1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _ARCH_POWERPC_UACCESS_H
3 #define _ARCH_POWERPC_UACCESS_H
4
5 #include <asm/ppc_asm.h>
6 #include <asm/processor.h>
7 #include <asm/page.h>
8 #include <asm/extable.h>
9
10 /*
11 * The fs value determines whether argument validity checking should be
12 * performed or not. If get_fs() == USER_DS, checking is performed, with
13 * get_fs() == KERNEL_DS, checking is bypassed.
14 *
15 * For historical reasons, these macros are grossly misnamed.
16 *
17 * The fs/ds values are now the highest legal address in the "segment".
18 * This simplifies the checking in the routines below.
19 */
20
21 #define MAKE_MM_SEG(s) ((mm_segment_t) { (s) })
22
23 #define KERNEL_DS MAKE_MM_SEG(~0UL)
24 #ifdef __powerpc64__
25 /* We use TASK_SIZE_USER64 as TASK_SIZE is not constant */
26 #define USER_DS MAKE_MM_SEG(TASK_SIZE_USER64 - 1)
27 #else
28 #define USER_DS MAKE_MM_SEG(TASK_SIZE - 1)
29 #endif
30
31 #define get_ds() (KERNEL_DS)
32 #define get_fs() (current->thread.addr_limit)
33
set_fs(mm_segment_t fs)34 static inline void set_fs(mm_segment_t fs)
35 {
36 current->thread.addr_limit = fs;
37 /* On user-mode return check addr_limit (fs) is correct */
38 set_thread_flag(TIF_FSCHECK);
39 }
40
41 #define segment_eq(a, b) ((a).seg == (b).seg)
42
43 #define user_addr_max() (get_fs().seg)
44
45 #ifdef __powerpc64__
46 /*
47 * This check is sufficient because there is a large enough
48 * gap between user addresses and the kernel addresses
49 */
50 #define __access_ok(addr, size, segment) \
51 (((addr) <= (segment).seg) && ((size) <= (segment).seg))
52
53 #else
54
__access_ok(unsigned long addr,unsigned long size,mm_segment_t seg)55 static inline int __access_ok(unsigned long addr, unsigned long size,
56 mm_segment_t seg)
57 {
58 if (addr > seg.seg)
59 return 0;
60 return (size == 0 || size - 1 <= seg.seg - addr);
61 }
62
63 #endif
64
65 #define access_ok(type, addr, size) \
66 (__chk_user_ptr(addr), \
67 __access_ok((__force unsigned long)(addr), (size), get_fs()))
68
69 /*
70 * These are the main single-value transfer routines. They automatically
71 * use the right size if we just have the right pointer type.
72 *
73 * This gets kind of ugly. We want to return _two_ values in "get_user()"
74 * and yet we don't want to do any pointers, because that is too much
75 * of a performance impact. Thus we have a few rather ugly macros here,
76 * and hide all the ugliness from the user.
77 *
78 * The "__xxx" versions of the user access functions are versions that
79 * do not verify the address space, that must have been done previously
80 * with a separate "access_ok()" call (this is used when we do multiple
81 * accesses to the same area of user memory).
82 *
83 * As we use the same address space for kernel and user data on the
84 * PowerPC, we can just do these as direct assignments. (Of course, the
85 * exception handling means that it's no longer "just"...)
86 *
87 */
88 #define get_user(x, ptr) \
89 __get_user_check((x), (ptr), sizeof(*(ptr)))
90 #define put_user(x, ptr) \
91 __put_user_check((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
92
93 #define __get_user(x, ptr) \
94 __get_user_nocheck((x), (ptr), sizeof(*(ptr)))
95 #define __put_user(x, ptr) \
96 __put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
97
98 #define __get_user_inatomic(x, ptr) \
99 __get_user_nosleep((x), (ptr), sizeof(*(ptr)))
100 #define __put_user_inatomic(x, ptr) \
101 __put_user_nosleep((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
102
103 extern long __put_user_bad(void);
104
105 /*
106 * We don't tell gcc that we are accessing memory, but this is OK
107 * because we do not write to any memory gcc knows about, so there
108 * are no aliasing issues.
