1 #ifndef __ASM_X86_REFCOUNT_H
2 #define __ASM_X86_REFCOUNT_H
3 /*
4  * x86-specific implementation of refcount_t. Based on PAX_REFCOUNT from
5  * PaX/grsecurity.
6  */
7 #include <linux/refcount.h>
8 #include <asm/bug.h>
9 
10 /*
11  * This is the first portion of the refcount error handling, which lives in
12  * .text.unlikely, and is jumped to from the CPU flag check (in the
13  * following macros). This saves the refcount value location into CX for
14  * the exception handler to use (in mm/extable.c), and then triggers the
15  * central refcount exception. The fixup address for the exception points
16  * back to the regular execution flow in .text.
17  */
18 #define _REFCOUNT_EXCEPTION				\
19 	".pushsection .text..refcount\n"		\
20 	"111:\tlea %[var], %%" _ASM_CX "\n"		\
21 	"112:\t" ASM_UD2 "\n"				\
22 	ASM_UNREACHABLE					\
23 	".popsection\n"					\
24 	"113:\n"					\
25 	_ASM_EXTABLE_REFCOUNT(112b, 113b)
26 
27 /* Trigger refcount exception if refcount result is negative. */
28 #define REFCOUNT_CHECK_LT_ZERO				\
29 	"js 111f\n\t"					\
30 	_REFCOUNT_EXCEPTION
31 
32 /* Trigger refcount exception if refcount result is zero or negative. */
33 #define REFCOUNT_CHECK_LE_ZERO				\
34 	"jz 111f\n\t"					\
35 	REFCOUNT_CHECK_LT_ZERO
36 
37 /* Trigger refcount exception unconditionally. */
38 #define REFCOUNT_ERROR					\
39 	"jmp 111f\n\t"					\
40 	_REFCOUNT_EXCEPTION
41 
refcount_add(unsigned int i,refcount_t * r)42 static __always_inline void refcount_add(unsigned int i, refcount_t *r)
43 {
44 	asm volatile(LOCK_PREFIX "addl %1,%0\n\t"
45 		REFCOUNT_CHECK_LT_ZERO
46 		: [var] "+m" (r->refs.counter)
47 		: "ir" (i)
48 		: "cc", "cx");
49 }
50 
refcount_inc(refcount_t * r)51 static __always_inline void refcount_inc(refcount_t *r)
52 {
53 	asm volatile(LOCK_PREFIX "incl %0\n\t"
54 		REFCOUNT_CHECK_LT_ZERO
55 		: [var] "+m" (r->refs.counter)
56 		: : "cc", "cx");
57 }
58 
refcount_dec(refcount_t * r)59 static __always_inline void refcount_dec(refcount_t *r)
60 {
61 	asm volatile(LOCK_PREFIX "decl %0\n\t"
62 		REFCOUNT_CHECK_LE_ZERO
63 		: [var] "+m" (r->refs.counter)
64 		: : "cc", "cx");
65 }
66 
67 static __always_inline __must_check
refcount_sub_and_test(unsigned int i,refcount_t * r)68 bool refcount_sub_and_test(unsigned int i, refcount_t *r)
69 {
70 	bool ret = GEN_BINARY_SUFFIXED_RMWcc(LOCK_PREFIX "subl",
71 					 REFCOUNT_CHECK_LT_ZERO,
72 					 r->refs.counter, e, "er", i, "cx");
73 
74 	if (ret) {
75 		smp_acquire__after_ctrl_dep();
76 		return true;
77 	}
78 
79 	return false;
80 }
81 
refcount_dec_and_test(refcount_t * r)82 static __always_inline __must_check bool refcount_dec_and_test(refcount_t *r)
83 {
84 	bool ret = GEN_UNARY_SUFFIXED_RMWcc(LOCK_PREFIX "decl",
85 					 REFCOUNT_CHECK_LT_ZERO,
86 					 r->refs.counter, e, "cx");
87 
88 	if (ret) {
89 		smp_acquire__after_ctrl_dep();
90 		return true;
91 	}
92 
93 	return false;
94 }
95 
96 static __always_inline __must_check
refcount_add_not_zero(unsigned int i,refcount_t * r)97 bool refcount_add_not_zero(unsigned int i, refcount_t *r)
98 {
99 	int c, result;
100 
101 	c = atomic_read(&(r->refs));
102 	do {
103 		if (unlikely(c == 0))
104 			return false;
105 
106 		result = c + i;
107 
108 		/* Did we try to increment from/to an undesirable state? */
109 		if (unlikely(c < 0 || c == INT_MAX || result < c)) {
110 			asm volatile(REFCOUNT_ERROR
111 				     : : [var] "m" (r->refs.counter)
112 				     : "cc", "cx");
113 			break;
114 		}
115 
116 	} while (!atomic_try_cmpxchg(&(r->refs), &c, result));
117 
118 	return c != 0;
119 }
120 
refcount_inc_not_zero(refcount_t * r)121 static __always_inline __must_check bool refcount_inc_not_zero(refcount_t *r)
122 {
123 	return refcount_add_not_zero(1, r);
124 }
125 
126 #endif
127