1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _ARCH_POWERPC_UACCESS_H
3 #define _ARCH_POWERPC_UACCESS_H
5 #include <asm/asm-compat.h>
6 #include <asm/ppc_asm.h>
7 #include <asm/processor.h>
9 #include <asm/extable.h>
13 * The fs value determines whether argument validity checking should be
14 * performed or not. If get_fs() == USER_DS, checking is performed, with
15 * get_fs() == KERNEL_DS, checking is bypassed.
17 * For historical reasons, these macros are grossly misnamed.
19 * The fs/ds values are now the highest legal address in the "segment".
20 * This simplifies the checking in the routines below.
23 #define MAKE_MM_SEG(s) ((mm_segment_t) { (s) })
25 #define KERNEL_DS MAKE_MM_SEG(~0UL)
27 /* We use TASK_SIZE_USER64 as TASK_SIZE is not constant */
28 #define USER_DS MAKE_MM_SEG(TASK_SIZE_USER64 - 1)
30 #define USER_DS MAKE_MM_SEG(TASK_SIZE - 1)
33 #define get_ds() (KERNEL_DS)
34 #define get_fs() (current->thread.fs)
35 #define set_fs(val) (current->thread.fs = (val))
37 #define segment_eq(a, b) ((a).seg == (b).seg)
39 #define user_addr_max() (get_fs().seg)
43 * This check is sufficient because there is a large enough
44 * gap between user addresses and the kernel addresses
46 #define __access_ok(addr, size, segment) \
47 (((addr) <= (segment).seg) && ((size) <= (segment).seg))
51 #define __access_ok(addr, size, segment) \
52 (((addr) <= (segment).seg) && \
53 (((size) == 0) || (((size) - 1) <= ((segment).seg - (addr)))))
57 #define access_ok(type, addr, size) \
58 (__chk_user_ptr(addr), (void)(type), \
59 __access_ok((__force unsigned long)(addr), (size), get_fs()))
62 * These are the main single-value transfer routines. They automatically
63 * use the right size if we just have the right pointer type.
65 * This gets kind of ugly. We want to return _two_ values in "get_user()"
66 * and yet we don't want to do any pointers, because that is too much
67 * of a performance impact. Thus we have a few rather ugly macros here,
68 * and hide all the ugliness from the user.
70 * The "__xxx" versions of the user access functions are versions that
71 * do not verify the address space, that must have been done previously
72 * with a separate "access_ok()" call (this is used when we do multiple
73 * accesses to the same area of user memory).
75 * As we use the same address space for kernel and user data on the
76 * PowerPC, we can just do these as direct assignments. (Of course, the
77 * exception handling means that it's no longer "just"...)
80 #define get_user(x, ptr) \
81 __get_user_check((x), (ptr), sizeof(*(ptr)))
82 #define put_user(x, ptr) \
83 __put_user_check((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
85 #define __get_user(x, ptr) \
86 __get_user_nocheck((x), (ptr), sizeof(*(ptr)), true)
87 #define __put_user(x, ptr) \
88 __put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)), true)
90 #define __get_user_allowed(x, ptr) \
91 __get_user_nocheck((x), (ptr), sizeof(*(ptr)), false)
92 #define __put_user_allowed(x, ptr) \
93 __put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)), false)
95 #define __get_user_inatomic(x, ptr) \
96 __get_user_nosleep((x), (ptr), sizeof(*(ptr)))
97 #define __put_user_inatomic(x, ptr) \
98 __put_user_nosleep((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
100 extern long __put_user_bad(void);
103 * We don't tell gcc that we are accessing memory, but this is OK
104 * because we do not write to any memory gcc knows about, so there
105 * are no aliasing issues.
