1 /* 2 * Copyright (C) 2012 Regents of the University of California 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU General Public License 6 * as published by the Free Software Foundation, version 2. 7 * 8 * This program is distributed in the hope that it will be useful, 9 * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 * GNU General Public License for more details. 12 * 13 * This file was copied from include/asm-generic/uaccess.h 14 */ 15 16 #ifndef _ASM_RISCV_UACCESS_H 17 #define _ASM_RISCV_UACCESS_H 18 19 /* 20 * User space memory access functions 21 */ 22 #include <linux/errno.h> 23 #include <linux/compiler.h> 24 #include <linux/thread_info.h> 25 #include <asm/byteorder.h> 26 #include <asm/asm.h> 27 28 #define __enable_user_access() \ 29 __asm__ __volatile__ ("csrs sstatus, %0" : : "r" (SR_SUM) : "memory") 30 #define __disable_user_access() \ 31 __asm__ __volatile__ ("csrc sstatus, %0" : : "r" (SR_SUM) : "memory") 32 33 /* 34 * The fs value determines whether argument validity checking should be 35 * performed or not. If get_fs() == USER_DS, checking is performed, with 36 * get_fs() == KERNEL_DS, checking is bypassed. 37 * 38 * For historical reasons, these macros are grossly misnamed. 39 */ 40 41 #define KERNEL_DS (~0UL) 42 #define USER_DS (TASK_SIZE) 43 44 #define get_ds() (KERNEL_DS) 45 #define get_fs() (current_thread_info()->addr_limit) 46 47 static inline void set_fs(mm_segment_t fs) 48 { 49 current_thread_info()->addr_limit = fs; 50 } 51 52 #define segment_eq(a, b) ((a) == (b)) 53 54 #define user_addr_max() (get_fs()) 55 56 57 #define VERIFY_READ 0 58 #define VERIFY_WRITE 1 59 60 /** 61 * access_ok: - Checks if a user space pointer is valid 62 * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that 63 * %VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe 64 * to write to a block, it is always safe to read from it. 65 * @addr: User space pointer to start of block to check 66 * @size: Size of block to check 67 * 68 * Context: User context only. This function may sleep. 69 * 70 * Checks if a pointer to a block of memory in user space is valid. 71 * 72 * Returns true (nonzero) if the memory block may be valid, false (zero) 73 * if it is definitely invalid. 74 * 75 * Note that, depending on architecture, this function probably just 76 * checks that the pointer is in the user space range - after calling 77 * this function, memory access functions may still return -EFAULT. 78 */ 79 #define access_ok(type, addr, size) ({ \ 80 __chk_user_ptr(addr); \ 81 likely(__access_ok((unsigned long __force)(addr), (size))); \ 82 }) 83 84 /* 85 * Ensure that the range [addr, addr+size) is within the process's 86 * address space 87 */ 88 static inline int __access_ok(unsigned long addr, unsigned long size) 89 { 90 const mm_segment_t fs = get_fs(); 91 92 return (size <= fs) && (addr <= (fs - size)); 93 } 94 95 /* 96 * The exception table consists of pairs of addresses: the first is the 97 * address of an instruction that