1 /* 2 * Copyright (C) 2012 Regents of the University of California 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU General Public License 6 * as published by the Free Software Foundation, version 2. 7 * 8 * This program is distributed in the hope that it will be useful, 9 * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 * GNU General Public License for more details. 12 * 13 * This file was copied from include/asm-generic/uaccess.h 14 */ 15 16 #ifndef _ASM_RISCV_UACCESS_H 17 #define _ASM_RISCV_UACCESS_H 18 19 /* 20 * User space memory access functions 21 */ 22 #include <linux/errno.h> 23 #include <linux/compiler.h> 24 #include <linux/thread_info.h> 25 #include <asm/byteorder.h> 26 #include <asm/asm.h> 27 28 #define __enable_user_access() \ 29 __asm__ __volatile__ ("csrs sstatus, %0" : : "r" (SR_SUM) : "memory") 30 #define __disable_user_access() \ 31 __asm__ __volatile__ ("csrc sstatus, %0" : : "r" (SR_SUM) : "memory") 32 33 /* 34 * The fs value determines whether argument validity checking should be 35 * performed or not. If get_fs() == USER_DS, checking is performed, with 36 * get_fs() == KERNEL_DS, checking is bypassed. 37 * 38 * For historical reasons, these macros are grossly misnamed. 39 */ 40 41 #define KERNEL_DS (~0UL) 42 #define USER_DS (TASK_SIZE) 43 44 #define get_ds() (KERNEL_DS) 45 #define get_fs() (current_thread_info()->addr_limit) 46 47 static inline void set_fs(mm_segment_t fs) 48 { 49 current_thread_info()->addr_limit = fs; 50 } 51 52 #define segment_eq(a, b) ((a) == (b)) 53 54 #define user_addr_max() (get_fs()) 55 56 57 #define VERIFY_READ 0 58 #define VERIFY_WRITE 1 59 60 /** 61 * access_ok: - Checks if a user space pointer is valid 62 * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that 63 * %VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe 64 * to write to a block, it is always safe to read from it. 65 * @addr: User space pointer to start of block to check 66 * @size: Size of block to check 67 * 68 * Context: User context only. This function may sleep. 69 * 70 * Checks if a pointer to a block of memory in user space is valid. 71 * 72 * Returns true (nonzero) if the memory block may be valid, false (zero) 73 * if it is definitely invalid. 74 * 75 * Note that, depending on architecture, this function probably just 76 * checks that the pointer is in the user space range - after calling 77 * this function, memory access functions may still return -EFAULT. 78 */ 79 #define access_ok(type, addr, size) ({ \ 80 __chk_user_ptr(addr); \ 81 likely(__access_ok((unsigned long __force)(addr), (size))); \ 82 }) 83 84 /* 85 * Ensure that the range [addr, addr+size) is within the process's 86 * address space 87 */ 88 static inline int __access_ok(unsigned long addr, unsigned long size) 89 { 90 const mm_segment_t fs = get_fs(); 91 92 return (size <= fs) && (addr <= (fs - size)); 93 } 94 95 /* 96 * The exception table consists of pairs of addresses: the first is the 97 * address of an instruction that is allowed to fault, and the second is 98 * the address at which the program should continue. No registers are 99 * modified, so it is entirely up to the continuation code to figure out 100 * what to do. 101 * 102 * All the routines below use bits of fixup code that are out of line 103 * with the main instruction path. This means when everything is well, 104 * we don't even have to jump over them. Further, they do not intrude 105 * on our cache or tlb entries. 