xref: /linux/arch/arm64/include/asm/uaccess.h (revision e0bf6c5ca2d3281f231c5f0c9bf145e9513644de)
1 /*
2  * Based on arch/arm/include/asm/uaccess.h
3  *
4  * Copyright (C) 2012 ARM Ltd.
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License version 2 as
8  * published by the Free Software Foundation.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
17  */
18 #ifndef __ASM_UACCESS_H
19 #define __ASM_UACCESS_H
20 
21 /*
22  * User space memory access functions
23  */
24 #include <linux/string.h>
25 #include <linux/thread_info.h>
26 
27 #include <asm/ptrace.h>
28 #include <asm/errno.h>
29 #include <asm/memory.h>
30 #include <asm/compiler.h>
31 
32 #define VERIFY_READ 0
33 #define VERIFY_WRITE 1
34 
35 /*
36  * The exception table consists of pairs of addresses: the first is the
37  * address of an instruction that is allowed to fault, and the second is
38  * the address at which the program should continue.  No registers are
39  * modified, so it is entirely up to the continuation code to figure out
40  * what to do.
41  *
42  * All the routines below use bits of fixup code that are out of line
43  * with the main instruction path.  This means when everything is well,
44  * we don't even have to jump over them.  Further, they do not intrude
45  * on our cache or tlb entries.
46  */
47 
48 struct exception_table_entry
49 {
50 	unsigned long insn, fixup;
51 };
52 
53 extern int fixup_exception(struct pt_regs *regs);
54 
55 #define KERNEL_DS	(-1UL)
56 #define get_ds()	(KERNEL_DS)
57 
58 #define USER_DS		TASK_SIZE_64
59 #define get_fs()	(current_thread_info()->addr_limit)
60 
61 static inline void set_fs(mm_segment_t fs)
62 {
63 	current_thread_info()->addr_limit = fs;
64 }
65 
66 #define segment_eq(a, b)	((a) == (b))
67 
68 /*
69  * Return 1 if addr < current->addr_limit, 0 otherwise.
70  */
71 #define __addr_ok(addr)							\
72 ({									\
73 	unsigned long flag;						\
74 	asm("cmp %1, %0; cset %0, lo"					\
75 		: "=&r" (flag)						\
76 		: "r" (addr), "0" (current_thread_info()->addr_limit)	\
77 		: "cc");						\
78 	flag;								\
79 })
80 
81 /*
82  * Test whether a block of memory is a valid user space address.
83  * Returns 1 if the range is valid, 0 otherwise.
84  *
85  * This is equivalent to the following test:
86  * (u65)addr + (u65)size <= current->addr_limit
87  *
88  * This needs 65-bit arithmetic.
89  */
90 #define __range_ok(addr, size)						\
91 ({									\
92 	unsigned long flag, roksum;					\
93 	__chk_user_ptr(addr);						\
94 	asm("adds %1, %1, %3; ccmp %1, %4, #2, cc; cset %0, ls"		\
95 		: "=&r" (flag), "=&r" (roksum)				\
96 		: "1" (addr), "Ir" (size),				\
97 		  "r" (current_thread_info()->addr_limit)		\
98 		: "cc");						\
99 	flag;								\
100 })
101 
102 #define access_ok(type, addr, size)	__range_ok(addr, size)
103 #define user_addr_max			get_fs
104 
105 /*
106  * The "__xxx" versions of the user access functions do not verify the address
107  * space - it must have been done previously with a separate "access_ok()"
108  * call.
109  *
110  * The "__xxx_error" versions set the third argument to -EFAULT if an error
111  * occurs, and leave it unchanged on success.
