xref: /openbmc/linux/arch/x86/include/asm/uaccess.h (revision cd238eff)
1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _ASM_X86_UACCESS_H
3 #define _ASM_X86_UACCESS_H
4 /*
5  * User space memory access functions
6  */
7 #include <linux/compiler.h>
8 #include <linux/kasan-checks.h>
9 #include <linux/string.h>
10 #include <asm/asm.h>
11 #include <asm/page.h>
12 #include <asm/smap.h>
13 #include <asm/extable.h>
14 
15 /*
16  * The fs value determines whether argument validity checking should be
17  * performed or not.  If get_fs() == USER_DS, checking is performed, with
18  * get_fs() == KERNEL_DS, checking is bypassed.
19  *
20  * For historical reasons, these macros are grossly misnamed.
21  */
22 
23 #define MAKE_MM_SEG(s)	((mm_segment_t) { (s) })
24 
25 #define KERNEL_DS	MAKE_MM_SEG(-1UL)
26 #define USER_DS 	MAKE_MM_SEG(TASK_SIZE_MAX)
27 
28 #define get_fs()	(current->thread.addr_limit)
29 static inline void set_fs(mm_segment_t fs)
30 {
31 	current->thread.addr_limit = fs;
32 	/* On user-mode return, check fs is correct */
33 	set_thread_flag(TIF_FSCHECK);
34 }
35 
36 #define segment_eq(a, b)	((a).seg == (b).seg)
37 #define user_addr_max() (current->thread.addr_limit.seg)
38 
39 /*
40  * Test whether a block of memory is a valid user space address.
41  * Returns 0 if the range is valid, nonzero otherwise.
42  */
43 static inline bool __chk_range_not_ok(unsigned long addr, unsigned long size, unsigned long limit)
44 {
45 	/*
46 	 * If we have used "sizeof()" for the size,
47 	 * we know it won't overflow the limit (but
48 	 * it might overflow the 'addr', so it's
49 	 * important to subtract the size from the
50 	 * limit, not add it to the address).
51 	 */
52 	if (__builtin_constant_p(size))
53 		return unlikely(addr > limit - size);
54 
55 	/* Arbitrary sizes? Be careful about overflow */
56 	addr += size;
57 	if (unlikely(addr < size))
58 		return true;
59 	return unlikely(addr > limit);
60 }
61 
62 #define __range_not_ok(addr, size, limit)				\
63 ({									\
64 	__chk_user_ptr(addr);						\
65 	__chk_range_not_ok((unsigned long __force)(addr), size, limit); \
66 })
67 
68 #ifdef CONFIG_DEBUG_ATOMIC_SLEEP
69 # define WARN_ON_IN_IRQ()	WARN_ON_ONCE(!in_task())
70 #else
71 # define WARN_ON_IN_IRQ()
72 #endif
73 
74 /**
75  * access_ok - Checks if a user space pointer is valid
76  * @addr: User space pointer to start of block to check
77  * @size: Size of block to check
78  *
79  * Context: User context only. This function may sleep if pagefaults are
80  *          enabled.
81  *
82  * Checks if a pointer to a block of memory in user space is valid.
83  *
84  * Note that, depending on architecture, this function probably just
85  * checks that the pointer is in the user space range - after calling
86  * this function, memory access functions may still return -EFAULT.
87  *
88  * Return: true (nonzero) if the memory block may be valid, false (zero)
89  * if it is definitely invalid.
90  */
91 #define access_ok(addr, size)					\
92 ({									\
93 	WARN_ON_IN_IRQ();						\
94 	likely(!__range_not_ok(addr, size, user_addr_max()));		\
95 })
96 
97 /*
98  * These are the main single-value transfer routines.  They automatically
99  * use the right size if we just have the right pointer type.
100  *
101  * This gets kind of ugly. We want to return _two_ values in "get_user()"
102  * and yet we don't want to do any pointers, because that is too much
103  * of a performance impact. Thus we have a few rather ugly macros here,
104  * and hide all the ugliness from the user.
105  *
106  * The "__xxx" versions of the user access functions are versions that
107  * do not verify the address space, that must have been done previously
108  * with a separate "access_ok()" call (this is used when we do multiple
109  * accesses to the same area of user memory).
