1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _ARCH_POWERPC_UACCESS_H
3 #define _ARCH_POWERPC_UACCESS_H
4 
5 #include <asm/ppc_asm.h>
6 #include <asm/processor.h>
7 #include <asm/page.h>
8 #include <asm/extable.h>
9 
10 /*
11  * The fs value determines whether argument validity checking should be
12  * performed or not.  If get_fs() == USER_DS, checking is performed, with
13  * get_fs() == KERNEL_DS, checking is bypassed.
14  *
15  * For historical reasons, these macros are grossly misnamed.
16  *
17  * The fs/ds values are now the highest legal address in the "segment".
18  * This simplifies the checking in the routines below.
19  */
20 
21 #define MAKE_MM_SEG(s)  ((mm_segment_t) { (s) })
22 
23 #define KERNEL_DS	MAKE_MM_SEG(~0UL)
24 #ifdef __powerpc64__
25 /* We use TASK_SIZE_USER64 as TASK_SIZE is not constant */
26 #define USER_DS		MAKE_MM_SEG(TASK_SIZE_USER64 - 1)
27 #else
28 #define USER_DS		MAKE_MM_SEG(TASK_SIZE - 1)
29 #endif
30 
31 #define get_ds()	(KERNEL_DS)
32 #define get_fs()	(current->thread.addr_limit)
33 
set_fs(mm_segment_t fs)34 static inline void set_fs(mm_segment_t fs)
35 {
36 	current->thread.addr_limit = fs;
37 	/* On user-mode return check addr_limit (fs) is correct */
38 	set_thread_flag(TIF_FSCHECK);
39 }
40 
41 #define segment_eq(a, b)	((a).seg == (b).seg)
42 
43 #define user_addr_max()	(get_fs().seg)
44 
45 #ifdef __powerpc64__
46 /*
47  * This check is sufficient because there is a large enough
48  * gap between user addresses and the kernel addresses
49  */
50 #define __access_ok(addr, size, segment)	\
51 	(((addr) <= (segment).seg) && ((size) <= (segment).seg))
52 
53 #else
54 
__access_ok(unsigned long addr,unsigned long size,mm_segment_t seg)55 static inline int __access_ok(unsigned long addr, unsigned long size,
56 			mm_segment_t seg)
57 {
58 	if (addr > seg.seg)
59 		return 0;
60 	return (size == 0 || size - 1 <= seg.seg - addr);
61 }
62 
63 #endif
64 
65 #define access_ok(type, addr, size)		\
66 	(__chk_user_ptr(addr),			\
67 	 __access_ok((__force unsigned long)(addr), (size), get_fs()))
68 
69 /*
70  * These are the main single-value transfer routines.  They automatically
71  * use the right size if we just have the right pointer type.
72  *
73  * This gets kind of ugly. We want to return _two_ values in "get_user()"
74  * and yet we don't want to do any pointers, because that is too much
75  * of a performance impact. Thus we have a few rather ugly macros here,
76  * and hide all the ugliness from the user.
77  *
78  * The "__xxx" versions of the user access functions are versions that
79  * do not verify the address space, that must have been done previously
80  * with a separate "access_ok()" call (this is used when we do multiple
81  * accesses to the same area of user memory).
82  *
83  * As we use the same address space for kernel and user data on the
84  * PowerPC, we can just do these as direct assignments.  (Of course, the
85  * exception handling means that it's no longer "just"...)
86  *
87  */
88 #define get_user(x, ptr) \
89 	__get_user_check((x), (ptr), sizeof(*(ptr)))
90 #define put_user(x, ptr) \
91 	__put_user_check((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
92 
93 #define __get_user(x, ptr) \
94 	__get_user_nocheck((x), (ptr), sizeof(*(ptr)))
95 #define __put_user(x, ptr) \
96 	__put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
97 
98 #define __get_user_inatomic(x, ptr) \
99 	__get_user_nosleep((x), (ptr), sizeof(*(ptr)))
100 #define __put_user_inatomic(x, ptr) \
101 	__put_user_nosleep((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
102 
103 extern long __put_user_bad(void);
104 
105 /*
106  * We don't tell gcc that we are accessing memory, but this is OK
107  * because we do not write to any memory gcc knows about, so there
108  * are no aliasing issues.
