xref: /openbmc/linux/arch/powerpc/include/asm/uaccess.h (revision 50df3be7)
1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _ARCH_POWERPC_UACCESS_H
3 #define _ARCH_POWERPC_UACCESS_H
4 
5 #include <asm/ppc_asm.h>
6 #include <asm/processor.h>
7 #include <asm/page.h>
8 #include <asm/extable.h>
9 #include <asm/kup.h>
10 
11 /*
12  * The fs value determines whether argument validity checking should be
13  * performed or not.  If get_fs() == USER_DS, checking is performed, with
14  * get_fs() == KERNEL_DS, checking is bypassed.
15  *
16  * For historical reasons, these macros are grossly misnamed.
17  *
18  * The fs/ds values are now the highest legal address in the "segment".
19  * This simplifies the checking in the routines below.
20  */
21 
22 #define MAKE_MM_SEG(s)  ((mm_segment_t) { (s) })
23 
24 #define KERNEL_DS	MAKE_MM_SEG(~0UL)
25 #ifdef __powerpc64__
26 /* We use TASK_SIZE_USER64 as TASK_SIZE is not constant */
27 #define USER_DS		MAKE_MM_SEG(TASK_SIZE_USER64 - 1)
28 #else
29 #define USER_DS		MAKE_MM_SEG(TASK_SIZE - 1)
30 #endif
31 
32 #define get_fs()	(current->thread.addr_limit)
33 
34 static inline void set_fs(mm_segment_t fs)
35 {
36 	current->thread.addr_limit = fs;
37 	/* On user-mode return check addr_limit (fs) is correct */
38 	set_thread_flag(TIF_FSCHECK);
39 }
40 
41 #define segment_eq(a, b)	((a).seg == (b).seg)
42 
43 #define user_addr_max()	(get_fs().seg)
44 
45 #ifdef __powerpc64__
46 /*
47  * This check is sufficient because there is a large enough
48  * gap between user addresses and the kernel addresses
49  */
50 #define __access_ok(addr, size, segment)	\
51 	(((addr) <= (segment).seg) && ((size) <= (segment).seg))
52 
53 #else
54 
55 static inline int __access_ok(unsigned long addr, unsigned long size,
56 			mm_segment_t seg)
57 {
58 	if (addr > seg.seg)
59 		return 0;
60 	return (size == 0 || size - 1 <= seg.seg - addr);
61 }
62 
63 #endif
64 
65 #define access_ok(addr, size)		\
66 	(__chk_user_ptr(addr),		\
67 	 __access_ok((__force unsigned long)(addr), (size), get_fs()))
68 
69 /*
70  * These are the main single-value transfer routines.  They automatically
71  * use the right size if we just have the right pointer type.
72  *
73  * This gets kind of ugly. We want to return _two_ values in "get_user()"
74  * and yet we don't want to do any pointers, because that is too much
75  * of a performance impact. Thus we have a few rather ugly macros here,
76  * and hide all the ugliness from the user.
77  *
78  * The "__xxx" versions of the user access functions are versions that
79  * do not verify the address space, that must have been done previously
80  * with a separate "access_ok()" call (this is used when we do multiple
81  * accesses to the same area of user memory).
82  *
83  * As we use the same address space for kernel and user data on the
84  * PowerPC, we can just do these as direct assignments.  (Of course, the
85  * exception handling means that it's no longer "just"...)
86  *
87  */
88 #define get_user(x, ptr) \
89 	__get_user_check((x), (ptr), sizeof(*(ptr)))
90 #define put_user(x, ptr) \
91 	__put_user_check((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
92 
93 #define __get_user(x, ptr) \
94 	__get_user_nocheck((x), (ptr), sizeof(*(ptr)))
95 #define __put_user(x, ptr) \
96 	__put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
97 
98 #define __get_user_inatomic(x, ptr) \
99 	__get_user_nosleep((x), (ptr), sizeof(*(ptr)))
100 #define __put_user_inatomic(x, ptr) \
101 	__put_user_nosleep((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
102 
103 extern long __put_user_bad(void);
104 
105 /*
106  * We don't tell gcc that we are accessing memory, but this is OK
107  * because we do not write to any memory gcc knows about, so there
108  * are no aliasing issues.