110  */
111 
112 extern int __get_user_1(void);
113 extern int __get_user_2(void);
114 extern int __get_user_4(void);
115 extern int __get_user_8(void);
116 extern int __get_user_bad(void);
117 
118 #define __uaccess_begin() stac()
119 #define __uaccess_end()   clac()
120 #define __uaccess_begin_nospec()	\
121 ({					\
122 	stac();				\
123 	barrier_nospec();		\
124 })
125 
126 /*
127  * This is a type: either unsigned long, if the argument fits into
128  * that type, or otherwise unsigned long long.
129  */
130 #define __inttype(x) \
131 __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
132 
133 /**
134  * get_user - Get a simple variable from user space.
135  * @x:   Variable to store result.
136  * @ptr: Source address, in user space.
137  *
138  * Context: User context only. This function may sleep if pagefaults are
139  *          enabled.
140  *
141  * This macro copies a single simple variable from user space to kernel
142  * space.  It supports simple types like char and int, but not larger
143  * data types like structures or arrays.
144  *
145  * @ptr must have pointer-to-simple-variable type, and the result of
146  * dereferencing @ptr must be assignable to @x without a cast.
147  *
148  * Return: zero on success, or -EFAULT on error.
149  * On error, the variable @x is set to zero.
150  */
151 /*
152  * Careful: we have to cast the result to the type of the pointer
153  * for sign reasons.
154  *
155  * The use of _ASM_DX as the register specifier is a bit of a
156  * simplification, as gcc only cares about it as the starting point
157  * and not size: for a 64-bit value it will use %ecx:%edx on 32 bits
158  * (%ecx being the next register in gcc's x86 register sequence), and
159  * %rdx on 64 bits.
160  *
161  * Clang/LLVM cares about the size of the register, but still wants
162  * the base register for something that ends up being a pair.
163  */
164 #define get_user(x, ptr)						\
165 ({									\
166 	int __ret_gu;							\
167 	register __inttype(*(ptr)) __val_gu asm("%"_ASM_DX);		\
168 	__chk_user_ptr(ptr);						\
169 	might_fault();							\
170 	asm volatile("call __get_user_%P4"				\
171 		     : "=a" (__ret_gu), "=r" (__val_gu),		\
172 			ASM_CALL_CONSTRAINT				\
173 		     : "0" (ptr), "i" (sizeof(*(ptr))));		\
174 	(x) = (__force __typeof__(*(ptr))) __val_gu;			\
175 	__builtin_expect(__ret_gu, 0);					\
176 })
177 
178 #define __put_user_x(size, x, ptr, __ret_pu)			\
179 	asm volatile("call __put_user_" #size : "=a" (__ret_pu)	\
180 		     : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx")
181 
182 
183 
184 #ifdef CONFIG_X86_32
185 #define __put_user_goto_u64(x, addr, label)			\
186 	asm_volatile_goto("\n"					\
187 		     "1:	movl %%eax,0(%1)\n"		\
188 		     "2:	movl %%edx,4(%1)\n"		\
189 		     _ASM_EXTABLE_UA(1b, %l2)			\
190 		     _ASM_EXTABLE_UA(2b, %l2)			\
191 		     : : "A" (x), "r" (addr)			\
192 		     : : label)
193 
194 #define __put_user_asm_ex_u64(x, addr)					\
195 	asm volatile("\n"						\
196 		     "1:	movl %%eax,0(%1)\n"			\
197 		     "2:	movl %%edx,4(%1)\n"			\
198 		     "3:"						\
199 		     _ASM_EXTABLE_EX(1b, 2b)				\
200 		     _ASM_EXTABLE_EX(2b, 3b)				\
201 		     : : "A" (x), "r" (addr))
202 
203 #define __put_user_x8(x, ptr, __ret_pu)				\
204 	asm volatile("call __put_user_8" : "=a" (__ret_pu)	\
205 		     : "A" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx")
206 #else
207 #define __put_user_goto_u64(x, ptr, label) \
208 	__put_user_goto(x, ptr, "q", "", "er", label)
209 #define __put_user_asm_ex_u64(x, addr)	\
210 	__put_user_asm_ex(x, addr, "q", "", "er")
211 #define __put_user_x8(x, ptr, __ret_pu) __put_user_x(8, x, ptr, __ret_pu)
212 #endif
213 
214 extern void __put_user_bad(void);
215 
216 /*
217  * Strange magic calling convention: pointer in %ecx,
218  * value in %eax(:%edx), return value in %eax. clobbers %rbx
219  */
220 extern void __put_user_1(void);
221 extern void __put_user_2(void);
222 extern void __put_user_4(void);
223 extern void __put_user_8(void);
224 
225 /**
226  * put_user - Write a simple value into user space.
