and EDI for the memory operand, compilation will fail if the error 515 * is an input+output as there will be no register available for input. 516 */ 517 #define __try_cmpxchg64_user_asm(_ptr, _pold, _new, label) ({ \ 518 int __result; \ 519 __typeof__(_ptr) _old = (__typeof__(_ptr))(_pold); \ 520 __typeof__(*(_ptr)) __old = *_old; \ 521 __typeof__(*(_ptr)) __new = (_new); \ 522 asm volatile("\n" \ 523 "1: " LOCK_PREFIX "cmpxchg8b %[ptr]\n" \ 524 "mov $0, %[result]\n\t" \ 525 "setz %b[result]\n" \ 526 "2:\n" \ 527 _ASM_EXTABLE_TYPE_REG(1b, 2b, EX_TYPE_EFAULT_REG, \ 528 %[result]) \ 529 : [result] "=q" (__result), \ 530 "+A" (__old), \ 531 [ptr] "+m" (*_ptr) \ 532 : "b" ((u32)__new), \ 533 "c" ((u32)((u64)__new >> 32)) \ 534 : "memory", "cc"); \ 535 if (unlikely(__result < 0)) \ 536 goto label; \ 537 if (unlikely(!__result)) \ 538 *_old = __old; \ 539 likely(__result); }) 540 #endif // CONFIG_X86_32 541 #endif // CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT 542 543 /* FIXME: this hack is definitely wrong -AK */ 544 struct __large_struct { unsigned long buf[100]; }; 545 #define __m(x) (*(struct __large_struct __user *)(x)) 546 547 /* 548 * Tell gcc we read from memory instead of writing: this is because 549 * we do not write to any memory gcc knows about, so there are no 550 * aliasing issues. 551 */ 552 #define __put_user_goto(x, addr, itype, ltype, label) \ 553 asm_volatile_goto("\n" \ 554 "1: mov"itype" %0,%1\n" \ 555 _ASM_EXTABLE_UA(1b, %l2) \ 556 : : ltype(x), "m" (__m(addr)) \ 557 : : label) 558 559 extern unsigned long 560 copy_from_user_nmi(void *to, const void __user *from, unsigned long n); 561 extern __must_check long 562 strncpy_from_user(char *dst, const char __user *src, long count); 563 564 extern __must_check long strnlen_user(const char __user *str, long n); 565 566 #ifdef CONFIG_ARCH_HAS_COPY_MC 567 unsigned long __must_check 568 copy_mc_to_kernel(void *to, const void *from, unsigned len); 569 #define copy_mc_to_kernel copy_mc_to_kernel 570 571 unsigned long __must_check 572 copy_mc_to_user(void *to, const void *from, unsigned len); 573 #endif 574 575 /* 576 * movsl can be slow when source and dest are not both 8-byte aligned 577 */ 578 #ifdef CONFIG_X86_INTEL_USERCOPY 579 extern struct movsl_mask { 580 int mask; 581 } ____cacheline_aligned_in_smp movsl_mask; 582 #endif 583 584 #define ARCH_HAS_NOCACHE_UACCESS 1 585 586 #ifdef CONFIG_X86_32 587 unsigned long __must_check clear_user(void __user *mem, unsigned long len); 588 unsigned long __must_check __clear_user(void __user *mem, unsigned long len); 589 # include <asm/uaccess_32.h> 590 #else 591 # include <asm/uaccess_64.h> 592 #endif 593 594 /* 595 * The "unsafe" user accesses aren't really "unsafe", but the naming 596 * is a big fat warning: you have to not only do the access_ok() 597 * checking before using them, but you have to surround them with the 598 * user_access_begin/end() pair. 599 */ 600 static __must_check __always_inline bool user_access_begin(const void __user *ptr, size_t len) 601 { 602 if (unlikely(!access_ok(ptr,len))) 603 return 0; 604 __uaccess_begin_nospec(); 605 return 1; 606 } 607 #define user_access_begin(a,b) user_access_begin(a,b) 608 #define user_access_end() __uaccess_end() 609 610 #define user_access_save() smap_save() 611 #define user_access_restore(x) smap_restore(x) 612 613 #define unsafe_put_user(x, ptr, label) \ 614 __put_user_size((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)), label) 615 616 #ifdef CONFIG_CC_HAS_ASM_GOTO_OUTPUT 617 #define unsafe_get_user(x, ptr, err_label) \ 618 do { \ 619 __inttype(*(ptr)) __gu_val; \ 620 __get_user_size(__gu_val, (ptr), sizeof(*(ptr)), err_label); \ 621 (x) = (__force __typeof__(*(ptr)))__gu_val; \ 622 } while (0) 623 #else // !CONFIG_CC_HAS_ASM_GOTO_OUTPUT 624 #define unsafe_get_user(x, ptr, err_label) \ 625 do { \ 626 int __gu_err; \ 627 __inttype(*(ptr)) __gu_val; \ 628 __get_user_size(__gu_val, (ptr), sizeof(*(ptr)), __gu_err); \ 629 (x) = (__force __typeof__(*(ptr)))__gu_val; \ 630 if (unlikely(__gu_err)) goto err_label; \ 631 } while (0) 632 #endif // CONFIG_CC_HAS_ASM_GOTO_OUTPUT 633 634 extern void __try_cmpxchg_user_wrong_size(void); 635 636 #ifndef CONFIG_X86_32 637 #define __try_cmpxchg64_user_asm(_ptr, _oldp, _nval, _label) \ 638 __try_cmpxchg_user_asm("q", "r", (_ptr), (_oldp), (_nval), _label) 639 #endif 640 641 /* 642 * Force the pointer to u<size> to match the size expected by the asm helper. 643 * clang/LLVM compiles all cases and only discards the unused paths after 644 * processing errors, which breaks i386 if the pointer is an 8-byte value. 645 */ 646 #define unsafe_try_cmpxchg_user(_ptr, _oldp, _nval, _label) ({ \ 647 bool __ret; \ 648 __chk_user_ptr(_ptr); \ 649 switch (sizeof(*(_ptr))) { \ 650 case 1: __ret = __try_cmpxchg_user_asm("b", "q", \ 651 (__force u8 *)(_ptr), (_oldp), \ 652 (_nval), _label); \ 653 break; \ 654 case 2: __ret = __try_cmpxchg_user_asm("w", "r", \ 655 (__force u16 *)(_ptr), (_oldp), \ 656 (_nval), _label); \ 657 break; \ 658 case 4: __ret = __try_cmpxchg_user_asm("l", "r", \ 659 (__force u32 *)(_ptr), (_oldp), \ 660 (_nval), _label); \ 661 break; \ 662 case 8: __ret = __try_cmpxchg64_user_asm((__force u64 *)(_ptr), (_oldp),\ 663 (_nval), _label); \ 664 break; \ 665 default: __try_cmpxchg_user_wrong_size(); \ 666 } \ 667 __ret; }) 668 669 /* "Returns" 0 on success, 1 on failure, -EFAULT if the access faults. */ 670 #define __try_cmpxchg_user(_ptr, _oldp, _nval, _label) ({ \ 671 int __ret = -EFAULT; \ 672 __uaccess_begin_nospec(); \ 673 __ret = !unsafe_try_cmpxchg_user(_ptr, _oldp, _nval, _label); \ 674 _label: \ 675 __uaccess_end(); \ 676 __ret; \ 677 }) 678 679 /* 680 * We want the unsafe accessors to always be inlined and use 681 * the error labels - thus the macro games. 682 */ 683 #define unsafe_copy_loop(dst, src, len, type, label) \ 684 while (len >= sizeof(type)) { \ 685 unsafe_put_user(*(type *)(src),(type __user *)(dst),label); \ 686 dst += sizeof(type); \ 687 src += sizeof(type); \ 688 len -= sizeof(type); \ 689 } 690 691 #define unsafe_copy_to_user(_dst,_src,_len,label) \ 692 do { \ 693 char __user *__ucu_dst = (_dst); \ 694 const char *__ucu_src = (_src); \ 695 size_t __ucu_len = (_len); \ 696 unsafe_copy_loop(__ucu_dst, __ucu_src, __ucu_len, u64, label); \ 697 unsafe_copy_loop(__ucu_dst, __ucu_src, __ucu_len, u32, label); \ 698 unsafe_copy_loop(__ucu_dst, __ucu_src, __ucu_len, u16, label); \ 699 unsafe_copy_loop(__ucu_dst, __ucu_src, __ucu_len, u8, label); \ 700 } while (0) 701 702 #ifdef CONFIG_CC_HAS_ASM_GOTO_OUTPUT 703 #define __get_kernel_nofault(dst, src, type, err_label) \ 704 __get_user_size(*((type *)(dst)), (__force type __user *)(src), \ 705 sizeof(type), err_label) 706 #else // !CONFIG_CC_HAS_ASM_GOTO_OUTPUT 707 #define __get_kernel_nofault(dst, src, type, err_label) \ 708 do { \ 709 int __kr_err; \ 710 \ 711 __get_user_size(*((type *)(dst)), (__force type __user *)(src), \ 712 sizeof(type), __kr_err); \ 713 if (unlikely(__kr_err)) \ 714 goto err_label; \ 715 } while (0) 716 #endif // CONFIG_CC_HAS_ASM_GOTO_OUTPUT 717 718 #define __put_kernel_nofault(dst, src, type, err_label) \ 719 __put_user_size(*((type *)(src)), (__force type __user *)(dst), \ 720 sizeof(type), err_label) 721 722 #endif /* _ASM_X86_UACCESS_H */ 723 724