109  */
110 #define __put_user_asm(x, addr, err, op)			\
111 	__asm__ __volatile__(					\
112 		"1:	" op " %1,0(%2)	# put_user\n"		\
113 		"2:\n"						\
114 		".section .fixup,\"ax\"\n"			\
115 		"3:	li %0,%3\n"				\
116 		"	b 2b\n"					\
117 		".previous\n"					\
118 		EX_TABLE(1b, 3b)				\
119 		: "=r" (err)					\
120 		: "r" (x), "b" (addr), "i" (-EFAULT), "0" (err))
121 
122 #ifdef __powerpc64__
123 #define __put_user_asm2(x, ptr, retval)				\
124 	  __put_user_asm(x, ptr, retval, "std")
125 #else /* __powerpc64__ */
126 #define __put_user_asm2(x, addr, err)				\
127 	__asm__ __volatile__(					\
128 		"1:	stw %1,0(%2)\n"				\
129 		"2:	stw %1+1,4(%2)\n"			\
130 		"3:\n"						\
131 		".section .fixup,\"ax\"\n"			\
132 		"4:	li %0,%3\n"				\
133 		"	b 3b\n"					\
134 		".previous\n"					\
135 		EX_TABLE(1b, 4b)				\
136 		EX_TABLE(2b, 4b)				\
137 		: "=r" (err)					\
138 		: "r" (x), "b" (addr), "i" (-EFAULT), "0" (err))
139 #endif /* __powerpc64__ */
140 
141 #define __put_user_size(x, ptr, size, retval)			\
142 do {								\
143 	retval = 0;						\
144 	allow_write_to_user(ptr, size);				\
145 	switch (size) {						\
146 	  case 1: __put_user_asm(x, ptr, retval, "stb"); break;	\
147 	  case 2: __put_user_asm(x, ptr, retval, "sth"); break;	\
148 	  case 4: __put_user_asm(x, ptr, retval, "stw"); break;	\
149 	  case 8: __put_user_asm2(x, ptr, retval); break;	\
150 	  default: __put_user_bad();				\
151 	}							\
152 	prevent_write_to_user(ptr, size);			\
153 } while (0)
154 
155 #define __put_user_nocheck(x, ptr, size)			\
156 ({								\
157 	long __pu_err;						\
158 	__typeof__(*(ptr)) __user *__pu_addr = (ptr);		\
159 	if (!is_kernel_addr((unsigned long)__pu_addr))		\
160 		might_fault();					\
161 	__chk_user_ptr(ptr);					\
162 	__put_user_size((x), __pu_addr, (size), __pu_err);	\
163 	__pu_err;						\
164 })
165 
166 #define __put_user_check(x, ptr, size)					\
167 ({									\
168 	long __pu_err = -EFAULT;					\
169 	__typeof__(*(ptr)) __user *__pu_addr = (ptr);			\
170 	might_fault();							\
171 	if (access_ok(__pu_addr, size))			\
172 		__put_user_size((x), __pu_addr, (size), __pu_err);	\
173 	__pu_err;							\
174 })
175 
176 #define __put_user_nosleep(x, ptr, size)			\
177 ({								\
178 	long __pu_err;						\
179 	__typeof__(*(ptr)) __user *__pu_addr = (ptr);		\
180 	__chk_user_ptr(ptr);					\
181 	__put_user_size((x), __pu_addr, (size), __pu_err);	\
182 	__pu_err;						\
183 })
184 
185 
186 extern long __get_user_bad(void);
187 
188 /*
189  * This does an atomic 128 byte aligned load from userspace.
190  * Upto caller to do enable_kernel_vmx() before calling!