is allowed to fault, and the second is 98 * the address at which the program should continue. No registers are 99 * modified, so it is entirely up to the continuation code to figure out 100 * what to do. 101 * 102 * All the routines below use bits of fixup code that are out of line 103 * with the main instruction path. This means when everything is well, 104 * we don't even have to jump over them. Further, they do not intrude 105 * on our cache or tlb entries. 106 */ 107 108 struct exception_table_entry { 109 unsigned long insn, fixup; 110 }; 111 112 extern int fixup_exception(struct pt_regs *state); 113 114 #if defined(__LITTLE_ENDIAN) 115 #define __MSW 1 116 #define __LSW 0 117 #elif defined(__BIG_ENDIAN) 118 #define __MSW 0 119 #define __LSW 1 120 #else 121 #error "Unknown endianness" 122 #endif 123 124 /* 125 * The "__xxx" versions of the user access functions do not verify the address 126 * space - it must have been done previously with a separate "access_ok()" 127 * call. 128 */ 129 130 #ifdef CONFIG_MMU 131 #define __get_user_asm(insn, x, ptr, err) \ 132 do { \ 133 uintptr_t __tmp; \ 134 __typeof__(x) __x; \ 135 __enable_user_access(); \ 136 __asm__ __volatile__ ( \ 137 "1:\n" \ 138 " " insn " %1, %3\n" \ 139 "2:\n" \ 140 " .section .fixup,\"ax\"\n" \ 141 " .balign 4\n" \ 142 "3:\n" \ 143 " li %0, %4\n" \ 144 " li %1, 0\n" \ 145 " jump 2b, %2\n" \ 146 " .previous\n" \ 147 " .section __ex_table,\"a\"\n" \ 148 " .balign " RISCV_SZPTR "\n" \ 149 " " RISCV_PTR " 1b, 3b\n" \ 150 " .previous" \ 151 : "+r" (err), "=&r" (__x), "=r" (__tmp) \ 152 : "m" (*(ptr)), "i" (-EFAULT)); \ 153 __disable_user_access(); \ 154 (x) = __x; \ 155 } while (0) 156 #endif /* CONFIG_MMU */ 157 158 #ifdef CONFIG_64BIT 159 #define __get_user_8(x, ptr, err) \ 160 __get_user_asm("ld", x, ptr, err) 161 #else /* !CONFIG_64BIT */ 162 #ifdef CONFIG_MMU 163 #define __get_user_8(x, ptr, err) \ 164 do { \ 165 u32 __user *__ptr = (u32 __user *)(ptr); \ 166 u32 __lo, __hi; \ 167 uintptr_t __tmp; \ 168 __enable_user_access(); \ 169 __asm__ __volatile__ ( \ 170 "1:\n" \ 171 " lw %1, %4\n" \ 172 "2:\n" \ 173 " lw %2, %5\n" \ 174 "3:\n" \ 175 " .section .fixup,\"ax\"\n" \ 176 " .balign 4\n" \ 177 "4:\n" \ 178 " li %0, %6\n" \ 179 " li %1, 0\n" \ 180 " li %2, 0\n" \ 181 " jump 3b, %3\n" \ 182 " .previous\n" \ 183 " .section __ex_table,\"a\"\n" \ 184 " .balign " RISCV_SZPTR "\n" \ 185 " " RISCV_PTR " 1b, 4b\n" \ 186 " " RISCV_PTR " 2b, 4b\n" \ 187 " .previous" \ 188 : "+r" (err), "=&r" (__lo), "=r" (__hi), \ 189 "=r" (__tmp) \ 190 : "m" (__ptr[__LSW]), "m" (__ptr[__MSW]), \ 191 "i" (-EFAULT)); \ 192 __disable_user_access(); \ 193 (x) = (__typeof__(x))((__typeof__((x)-(x)))( \ 194 (((u64)__hi << 32) | __lo))); \ 195 } while (0) 196 #endif /* CONFIG_MMU */ 197 #endif /* CONFIG_64BIT */ 198 199 200 /** 201 * __get_user: - Get a simple variable from user space, with less checking. 202 * @x: Variable to store result. 203 * @ptr: Source address, in user space. 