106 */ 107 108 struct exception_table_entry { 109 unsigned long insn, fixup; 110 }; 111 112 extern int fixup_exception(struct pt_regs *state); 113 114 #if defined(__LITTLE_ENDIAN) 115 #define __MSW 1 116 #define __LSW 0 117 #elif defined(__BIG_ENDIAN) 118 #define __MSW 0 119 #define __LSW 1 120 #else 121 #error "Unknown endianness" 122 #endif 123 124 /* 125 * The "__xxx" versions of the user access functions do not verify the address 126 * space - it must have been done previously with a separate "access_ok()" 127 * call. 128 */ 129 130 #define __get_user_asm(insn, x, ptr, err) \ 131 do { \ 132 uintptr_t __tmp; \ 133 __typeof__(x) __x; \ 134 __enable_user_access(); \ 135 __asm__ __volatile__ ( \ 136 "1:\n" \ 137 " " insn " %1, %3\n" \ 138 "2:\n" \ 139 " .section .fixup,\"ax\"\n" \ 140 " .balign 4\n" \ 141 "3:\n" \ 142 " li %0, %4\n" \ 143 " li %1, 0\n" \ 144 " jump 2b, %2\n" \ 145 " .previous\n" \ 146 " .section __ex_table,\"a\"\n" \ 147 " .balign " RISCV_SZPTR "\n" \ 148 " " RISCV_PTR " 1b, 3b\n" \ 149 " .previous" \ 150 : "+r" (err), "=&r" (__x), "=r" (__tmp) \ 151 : "m" (*(ptr)), "i" (-EFAULT)); \ 152 __disable_user_access(); \ 153 (x) = __x; \ 154 } while (0) 155 156 #ifdef CONFIG_64BIT 157 #define __get_user_8(x, ptr, err) \ 158 __get_user_asm("ld", x, ptr, err) 159 #else /* !CONFIG_64BIT */ 160 #define __get_user_8(x, ptr, err) \ 161 do { \ 162 u32 __user *__ptr = (u32 __user *)(ptr); \ 163 u32 __lo, __hi; \ 164 uintptr_t __tmp; \ 165 __enable_user_access(); \ 166 __asm__ __volatile__ ( \ 167 "1:\n" \ 168 " lw %1, %4\n" \ 169 "2:\n" \ 170 " lw %2, %5\n" \ 171 "3:\n" \ 172 " .section .fixup,\"ax\"\n" \ 173 " .balign 4\n" \ 174 "4:\n" \ 175 " li %0, %6\n" \ 176 " li %1, 0\n" \ 177 " li %2, 0\n" \ 178 " jump 3b, %3\n" \ 179 " .previous\n" \ 180 " .section __ex_table,\"a\"\n" \ 181 " .balign " RISCV_SZPTR "\n" \ 182 " " RISCV_PTR " 1b, 4b\n" \ 183 " " RISCV_PTR " 2b, 4b\n" \ 184 " .previous" \ 185 : "+r" (err), "=&r" (__lo), "=r" (__hi), \ 186 "=r" (__tmp) \ 187 : "m" (__ptr[__LSW]), "m" (__ptr[__MSW]), \ 188 "i" (-EFAULT)); \ 189 __disable_user_access(); \ 190 (x) = (__typeof__(x))((__typeof__((x)-(x)))( \ 191 (((u64)__hi << 32) | __lo))); \ 192 } while (0) 193 #endif /* CONFIG_64BIT */ 194 195 196 /** 197 * __get_user: - Get a simple variable from user space, with less checking. 198 * @x: Variable to store result. 199 * @ptr: Source address, in user space. 200 * 201 * Context: User context only. This function may sleep. 202 * 203 * This macro copies a single simple variable from user space to kernel 204 * space. It supports simple types like char and int, but not larger 205 * data types like structures or arrays. 206 * 207 * @ptr must have pointer-to-simple-variable type, and the result of 208 * dereferencing @ptr must be assignable to @x without a cast. 209 * 210 * Caller must check the pointer with access_ok() before calling this 211 * function. 212 * 213 * Returns zero on success, or -EFAULT on error. 214 * On error, the variable @x is set to zero. 215 */ 216 #define __get_user(x, ptr) \ 217 ({ \ 218 register long __gu_err = 0; \ 219 const __typeof__(*(ptr)) __user *__gu_ptr = (ptr); \ 220 __chk_user_ptr(__gu_ptr); \ 221 switch (sizeof(*__gu_ptr)) { \ 222 case 1: \ 223 __get_user_asm("lb", (x), __gu_ptr, __gu_err); \ 224 break; \ 225 case 2: \ 226 __get_user_asm("lh", (x), __gu_ptr, __gu_err); \ 227 break; \ 228 case 4: \ 229 __get_user_asm("lw", (x), __gu_ptr, __gu_err); \ 230 break; \ 231 case 8: \ 232 __get_user_8((x), __gu_ptr, __gu_err); \ 233 break; \ 234 default: \ 235 BUILD_BUG(); \ 236 } \ 237 __gu_err; \ 238 }) 239 240 /** 241 * get_user: - Get a simple variable from user space. 242 * @x: Variable to store result. 243 * @ptr: Source address, in user space. 244 * 245 * Context: User context only. This function may sleep. 246 * 247 * This macro copies a single simple variable from user space to kernel 248 * space. It supports simple types like char and int, but not larger 249 * data types like structures or arrays. 