arch/arm64/include/asm/uaccess.h

   1 /*
   2  * Based on arch/arm/include/asm/uaccess.h
   3  *
   4  * Copyright (C) 2012 ARM Ltd.
   5  *
   6  * This program is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License version 2 as
   8  * published by the Free Software Foundation.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License
  16  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17  */
  18 #ifndef __ASM_UACCESS_H
  19 #define __ASM_UACCESS_H
  20
  21 /*
  22  * User space memory access functions
  23  */
  24 #include <linux/string.h>
  25 #include <linux/thread_info.h>
  26
  27 #include <asm/alternative.h>
  28 #include <asm/cpufeature.h>
  29 #include <asm/ptrace.h>
  30 #include <asm/sysreg.h>
  31 #include <asm/errno.h>
  32 #include <asm/memory.h>
  33 #include <asm/compiler.h>
  34
  35 #define VERIFY_READ 0
  36 #define VERIFY_WRITE 1
  37
  38 /*
  39  * The exception table consists of pairs of relative offsets: the first
  40  * is the relative offset to an instruction that is allowed to fault,
  41  * and the second is the relative offset at which the program should
  42  * continue. No registers are modified, so it is entirely up to the
  43  * continuation code to figure out what to do.
  44  *
  45  * All the routines below use bits of fixup code that are out of line
  46  * with the main instruction path.  This means when everything is well,
  47  * we don't even have to jump over them.  Further, they do not intrude
  48  * on our cache or tlb entries.
  49  */
  50
  51 struct exception_table_entry
  52 {
  53         int insn, fixup;
  54 };
  55
  56 #define ARCH_HAS_RELATIVE_EXTABLE
  57
  58 extern int fixup_exception(struct pt_regs *regs);
  59
  60 #define KERNEL_DS       (-1UL)
  61 #define get_ds()        (KERNEL_DS)
  62
  63 #define USER_DS         TASK_SIZE_64
  64 #define get_fs()        (current_thread_info()->addr_limit)
  65
  66 static inline void set_fs(mm_segment_t fs)
  67 {
  68         current_thread_info()->addr_limit = fs;
  69
  70         /*
  71          * Enable/disable UAO so that copy_to_user() etc can access
  72          * kernel memory with the unprivileged instructions.
  73          */
  74         if (IS_ENABLED(CONFIG_ARM64_UAO) && fs == KERNEL_DS)
  75                 asm(ALTERNATIVE("nop", SET_PSTATE_UAO(1), ARM64_HAS_UAO));
  76         else
  77                 asm(ALTERNATIVE("nop", SET_PSTATE_UAO(0), ARM64_HAS_UAO,
  78                                 CONFIG_ARM64_UAO));
  79 }
  80
  81 #define segment_eq(a, b)        ((a) == (b))
  82
  83 /*
  84  * Return 1 if addr < current->addr_limit, 0 otherwise.
  85  */
  86 #define __addr_ok(addr)                                                 \
  87 ({                                                                      \
  88         unsigned long flag;                                             \
  89         asm("cmp %1, %0; cset %0, lo"                                   \
  90                 : "=&r" (flag)                                          \
  91                 : "r" (addr), "0" (current_thread_info()->addr_limit)   \
  92                 : "cc");                                                \
  93         flag;                                                           \
  94 })
  95
  96 /*
  97  * Test whether a block of memory is a valid user space address.
  98  * Returns 1 if the range is valid, 0 otherwise.
  99  *
 100  * This is equivalent to the following test:
 101  * (u65)addr + (u65)size <= current->addr_limit
 102  *
 103  * This needs 65-bit arithmetic.
 104  */
 105 #define __range_ok(addr, size)                                          \
 106 ({                                                                      \
 107         unsigned long flag, roksum;                                     \
 108         __chk_user_ptr(addr);                                           \
 109         asm("adds %1, %1, %3; ccmp %1, %4, #2, cc; cset %0, ls"         \
 110                 : "=&r" (flag), "=&r" (roksum)                          \
 111                 : "1" (addr), "Ir" (size),                              \
 112                   "r" (current_thread_info()->addr_limit)               \
 113                 : "cc");                                                \
 114         flag;                                                           \
 115 })
 116
 117 #define access_ok(type, addr, size)     __range_ok(addr, size)
 118 #define user_addr_max                   get_fs
 119
 120 #define _ASM_EXTABLE(from, to)                                          \
 121         "       .pushsection    __ex_table, \"a\"\n"                    \
 122         "       .align          3\n"                                    \
 123         "       .long           (" #from " - .), (" #to " - .)\n"       \
 124         "       .popsection\n"
 125
 126 /*
 127  * The "__xxx" versions of the user access functions do not verify the address
 128  * space - it must have been done previously with a separate "access_ok()"
 129  * call.