227  * @x:   Value to copy to user space.
228  * @ptr: Destination address, in user space.
229  *
230  * Context: User context only. This function may sleep if pagefaults are
231  *          enabled.
232  *
233  * This macro copies a single simple value from kernel space to user
234  * space.  It supports simple types like char and int, but not larger
235  * data types like structures or arrays.
236  *
237  * @ptr must have pointer-to-simple-variable type, and @x must be assignable
238  * to the result of dereferencing @ptr.
239  *
240  * Return: zero on success, or -EFAULT on error.
241  */
242 #define put_user(x, ptr)					\
243 ({								\
244 	int __ret_pu;						\
245 	__typeof__(*(ptr)) __pu_val;				\
246 	__chk_user_ptr(ptr);					\
247 	might_fault();						\
248 	__pu_val = x;						\
249 	switch (sizeof(*(ptr))) {				\
250 	case 1:							\
251 		__put_user_x(1, __pu_val, ptr, __ret_pu);	\
252 		break;						\
253 	case 2:							\
254 		__put_user_x(2, __pu_val, ptr, __ret_pu);	\
255 		break;						\
256 	case 4:							\
257 		__put_user_x(4, __pu_val, ptr, __ret_pu);	\
258 		break;						\
259 	case 8:							\
260 		__put_user_x8(__pu_val, ptr, __ret_pu);		\
261 		break;						\
262 	default:						\
263 		__put_user_x(X, __pu_val, ptr, __ret_pu);	\
264 		break;						\
265 	}							\
266 	__builtin_expect(__ret_pu, 0);				\
267 })
268 
269 #define __put_user_size(x, ptr, size, label)				\
270 do {									\
271 	__chk_user_ptr(ptr);						\
272 	switch (size) {							\
273 	case 1:								\
274 		__put_user_goto(x, ptr, "b", "b", "iq", label);	\
275 		break;							\
276 	case 2:								\
277 		__put_user_goto(x, ptr, "w", "w", "ir", label);		\
278 		break;							\
279 	case 4:								\
280 		__put_user_goto(x, ptr, "l", "k", "ir", label);		\
281 		break;							\
282 	case 8:								\
283 		__put_user_goto_u64(x, ptr, label);			\
284 		break;							\
285 	default:							\
286 		__put_user_bad();					\
287 	}								\
288 } while (0)
289 
290 /*
291  * This doesn't do __uaccess_begin/end - the exception handling
292  * around it must do that.
293  */
294 #define __put_user_size_ex(x, ptr, size)				\
295 do {									\
296 	__chk_user_ptr(ptr);						\
297 	switch (size) {							\
298 	case 1:								\
299 		__put_user_asm_ex(x, ptr, "b", "b", "iq");		\
300 		break;							\
301 	case 2:								\
302 		__put_user_asm_ex(x, ptr, "w", "w", "ir");		\
303 		break;							\
304 	case 4:								\
305 		__put_user_asm_ex(x, ptr, "l", "k", "ir");		\
306 		break;							\
307 	case 8:								\
308 		__put_user_asm_ex_u64((__typeof__(*ptr))(x), ptr);	\
309 		break;							\
310 	default:							\
311 		__put_user_bad();					\
312 	}								\
313 } while (0)
314 
315 #ifdef CONFIG_X86_32
