1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef _ARCH_POWERPC_UACCESS_H 3 #define _ARCH_POWERPC_UACCESS_H 4 5 #include <asm/ppc_asm.h> 6 #include <asm/processor.h> 7 #include <asm/page.h> 8 #include <asm/extable.h> 9 #include <asm/kup.h> 10 11 #ifdef __powerpc64__ 12 /* We use TASK_SIZE_USER64 as TASK_SIZE is not constant */ 13 #define TASK_SIZE_MAX TASK_SIZE_USER64 14 #else 15 #define TASK_SIZE_MAX TASK_SIZE 16 #endif 17 18 static inline bool __access_ok(unsigned long addr, unsigned long size) 19 { 20 return addr < TASK_SIZE_MAX && size <= TASK_SIZE_MAX - addr; 21 } 22 23 #define access_ok(addr, size) \ 24 (__chk_user_ptr(addr), \ 25 __access_ok((unsigned long)(addr), (size))) 26 27 /* 28 * These are the main single-value transfer routines. They automatically 29 * use the right size if we just have the right pointer type. 30 * 31 * This gets kind of ugly. We want to return _two_ values in "get_user()" 32 * and yet we don't want to do any pointers, because that is too much 33 * of a performance impact. Thus we have a few rather ugly macros here, 34 * and hide all the ugliness from the user. 35 * 36 * The "__xxx" versions of the user access functions are versions that 37 * do not verify the address space, that must have been done previously 38 * with a separate "access_ok()" call (this is used when we do multiple 39 * accesses to the same area of user memory). 40 * 41 * As we use the same address space for kernel and user data on the 42 * PowerPC, we can just do these as direct assignments. (Of course, the 43 * exception handling means that it's no longer "just"...) 44 * 45 */ 46 #define __put_user(x, ptr) \ 47 ({ \ 48 long __pu_err; \ 49 __typeof__(*(ptr)) __user *__pu_addr = (ptr); \ 50 __typeof__(*(ptr)) __pu_val = (__typeof__(*(ptr)))(x); \ 51 __typeof__(sizeof(*(ptr))) __pu_size = sizeof(*(ptr)); \ 52 \ 53 might_fault(); \ 54 do { \ 55 __label__ __pu_failed; \ 56 \ 57 allow_write_to_user(__pu_addr, __pu_size); \ 58 __put_user_size_goto(__pu_val, __pu_addr, __pu_size, __pu_failed); \ 59 prevent_write_to_user(__pu_addr, __pu_size); \ 60 __pu_err = 0; \ 61 break; \ 62 \ 63 __pu_failed: \ 64 prevent_write_to_user(__pu_addr, __pu_size); \ 65 __pu_err = -EFAULT; \ 66 } while (0); \ 67 \ 68 __pu_err; \ 69 }) 70 71 #define put_user(x, ptr) \ 72 ({ \ 73 __typeof__(*(ptr)) __user *_pu_addr = (ptr); \ 74 \ 75 access_ok(_pu_addr, sizeof(*(ptr))) ? \ 76 __put_user(x, _pu_addr) : -EFAULT; \ 77 }) 78 79 /* 80 * We don't tell gcc that we are accessing memory, but this is OK 81 * because we do not write to any memory gcc knows about, so there 82 * are no aliasing issues. 