191  */
192 #define __get_user_atomic_128_aligned(kaddr, uaddr, err)		\
193 	__asm__ __volatile__(				\
194 		"1:	lvx  0,0,%1	# get user\n"	\
195 		" 	stvx 0,0,%2	# put kernel\n"	\
196 		"2:\n"					\
197 		".section .fixup,\"ax\"\n"		\
198 		"3:	li %0,%3\n"			\
199 		"	b 2b\n"				\
200 		".previous\n"				\
201 		EX_TABLE(1b, 3b)			\
202 		: "=r" (err)			\
203 		: "b" (uaddr), "b" (kaddr), "i" (-EFAULT), "0" (err))
204 
205 #define __get_user_asm(x, addr, err, op)		\
206 	__asm__ __volatile__(				\
207 		"1:	"op" %1,0(%2)	# get_user\n"	\
208 		"2:\n"					\
209 		".section .fixup,\"ax\"\n"		\
210 		"3:	li %0,%3\n"			\
211 		"	li %1,0\n"			\
212 		"	b 2b\n"				\
213 		".previous\n"				\
214 		EX_TABLE(1b, 3b)			\
215 		: "=r" (err), "=r" (x)			\
216 		: "b" (addr), "i" (-EFAULT), "0" (err))
217 
218 #ifdef __powerpc64__
219 #define __get_user_asm2(x, addr, err)			\
220 	__get_user_asm(x, addr, err, "ld")
221 #else /* __powerpc64__ */
222 #define __get_user_asm2(x, addr, err)			\
223 	__asm__ __volatile__(				\
224 		"1:	lwz %1,0(%2)\n"			\
225 		"2:	lwz %1+1,4(%2)\n"		\
226 		"3:\n"					\
227 		".section .fixup,\"ax\"\n"		\
228 		"4:	li %0,%3\n"			\
229 		"	li %1,0\n"			\
230 		"	li %1+1,0\n"			\
231 		"	b 3b\n"				\
232 		".previous\n"				\
233 		EX_TABLE(1b, 4b)			\
234 		EX_TABLE(2b, 4b)			\
235 		: "=r" (err), "=&r" (x)			\
236 		: "b" (addr), "i" (-EFAULT), "0" (err))
237 #endif /* __powerpc64__ */
238 
239 #define __get_user_size(x, ptr, size, retval)			\
240 do {								\
241 	retval = 0;						\
242 	__chk_user_ptr(ptr);					\
243 	if (size > sizeof(x))					\
244 		(x) = __get_user_bad();				\
245 	allow_read_from_user(ptr, size);			\
246 	switch (size) {						\
247 	case 1: __get_user_asm(x, ptr, retval, "lbz"); break;	\
248 	case 2: __get_user_asm(x, ptr, retval, "lhz"); break;	\
249 	case 4: __get_user_asm(x, ptr, retval, "lwz"); break;	\
250 	case 8: __get_user_asm2(x, ptr, retval);  break;	\
251 	default: (x) = __get_user_bad();			\
252 	}							\
253 	prevent_read_from_user(ptr, size);			\
254 } while (0)
255 
256 /*
257  * This is a type: either unsigned long, if the argument fits into
258  * that type, or otherwise unsigned long long.
259  */
260 #define __long_type(x) \
261 	__typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
262 
263 #define __get_user_nocheck(x, ptr, size)			\
264 ({								\
265 	long __gu_err;						\
266 	__long_type(*(ptr)) __gu_val;				\
267 	__typeof__(*(ptr)) __user *__gu_addr = (ptr);	\
268 	__chk_user_ptr(ptr);					\
269 	if (!is_kernel_addr((unsigned long)__gu_addr))		\
270 		might_fault();					\
271 	barrier_nospec();					\
272 	__get_user_size(__gu_val, __gu_addr, (size), __gu_err);	\
273 	(x) = (__typeof__(*(ptr)))__gu_val;			\
274 	__gu_err;						\
275 })
276 
277 #define __get_user_check(x, ptr, size)					\
278 ({									\
279 	long __gu_err = -EFAULT;					\
280 	__long_type(*(ptr)) __gu_val = 0;				\
281 	__typeof__(*(ptr)) __user *__gu_addr = (ptr);		\
282 	might_fault();							\
283 	if (access_ok(__gu_addr, (size))) {		\
284 		barrier_nospec();					\
285 		__get_user_size(__gu_val, __gu_addr, (size), __gu_err);	\
286 	}								\
287 	(x) = (__force __typeof__(*(ptr)))__gu_val;				\
288 	__gu_err;							\
289 })
290 
291 #define __get_user_nosleep(x, ptr, size)			\
292 ({								\
293 	long __gu_err;						\
294 	__long_type(*(ptr)) __gu_val;				\
295 	__typeof__(*(ptr)) __user *__gu_addr = (ptr);	\
296 	__chk_user_ptr(ptr);					\
297 	barrier_nospec();					\
298 	__get_user_size(__gu_val, __gu_addr, (size), __gu_err);	\