316 #define __get_user_asm_u64(x, ptr, retval, errret)			\
317 ({									\
318 	__typeof__(ptr) __ptr = (ptr);					\
319 	asm volatile("\n"					\
320 		     "1:	movl %2,%%eax\n"			\
321 		     "2:	movl %3,%%edx\n"			\
322 		     "3:\n"				\
323 		     ".section .fixup,\"ax\"\n"				\
324 		     "4:	mov %4,%0\n"				\
325 		     "	xorl %%eax,%%eax\n"				\
326 		     "	xorl %%edx,%%edx\n"				\
327 		     "	jmp 3b\n"					\
328 		     ".previous\n"					\
329 		     _ASM_EXTABLE_UA(1b, 4b)				\
330 		     _ASM_EXTABLE_UA(2b, 4b)				\
331 		     : "=r" (retval), "=&A"(x)				\
332 		     : "m" (__m(__ptr)), "m" __m(((u32 __user *)(__ptr)) + 1),	\
333 		       "i" (errret), "0" (retval));			\
334 })
335 
336 #define __get_user_asm_ex_u64(x, ptr)			(x) = __get_user_bad()
337 #else
338 #define __get_user_asm_u64(x, ptr, retval, errret) \
339 	 __get_user_asm(x, ptr, retval, "q", "", "=r", errret)
340 #define __get_user_asm_ex_u64(x, ptr) \
341 	 __get_user_asm_ex(x, ptr, "q", "", "=r")
342 #endif
343 
344 #define __get_user_size(x, ptr, size, retval, errret)			\
345 do {									\
346 	retval = 0;							\
347 	__chk_user_ptr(ptr);						\
348 	switch (size) {							\
349 	case 1:								\
350 		__get_user_asm(x, ptr, retval, "b", "b", "=q", errret);	\
351 		break;							\
352 	case 2:								\
353 		__get_user_asm(x, ptr, retval, "w", "w", "=r", errret);	\
354 		break;							\
355 	case 4:								\
356 		__get_user_asm(x, ptr, retval, "l", "k", "=r", errret);	\
357 		break;							\
358 	case 8:								\
359 		__get_user_asm_u64(x, ptr, retval, errret);		\
360 		break;							\
361 	default:							\
362 		(x) = __get_user_bad();					\
363 	}								\
364 } while (0)
365 
366 #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret)	\
367 	asm volatile("\n"						\
368 		     "1:	mov"itype" %2,%"rtype"1\n"		\
369 		     "2:\n"						\
370 		     ".section .fixup,\"ax\"\n"				\
371 		     "3:	mov %3,%0\n"				\
372 		     "	xor"itype" %"rtype"1,%"rtype"1\n"		\
373 		     "	jmp 2b\n"					\
374 		     ".previous\n"					\
375 		     _ASM_EXTABLE_UA(1b, 3b)				\
376 		     : "=r" (err), ltype(x)				\
377 		     : "m" (__m(addr)), "i" (errret), "0" (err))
378 
379 #define __get_user_asm_nozero(x, addr, err, itype, rtype, ltype, errret)	\
380 	asm volatile("\n"						\
381 		     "1:	mov"itype" %2,%"rtype"1\n"		\
382 		     "2:\n"						\
383 		     ".section .fixup,\"ax\"\n"				\
384 		     "3:	mov %3,%0\n"				\
385 		     "	jmp 2b\n"					\
386 		     ".previous\n"					\
387 		     _ASM_EXTABLE_UA(1b, 3b)				\
388 		     : "=r" (err), ltype(x)				\
389 		     : "m" (__m(addr)), "i" (errret), "0" (err))
390 
391 /*
392  * This doesn't do __uaccess_begin/end - the exception handling
393  * around it must do that.