112  */
113 #define __get_user_asm(instr, reg, x, addr, err)			\
114 	asm volatile(							\
115 	"1:	" instr "	" reg "1, [%2]\n"			\
116 	"2:\n"								\
117 	"	.section .fixup, \"ax\"\n"				\
118 	"	.align	2\n"						\
119 	"3:	mov	%w0, %3\n"					\
120 	"	mov	%1, #0\n"					\
121 	"	b	2b\n"						\
122 	"	.previous\n"						\
123 	"	.section __ex_table,\"a\"\n"				\
124 	"	.align	3\n"						\
125 	"	.quad	1b, 3b\n"					\
126 	"	.previous"						\
127 	: "+r" (err), "=&r" (x)						\
128 	: "r" (addr), "i" (-EFAULT))
129 
130 #define __get_user_err(x, ptr, err)					\
131 do {									\
132 	unsigned long __gu_val;						\
133 	__chk_user_ptr(ptr);						\
134 	switch (sizeof(*(ptr))) {					\
135 	case 1:								\
136 		__get_user_asm("ldrb", "%w", __gu_val, (ptr), (err));	\
137 		break;							\
138 	case 2:								\
139 		__get_user_asm("ldrh", "%w", __gu_val, (ptr), (err));	\
140 		break;							\
141 	case 4:								\
142 		__get_user_asm("ldr", "%w", __gu_val, (ptr), (err));	\
143 		break;							\
144 	case 8:								\
145 		__get_user_asm("ldr", "%",  __gu_val, (ptr), (err));	\
146 		break;							\
147 	default:							\
148 		BUILD_BUG();						\
149 	}								\
150 	(x) = (__force __typeof__(*(ptr)))__gu_val;			\
151 } while (0)
152 
153 #define __get_user(x, ptr)						\
154 ({									\
155 	int __gu_err = 0;						\
156 	__get_user_err((x), (ptr), __gu_err);				\
157 	__gu_err;							\
158 })
159 
160 #define __get_user_error(x, ptr, err)					\
161 ({									\
162 	__get_user_err((x), (ptr), (err));				\
163 	(void)0;							\
164 })
165 
166 #define __get_user_unaligned __get_user
167 
168 #define get_user(x, ptr)						\
169 ({									\
170 	__typeof__(*(ptr)) __user *__p = (ptr);				\
171 	might_fault();							\
172 	access_ok(VERIFY_READ, __p, sizeof(*__p)) ?			\
173 		__get_user((x), __p) :					\
174 		((x) = 0, -EFAULT);					\
175 })
176 
177 #define __put_user_asm(instr, reg, x, addr, err)			\
178 	asm volatile(							\
179 	"1:	" instr "	" reg "1, [%2]\n"			\
180 	"2:\n"								\
181 	"	.section .fixup,\"ax\"\n"				\
182 	"	.align	2\n"						\
183 	"3:	mov	%w0, %3\n"					\
184 	"	b	2b\n"						\
185 	"	.previous\n"						\
186 	"	.section __ex_table,\"a\"\n"				\
187 	"	.align	3\n"						\
188 	"	.quad	1b, 3b\n"					\
189 	"	.previous"						\
190 	: "+r" (err)							\
191 	: "r" (x), "r" (addr), "i" (-EFAULT))
192 
193 #define __put_user_err(x, ptr, err)					\
194 do {									\
195 	__typeof__(*(ptr)) __pu_val = (x);				\
196 	__chk_user_ptr(ptr);						\
197 	switch (sizeof(*(ptr))) {					\
198 	case 1:								\
199 		__put_user_asm("strb", "%w", __pu_val, (ptr), (err));	\
200 		break;							\
201 	case 2:								\
202 		__put_user_asm("strh", "%w", __pu_val, (ptr), (err));	\
203 		break;							\
204 	case 4:								\
205 		__put_user_asm("str",  "%w", __pu_val, (ptr), (err));	\
206 		break;							\
207 	case 8:								\
208 		__put_user_asm("str",  "%", __pu_val, (ptr), (err));	\
209 		break;							\
210 	default:							\
211 		BUILD_BUG();						\
212 	}								\
213 } while (0)
214 
215 #define __put_user(x, ptr)						\
216 ({									\
217 	int __pu_err = 0;						\
218 	__put_user_err((x), (ptr), __pu_err);				\
219 	__pu_err;							\
220 })
221 
222 #define __put_user_error(x, ptr, err)					\
223 ({									\
224 	__put_user_err((x), (ptr), (err));				\
225 	(void)0;							\
226 })
227 
228 #define __put_user_unaligned __put_user
229 
230 #define put_user(x, ptr)						\
231 ({									\
232 	__typeof__(*(ptr)) __user *__p = (ptr);				\
233 	might_fault();							\
234 	access_ok(VERIFY_WRITE, __p, sizeof(*__p)) ?			\
235 		__put_user((x), __p) :					\
236 		-EFAULT;						\
237 })
238 
239 extern unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n);
240 extern unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n);
241 extern unsigned long __must_check __copy_in_user(void __user *to, const void __user *from, unsigned long n);
242 extern unsigned long __must_check __clear_user(void __user *addr, unsigned long n);
243 
244 static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
245 {
246 	if (access_ok(VERIFY_READ, from, n))
247 		n = __copy_from_user(to, from, n);
248 	else /* security hole - plug it */
249 		memset(to, 0, n);
250 	return n;
251 }
252 
253 static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
254 {
255 	if (access_ok(VERIFY_WRITE, to, n))
256 		n = __copy_to_user(to, from, n);
257 	return n;
258 }
259 
260 static inline unsigned long __must_check copy_in_user(void __user *to, const void __user *from, unsigned long n)
261 {
262 	if (access_ok(VERIFY_READ, from, n) && access_ok(VERIFY_WRITE, to, n))
263 		n = __copy_in_user(to, from, n);
264 	return n;
265 }
266 
267 #define __copy_to_user_inatomic __copy_to_user
268 #define __copy_from_user_inatomic __copy_from_user
269 
270 static inline unsigned long __must_check clear_user(void __user *to, unsigned long n)
271 {
272 	if (access_ok(VERIFY_WRITE, to, n))
273 		n = __clear_user(to, n);
274 	return n;
275 }
276 
277 extern long strncpy_from_user(char *dest, const char __user *src, long count);
278 
279 extern __must_check long strlen_user(const char __user *str);
280 extern __must_check long strnlen_user(const char __user *str, long n);
281 
282 #endif /* __ASM_UACCESS_H */
283