uaccess.h 8.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302
  1. /*
  2. * Based on arch/arm/include/asm/uaccess.h
  3. *
  4. * Copyright (C) 2012 ARM Ltd.
  5. *
  6. * This program is free software; you can redistribute it and/or modify
  7. * it under the terms of the GNU General Public License version 2 as
  8. * published by the Free Software Foundation.
  9. *
  10. * This program is distributed in the hope that it will be useful,
  11. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. * GNU General Public License for more details.
  14. *
  15. * You should have received a copy of the GNU General Public License
  16. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  17. */
  18. #ifndef __ASM_UACCESS_H
  19. #define __ASM_UACCESS_H
  20. /*
  21. * User space memory access functions
  22. */
  23. #include <linux/bitops.h>
  24. #include <linux/string.h>
  25. #include <linux/thread_info.h>
  26. #include <asm/alternative.h>
  27. #include <asm/cpufeature.h>
  28. #include <asm/ptrace.h>
  29. #include <asm/sysreg.h>
  30. #include <asm/errno.h>
  31. #include <asm/memory.h>
  32. #include <asm/compiler.h>
  33. #define VERIFY_READ 0
  34. #define VERIFY_WRITE 1
  35. /*
  36. * The exception table consists of pairs of addresses: the first is the
  37. * address of an instruction that is allowed to fault, and the second is
  38. * the address at which the program should continue. No registers are
  39. * modified, so it is entirely up to the continuation code to figure out
  40. * what to do.
  41. *
  42. * All the routines below use bits of fixup code that are out of line
  43. * with the main instruction path. This means when everything is well,
  44. * we don't even have to jump over them. Further, they do not intrude
  45. * on our cache or tlb entries.
  46. */
  47. struct exception_table_entry
  48. {
  49. unsigned long insn, fixup;
  50. };
  51. extern int fixup_exception(struct pt_regs *regs);
  52. #define KERNEL_DS (-1UL)
  53. #define get_ds() (KERNEL_DS)
  54. #define USER_DS TASK_SIZE_64
  55. #define get_fs() (current_thread_info()->addr_limit)
  56. static inline void set_fs(mm_segment_t fs)
  57. {
  58. current_thread_info()->addr_limit = fs;
  59. }
  60. #define segment_eq(a, b) ((a) == (b))
  61. /*
  62. * Return 1 if addr < current->addr_limit, 0 otherwise.
  63. */
  64. #define __addr_ok(addr) \
  65. ({ \
  66. unsigned long flag; \
  67. asm("cmp %1, %0; cset %0, lo" \
  68. : "=&r" (flag) \
  69. : "r" (addr), "0" (current_thread_info()->addr_limit) \
  70. : "cc"); \
  71. flag; \
  72. })
  73. /*
  74. * Test whether a block of memory is a valid user space address.
  75. * Returns 1 if the range is valid, 0 otherwise.
  76. *
  77. * This is equivalent to the following test:
  78. * (u65)addr + (u65)size <= current->addr_limit
  79. *
  80. * This needs 65-bit arithmetic.
  81. */
  82. #define __range_ok(addr, size) \
  83. ({ \
  84. unsigned long __addr = (unsigned long __force)(addr); \
  85. unsigned long flag, roksum; \
  86. __chk_user_ptr(addr); \
  87. asm("adds %1, %1, %3; ccmp %1, %4, #2, cc; cset %0, ls" \
  88. : "=&r" (flag), "=&r" (roksum) \
  89. : "1" (__addr), "Ir" (size), \
  90. "r" (current_thread_info()->addr_limit) \
  91. : "cc"); \
  92. flag; \
  93. })
  94. /*
  95. * When dealing with data aborts, watchpoints, or instruction traps we may end
  96. * up with a tagged userland pointer. Clear the tag to get a sane pointer to
  97. * pass on to access_ok(), for instance.
  98. */
  99. #define untagged_addr(addr) sign_extend64(addr, 55)
  100. #define access_ok(type, addr, size) __range_ok(addr, size)
  101. #define user_addr_max get_fs
  102. /*
  103. * The "__xxx" versions of the user access functions do not verify the address
  104. * space - it must have been done previously with a separate "access_ok()"
  105. * call.
  106. *
  107. * The "__xxx_error" versions set the third argument to -EFAULT if an error
  108. * occurs, and leave it unchanged on success.