107 #define __put_user_asm(x, addr, err, op) \
108 __asm__ __volatile__( \
109 "1: " op " %1,0(%2) # put_user\n" \
111 ".section .fixup,\"ax\"\n" \
117 : "r" (x), "b" (addr), "i" (-EFAULT), "0" (err))
120 #define __put_user_asm2(x, ptr, retval) \
121 __put_user_asm(x, ptr, retval, "std")
122 #else /* __powerpc64__ */
123 #define __put_user_asm2(x, addr, err) \
124 __asm__ __volatile__( \
125 "1: stw %1,0(%2)\n" \
126 "2: stw %1+1,4(%2)\n" \
128 ".section .fixup,\"ax\"\n" \
135 : "r" (x), "b" (addr), "i" (-EFAULT), "0" (err))
136 #endif /* __powerpc64__ */
138 #define __put_user_size_allowed(x, ptr, size, retval) \
142 case 1: __put_user_asm(x, ptr, retval, "stb"); break; \
143 case 2: __put_user_asm(x, ptr, retval, "sth"); break; \
144 case 4: __put_user_asm(x, ptr, retval, "stw"); break; \
145 case 8: __put_user_asm2(x, ptr, retval); break; \
146 default: __put_user_bad(); \
150 #define __put_user_size(x, ptr, size, retval) \
152 allow_write_to_user(ptr, size); \
153 __put_user_size_allowed(x, ptr, size, retval); \
154 prevent_write_to_user(ptr, size); \
157 #define __put_user_nocheck(x, ptr, size, do_allow) \
160 __typeof__(*(ptr)) __user *__pu_addr = (ptr); \
161 __typeof__(*(ptr)) __pu_val = (x); \
162 __typeof__(size) __pu_size = (size); \
164 if (!is_kernel_addr((unsigned long)__pu_addr)) \
166 __chk_user_ptr(__pu_addr); \
168 __put_user_size(__pu_val, __pu_addr, __pu_size, __pu_err); \
170 __put_user_size_allowed(__pu_val, __pu_addr, __pu_size, __pu_err); \
175 #define __put_user_check(x, ptr, size) \
177 long __pu_err = -EFAULT; \
178 __typeof__(*(ptr)) __user *__pu_addr = (ptr); \
179 __typeof__(*(ptr)) __pu_val = (x); \
180 __typeof__(size) __pu_size = (size); \
183 if (access_ok(VERIFY_WRITE, __pu_addr, __pu_size)) \
184 __put_user_size(__pu_val, __pu_addr, __pu_size, __pu_err); \
189 #define __put_user_nosleep(x, ptr, size) \
192 __typeof__(*(ptr)) __user *__pu_addr = (ptr); \
193 __typeof__(*(ptr)) __pu_val = (x); \
194 __typeof__(size) __pu_size = (size); \
196 __chk_user_ptr(__pu_addr); \
197 __put_user_size(__pu_val, __pu_addr, __pu_size, __pu_err); \
203 extern long __get_user_bad(void);
205 #define __get_user_asm(x, addr, err, op) \
206 __asm__ __volatile__( \
207 "1: "op" %1,0(%2) # get_user\n" \
209 ".section .fixup,\"ax\"\n" \
215 : "=r" (err), "=r" (x) \
216 : "b" (addr), "i" (-EFAULT), "0" (err))
219 #define __get_user_asm2(x, addr, err) \
220 __get_user_asm(x, addr, err, "ld")
221 #else /* __powerpc64__ */
222 #define __get_user_asm2(x, addr, err) \
223 __asm__ __volatile__( \
224 "1: lwz %1,0(%2)\n" \
225 "2: lwz %1+1,4(%2)\n" \
227 ".section .fixup,\"ax\"\n" \
235 : "=r" (err), "=&r" (x) \
236 : "b" (addr), "i" (-EFAULT), "0" (err))
237 #endif /* __powerpc64__ */
239 #define __get_user_size_allowed(x, ptr, size, retval) \
242 __chk_user_ptr(ptr); \
243 if (size > sizeof(x)) \
244 (x) = __get_user_bad(); \
246 case 1: __get_user_asm(x, ptr, retval, "lbz"); break; \
247 case 2: __get_user_asm(x, ptr, retval, "lhz"); break; \
248 case 4: __get_user_asm(x, ptr, retval, "lwz"); break; \
249 case 8: __get_user_asm2(x, ptr, retval); break; \
250 default: (x) = __get_user_bad(); \
254 #define __get_user_size(x, ptr, size, retval) \
256 allow_read_from_user(ptr, size); \
257 __get_user_size_allowed(x, ptr, size, retval); \
258 prevent_read_from_user(ptr, size); \
262 * This is a type: either unsigned long, if the argument fits into
263 * that type, or otherwise unsigned long long.