394  */
395 #define __get_user_size_ex(x, ptr, size)				\
396 do {									\
397 	__chk_user_ptr(ptr);						\
398 	switch (size) {							\
399 	case 1:								\
400 		__get_user_asm_ex(x, ptr, "b", "b", "=q");		\
401 		break;							\
402 	case 2:								\
403 		__get_user_asm_ex(x, ptr, "w", "w", "=r");		\
404 		break;							\
405 	case 4:								\
406 		__get_user_asm_ex(x, ptr, "l", "k", "=r");		\
407 		break;							\
408 	case 8:								\
409 		__get_user_asm_ex_u64(x, ptr);				\
410 		break;							\
411 	default:							\
412 		(x) = __get_user_bad();					\
413 	}								\
414 } while (0)
415 
416 #define __get_user_asm_ex(x, addr, itype, rtype, ltype)			\
417 	asm volatile("1:	mov"itype" %1,%"rtype"0\n"		\
418 		     "2:\n"						\
419 		     ".section .fixup,\"ax\"\n"				\
420                      "3:xor"itype" %"rtype"0,%"rtype"0\n"		\
421 		     "  jmp 2b\n"					\
422 		     ".previous\n"					\
423 		     _ASM_EXTABLE_EX(1b, 3b)				\
424 		     : ltype(x) : "m" (__m(addr)))
425 
426 #define __put_user_nocheck(x, ptr, size)			\
427 ({								\
428 	__label__ __pu_label;					\
429 	int __pu_err = -EFAULT;					\
430 	__typeof__(*(ptr)) __pu_val = (x);			\
431 	__typeof__(ptr) __pu_ptr = (ptr);			\
432 	__typeof__(size) __pu_size = (size);			\
433 	__uaccess_begin();					\
434 	__put_user_size(__pu_val, __pu_ptr, __pu_size, __pu_label);	\
435 	__pu_err = 0;						\
436 __pu_label:							\
437 	__uaccess_end();					\
438 	__builtin_expect(__pu_err, 0);				\
439 })
440 
441 #define __get_user_nocheck(x, ptr, size)				\
442 ({									\
443 	int __gu_err;							\
444 	__inttype(*(ptr)) __gu_val;					\
445 	__uaccess_begin_nospec();					\
446 	__get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT);	\
447 	__uaccess_end();						\
448 	(x) = (__force __typeof__(*(ptr)))__gu_val;			\
449 	__builtin_expect(__gu_err, 0);					\
450 })
451 
452 /* FIXME: this hack is definitely wrong -AK */
453 struct __large_struct { unsigned long buf[100]; };
454 #define __m(x) (*(struct __large_struct __user *)(x))
455 
456 /*
457  * Tell gcc we read from memory instead of writing: this is because
458  * we do not write to any memory gcc knows about, so there are no
459  * aliasing issues.
460  */
461 #define __put_user_goto(x, addr, itype, rtype, ltype, label)	\
462 	asm_volatile_goto("\n"						\
463 		"1:	mov"itype" %"rtype"0,%1\n"			\
464 		_ASM_EXTABLE_UA(1b, %l2)					\
465 		: : ltype(x), "m" (__m(addr))				\
466 		: : label)
467 
468 #define __put_user_failed(x, addr, itype, rtype, ltype, errret)		\
469 	({	__label__ __puflab;					\
470 		int __pufret = errret;					\
471 		__put_user_goto(x,addr,itype,rtype,ltype,__puflab);	\
472 		__pufret = 0;						\
473 	__puflab: __pufret; })
474 
475 #define __put_user_asm(x, addr, retval, itype, rtype, ltype, errret)	do {	\
476 	retval = __put_user_failed(x, addr, itype, rtype, ltype, errret);	\
477 } while (0)
478 
479 #define __put_user_asm_ex(x, addr, itype, rtype, ltype)			\
480 	asm volatile("1:	mov"itype" %"rtype"0,%1\n"		\
481 		     "2:\n"						\
482 		     _ASM_EXTABLE_EX(1b, 2b)				\
483 		     : : ltype(x), "m" (__m(addr)))
484 
485 /*
486  * uaccess_try and catch
487  */
488 #define uaccess_try	do {						\
489 	current->thread.uaccess_err = 0;				\
490 	__uaccess_begin();						\
491 	barrier();
492 
493 #define uaccess_try_nospec do {						\
494 	current->thread.uaccess_err = 0;				\
495 	__uaccess_begin_nospec();					\
496 
497 #define uaccess_catch(err)						\
498 	__uaccess_end();						\
499 	(err) |= (current->thread.uaccess_err ? -EFAULT : 0);		\
500 } while (0)
501 
502 /**
503  * __get_user - Get a simple variable from user space, with less checking.
504  * @x:   Variable to store result.
505  * @ptr: Source address, in user space.
506  *
507  * Context: User context only. This function may sleep if pagefaults are
508  *          enabled.
509  *
510  * This macro copies a single simple variable from user space to kernel
511  * space.  It supports simple types like char and int, but not larger
512  * data types like structures or arrays.
513  *
514  * @ptr must have pointer-to-simple-variable type, and the result of
515  * dereferencing @ptr must be assignable to @x without a cast.
516  *
517  * Caller must check the pointer with access_ok() before calling this
518  * function.
519  *
520  * Return: zero on success, or -EFAULT on error.
521  * On error, the variable @x is set to zero.