204 * 205 * Context: User context only. This function may sleep. 206 * 207 * This macro copies a single simple variable from user space to kernel 208 * space. It supports simple types like char and int, but not larger 209 * data types like structures or arrays. 210 * 211 * @ptr must have pointer-to-simple-variable type, and the result of 212 * dereferencing @ptr must be assignable to @x without a cast. 213 * 214 * Caller must check the pointer with access_ok() before calling this 215 * function. 216 * 217 * Returns zero on success, or -EFAULT on error. 218 * On error, the variable @x is set to zero. 219 */ 220 #define __get_user(x, ptr) \ 221 ({ \ 222 register long __gu_err = 0; \ 223 const __typeof__(*(ptr)) __user *__gu_ptr = (ptr); \ 224 __chk_user_ptr(__gu_ptr); \ 225 switch (sizeof(*__gu_ptr)) { \ 226 case 1: \ 227 __get_user_asm("lb", (x), __gu_ptr, __gu_err); \ 228 break; \ 229 case 2: \ 230 __get_user_asm("lh", (x), __gu_ptr, __gu_err); \ 231 break; \ 232 case 4: \ 233 __get_user_asm("lw", (x), __gu_ptr, __gu_err); \ 234 break; \ 235 case 8: \ 236 __get_user_8((x), __gu_ptr, __gu_err); \ 237 break; \ 238 default: \ 239 BUILD_BUG(); \ 240 } \ 241 __gu_err; \ 242 }) 243 244 /** 245 * get_user: - Get a simple variable from user space. 246 * @x: Variable to store result. 247 * @ptr: Source address, in user space. 248 * 249 * Context: User context only. This function may sleep. 250 * 251 * This macro copies a single simple variable from user space to kernel 252 * space. It supports simple types like char and int, but not larger 253 * data types like structures or arrays. 254 * 255 * @ptr must have pointer-to-simple-variable type, and the result of 256 * dereferencing @ptr must be assignable to @x without a cast. 257 * 258 * Returns zero on success, or -EFAULT on error. 259 * On error, the variable @x is set to zero. 260 */ 261 #define get_user(x, ptr) \ 262 ({ \ 263 const __typeof__(*(ptr)) __user *__p = (ptr); \ 264 might_fault(); \ 265 access_ok(VERIFY_READ, __p, sizeof(*__p)) ? \ 266 __get_user((x), __p) : \ 267 ((x) = 0, -EFAULT); \ 268 }) 269 270 271 #ifdef CONFIG_MMU 272 #define __put_user_asm(insn, x, ptr, err) \ 273 do { \ 274 uintptr_t __tmp; \ 275 __typeof__(*(ptr)) __x = x; \ 276 __enable_user_access(); \ 277 __asm__ __volatile__ ( \ 278 "1:\n" \ 279 " " insn " %z3, %2\n" \ 280 "2:\n" \ 281 " .section .fixup,\"ax\"\n" \ 282 " .balign 4\n" \ 283 "3:\n" \ 284 " li %0, %4\n" \ 285 " jump 2b, %1\n" \ 286 " .previous\n" \ 287 " .section __ex_table,\"a\"\n" \ 288 " .balign " RISCV_SZPTR "\n" \ 289 " " RISCV_PTR " 1b, 3b\n" \ 290 " .previous" \ 291 : "+r" (err), "=r" (__tmp), "=m" (*(ptr)) \ 292 : "rJ" (__x), "i" (-EFAULT)); \ 293 __disable_user_access(); \ 294 } while (0) 295 #endif /* CONFIG_MMU */ 296 297 298 #ifdef CONFIG_64BIT 299 #define __put_user_8(x, ptr, err) \ 300 __put_user_asm("sd", x, ptr, err) 301 #else /* !CONFIG_64BIT */ 302 #ifdef CONFIG_MMU 303 #define __put_user_8(x, ptr, err) \ 304 do { \ 305 u32 __user *__ptr = (u32 __user *)(ptr); \ 306 u64 __x = (__typeof__((x)-(x)))(x); \ 307 uintptr_t __tmp; \ 308 __enable_user_access(); \ 309 __asm__ __volatile__ ( \ 310 "1:\n" \ 311 " sw %z4, %2\n" \ 312 "2:\n" \ 313 " sw %z5, %3\n" \ 314 "3:\n" \ 315 " .section .fixup,\"ax\"\n" \ 316 " .balign 4\n" \ 317 "4:\n" \ 318 " li %0, %6\n" \ 319 " jump 2b, %1\n" \ 320 " .previous\n" \ 321 " .section __ex_table,\"a\"\n" \ 322 " .balign " RISCV_SZPTR "\n" \ 323 " " RISCV_PTR " 1b, 4b\n" \ 324 " " RISCV_PTR " 2b, 4b\n" \ 325 " .previous" \ 326 : "+r" (err), "=r" (__tmp), \ 327 "=m" (__ptr[__LSW]), \ 328 "=m" (__ptr[__MSW]) \ 329 : "rJ" (__x), "rJ" (__x >> 32), "i" (-EFAULT)); \ 330 __disable_user_access(); \ 331 } while (0) 332 #endif /* CONFIG_MMU */ 333 #endif /* CONFIG_64BIT */ 334 335 336 /** 337 * __put_user: - Write a simple value into user space, with less checking. 338 * @x: Value to copy to user space. 339 * @ptr: Destination address, in user space. 340 * 341 * Context: User context only. This function may sleep. 342 * 343 * This macro copies a single simple value from kernel space to user 344 * space. It supports simple types like char and int, but not larger 345 * data types like structures or arrays. 346 * 347 * @ptr must have pointer-to-simple-variable type, and @x must be assignable 348 * to the result of dereferencing @ptr. 349 * 350 * Caller must check the pointer with access_ok() before calling this 351 * function. 352 * 353 * Returns zero on success, or -EFAULT on error. 354 */ 355 #define __put_user(x, ptr) \ 356 ({ \ 357 register long __pu_err = 0; \ 358 __typeof__(*(ptr)) __user *__gu_ptr = (ptr); \ 359 __chk_user_ptr(__gu_ptr); \ 360 switch (sizeof(*__gu_ptr)) { \ 361 case 1: \ 362 __put_user_asm("sb", (x), __gu_ptr, __pu_err); \ 363 break; \ 364 case 2: \ 365 __put_user_asm("sh", (x), __gu_ptr, __pu_err); \ 366 break; \ 367 case 4: \ 368 __put_user_asm("sw", (x), __gu_ptr, __pu_err); \ 369 break; \ 370 case 8: \ 371 __put_user_8((x), __gu_ptr, __pu_err); \ 372 break; \ 373 default: \ 374 BUILD_BUG(); \ 375 } \ 376 __pu_err; \ 377 }) 378 379 /** 380 * put_user: - Write a simple value into user space. 381 * @x: Value to copy to user space. 382 * @ptr: Destination address, in user space. 383 * 384 * Context: User context only. This function may sleep. 385 * 386 * This macro copies a single simple value from kernel space to user 387 * space. It supports simple types like char and int, but not larger 388 * data types like structures or arrays. 389 * 390 * @ptr must have pointer-to-simple-variable type, and @x must be assignable 391 * to the result of dereferencing @ptr. 392 * 393 * Returns zero on success, or -EFAULT on error. 