83 */ 84 #define __put_user_asm_goto(x, addr, label, op) \ 85 asm_volatile_goto( \ 86 "1: " op "%U1%X1 %0,%1 # put_user\n" \ 87 EX_TABLE(1b, %l2) \ 88 : \ 89 : "r" (x), "m<>" (*addr) \ 90 : \ 91 : label) 92 93 #ifdef __powerpc64__ 94 #define __put_user_asm2_goto(x, ptr, label) \ 95 __put_user_asm_goto(x, ptr, label, "std") 96 #else /* __powerpc64__ */ 97 #define __put_user_asm2_goto(x, addr, label) \ 98 asm_volatile_goto( \ 99 "1: stw%X1 %0, %1\n" \ 100 "2: stw%X1 %L0, %L1\n" \ 101 EX_TABLE(1b, %l2) \ 102 EX_TABLE(2b, %l2) \ 103 : \ 104 : "r" (x), "m" (*addr) \ 105 : \ 106 : label) 107 #endif /* __powerpc64__ */ 108 109 #define __put_user_size_goto(x, ptr, size, label) \ 110 do { \ 111 __typeof__(*(ptr)) __user *__pus_addr = (ptr); \ 112 \ 113 switch (size) { \ 114 case 1: __put_user_asm_goto(x, __pus_addr, label, "stb"); break; \ 115 case 2: __put_user_asm_goto(x, __pus_addr, label, "sth"); break; \ 116 case 4: __put_user_asm_goto(x, __pus_addr, label, "stw"); break; \ 117 case 8: __put_user_asm2_goto(x, __pus_addr, label); break; \ 118 default: BUILD_BUG(); \ 119 } \ 120 } while (0) 121 122 /* 123 * This does an atomic 128 byte aligned load from userspace. 124 * Upto caller to do enable_kernel_vmx() before calling! 125 */ 126 #define __get_user_atomic_128_aligned(kaddr, uaddr, err) \ 127 __asm__ __volatile__( \ 128 ".machine push\n" \ 129 ".machine altivec\n" \ 130 "1: lvx 0,0,%1 # get user\n" \ 131 " stvx 0,0,%2 # put kernel\n" \ 132 ".machine pop\n" \ 133 "2:\n" \ 134 ".section .fixup,\"ax\"\n" \ 135 "3: li %0,%3\n" \ 136 " b 2b\n" \ 137 ".previous\n" \ 138 EX_TABLE(1b, 3b) \ 139 : "=r" (err) \ 140 : "b" (uaddr), "b" (kaddr), "i" (-EFAULT), "0" (err)) 141 142 #ifdef CONFIG_CC_HAS_ASM_GOTO_OUTPUT 143 144 #define __get_user_asm_goto(x, addr, label, op) \ 145 asm_volatile_goto( \ 146 "1: "op"%U1%X1 %0, %1 # get_user\n" \ 147 EX_TABLE(1b, %l2) \ 148 : "=r" (x) \ 149 : "m<>" (*addr) \ 150 : \ 151 : label) 152 153 #ifdef __powerpc64__ 154 #define __get_user_asm2_goto(x, addr, label) \ 155 __get_user_asm_goto(x, addr, label, "ld") 156 #else /* __powerpc64__ */ 157 #define __get_user_asm2_goto(x, addr, label) \ 158 asm_volatile_goto( \ 159 "1: lwz%X1 %0, %1\n" \ 160 "2: lwz%X1 %L0, %L1\n" \ 161 EX_TABLE(1b, %l2) \ 162 EX_TABLE(2b, %l2) \ 163 : "=&r" (x) \ 164 : "m" (*addr) \ 165 : \ 166 : label) 167 #endif /* __powerpc64__ */ 168 169 #define __get_user_size_goto(x, ptr, size, label) \ 170 do { \ 171 BUILD_BUG_ON(size > sizeof(x)); \ 172 switch (size) { \ 173 case 1: __get_user_asm_goto(x, (u8 __user *)ptr, label, "lbz"); break; \ 174 case 2: __get_user_asm_goto(x, (u16 __user *)ptr, label, "lhz"); break; \ 175 case 4: __get_user_asm_goto(x, (u32 __user *)ptr, label, "lwz"); break; \ 176 case 8: __get_user_asm2_goto(x, (u64 __user *)ptr, label); break; \ 177 default: x = 0; BUILD_BUG(); \ 178 } \ 179 } while (0) 180 181 #define __get_user_size_allowed(x, ptr, size, retval) \ 182 do { \ 183 __label__ __gus_failed; \ 184 \ 185 __get_user_size_goto(x, ptr, size, __gus_failed); \ 186 retval = 0; \ 187 break; \ 188 __gus_failed: \ 189 x = 0; \ 190 retval = -EFAULT; \ 191 } while (0) 192 193 #else /* CONFIG_CC_HAS_ASM_GOTO_OUTPUT */ 194 195 #define __get_user_asm(x, addr, err, op) \ 196 __asm__ __volatile__( \ 197 "1: "op"%U2%X2 %1, %2 # get_user\n" \ 198 "2:\n" \ 199 ".section .fixup,\"ax\"\n" \ 200 "3: li %0,%3\n" \ 201 " li %1,0\n" \ 202 " b 2b\n" \ 203 ".previous\n" \ 204 EX_TABLE(1b, 3b) \ 205 : "=r" (err), "=r" (x) \ 206 : "m<>" (*addr), "i" (-EFAULT), "0" (err)) 207 208 #ifdef __powerpc64__ 209 #define __get_user_asm2(x, addr, err) \ 210 __get_user_asm(x, addr, err, "ld") 211 #else /* __powerpc64__ */ 212 #define __get_user_asm2(x, addr, err) \ 213 __asm__ __volatile__( \ 214 "1: lwz%X2 %1, %2\n" \ 215 "2: lwz%X2 %L1, %L2\n" \ 216 "3:\n" \ 217 ".section .fixup,\"ax\"\n" \ 218 "4: li %0,%3\n" \ 219 " li %1,0\n" \ 220 " li %1+1,0\n" \ 221 " b 3b\n" \ 222 ".previous\n" \ 223 EX_TABLE(1b, 4b) \ 224 EX_TABLE(2b, 4b) \ 225 : "=r" (err), "=&r" (x) \ 226 : "m" (*addr), "i" (-EFAULT), "0" (err)) 227 #endif /* __powerpc64__ */ 228 229 #define __get_user_size_allowed(x, ptr, size, retval) \ 230 do { \ 231 retval = 0; \ 232 BUILD_BUG_ON(size > sizeof(x)); \ 233 switch (size) { \ 234 case 1: __get_user_asm(x, (u8 __user *)ptr, retval, "lbz"); break; \ 235 case 2: __get_user_asm(x, (u16 __user *)ptr, retval, "lhz"); break; \ 236 case 4: __get_user_asm(x, (u32 __user *)ptr, retval, "lwz"); break; \ 237 case 8: __get_user_asm2(x, (u64 __user *)ptr, retval); break; \ 238 default: x = 0; BUILD_BUG(); \ 239 } \ 240 } while (0) 241 242 #define __get_user_size_goto(x, ptr, size, label) \ 243 do { \ 244 long __gus_retval; \ 245 \ 246 __get_user_size_allowed(x, ptr, size, __gus_retval); \ 247 if (__gus_retval) \ 248 goto label; \ 249 } while (0) 250 251 #endif /* CONFIG_CC_HAS_ASM_GOTO_OUTPUT */ 252 253 /* 254 * This is a type: either unsigned long, if the argument fits into 255 * that type, or otherwise unsigned long long. 256 */ 257 #define __long_type(x) \ 258 __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) 259 260 #define __get_user(x, ptr) \ 261 ({ \ 262 long __gu_err; \ 263 __long_type(*(ptr)) __gu_val; \ 264 __typeof__(*(ptr)) __user *__gu_addr = (ptr); \ 265 __typeof__(sizeof(*(ptr))) __gu_size = sizeof(*(ptr)); \ 266 \ 267 might_fault(); \ 268 allow_read_from_user(__gu_addr, __gu_size); \ 269 __get_user_size_allowed(__gu_val, __gu_addr, __gu_size, __gu_err); \ 270 prevent_read_from_user(__gu_addr, __gu_size); \ 271 (x) = (__typeof__(*(ptr)))__gu_val; \ 272 \ 273 __gu_err; \ 274 }) 275 276 #define get_user(x, ptr) \ 277 ({ \ 278 __typeof__(*(ptr)) __user *_gu_addr = (ptr); \ 279 \ 280 access_ok(_gu_addr, sizeof(*(ptr))) ? \ 281 __get_user(x, _gu_addr) : \ 282 ((x) = (__force __typeof__(*(ptr)))0, -EFAULT); \ 283 }) 284 285 /* more complex routines */ 286 287 extern unsigned long __copy_tofrom_user(void __user *to, 288 const void __user *from, unsigned long size); 289 290 #ifdef __powerpc64__ 291 static inline unsigned long 292 raw_copy_in_user(void __user *to, const void __user *from, unsigned long n) 293 { 294 unsigned