109  */
110 #define __put_user_asm(x, addr, err, op)			\
111 	__asm__ __volatile__(					\
112 		"1:	" op " %1,0(%2)	# put_user\n"		\
113 		"2:\n"						\
114 		".section .fixup,\"ax\"\n"			\
115 		"3:	li %0,%3\n"				\
116 		"	b 2b\n"					\
117 		".previous\n"					\
118 		EX_TABLE(1b, 3b)				\
119 		: "=r" (err)					\
120 		: "r" (x), "b" (addr), "i" (-EFAULT), "0" (err))
121 
122 #ifdef __powerpc64__
123 #define __put_user_asm2(x, ptr, retval)				\
124 	  __put_user_asm(x, ptr, retval, "std")
125 #else /* __powerpc64__ */
126 #define __put_user_asm2(x, addr, err)				\
127 	__asm__ __volatile__(					\
128 		"1:	stw %1,0(%2)\n"				\
129 		"2:	stw %1+1,4(%2)\n"			\
130 		"3:\n"						\
131 		".section .fixup,\"ax\"\n"			\
132 		"4:	li %0,%3\n"				\
133 		"	b 3b\n"					\
134 		".previous\n"					\
135 		EX_TABLE(1b, 4b)				\
136 		EX_TABLE(2b, 4b)				\
137 		: "=r" (err)					\
138 		: "r" (x), "b" (addr), "i" (-EFAULT), "0" (err))
139 #endif /* __powerpc64__ */
140 
141 #define __put_user_size(x, ptr, size, retval)			\
142 do {								\
143 	retval = 0;						\
144 	switch (size) {						\
145 	  case 1: __put_user_asm(x, ptr, retval, "stb"); break;	\
146 	  case 2: __put_user_asm(x, ptr, retval, "sth"); break;	\
147 	  case 4: __put_user_asm(x, ptr, retval, "stw"); break;	\
148 	  case 8: __put_user_asm2(x, ptr, retval); break;	\
149 	  default: __put_user_bad();				\
150 	}							\
151 } while (0)
152 
153 #define __put_user_nocheck(x, ptr, size)			\
154 ({								\
155 	long __pu_err;						\
156 	__typeof__(*(ptr)) __user *__pu_addr = (ptr);		\
157 	if (!is_kernel_addr((unsigned long)__pu_addr))		\
158 		might_fault();					\
159 	__chk_user_ptr(ptr);					\
160 	__put_user_size((x), __pu_addr, (size), __pu_err);	\
161 	__pu_err;						\
162 })
163 
164 #define __put_user_check(x, ptr, size)					\
165 ({									\
166 	long __pu_err = -EFAULT;					\
167 	__typeof__(*(ptr)) __user *__pu_addr = (ptr);			\
168 	might_fault();							\
169 	if (access_ok(VERIFY_WRITE, __pu_addr, size))			\
170 		__put_user_size((x), __pu_addr, (size), __pu_err);	\
171 	__pu_err;							\
172 })
173 
174 #define __put_user_nosleep(x, ptr, size)			\
175 ({								\
176 	long __pu_err;						\
177 	__typeof__(*(ptr)) __user *__pu_addr = (ptr);		\
178 	__chk_user_ptr(ptr);					\
179 	__put_user_size((x), __pu_addr, (size), __pu_err);	\
180 	__pu_err;						\
181 })
182 
183 
184 extern long __get_user_bad(void);
185 
186 /*
187  * This does an atomic 128 byte aligned load from userspace.
188  * Upto caller to do enable_kernel_vmx() before calling!