394 */ 395 #define put_user(x, ptr) \ 396 ({ \ 397 __typeof__(*(ptr)) __user *__p = (ptr); \ 398 might_fault(); \ 399 access_ok(VERIFY_WRITE, __p, sizeof(*__p)) ? \ 400 __put_user((x), __p) : \ 401 -EFAULT; \ 402 }) 403 404 405 extern unsigned long __must_check __copy_user(void __user *to, 406 const void __user *from, unsigned long n); 407 408 static inline unsigned long 409 raw_copy_from_user(void *to, const void __user *from, unsigned long n) 410 { 411 return __copy_user(to, from, n); 412 } 413 414 static inline unsigned long 415 raw_copy_to_user(void __user *to, const void *from, unsigned long n) 416 { 417 return __copy_user(to, from, n); 418 } 419 420 extern long strncpy_from_user(char *dest, const char __user *src, long count); 421 422 extern long __must_check strlen_user(const char __user *str); 423 extern long __must_check strnlen_user(const char __user *str, long n); 424 425 extern 426 unsigned long __must_check __clear_user(void __user *addr, unsigned long n); 427 428 static inline 429 unsigned long __must_check clear_user(void __user *to, unsigned long n) 430 { 431 might_fault(); 432 return access_ok(VERIFY_WRITE, to, n) ? 433 __clear_user(to, n) : n; 434 } 435 436 /* 437 * Atomic compare-and-exchange, but with a fixup for userspace faults. Faults 438 * will set "err" to -EFAULT, while successful accesses return the previous 439 * value. 440 */ 441 #ifdef CONFIG_MMU 442 #define __cmpxchg_user(ptr, old, new, err, size, lrb, scb) \ 443 ({ \ 444 __typeof__(ptr) __ptr = (ptr); \ 445 __typeof__(*(ptr)) __old = (old); \ 446 __typeof__(*(ptr)) __new = (new); \ 447 __typeof__(*(ptr)) __ret; \ 448 __typeof__(err) __err = 0; \ 449 register unsigned int __rc; \ 450 __enable_user_access(); \ 451 switch (size) { \ 452 case 4: \ 453 __asm__ __volatile__ ( \ 454 "0:\n" \ 455 " lr.w" #scb " %[ret], %[ptr]\n" \ 456 " bne %[ret], %z[old], 1f\n" \ 457 " sc.w" #lrb " %[rc], %z[new], %[ptr]\n" \ 458 " bnez %[rc], 0b\n" \ 459 "1:\n" \ 460 ".section .fixup,\"ax\"\n" \ 461 ".balign 4\n" \ 462 "2:\n" \ 463 " li %[err], %[efault]\n" \ 464 " jump 1b, %[rc]\n" \ 465 ".previous\n" \ 466 ".section __ex_table,\"a\"\n" \ 467 ".balign " RISCV_SZPTR "\n" \ 468 " " RISCV_PTR " 1b, 2b\n" \ 469 ".previous\n" \ 470 : [ret] "=&r" (__ret), \ 471 [rc] "=&r" (__rc), \ 472 [ptr] "+A" (*__ptr), \ 473 [err] "=&r" (__err) \ 474 : [old] "rJ" (__old), \ 475 [new] "rJ" (__new), \ 476 [efault] "i" (-EFAULT)); \ 477 break; \ 478 case 8: \ 479 __asm__ __volatile__ ( \ 480 "0:\n" \ 481 " lr.d" #scb " %[ret], %[ptr]\n" \ 482 " bne %[ret], %z[old], 1f\n" \ 483 " sc.d" #lrb " %[rc], %z[new], %[ptr]\n" \ 484 " bnez %[rc], 0b\n" \ 485 "1:\n" \ 486 ".section .fixup,\"ax\"\n" \ 487 ".balign 4\n" \ 488 "2:\n" \ 489 " li %[err], %[efault]\n" \ 490 " jump 1b, %[rc]\n" \ 491 ".previous\n" \ 492 ".section __ex_table,\"a\"\n" \ 493 ".balign " RISCV_SZPTR "\n" \ 494 " " RISCV_PTR " 1b, 2b\n" \ 495 ".previous\n" \ 496 : [ret] "=&r" (__ret), \ 497 [rc] "=&r" (__rc), \ 498 [ptr] "+A" (*__ptr), \ 499 [err] "=&r" (__err) \ 500 : [old] "rJ" (__old), \ 501 [new] "rJ" (__new), \ 502 [efault] "i" (-EFAULT)); \ 503 break; \ 504 default: \ 505 BUILD_BUG(); \ 506 } \ 507 __disable_user_access(); \ 508 (err) = __err; \ 509 __ret; \ 510 }) 511 #endif /* CONFIG_MMU */ 512 513 #endif /* _ASM_RISCV_UACCESS_H */ 514