265 #define __long_type(x) \
266 __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
268 #define __get_user_nocheck(x, ptr, size, do_allow) \
271 __long_type(*(ptr)) __gu_val; \
272 __typeof__(*(ptr)) __user *__gu_addr = (ptr); \
273 __typeof__(size) __gu_size = (size); \
275 __chk_user_ptr(__gu_addr); \
276 if (!is_kernel_addr((unsigned long)__gu_addr)) \
280 __get_user_size(__gu_val, __gu_addr, __gu_size, __gu_err); \
282 __get_user_size_allowed(__gu_val, __gu_addr, __gu_size, __gu_err); \
283 (x) = (__typeof__(*(ptr)))__gu_val; \
288 #define __get_user_check(x, ptr, size) \
290 long __gu_err = -EFAULT; \
291 __long_type(*(ptr)) __gu_val = 0; \
292 __typeof__(*(ptr)) __user *__gu_addr = (ptr); \
293 __typeof__(size) __gu_size = (size); \
296 if (access_ok(VERIFY_READ, __gu_addr, __gu_size)) { \
298 __get_user_size(__gu_val, __gu_addr, __gu_size, __gu_err); \
300 (x) = (__force __typeof__(*(ptr)))__gu_val; \
305 #define __get_user_nosleep(x, ptr, size) \
308 __long_type(*(ptr)) __gu_val; \
309 __typeof__(*(ptr)) __user *__gu_addr = (ptr); \
310 __typeof__(size) __gu_size = (size); \
312 __chk_user_ptr(__gu_addr); \
314 __get_user_size(__gu_val, __gu_addr, __gu_size, __gu_err); \
315 (x) = (__force __typeof__(*(ptr)))__gu_val; \
321 /* more complex routines */
323 extern unsigned long __copy_tofrom_user(void __user *to,
324 const void __user *from, unsigned long size);
327 static inline unsigned long
328 raw_copy_in_user(void __user *to, const void __user *from, unsigned long n)
333 allow_user_access(to, from, n);
334 ret = __copy_tofrom_user(to, from, n);
335 prevent_user_access(to, from, n);
338 #endif /* __powerpc64__ */
340 static inline unsigned long raw_copy_from_user(void *to,
341 const void __user *from, unsigned long n)
344 if (__builtin_constant_p(n) && (n <= 8)) {
350 __get_user_size(*(u8 *)to, from, 1, ret);
354 __get_user_size(*(u16 *)to, from, 2, ret);
358 __get_user_size(*(u32 *)to, from, 4, ret);
362 __get_user_size(*(u64 *)to, from, 8, ret);
370 allow_read_from_user(from, n);
371 ret = __copy_tofrom_user((__force void __user *)to, from, n);
372 prevent_read_from_user(from, n);
376 static inline unsigned long
377 raw_copy_to_user_allowed(void __user *to, const void *from, unsigned long n)
379 if (__builtin_constant_p(n) && (n <= 8)) {
380 unsigned long ret = 1;
384 __put_user_size_allowed(*(u8 *)from, (u8 __user *)to, 1, ret);
387 __put_user_size_allowed(*(u16 *)from, (u16 __user *)to, 2, ret);
390 __put_user_size_allowed(*(u32 *)from, (u32 __user *)to, 4, ret);
393 __put_user_size_allowed(*(u64 *)from, (u64 __user *)to, 8, ret);
400 return __copy_tofrom_user(to, (__force const void __user *)from, n);
403 static inline unsigned long
404 raw_copy_to_user(void __user *to, const void *from, unsigned long n)
408 allow_write_to_user(to, n);
409 ret = raw_copy_to_user_allowed(to, from, n);
410 prevent_write_to_user(to, n);
414 unsigned long __arch_clear_user(void __user *addr, unsigned long size);
416 static inline unsigned long clear_user(void __user *addr, unsigned long size)
418 unsigned long ret = size;
420 if (likely(access_ok(VERIFY_WRITE, addr, size))) {
421 allow_write_to_user(addr, size);
422 ret = __arch_clear_user(addr, size);
423 prevent_write_to_user(addr, size);
428 static inline unsigned long __clear_user(void __user *addr, unsigned long size)
430 return clear_user(addr, size);
433 extern long strncpy_from_user(char *dst, const char __user *src, long count);
434 extern __must_check long strnlen_user(const char __user *str, long n);
437 #define user_access_begin(type, ptr, len) access_ok(type, ptr, len)
438 #define user_access_end() prevent_user_access(NULL, NULL, ~0ul)
440 #define unsafe_op_wrap(op, err) do { if (unlikely(op)) goto err; } while (0)
441 #define unsafe_get_user(x, p, e) unsafe_op_wrap(__get_user_allowed(x, p), e)
442 #define unsafe_put_user(x, p, e) unsafe_op_wrap(__put_user_allowed(x, p), e)
443 #define unsafe_copy_to_user(d, s, l, e) \
444 unsafe_op_wrap(raw_copy_to_user_allowed(d, s, l), e)
446 #endif /* _ARCH_POWERPC_UACCESS_H */