189  */
190 #define __get_user_atomic_128_aligned(kaddr, uaddr, err)		\
191 	__asm__ __volatile__(				\
192 		"1:	lvx  0,0,%1	# get user\n"	\
193 		" 	stvx 0,0,%2	# put kernel\n"	\
194 		"2:\n"					\
195 		".section .fixup,\"ax\"\n"		\
196 		"3:	li %0,%3\n"			\
197 		"	b 2b\n"				\
198 		".previous\n"				\
199 		EX_TABLE(1b, 3b)			\
200 		: "=r" (err)			\
201 		: "b" (uaddr), "b" (kaddr), "i" (-EFAULT), "0" (err))
202 
203 #define __get_user_asm(x, addr, err, op)		\
204 	__asm__ __volatile__(				\
205 		"1:	"op" %1,0(%2)	# get_user\n"	\
206 		"2:\n"					\
207 		".section .fixup,\"ax\"\n"		\
208 		"3:	li %0,%3\n"			\
209 		"	li %1,0\n"			\
210 		"	b 2b\n"				\
211 		".previous\n"				\
212 		EX_TABLE(1b, 3b)			\
213 		: "=r" (err), "=r" (x)			\
214 		: "b" (addr), "i" (-EFAULT), "0" (err))
215 
216 #ifdef __powerpc64__
217 #define __get_user_asm2(x, addr, err)			\
218 	__get_user_asm(x, addr, err, "ld")
219 #else /* __powerpc64__ */
220 #define __get_user_asm2(x, addr, err)			\
221 	__asm__ __volatile__(				\
222 		"1:	lwz %1,0(%2)\n"			\
223 		"2:	lwz %1+1,4(%2)\n"		\
224 		"3:\n"					\
225 		".section .fixup,\"ax\"\n"		\
226 		"4:	li %0,%3\n"			\
227 		"	li %1,0\n"			\
228 		"	li %1+1,0\n"			\
229 		"	b 3b\n"				\
230 		".previous\n"				\
231 		EX_TABLE(1b, 4b)			\
232 		EX_TABLE(2b, 4b)			\
233 		: "=r" (err), "=&r" (x)			\
234 		: "b" (addr), "i" (-EFAULT), "0" (err))
235 #endif /* __powerpc64__ */
236 
237 #define __get_user_size(x, ptr, size, retval)			\
238 do {								\
239 	retval = 0;						\
240 	__chk_user_ptr(ptr);					\
241 	if (size > sizeof(x))					\
242 		(x) = __get_user_bad();				\
243 	switch (size) {						\
244 	case 1: __get_user_asm(x, ptr, retval, "lbz"); break;	\
245 	case 2: __get_user_asm(x, ptr, retval, "lhz"); break;	\
246 	case 4: __get_user_asm(x, ptr, retval, "lwz"); break;	\
247 	case 8: __get_user_asm2(x, ptr, retval);  break;	\
248 	default: (x) = __get_user_bad();			\
249 	}							\
250 } while (0)
251 
252 /*
253  * This is a type: either unsigned long, if the argument fits into
254  * that type, or otherwise unsigned long long.
255  */
256 #define __long_type(x) \
257 	__typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
258 
259 #define __get_user_nocheck(x, ptr, size)			\
260 ({								\
261 	long __gu_err;						\
262 	__long_type(*(ptr)) __gu_val;				\
263 	const __typeof__(*(ptr)) __user *__gu_addr = (ptr);	\
264 	__chk_user_ptr(ptr);					\
265 	if (!is_kernel_addr((unsigned long)__gu_addr))		\
266 		might_fault();					\
267 	barrier_nospec();					\
268 	__get_user_size(__gu_val, __gu_addr, (size), __gu_err);	\
269 	(x) = (__typeof__(*(ptr)))__gu_val;			\
270 	__gu_err;						\
271 })
272 
273 #define __get_user_check(x, ptr, size)					\
274 ({									\
275 	long __gu_err = -EFAULT;					\
276 	__long_type(*(ptr)) __gu_val = 0;				\
277 	const __typeof__(*(ptr)) __user *__gu_addr = (ptr);		\
278 	might_fault();							\
279 	if (access_ok(VERIFY_READ, __gu_addr, (size))) {		\
280 		barrier_nospec();					\
281 		__get_user_size(__gu_val, __gu_addr, (size), __gu_err);	\
282 	}								\
283 	(x) = (__force __typeof__(*(ptr)))__gu_val;				\
284 	__gu_err;							\
285 })
286 
287 #define __get_user_nosleep(x, ptr, size)			\
288 ({								\