109 */
110 #define __put_user_asm(x, addr, err, op) \
111 __asm__ __volatile__( \
112 "1: " op " %1,0(%2) # put_user\n" \
113 "2:\n" \
114 ".section .fixup,\"ax\"\n" \
115 "3: li %0,%3\n" \
116 " b 2b\n" \
117 ".previous\n" \
118 EX_TABLE(1b, 3b) \
119 : "=r" (err) \
120 : "r" (x), "b" (addr), "i" (-EFAULT), "0" (err))
121
122 #ifdef __powerpc64__
123 #define __put_user_asm2(x, ptr, retval) \
124 __put_user_asm(x, ptr, retval, "std")
125 #else /* __powerpc64__ */
126 #define __put_user_asm2(x, addr, err) \
127 __asm__ __volatile__( \
128 "1: stw %1,0(%2)\n" \
129 "2: stw %1+1,4(%2)\n" \
130 "3:\n" \
131 ".section .fixup,\"ax\"\n" \
132 "4: li %0,%3\n" \
133 " b 3b\n" \
134 ".previous\n" \
135 EX_TABLE(1b, 4b) \
136 EX_TABLE(2b, 4b) \
137 : "=r" (err) \
138 : "r" (x), "b" (addr), "i" (-EFAULT), "0" (err))
139 #endif /* __powerpc64__ */
140
141 #define __put_user_size(x, ptr, size, retval) \
142 do { \
143 retval = 0; \
144 switch (size) { \
145 case 1: __put_user_asm(x, ptr, retval, "stb"); break; \
146 case 2: __put_user_asm(x, ptr, retval, "sth"); break; \
147 case 4: __put_user_asm(x, ptr, retval, "stw"); break; \
148 case 8: __put_user_asm2(x, ptr, retval); break; \
149 default: __put_user_bad(); \
150 } \
151 } while (0)
152
153 #define __put_user_nocheck(x, ptr, size) \
154 ({ \
155 long __pu_err; \
156 __typeof__(*(ptr)) __user *__pu_addr = (ptr); \
157 if (!is_kernel_addr((unsigned long)__pu_addr)) \
158 might_fault(); \
159 __chk_user_ptr(ptr); \
160 __put_user_size((x), __pu_addr, (size), __pu_err); \
161 __pu_err; \
162 })
163
164 #define __put_user_check(x, ptr, size) \
165 ({ \
166 long __pu_err = -EFAULT; \
167 __typeof__(*(ptr)) __user *__pu_addr = (ptr); \
168 might_fault(); \
169 if (access_ok(VERIFY_WRITE, __pu_addr, size)) \
170 __put_user_size((x), __pu_addr, (size), __pu_err); \
171 __pu_err; \
172 })
173
174 #define __put_user_nosleep(x, ptr, size) \
175 ({ \
176 long __pu_err; \
177 __typeof__(*(ptr)) __user *__pu_addr = (ptr); \
178 __chk_user_ptr(ptr); \
179 __put_user_size((x), __pu_addr, (size), __pu_err); \
180 __pu_err; \
181 })
182
183
184 extern long __get_user_bad(void);
185
186 /*
187 * This does an atomic 128 byte aligned load from userspace.
188 * Upto caller to do enable_kernel_vmx() before calling!
189 */
190 #define __get_user_atomic_128_aligned(kaddr, uaddr, err) \
191 __asm__ __volatile__( \
192 "1: lvx 0,0,%1 # get user\n" \
193 " stvx 0,0,%2 # put kernel\n" \
194 "2:\n" \
195 ".section .fixup,\"ax\"\n" \
196 "3: li %0,%3\n" \
197 " b 2b\n" \
198 ".previous\n" \
199 EX_TABLE(1b, 3b) \
200 : "=r" (err) \
201 : "b" (uaddr), "b" (kaddr), "i" (-EFAULT), "0" (err))
202
203 #define __get_user_asm(x, addr, err, op) \
204 __asm__ __volatile__( \
205 "1: "op" %1,0(%2) # get_user\n" \
206 "2:\n" \
207 ".section .fixup,\"ax\"\n" \
208 "3: li %0,%3\n" \
209 " li %1,0\n" \
210 " b 2b\n" \
211 ".previous\n" \
212 EX_TABLE(1b, 3b) \
213 : "=r" (err), "=r" (x) \
214 : "b" (addr), "i" (-EFAULT), "0" (err))
215
216 #ifdef __powerpc64__
217 #define __get_user_asm2(x, addr, err) \
218 __get_user_asm(x, addr, err, "ld")
219 #else /* __powerpc64__ */
220 #define __get_user_asm2(x, addr, err) \
221 __asm__ __volatile__( \
222 "1: lwz %1,0(%2)\n" \
223 "2: lwz %1+1,4(%2)\n" \
224 "3:\n" \
225 ".section .fixup,\"ax\"\n" \
226 "4: li %0,%3\n" \
227 " li %1,0\n" \
228 " li %1+1,0\n" \
229 " b 3b\n" \
230 ".previous\n" \
231 EX_TABLE(1b, 4b) \
232 EX_TABLE(2b, 4b) \
233 : "=r" (err), "=&r" (x) \
234 : "b" (addr), "i" (-EFAULT), "0" (err))
235 #endif /* __powerpc64__ */
236
237 #define __get_user_size(x, ptr, size, retval) \
238 do { \
239 retval = 0; \
240 __chk_user_ptr(ptr); \
241 if (size > sizeof(x)) \
242 (x) = __get_user_bad(); \
243 switch (size) { \
244 case 1: __get_user_asm(x, ptr, retval, "lbz"); break; \
245 case 2: __get_user_asm(x, ptr, retval, "lhz"); break; \
246 case 4: __get_user_asm(x, ptr, retval, "lwz"); break; \
247 case 8: __get_user_asm2(x, ptr, retval); break; \
248 default: (x) = __get_user_bad(); \
249 } \
250 } while (0)
251
252 /*
253 * This is a type: either unsigned long, if the argument fits into
254 * that type, or otherwise unsigned long long.