 130  *
 131  * The "__xxx_error" versions set the third argument to -EFAULT if an error
 132  * occurs, and leave it unchanged on success.
 133  */
 134 #define __get_user_asm(instr, alt_instr, reg, x, addr, err, feature)    \
 135         asm volatile(                                                   \
 136         "1:"ALTERNATIVE(instr "     " reg "1, [%2]\n",                  \
 137                         alt_instr " " reg "1, [%2]\n", feature)         \
 138         "2:\n"                                                          \
 139         "       .section .fixup, \"ax\"\n"                              \
 140         "       .align  2\n"                                            \
 141         "3:     mov     %w0, %3\n"                                      \
 142         "       mov     %1, #0\n"                                       \
 143         "       b       2b\n"                                           \
 144         "       .previous\n"                                            \
 145         _ASM_EXTABLE(1b, 3b)                                            \
 146         : "+r" (err), "=&r" (x)                                         \
 147         : "r" (addr), "i" (-EFAULT))
 148
 149 #define __get_user_err(x, ptr, err)                                     \
 150 do {                                                                    \
 151         unsigned long __gu_val;                                         \
 152         __chk_user_ptr(ptr);                                            \
 153         asm(ALTERNATIVE("nop", SET_PSTATE_PAN(0), ARM64_ALT_PAN_NOT_UAO,\
 154                         CONFIG_ARM64_PAN));                             \
 155         switch (sizeof(*(ptr))) {                                       \
 156         case 1:                                                         \
 157                 __get_user_asm("ldrb", "ldtrb", "%w", __gu_val, (ptr),  \
 158                                (err), ARM64_HAS_UAO);                   \
 159                 break;                                                  \
 160         case 2:                                                         \
 161                 __get_user_asm("ldrh", "ldtrh", "%w", __gu_val, (ptr),  \
 162                                (err), ARM64_HAS_UAO);                   \
 163                 break;                                                  \
 164         case 4:                                                         \
 165                 __get_user_asm("ldr", "ldtr", "%w", __gu_val, (ptr),    \
 166                                (err), ARM64_HAS_UAO);                   \
 167                 break;                                                  \
 168         case 8:                                                         \
 169                 __get_user_asm("ldr", "ldtr", "%",  __gu_val, (ptr),    \
 170                                (err), ARM64_HAS_UAO);                   \
 171                 break;                                                  \
 172         default:                                                        \
 173                 BUILD_BUG();                                            \
 174         }                                                               \
 175         (x) = (__force __typeof__(*(ptr)))__gu_val;                     \
 176         asm(ALTERNATIVE("nop", SET_PSTATE_PAN(1), ARM64_ALT_PAN_NOT_UAO,\
 177                         CONFIG_ARM64_PAN));                             \
 178 } while (0)
 179
 180 #define __get_user(x, ptr)                                              \
 181 ({                                                                      \
 182         int __gu_err = 0;                                               \
 183         __get_user_err((x), (ptr), __gu_err);                           \
 184         __gu_err;                                                       \
 185 })
 186
 187 #define __get_user_error(x, ptr, err)                                   \
 188 ({                                                                      \
 189         __get_user_err((x), (ptr), (err));                              \
 190         (void)0;                                                        \
 191 })
 192
 193 #define __get_user_unaligned __get_user
 194
 195 #define get_user(x, ptr)                                                \
 196 ({                                                                      \
 197         __typeof__(*(ptr)) __user *__p = (ptr);                         \
 198         might_fault();                                                  \
 199         access_ok(VERIFY_READ, __p, sizeof(*__p)) ?                     \
 200                 __get_user((x), __p) :                                  \
 201                 ((x) = 0, -EFAULT);                                     \
 202 })
 203
 204 #define __put_user_asm(instr, alt_instr, reg, x, addr, err, feature)    \
 205         asm volatile(                                                   \
 206         "1:"ALTERNATIVE(instr "     " reg "1, [%2]\n",                  \
 207                         alt_instr " " reg "1, [%2]\n", feature)         \
 208         "2:\n"                                                          \
 209         "       .section .fixup,\"ax\"\n"                               \
 210         "       .align  2\n"                                            \
 211         "3:     mov     %w0, %3\n"                                      \
 212         "       b       2b\n"                                           \
 213         "       .previous\n"                                            \
 214         _ASM_EXTABLE(1b, 3b)                                            \
 215         : "+r" (err)                                                    \
 216         : "r" (x), "r" (addr), "i" (-EFAULT))
 217
 218 #define __put_user_err(x, ptr, err)                                     \