250 * 251 * @ptr must have pointer-to-simple-variable type, and the result of 252 * dereferencing @ptr must be assignable to @x without a cast. 253 * 254 * Returns zero on success, or -EFAULT on error. 255 * On error, the variable @x is set to zero. 256 */ 257 #define get_user(x, ptr) \ 258 ({ \ 259 const __typeof__(*(ptr)) __user *__p = (ptr); \ 260 might_fault(); \ 261 access_ok(VERIFY_READ, __p, sizeof(*__p)) ? \ 262 __get_user((x), __p) : \ 263 ((x) = 0, -EFAULT); \ 264 }) 265 266 #define __put_user_asm(insn, x, ptr, err) \ 267 do { \ 268 uintptr_t __tmp; \ 269 __typeof__(*(ptr)) __x = x; \ 270 __enable_user_access(); \ 271 __asm__ __volatile__ ( \ 272 "1:\n" \ 273 " " insn " %z3, %2\n" \ 274 "2:\n" \ 275 " .section .fixup,\"ax\"\n" \ 276 " .balign 4\n" \ 277 "3:\n" \ 278 " li %0, %4\n" \ 279 " jump 2b, %1\n" \ 280 " .previous\n" \ 281 " .section __ex_table,\"a\"\n" \ 282 " .balign " RISCV_SZPTR "\n" \ 283 " " RISCV_PTR " 1b, 3b\n" \ 284 " .previous" \ 285 : "+r" (err), "=r" (__tmp), "=m" (*(ptr)) \ 286 : "rJ" (__x), "i" (-EFAULT)); \ 287 __disable_user_access(); \ 288 } while (0) 289 290 #ifdef CONFIG_64BIT 291 #define __put_user_8(x, ptr, err) \ 292 __put_user_asm("sd", x, ptr, err) 293 #else /* !CONFIG_64BIT */ 294 #define __put_user_8(x, ptr, err) \ 295 do { \ 296 u32 __user *__ptr = (u32 __user *)(ptr); \ 297 u64 __x = (__typeof__((x)-(x)))(x); \ 298 uintptr_t __tmp; \ 299 __enable_user_access(); \ 300 __asm__ __volatile__ ( \ 301 "1:\n" \ 302 " sw %z4, %2\n" \ 303 "2:\n" \ 304 " sw %z5, %3\n" \ 305 "3:\n" \ 306 " .section .fixup,\"ax\"\n" \ 307 " .balign 4\n" \ 308 "4:\n" \ 309 " li %0, %6\n" \ 310 " jump 2b, %1\n" \ 311 " .previous\n" \ 312 " .section __ex_table,\"a\"\n" \ 313 " .balign " RISCV_SZPTR "\n" \ 314 " " RISCV_PTR " 1b, 4b\n" \ 315 " " RISCV_PTR " 2b, 4b\n" \ 316 " .previous" \ 317 : "+r" (err), "=r" (__tmp), \ 318 "=m" (__ptr[__LSW]), \ 319 "=m" (__ptr[__MSW]) \ 320 : "rJ" (__x), "rJ" (__x >> 32), "i" (-EFAULT)); \ 321 __disable_user_access(); \ 322 } while (0) 323 #endif /* CONFIG_64BIT */ 324 325 326 /** 327 * __put_user: - Write a simple value into user space, with less checking. 328 * @x: Value to copy to user space. 329 * @ptr: Destination address, in user space. 330 * 331 * Context: User context only. This function may sleep. 332 * 333 * This macro copies a single simple value from kernel space to user 334 * space. It supports simple types like char and int, but not larger 335 * data types like structures or arrays. 336 * 337 * @ptr must have pointer-to-simple-variable type, and @x must be assignable 338 * to the result of dereferencing @ptr. 339 * 340 * Caller must check the pointer with access_ok() before calling this 341 * function. 342 * 343 * Returns zero on success, or -EFAULT on error. 344 */ 345 #define __put_user(x, ptr) \ 346 ({ \ 347 register long __pu_err = 0; \ 348 __typeof__(*(ptr)) __user *__gu_ptr = (ptr); \ 349 __chk_user_ptr(__gu_ptr); \ 350 switch (sizeof(*__gu_ptr)) { \ 351 case 1: \ 352 __put_user_asm("sb", (x), __gu_ptr, __pu_err); \ 353 break; \ 354 case 2: \ 355 __put_user_asm("sh", (x), __gu_ptr, __pu_err); \ 356 break; \ 357 case 4: \ 358 __put_user_asm("sw", (x), __gu_ptr, __pu_err); \ 359 break; \ 360 case 8: \ 361 __put_user_8((x), __gu_ptr, __pu_err); \ 362 break; \ 363 default: \ 364 BUILD_BUG(); \ 365 } \ 366 __pu_err; \ 367 }) 368 369 /** 370 * put_user: - Write a simple value into user space. 371 * @x: Value to copy to user space. 372 * @ptr: Destination address, in user space. 373 * 374 * Context: User context only. This function may sleep. 