522  */
523 
524 #define __get_user(x, ptr)						\
525 	__get_user_nocheck((x), (ptr), sizeof(*(ptr)))
526 
527 /**
528  * __put_user - Write a simple value into user space, with less checking.
529  * @x:   Value to copy to user space.
530  * @ptr: Destination address, in user space.
531  *
532  * Context: User context only. This function may sleep if pagefaults are
533  *          enabled.
534  *
535  * This macro copies a single simple value from kernel space to user
536  * space.  It supports simple types like char and int, but not larger
537  * data types like structures or arrays.
538  *
539  * @ptr must have pointer-to-simple-variable type, and @x must be assignable
540  * to the result of dereferencing @ptr.
541  *
542  * Caller must check the pointer with access_ok() before calling this
543  * function.
544  *
545  * Return: zero on success, or -EFAULT on error.
546  */
547 
548 #define __put_user(x, ptr)						\
549 	__put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
550 
551 /*
552  * {get|put}_user_try and catch
553  *
554  * get_user_try {
555  *	get_user_ex(...);
556  * } get_user_catch(err)
557  */
558 #define get_user_try		uaccess_try_nospec
559 #define get_user_catch(err)	uaccess_catch(err)
560 
561 #define get_user_ex(x, ptr)	do {					\
562 	unsigned long __gue_val;					\
563 	__get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr))));	\
564 	(x) = (__force __typeof__(*(ptr)))__gue_val;			\
565 } while (0)
566 
567 #define put_user_try		uaccess_try
568 #define put_user_catch(err)	uaccess_catch(err)
569 
570 #define put_user_ex(x, ptr)						\
571 	__put_user_size_ex((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
572 
573 extern unsigned long
574 copy_from_user_nmi(void *to, const void __user *from, unsigned long n);
575 extern __must_check long
576 strncpy_from_user(char *dst, const char __user *src, long count);
577 
578 extern __must_check long strnlen_user(const char __user *str, long n);
579 
580 unsigned long __must_check clear_user(void __user *mem, unsigned long len);
581 unsigned long __must_check __clear_user(void __user *mem, unsigned long len);
582 
583 extern void __cmpxchg_wrong_size(void)
584 	__compiletime_error("Bad argument size for cmpxchg");
585 
586 #define __user_atomic_cmpxchg_inatomic(uval, ptr, old, new, size)	\
587 ({									\
588 	int __ret = 0;							\
589 	__typeof__(*(ptr)) __old = (old);				\
590 	__typeof__(*(ptr)) __new = (new);				\
591 	__uaccess_begin_nospec();					\
592 	switch (size) {							\
593 	case 1:								\
594 	{								\
595 		asm volatile("\n"					\
596 			"1:\t" LOCK_PREFIX "cmpxchgb %4, %2\n"		\
597 			"2:\n"						\
598 			"\t.section .fixup, \"ax\"\n"			\
599 			"3:\tmov     %3, %0\n"				\
600 			"\tjmp     2b\n"				\
601 			"\t.previous\n"					\
602 			_ASM_EXTABLE_UA(1b, 3b)				\
603 			: "+r" (__ret), "=a" (__old), "+m" (*(ptr))	\
604 			: "i" (-EFAULT), "q" (__new), "1" (__old)	\
605 			: "memory"					\
606 		);							\
607 		break;							\
608 	}								\
609 	case 2:								\
610 	{								\
611 		asm volatile("\n"					\
612 			"1:\t" LOCK_PREFIX "cmpxchgw %4, %2\n"		\
613 			"2:\n"						\
614 			"\t.section .fixup, \"ax\"\n"			\
615 			"3:\tmov     %3, %0\n"				\
616 			"\tjmp     2b\n"				\
617 			"\t.previous\n"					\
618 			_ASM_EXTABLE_UA(1b, 3b)				\
619 			: "+r" (__ret), "=a" (__old), "+m" (*(ptr))	\
620 			: "i" (-EFAULT), "r" (__new), "1" (__old)	\
621 			: "memory"					\
622 		);							\
623 		break;							\