long ret; 295 296 allow_read_write_user(to, from, n); 297 ret = __copy_tofrom_user(to, from, n); 298 prevent_read_write_user(to, from, n); 299 return ret; 300 } 301 #endif /* __powerpc64__ */ 302 303 static inline unsigned long raw_copy_from_user(void *to, 304 const void __user *from, unsigned long n) 305 { 306 unsigned long ret; 307 308 allow_read_from_user(from, n); 309 ret = __copy_tofrom_user((__force void __user *)to, from, n); 310 prevent_read_from_user(from, n); 311 return ret; 312 } 313 314 static inline unsigned long 315 raw_copy_to_user(void __user *to, const void *from, unsigned long n) 316 { 317 unsigned long ret; 318 319 allow_write_to_user(to, n); 320 ret = __copy_tofrom_user(to, (__force const void __user *)from, n); 321 prevent_write_to_user(to, n); 322 return ret; 323 } 324 325 unsigned long __arch_clear_user(void __user *addr, unsigned long size); 326 327 static inline unsigned long __clear_user(void __user *addr, unsigned long size) 328 { 329 unsigned long ret; 330 331 might_fault(); 332 allow_write_to_user(addr, size); 333 ret = __arch_clear_user(addr, size); 334 prevent_write_to_user(addr, size); 335 return ret; 336 } 337 338 static inline unsigned long clear_user(void __user *addr, unsigned long size) 339 { 340 return likely(access_ok(addr, size)) ? __clear_user(addr, size) : size; 341 } 342 343 extern long strncpy_from_user(char *dst, const char __user *src, long count); 344 extern __must_check long strnlen_user(const char __user *str, long n); 345 346 #ifdef CONFIG_ARCH_HAS_COPY_MC 347 unsigned long __must_check 348 copy_mc_generic(void *to, const void *from, unsigned long size); 349 350 static inline unsigned long __must_check 351 copy_mc_to_kernel(void *to, const void *from, unsigned long size) 352 { 353 return copy_mc_generic(to, from, size); 354 } 355 #define copy_mc_to_kernel copy_mc_to_kernel 356 357 static inline unsigned long __must_check 358 copy_mc_to_user(void __user *to, const void *from, unsigned long n) 359 { 360 if (likely(check_copy_size(from, n, true))) { 361 if (access_ok(to, n)) { 362 allow_write_to_user(to, n); 363 n = copy_mc_generic((void *)to, from, n); 364 prevent_write_to_user(to, n); 365 } 366 } 367 368 return n; 369 } 370 #endif 371 372 extern long __copy_from_user_flushcache(void *dst, const void __user *src, 373 unsigned size); 374 extern void memcpy_page_flushcache(char *to, struct page *page, size_t offset, 375 size_t len); 376 377 static __must_check inline bool user_access_begin(const void __user *ptr, size_t len) 378 { 379 if (unlikely(!access_ok(ptr, len))) 380 return false; 381 382 might_fault(); 383 384 allow_read_write_user((void __user *)ptr, ptr, len); 385 return true; 386 } 387 #define user_access_begin user_access_begin 388 #define user_access_end prevent_current_access_user 389 #define user_access_save prevent_user_access_return 390 #define user_access_restore restore_user_access 391 392 static __must_check inline bool 393 user_read_access_begin(const void __user *ptr, size_t len) 394 { 395 if (unlikely(!access_ok(ptr, len))) 396 return false; 397 398 might_fault(); 399 400 allow_read_from_user(ptr, len); 401 return true; 402 } 403 #define user_read_access_begin user_read_access_begin 404 #define user_read_access_end prevent_current_read_from_user 405 406 static __must_check inline bool 407 user_write_access_begin(const void __user *ptr, size_t len) 408 { 409 if (unlikely(!access_ok(ptr, len))) 410 return false; 411 412 might_fault(); 413 414 allow_write_to_user((void __user *)ptr, len); 415 return true; 416 } 417 #define user_write_access_begin user_write_access_begin 418 #define user_write_access_end prevent_current_write_to_user 419 420 #define unsafe_get_user(x, p, e) do { \ 421 __long_type(*(p)) __gu_val; \ 422 __typeof__(*(p)) __user *__gu_addr = (p); \ 423 \ 424 __get_user_size_goto(__gu_val, __gu_addr, sizeof(*(p)), e); \ 425 (x) = (__typeof__(*(p)))__gu_val; \ 426 } while (0) 427 428 #define unsafe_put_user(x, p, e) \ 429 __put_user_size_goto((__typeof__(*(p)))(x), (p), sizeof(*(p)), e) 430 431 #define unsafe_copy_from_user(d, s, l, e) \ 432 do { \ 433 u8 *_dst = (u8 *)(d); \ 434 const u8 __user *_src = (const u8 __user *)(s); \ 435 size_t _len = (l); \ 436 int _i; \ 437 \ 438 for (_i = 0; _i < (_len & ~(sizeof(u64) - 1)); _i += sizeof(u64)) \ 439 unsafe_get_user(*(u64 *)(_dst + _i), (u64 __user *)(_src + _i), e); \ 440 if (_len & 4) { \ 441 unsafe_get_user(*(u32 *)(_dst + _i), (u32 __user *)(_src + _i), e); \ 442 _i += 4; \ 443 } \ 444 if (_len & 2) { \ 445 unsafe_get_user(*(u16 *)(_dst + _i), (u16 __user *)(_src + _i), e); \ 446 _i += 2; \ 447 } \ 448 if (_len & 1) \ 449 unsafe_get_user(*(u8 *)(_dst + _i), (u8 __user *)(_src + _i), e); \ 450 } while (0) 451 452 #define unsafe_copy_to_user(d, s, l, e) \ 453 do { \ 454 u8 __user *_dst = (u8 __user *)(d); \ 455 const u8 *_src = (const u8 *)(s); \ 456 size_t _len = (l); \ 457 int _i; \ 458 \ 459 for (_i = 0; _i < (_len & ~(sizeof(u64) - 1)); _i += sizeof(u64)) \ 460 unsafe_put_user(*(u64 *)(_src + _i), (u64 __user *)(_dst + _i), e); \ 461 if (_len & 4) { \ 462 unsafe_put_user(*(u32*)(_src + _i), (u32 __user *)(_dst + _i), e); \ 463 _i += 4; \ 464 } \ 465 if (_len & 2) { \ 466 unsafe_put_user(*(u16*)(_src + _i), (u16 __user *)(_dst + _i), e); \ 467 _i += 2; \ 468 } \ 469 if (_len & 1) \ 470 unsafe_put_user(*(u8*)(_src + _i), (u8 __user *)(_dst + _i), e); \ 471 } while (0) 472 473 #define HAVE_GET_KERNEL_NOFAULT 474 475 #define __get_kernel_nofault(dst, src, type, err_label) \ 476 __get_user_size_goto(*((type *)(dst)), \ 477 (__force type __user *)(src), sizeof(type), err_label) 478 479 #define __put_kernel_nofault(dst, src, type, err_label) \ 480 __put_user_size_goto(*((type *)(src)), \ 481 (__force type __user *)(dst), sizeof(type), err_label) 482 483 #endif /* _ARCH_POWERPC_UACCESS_H */ 484