375 * 376 * This macro copies a single simple value from kernel space to user 377 * space. It supports simple types like char and int, but not larger 378 * data types like structures or arrays. 379 * 380 * @ptr must have pointer-to-simple-variable type, and @x must be assignable 381 * to the result of dereferencing @ptr. 382 * 383 * Returns zero on success, or -EFAULT on error. 384 */ 385 #define put_user(x, ptr) \ 386 ({ \ 387 __typeof__(*(ptr)) __user *__p = (ptr); \ 388 might_fault(); \ 389 access_ok(VERIFY_WRITE, __p, sizeof(*__p)) ? \ 390 __put_user((x), __p) : \ 391 -EFAULT; \ 392 }) 393 394 395 extern unsigned long __must_check __asm_copy_to_user(void __user *to, 396 const void *from, unsigned long n); 397 extern unsigned long __must_check __asm_copy_from_user(void *to, 398 const void __user *from, unsigned long n); 399 400 static inline unsigned long 401 raw_copy_from_user(void *to, const void __user *from, unsigned long n) 402 { 403 return __asm_copy_to_user(to, from, n); 404 } 405 406 static inline unsigned long 407 raw_copy_to_user(void __user *to, const void *from, unsigned long n) 408 { 409 return __asm_copy_from_user(to, from, n); 410 } 411 412 extern long strncpy_from_user(char *dest, const char __user *src, long count); 413 414 extern long __must_check strlen_user(const char __user *str); 415 extern long __must_check strnlen_user(const char __user *str, long n); 416 417 extern 418 unsigned long __must_check __clear_user(void __user *addr, unsigned long n); 419 420 static inline 421 unsigned long __must_check clear_user(void __user *to, unsigned long n) 422 { 423 might_fault(); 424 return access_ok(VERIFY_WRITE, to, n) ? 425 __clear_user(to, n) : n; 426 } 427 428 /* 429 * Atomic compare-and-exchange, but with a fixup for userspace faults. Faults 430 * will set "err" to -EFAULT, while successful accesses return the previous 431 * value. 432 */ 433 #define __cmpxchg_user(ptr, old, new, err, size, lrb, scb) \ 434 ({ \ 435 __typeof__(ptr) __ptr = (ptr); \ 436 __typeof__(*(ptr)) __old = (old); \ 437 __typeof__(*(ptr)) __new = (new); \ 438 __typeof__(*(ptr)) __ret; \ 439 __typeof__(err) __err = 0; \ 440 register unsigned int __rc; \ 441 __enable_user_access(); \ 442 switch (size) { \ 443 case 4: \ 444 __asm__ __volatile__ ( \ 445 "0:\n" \ 446 " lr.w" #scb " %[ret], %[ptr]\n" \ 447 " bne %[ret], %z[old], 1f\n" \ 448 " sc.w" #lrb " %[rc], %z[new], %[ptr]\n" \ 449 " bnez %[rc], 0b\n" \ 450 "1:\n" \ 451 ".section .fixup,\"ax\"\n" \ 452 ".balign 4\n" \ 453 "2:\n" \ 454 " li %[err], %[efault]\n" \ 455 " jump 1b, %[rc]\n" \ 456 ".previous\n" \ 457 ".section __ex_table,\"a\"\n" \ 458 ".balign " RISCV_SZPTR "\n" \ 459 " " RISCV_PTR " 1b, 2b\n" \ 460 ".previous\n" \ 461 : [ret] "=&r" (__ret), \ 462 [rc] "=&r" (__rc), \ 463 [ptr] "+A" (*__ptr), \ 464 [err] "=&r" (__err) \ 465 : [old] "rJ" (__old), \ 466 [new] "rJ" (__new), \ 467 [efault] "i" (-EFAULT)); \ 468 break; \ 469 case 8: \ 470 __asm__ __volatile__ ( \ 471 "0:\n" \ 472 " lr.d" #scb " %[ret], %[ptr]\n" \ 473 " bne %[ret], %z[old], 1f\n" \ 474 " sc.d" #lrb " %[rc], %z[new], %[ptr]\n" \ 475 " bnez %[rc], 0b\n" \ 476 "1:\n" \ 477 ".section .fixup,\"ax\"\n" \ 478 ".balign 4\n" \ 479 "2:\n" \ 480 " li %[err], %[efault]\n" \ 481 " jump 1b, %[rc]\n" \ 482 ".previous\n" \ 483 ".section __ex_table,\"a\"\n" \ 484 ".balign " RISCV_SZPTR "\n" \ 485 " " RISCV_PTR " 1b, 2b\n" \ 486 ".previous\n" \ 487 : [ret] "=&r" (__ret), \ 488 [rc] "=&r" (__rc), \ 489 [ptr] "+A" (*__ptr), \ 490 [err] "=&r" (__err) \ 491 : [old] "rJ" (__old), \ 492 [new] "rJ" (__new), \ 493 [efault] "i" (-EFAULT)); \ 494 break; \ 495 default: \ 496 BUILD_BUG(); \ 497 } \ 498 __disable_user_access(); \ 499 (err) = __err; \ 500 __ret; \ 501 }) 502 503 #endif /* _ASM_RISCV_UACCESS_H */ 504