624 	}								\
625 	case 4:								\
626 	{								\
627 		asm volatile("\n"					\
628 			"1:\t" LOCK_PREFIX "cmpxchgl %4, %2\n"		\
629 			"2:\n"						\
630 			"\t.section .fixup, \"ax\"\n"			\
631 			"3:\tmov     %3, %0\n"				\
632 			"\tjmp     2b\n"				\
633 			"\t.previous\n"					\
634 			_ASM_EXTABLE_UA(1b, 3b)				\
635 			: "+r" (__ret), "=a" (__old), "+m" (*(ptr))	\
636 			: "i" (-EFAULT), "r" (__new), "1" (__old)	\
637 			: "memory"					\
638 		);							\
639 		break;							\
640 	}								\
641 	case 8:								\
642 	{								\
643 		if (!IS_ENABLED(CONFIG_X86_64))				\
644 			__cmpxchg_wrong_size();				\
645 									\
646 		asm volatile("\n"					\
647 			"1:\t" LOCK_PREFIX "cmpxchgq %4, %2\n"		\
648 			"2:\n"						\
649 			"\t.section .fixup, \"ax\"\n"			\
650 			"3:\tmov     %3, %0\n"				\
651 			"\tjmp     2b\n"				\
652 			"\t.previous\n"					\
653 			_ASM_EXTABLE_UA(1b, 3b)				\
654 			: "+r" (__ret), "=a" (__old), "+m" (*(ptr))	\
655 			: "i" (-EFAULT), "r" (__new), "1" (__old)	\
656 			: "memory"					\
657 		);							\
658 		break;							\
659 	}								\
660 	default:							\
661 		__cmpxchg_wrong_size();					\
662 	}								\
663 	__uaccess_end();						\
664 	*(uval) = __old;						\
665 	__ret;								\
666 })
667 
668 #define user_atomic_cmpxchg_inatomic(uval, ptr, old, new)		\
669 ({									\
670 	access_ok((ptr), sizeof(*(ptr))) ?		\
671 		__user_atomic_cmpxchg_inatomic((uval), (ptr),		\
672 				(old), (new), sizeof(*(ptr))) :		\
673 		-EFAULT;						\
674 })
675 
676 /*
677  * movsl can be slow when source and dest are not both 8-byte aligned
678  */
679 #ifdef CONFIG_X86_INTEL_USERCOPY
680 extern struct movsl_mask {
681 	int mask;
682 } ____cacheline_aligned_in_smp movsl_mask;
683 #endif
684 
685 #define ARCH_HAS_NOCACHE_UACCESS 1
686 
687 #ifdef CONFIG_X86_32
688 # include <asm/uaccess_32.h>
689 #else
690 # include <asm/uaccess_64.h>
691 #endif
692 
693 /*
694  * We rely on the nested NMI work to allow atomic faults from the NMI path; the
695  * nested NMI paths are careful to preserve CR2.
696  *
697  * Caller must use pagefault_enable/disable, or run in interrupt context,
698  * and also do a uaccess_ok() check
699  */
700 #define __copy_from_user_nmi __copy_from_user_inatomic
701 
702 /*
703  * The "unsafe" user accesses aren't really "unsafe", but the naming
704  * is a big fat warning: you have to not only do the access_ok()
705  * checking before using them, but you have to surround them with the
706  * user_access_begin/end() pair.
707  */
708 static __must_check __always_inline bool user_access_begin(const void __user *ptr, size_t len)
709 {
710 	if (unlikely(!access_ok(ptr,len)))
711 		return 0;
712 	__uaccess_begin_nospec();
713 	return 1;
714 }
715 #define user_access_begin(a,b)	user_access_begin(a,b)
716 #define user_access_end()	__uaccess_end()
717 
718 #define user_access_save()	smap_save()
719 #define user_access_restore(x)	smap_restore(x)
720 
721 #define unsafe_put_user(x, ptr, label)	\
722 	__put_user_size((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)), label)
723 
724 #define unsafe_get_user(x, ptr, err_label)					\
725 do {										\
726 	int __gu_err;								\
727 	__inttype(*(ptr)) __gu_val;						\
728 	__get_user_size(__gu_val, (ptr), sizeof(*(ptr)), __gu_err, -EFAULT);	\
729 	(x) = (__force __typeof__(*(ptr)))__gu_val;				\
730 	if (unlikely(__gu_err)) goto err_label;					\
731 } while (0)
732 
733 #endif /* _ASM_X86_UACCESS_H */
734 
735