255 */
256 #define __long_type(x) \
257 __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
258
259 #define __get_user_nocheck(x, ptr, size) \
260 ({ \
261 long __gu_err; \
262 __long_type(*(ptr)) __gu_val; \
263 const __typeof__(*(ptr)) __user *__gu_addr = (ptr); \
264 __chk_user_ptr(ptr); \
265 if (!is_kernel_addr((unsigned long)__gu_addr)) \
266 might_fault(); \
267 barrier_nospec(); \
268 __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \
269 (x) = (__typeof__(*(ptr)))__gu_val; \
270 __gu_err; \
271 })
272
273 #define __get_user_check(x, ptr, size) \
274 ({ \
275 long __gu_err = -EFAULT; \
276 __long_type(*(ptr)) __gu_val = 0; \
277 const __typeof__(*(ptr)) __user *__gu_addr = (ptr); \
278 might_fault(); \
279 if (access_ok(VERIFY_READ, __gu_addr, (size))) { \
280 barrier_nospec(); \
281 __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \
282 } \
283 (x) = (__force __typeof__(*(ptr)))__gu_val; \
284 __gu_err; \
285 })
286
287 #define __get_user_nosleep(x, ptr, size) \
288 ({ \
289 long __gu_err; \
290 __long_type(*(ptr)) __gu_val; \
291 const __typeof__(*(ptr)) __user *__gu_addr = (ptr); \
292 __chk_user_ptr(ptr); \
293 barrier_nospec(); \
294 __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \
295 (x) = (__force __typeof__(*(ptr)))__gu_val; \
296 __gu_err; \
297 })
298
299
300 /* more complex routines */
301
302 extern unsigned long __copy_tofrom_user(void __user *to,
303 const void __user *from, unsigned long size);
304
305 #ifdef __powerpc64__
306 static inline unsigned long
raw_copy_in_user(void __user * to,const void __user * from,unsigned long n)307 raw_copy_in_user(void __user *to, const void __user *from, unsigned long n)
308 {
309 return __copy_tofrom_user(to, from, n);
310 }
311 #endif /* __powerpc64__ */
312
raw_copy_from_user(void * to,const void __user * from,unsigned long n)313 static inline unsigned long raw_copy_from_user(void *to,
314 const void __user *from, unsigned long n)
315 {
316 if (__builtin_constant_p(n) && (n <= 8)) {
317 unsigned long ret = 1;
318
319 switch (n) {
320 case 1:
321 barrier_nospec();
322 __get_user_size(*(u8 *)to, from, 1, ret);
323 break;
324 case 2:
325 barrier_nospec();
326 __get_user_size(*(u16 *)to, from, 2, ret);
327 break;
328 case 4:
329 barrier_nospec();
330 __get_user_size(*(u32 *)to, from, 4, ret);
331 break;
332 case 8:
333 barrier_nospec();
334 __get_user_size(*(u64 *)to, from, 8, ret);
335 break;
336 }
337 if (ret == 0)
338 return 0;
339 }
340
341 barrier_nospec();
342 return __copy_tofrom_user((__force void __user *)to, from, n);
343 }
344
raw_copy_to_user(void __user * to,const void * from,unsigned long n)345 static inline unsigned long raw_copy_to_user(void __user *to,
346 const void *from, unsigned long n)
347 {
348 if (__builtin_constant_p(n) && (n <= 8)) {
349 unsigned long ret = 1;
350
351 switch (n) {
352 case 1:
353 __put_user_size(*(u8 *)from, (u8 __user *)to, 1, ret);
354 break;
355 case 2:
356 __put_user_size(*(u16 *)from, (u16 __user *)to, 2, ret);
357 break;
358 case 4:
359 __put_user_size(*(u32 *)from, (u32 __user *)to, 4, ret);
360 break;
361 case 8:
362 __put_user_size(*(u64 *)from, (u64 __user *)to, 8, ret);
363 break;
364 }
365 if (ret == 0)
366 return 0;
367 }
368
369 return __copy_tofrom_user(to, (__force const void __user *)from, n);
370 }
371
372 extern unsigned long __clear_user(void __user *addr, unsigned long size);
373
clear_user(void __user * addr,unsigned long size)374 static inline unsigned long clear_user(void __user *addr, unsigned long size)
375 {
376 might_fault();
377 if (likely(access_ok(VERIFY_WRITE, addr, size)))
378 return __clear_user(addr, size);
379 return size;
380 }
381
382 extern long strncpy_from_user(char *dst, const char __user *src, long count);
383 extern __must_check long strnlen_user(const char __user *str, long n);
384
385 extern long __copy_from_user_flushcache(void *dst, const void __user *src,
386 unsigned size);
387 extern void memcpy_page_flushcache(char *to, struct page *page, size_t offset,
388 size_t len);
389
390 #endif /* _ARCH_POWERPC_UACCESS_H */
391