  109. */
  110. #define __get_user_asm(instr, reg, x, addr, err) \
  111. asm volatile( \
  112. "1: " instr " " reg "1, [%2]\n" \
  113. "2:\n" \
  114. " .section .fixup, \"ax\"\n" \
  115. " .align 2\n" \
  116. "3: mov %w0, %3\n" \
  117. " mov %1, #0\n" \
  118. " b 2b\n" \
  119. " .previous\n" \
  120. " .section __ex_table,\"a\"\n" \
  121. " .align 3\n" \
  122. " .quad 1b, 3b\n" \
  123. " .previous" \
  124. : "+r" (err), "=&r" (x) \
  125. : "r" (addr), "i" (-EFAULT))
  126. #define __get_user_err(x, ptr, err) \
  127. do { \
  128. unsigned long __gu_val; \
  129. __chk_user_ptr(ptr); \
  130. asm(ALTERNATIVE("nop", SET_PSTATE_PAN(0), ARM64_HAS_PAN, \
  131. CONFIG_ARM64_PAN)); \
  132. switch (sizeof(*(ptr))) { \
  133. case 1: \
  134. __get_user_asm("ldrb", "%w", __gu_val, (ptr), (err)); \
  135. break; \
  136. case 2: \
  137. __get_user_asm("ldrh", "%w", __gu_val, (ptr), (err)); \
  138. break; \
  139. case 4: \
  140. __get_user_asm("ldr", "%w", __gu_val, (ptr), (err)); \
  141. break; \
  142. case 8: \
  143. __get_user_asm("ldr", "%", __gu_val, (ptr), (err)); \
  144. break; \
  145. default: \
  146. BUILD_BUG(); \
  147. } \
  148. (x) = (__force __typeof__(*(ptr)))__gu_val; \
  149. asm(ALTERNATIVE("nop", SET_PSTATE_PAN(1), ARM64_HAS_PAN, \
  150. CONFIG_ARM64_PAN)); \
  151. } while (0)
  152. #define __get_user(x, ptr) \
  153. ({ \
  154. int __gu_err = 0; \
  155. __get_user_err((x), (ptr), __gu_err); \
  156. __gu_err; \
  157. })
  158. #define __get_user_error(x, ptr, err) \
  159. ({ \
  160. __get_user_err((x), (ptr), (err)); \
  161. (void)0; \
  162. })
  163. #define __get_user_unaligned __get_user
  164. #define get_user(x, ptr) \
  165. ({ \
  166. __typeof__(*(ptr)) __user *__p = (ptr); \
  167. might_fault(); \
  168. access_ok(VERIFY_READ, __p, sizeof(*__p)) ? \
  169. __get_user((x), __p) : \
  170. ((x) = 0, -EFAULT); \
  171. })
  172. #define __put_user_asm(instr, reg, x, addr, err) \
  173. asm volatile( \
  174. "1: " instr " " reg "1, [%2]\n" \
  175. "2:\n" \
  176. " .section .fixup,\"ax\"\n" \
  177. " .align 2\n" \
  178. "3: mov %w0, %3\n" \
  179. " b 2b\n" \
  180. " .previous\n" \
  181. " .section __ex_table,\"a\"\n" \
  182. " .align 3\n" \
  183. " .quad 1b, 3b\n" \
  184. " .previous" \
  185. : "+r" (err) \
  186. : "r" (x), "r" (addr), "i" (-EFAULT))
  187. #define __put_user_err(x, ptr, err) \
  188. do { \
  189. __typeof__(*(ptr)) __pu_val = (x); \
  190. __chk_user_ptr(ptr); \
  191. asm(ALTERNATIVE("nop", SET_PSTATE_PAN(0), ARM64_HAS_PAN, \
  192. CONFIG_ARM64_PAN)); \
  193. switch (sizeof(*(ptr))) { \
  194. case 1: \
  195. __put_user_asm("strb", "%w", __pu_val, (ptr), (err)); \
  196. break; \
  197. case 2: \
  198. __put_user_asm("strh", "%w", __pu_val, (ptr), (err)); \
  199. break; \
  200. case 4: \
  201. __put_user_asm("str", "%w", __pu_val, (ptr), (err)); \
  202. break; \
  203. case 8: \
  204. __put_user_asm("str", "%", __pu_val, (ptr), (err)); \
  205. break; \
  206. default: \
  207. BUILD_BUG(); \
  208. } \
  209. asm(ALTERNATIVE("nop", SET_PSTATE_PAN(1), ARM64_HAS_PAN, \
  210. CONFIG_ARM64_PAN)); \
  211. } while (0)
  212. #define __put_user(x, ptr) \
  213. ({ \
  214. int __pu_err = 0; \
  215. __put_user_err((x), (ptr), __pu_err); \
  216. __pu_err; \
  217. })
  218. #define __put_user_error(x, ptr, err) \
  219. ({ \
  220. __put_user_err((x), (ptr), (err)); \
  221. (void)0; \
  222. })
  223. #define __put_user_unaligned __put_user
  224. #define put_user(x, ptr) \
  225. ({ \
  226. __typeof__(*(ptr)) __user *__p = (ptr); \
  227. might_fault(); \
  228. access_ok(VERIFY_WRITE, __p, sizeof(*__p)) ? \
  229. __put_user((x), __p) : \
  230. -EFAULT; \
  231. })
  232. extern unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n);
  233. extern unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n);
  234. extern unsigned long __must_check __copy_in_user(void __user *to, const void __user *from, unsigned long n);
  235. extern unsigned long __must_check __clear_user(void __user *addr, unsigned long n);
  236. static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
  237. {
  238. if (access_ok(VERIFY_READ, from, n))
  239. n = __copy_from_user(to, from, n);
  240. else /* security hole - plug it */
  241. memset(to, 0, n);
  242. return n;
  243. }
  244. static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
  245. {
  246. if (access_ok(VERIFY_WRITE, to, n))
  247. n = __copy_to_user(to, from, n);
  248. return n;
  249. }
  250. static inline unsigned long __must_check copy_in_user(void __user *to, const void __user *from, unsigned long n)
  251. {
  252. if (access_ok(VERIFY_READ, from, n) && access_ok(VERIFY_WRITE, to, n))
  253. n = __copy_in_user(to, from, n);
  254. return n;
  255. }
  256. #define __copy_to_user_inatomic __copy_to_user
  257. #define __copy_from_user_inatomic __copy_from_user
  258. static inline unsigned long __must_check clear_user(void __user *to, unsigned long n)
  259. {
  260. if (access_ok(VERIFY_WRITE, to, n))
  261. n = __clear_user(to, n);
  262. return n;
  263. }
  264. extern long strncpy_from_user(char *dest, const char __user *src, long count);
  265. extern __must_check long strlen_user(const char __user *str);
  266. extern __must_check long strnlen_user(const char __user *str, long n);
  267. #endif /* __ASM_UACCESS_H */