 219 do {                                                                    \
 220         __typeof__(*(ptr)) __pu_val = (x);                              \
 221         __chk_user_ptr(ptr);                                            \
 222         asm(ALTERNATIVE("nop", SET_PSTATE_PAN(0), ARM64_ALT_PAN_NOT_UAO,\
 223                         CONFIG_ARM64_PAN));                             \
 224         switch (sizeof(*(ptr))) {                                       \
 225         case 1:                                                         \
 226                 __put_user_asm("strb", "sttrb", "%w", __pu_val, (ptr),  \
 227                                (err), ARM64_HAS_UAO);                   \
 228                 break;                                                  \
 229         case 2:                                                         \
 230                 __put_user_asm("strh", "sttrh", "%w", __pu_val, (ptr),  \
 231                                (err), ARM64_HAS_UAO);                   \
 232                 break;                                                  \
 233         case 4:                                                         \
 234                 __put_user_asm("str", "sttr", "%w", __pu_val, (ptr),    \
 235                                (err), ARM64_HAS_UAO);                   \
 236                 break;                                                  \
 237         case 8:                                                         \
 238                 __put_user_asm("str", "sttr", "%", __pu_val, (ptr),     \
 239                                (err), ARM64_HAS_UAO);                   \
 240                 break;                                                  \
 241         default:                                                        \
 242                 BUILD_BUG();                                            \
 243         }                                                               \
 244         asm(ALTERNATIVE("nop", SET_PSTATE_PAN(1), ARM64_ALT_PAN_NOT_UAO,\
 245                         CONFIG_ARM64_PAN));                             \
 246 } while (0)
 247
 248 #define __put_user(x, ptr)                                              \
 249 ({                                                                      \
 250         int __pu_err = 0;                                               \
 251         __put_user_err((x), (ptr), __pu_err);                           \
 252         __pu_err;                                                       \
 253 })
 254
 255 #define __put_user_error(x, ptr, err)                                   \
 256 ({                                                                      \
 257         __put_user_err((x), (ptr), (err));                              \
 258         (void)0;                                                        \
 259 })
 260
 261 #define __put_user_unaligned __put_user
 262
 263 #define put_user(x, ptr)                                                \
 264 ({                                                                      \
 265         __typeof__(*(ptr)) __user *__p = (ptr);                         \
 266         might_fault();                                                  \
 267         access_ok(VERIFY_WRITE, __p, sizeof(*__p)) ?                    \
 268                 __put_user((x), __p) :                                  \
 269                 -EFAULT;                                                \
 270 })
 271
 272 extern unsigned long __must_check __arch_copy_from_user(void *to, const void __user *from, unsigned long n);
 273 extern unsigned long __must_check __arch_copy_to_user(void __user *to, const void *from, unsigned long n);
 274 extern unsigned long __must_check __copy_in_user(void __user *to, const void __user *from, unsigned long n);
 275 extern unsigned long __must_check __clear_user(void __user *addr, unsigned long n);
 276
 277 static inline unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n)
 278 {
 279         check_object_size(to, n, false);
 280         return __arch_copy_from_user(to, from, n);
 281 }
 282
 283 static inline unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n)
 284 {
 285         check_object_size(from, n, true);
 286         return __arch_copy_to_user(to, from, n);
 287 }
 288
 289 static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
 290 {
 291         if (access_ok(VERIFY_READ, from, n)) {
 292                 check_object_size(to, n, false);
 293                 n = __arch_copy_from_user(to, from, n);
 294         } else /* security hole - plug it */
 295                 memset(to, 0, n);
 296         return n;
 297 }
 298
 299 static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
 300 {
 301         if (access_ok(VERIFY_WRITE, to, n)) {
 302                 check_object_size(from, n, true);
 303                 n = __arch_copy_to_user(to, from, n);
 304         }
 305         return n;
 306 }
 307
 308 static inline unsigned long __must_check copy_in_user(void __user *to, const void __user *from, unsigned long n)
 309 {
 310         if (access_ok(VERIFY_READ, from, n) && access_ok(VERIFY_WRITE, to, n))
 311                 n = __copy_in_user(to, from, n);
 312         return n;
 313 }
 314
 315 #define __copy_to_user_inatomic __copy_to_user
 316 #define __copy_from_user_inatomic __copy_from_user
 317
 318 static inline unsigned long __must_check clear_user(void __user *to, unsigned long n)
 319 {
 320         if (access_ok(VERIFY_WRITE, to, n))
 321                 n = __clear_user(to, n);
 322         return n;
 323 }
 324
 325 extern long strncpy_from_user(char *dest, const char __user *src, long count);
 326
 327 extern __must_check long strlen_user(const char __user *str);
 328 extern __must_check long strnlen_user(const char __user *str, long n);
 329
 330 #endif /* __ASM_UACCESS_H */