299 	(x) = (__force __typeof__(*(ptr)))__gu_val;			\
300 	__gu_err;						\
301 })
302 
303 
304 /* more complex routines */
305 
306 extern unsigned long __copy_tofrom_user(void __user *to,
307 		const void __user *from, unsigned long size);
308 
309 #ifdef __powerpc64__
310 static inline unsigned long
311 raw_copy_in_user(void __user *to, const void __user *from, unsigned long n)
312 {
313 	unsigned long ret;
314 
315 	barrier_nospec();
316 	allow_user_access(to, from, n);
317 	ret = __copy_tofrom_user(to, from, n);
318 	prevent_user_access(to, from, n);
319 	return ret;
320 }
321 #endif /* __powerpc64__ */
322 
323 static inline unsigned long raw_copy_from_user(void *to,
324 		const void __user *from, unsigned long n)
325 {
326 	unsigned long ret;
327 	if (__builtin_constant_p(n) && (n <= 8)) {
328 		ret = 1;
329 
330 		switch (n) {
331 		case 1:
332 			barrier_nospec();
333 			__get_user_size(*(u8 *)to, from, 1, ret);
334 			break;
335 		case 2:
336 			barrier_nospec();
337 			__get_user_size(*(u16 *)to, from, 2, ret);
338 			break;
339 		case 4:
340 			barrier_nospec();
341 			__get_user_size(*(u32 *)to, from, 4, ret);
342 			break;
343 		case 8:
344 			barrier_nospec();
345 			__get_user_size(*(u64 *)to, from, 8, ret);
346 			break;
347 		}
348 		if (ret == 0)
349 			return 0;
350 	}
351 
352 	barrier_nospec();
353 	allow_read_from_user(from, n);
354 	ret = __copy_tofrom_user((__force void __user *)to, from, n);
355 	prevent_read_from_user(from, n);
356 	return ret;
357 }
358 
359 static inline unsigned long raw_copy_to_user(void __user *to,
360 		const void *from, unsigned long n)
361 {
362 	unsigned long ret;
363 	if (__builtin_constant_p(n) && (n <= 8)) {
364 		ret = 1;
365 
366 		switch (n) {
367 		case 1:
368 			__put_user_size(*(u8 *)from, (u8 __user *)to, 1, ret);
369 			break;
370 		case 2:
371 			__put_user_size(*(u16 *)from, (u16 __user *)to, 2, ret);
372 			break;
373 		case 4:
374 			__put_user_size(*(u32 *)from, (u32 __user *)to, 4, ret);
375 			break;
376 		case 8:
377 			__put_user_size(*(u64 *)from, (u64 __user *)to, 8, ret);
378 			break;
379 		}
380 		if (ret == 0)
381 			return 0;
382 	}
383 
384 	allow_write_to_user(to, n);
385 	ret = __copy_tofrom_user(to, (__force const void __user *)from, n);
386 	prevent_write_to_user(to, n);
387 	return ret;
388 }
389 
390 static __always_inline unsigned long __must_check
391 copy_to_user_mcsafe(void __user *to, const void *from, unsigned long n)
392 {
393 	if (likely(check_copy_size(from, n, true))) {
394 		if (access_ok(to, n)) {
395 			allow_write_to_user(to, n);
396 			n = memcpy_mcsafe((void *)to, from, n);
397 			prevent_write_to_user(to, n);
398 		}
399 	}
400 
401 	return n;
402 }
403 
404 extern unsigned long __clear_user(void __user *addr, unsigned long size);
405 
406 static inline unsigned long clear_user(void __user *addr, unsigned long size)
407 {
408 	unsigned long ret = size;
409 	might_fault();
410 	if (likely(access_ok(addr, size))) {
411 		allow_write_to_user(addr, size);
412 		ret = __clear_user(addr, size);
413 		prevent_write_to_user(addr, size);
414 	}
415 	return ret;
416 }
417 
418 extern long strncpy_from_user(char *dst, const char __user *src, long count);
419 extern __must_check long strnlen_user(const char __user *str, long n);
420 
421 extern long __copy_from_user_flushcache(void *dst, const void __user *src,
422 		unsigned size);
423 extern void memcpy_page_flushcache(char *to, struct page *page, size_t offset,
424 			   size_t len);
425 
426 #endif	/* _ARCH_POWERPC_UACCESS_H */
427