289 	long __gu_err;						\
290 	__long_type(*(ptr)) __gu_val;				\
291 	const __typeof__(*(ptr)) __user *__gu_addr = (ptr);	\
292 	__chk_user_ptr(ptr);					\
293 	barrier_nospec();					\
294 	__get_user_size(__gu_val, __gu_addr, (size), __gu_err);	\
295 	(x) = (__force __typeof__(*(ptr)))__gu_val;			\
296 	__gu_err;						\
297 })
298 
299 
300 /* more complex routines */
301 
302 extern unsigned long __copy_tofrom_user(void __user *to,
303 		const void __user *from, unsigned long size);
304 
305 #ifdef __powerpc64__
306 static inline unsigned long
raw_copy_in_user(void __user * to,const void __user * from,unsigned long n)307 raw_copy_in_user(void __user *to, const void __user *from, unsigned long n)
308 {
309 	return __copy_tofrom_user(to, from, n);
310 }
311 #endif /* __powerpc64__ */
312 
raw_copy_from_user(void * to,const void __user * from,unsigned long n)313 static inline unsigned long raw_copy_from_user(void *to,
314 		const void __user *from, unsigned long n)
315 {
316 	if (__builtin_constant_p(n) && (n <= 8)) {
317 		unsigned long ret = 1;
318 
319 		switch (n) {
320 		case 1:
321 			barrier_nospec();
322 			__get_user_size(*(u8 *)to, from, 1, ret);
323 			break;
324 		case 2:
325 			barrier_nospec();
326 			__get_user_size(*(u16 *)to, from, 2, ret);
327 			break;
328 		case 4:
329 			barrier_nospec();
330 			__get_user_size(*(u32 *)to, from, 4, ret);
331 			break;
332 		case 8:
333 			barrier_nospec();
334 			__get_user_size(*(u64 *)to, from, 8, ret);
335 			break;
336 		}
337 		if (ret == 0)
338 			return 0;
339 	}
340 
341 	barrier_nospec();
342 	return __copy_tofrom_user((__force void __user *)to, from, n);
343 }
344 
raw_copy_to_user(void __user * to,const void * from,unsigned long n)345 static inline unsigned long raw_copy_to_user(void __user *to,
346 		const void *from, unsigned long n)
347 {
348 	if (__builtin_constant_p(n) && (n <= 8)) {
349 		unsigned long ret = 1;
350 
351 		switch (n) {
352 		case 1:
353 			__put_user_size(*(u8 *)from, (u8 __user *)to, 1, ret);
354 			break;
355 		case 2:
356 			__put_user_size(*(u16 *)from, (u16 __user *)to, 2, ret);
357 			break;
358 		case 4:
359 			__put_user_size(*(u32 *)from, (u32 __user *)to, 4, ret);
360 			break;
361 		case 8:
362 			__put_user_size(*(u64 *)from, (u64 __user *)to, 8, ret);
363 			break;
364 		}
365 		if (ret == 0)
366 			return 0;
367 	}
368 
369 	return __copy_tofrom_user(to, (__force const void __user *)from, n);
370 }
371 
372 extern unsigned long __clear_user(void __user *addr, unsigned long size);
373 
clear_user(void __user * addr,unsigned long size)374 static inline unsigned long clear_user(void __user *addr, unsigned long size)
375 {
376 	might_fault();
377 	if (likely(access_ok(VERIFY_WRITE, addr, size)))
378 		return __clear_user(addr, size);
379 	return size;
380 }
381 
382 extern long strncpy_from_user(char *dst, const char __user *src, long count);
383 extern __must_check long strnlen_user(const char __user *str, long n);
384 
385 extern long __copy_from_user_flushcache(void *dst, const void __user *src,
386 		unsigned size);
387 extern void memcpy_page_flushcache(char *to, struct page *page, size_t offset,
388 			   size_t len);
389 
390 #endif	/* _ARCH_POWERPC_UACCESS_H */
391