LXR linux/arch/x86/include/asm/uaccess.h

   1/* SPDX-License-Identifier: GPL-2.0 */
   2#ifndef _ASM_X86_UACCESS_H
   3#define _ASM_X86_UACCESS_H
   4/*
   5 * User space memory access functions
   6 */
   7#include <linux/compiler.h>
   8#include <linux/kasan-checks.h>
   9#include <linux/string.h>
  10#include <asm/asm.h>
  11#include <asm/page.h>
  12#include <asm/smap.h>
  13#include <asm/extable.h>
  14
  15/*
  16 * The fs value determines whether argument validity checking should be
  17 * performed or not.  If get_fs() == USER_DS, checking is performed, with
  18 * get_fs() == KERNEL_DS, checking is bypassed.
  19 *
  20 * For historical reasons, these macros are grossly misnamed.
  21 */
  22
  23#define MAKE_MM_SEG(s)  ((mm_segment_t) { (s) })
  24
  25#define KERNEL_DS       MAKE_MM_SEG(-1UL)
  26#define USER_DS         MAKE_MM_SEG(TASK_SIZE_MAX)
  27
  28#define get_fs()        (current->thread.addr_limit)
  29static inline void set_fs(mm_segment_t fs)
  30{
  31        current->thread.addr_limit = fs;
  32        /* On user-mode return, check fs is correct */
  33        set_thread_flag(TIF_FSCHECK);
  34}
  35
  36#define segment_eq(a, b)        ((a).seg == (b).seg)
  37#define user_addr_max() (current->thread.addr_limit.seg)
  38
  39/*
  40 * Test whether a block of memory is a valid user space address.
  41 * Returns 0 if the range is valid, nonzero otherwise.
  42 */
  43static inline bool __chk_range_not_ok(unsigned long addr, unsigned long size, unsigned long limit)
  44{
  45        /*
  46         * If we have used "sizeof()" for the size,
  47         * we know it won't overflow the limit (but
  48         * it might overflow the 'addr', so it's
  49         * important to subtract the size from the
  50         * limit, not add it to the address).
  51         */
  52        if (__builtin_constant_p(size))
  53                return unlikely(addr > limit - size);
  54
  55        /* Arbitrary sizes? Be careful about overflow */
  56        addr += size;
  57        if (unlikely(addr < size))
  58                return true;
  59        return unlikely(addr > limit);
  60}
  61
  62#define __range_not_ok(addr, size, limit)                               \
  63({                                                                      \
  64        __chk_user_ptr(addr);                                           \
  65        __chk_range_not_ok((unsigned long __force)(addr), size, limit); \
  66})
  67
  68#ifdef CONFIG_DEBUG_ATOMIC_SLEEP
  69static inline bool pagefault_disabled(void);
  70# define WARN_ON_IN_IRQ()       \
  71        WARN_ON_ONCE(!in_task() && !pagefault_disabled())
  72#else
  73# define WARN_ON_IN_IRQ()
  74#endif
  75
  76/**
  77 * access_ok - Checks if a user space pointer is valid
  78 * @addr: User space pointer to start of block to check
  79 * @size: Size of block to check
  80 *
  81 * Context: User context only. This function may sleep if pagefaults are
  82 *          enabled.
  83 *
  84 * Checks if a pointer to a block of memory in user space is valid.
  85 *
  86 * Note that, depending on architecture, this function probably just
  87 * checks that the pointer is in the user space range - after calling
  88 * this function, memory access functions may still return -EFAULT.
  89 *
  90 * Return: true (nonzero) if the memory block may be valid, false (zero)
  91 * if it is definitely invalid.
  92 */
  93#define access_ok(addr, size)                                   \
  94({                                                                      \
  95        WARN_ON_IN_IRQ();                                               \
  96        likely(!__range_not_ok(addr, size, user_addr_max()));           \
  97})
  98
  99/*
 100 * These are the main single-value transfer routines.  They automatically
 101 * use the right size if we just have the right pointer type.
 102 *
 103 * This gets kind of ugly. We want to return _two_ values in "get_user()"
 104 * and yet we don't want to do any pointers, because that is too much
 105 * of a performance impact. Thus we have a few rather ugly macros here,
 106 * and hide all the ugliness from the user.
 107 *
 108 * The "__xxx" versions of the user access functions are versions that
 109 * do not verify the address space, that must have been done previously
 110 * with a separate "access_ok()" call (this is used when we do multiple
 111 * accesses to the same area of user memory).
 112 */
 113
 114extern int __get_user_1(void);
 115extern int __get_user_2(void);
 116extern int __get_user_4(void);
 117extern int __get_user_8(void);
 118extern int __get_user_bad(void);
 119
 120#define __uaccess_begin() stac()
 121#define __uaccess_end()   clac()
 122#define __uaccess_begin_nospec()        \
 123({                                      \
 124        stac();                         \
 125        barrier_nospec();               \
 126})
 127
 128/*
 129 * This is a type: either unsigned long, if the argument fits into
 130 * that type, or otherwise unsigned long long.
 131 */
 132#define __inttype(x) \
 133__typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
 134
 135/**
 136 * get_user - Get a simple variable from user space.
 137 * @x:   Variable to store result.
 138 * @ptr: Source address, in user space.
 139 *
 140 * Context: User context only. This function may sleep if pagefaults are
 141 *          enabled.
 142 *
 143 * This macro copies a single simple variable from user space to kernel
 144 * space.  It supports simple types like char and int, but not larger
 145 * data types like structures or arrays.
 146 *
 147 * @ptr must have pointer-to-simple-variable type, and the result of
 148 * dereferencing @ptr must be assignable to @x without a cast.
 149 *
 150 * Return: zero on success, or -EFAULT on error.
 151 * On error, the variable @x is set to zero.
 152 */
 153/*
 154 * Careful: we have to cast the result to the type of the pointer
 155 * for sign reasons.
 156 *
 157 * The use of _ASM_DX as the register specifier is a bit of a
 158 * simplification, as gcc only cares about it as the starting point
 159 * and not size: for a 64-bit value it will use %ecx:%edx on 32 bits
 160 * (%ecx being the next register in gcc's x86 register sequence), and
 161 * %rdx on 64 bits.
 162 *
 163 * Clang/LLVM cares about the size of the register, but still wants
 164 * the base register for something that ends up being a pair.
 165 */
 166#define get_user(x, ptr)                                                \
 167({                                                                      \
 168        int __ret_gu;                                                   \
 169        register __inttype(*(ptr)) __val_gu asm("%"_ASM_DX);            \
 170        __chk_user_ptr(ptr);                                            \
 171        might_fault();                                                  \
 172        asm volatile("call __get_user_%P4"                              \
 173                     : "=a" (__ret_gu), "=r" (__val_gu),                \
 174                        ASM_CALL_CONSTRAINT                             \
 175                     : "0" (ptr), "i" (sizeof(*(ptr))));                \
 176        (x) = (__force __typeof__(*(ptr))) __val_gu;                    \
 177        __builtin_expect(__ret_gu, 0);                                  \
 178})
 179
 180#define __put_user_x(size, x, ptr, __ret_pu)                    \
 181        asm volatile("call __put_user_" #size : "=a" (__ret_pu) \
 182                     : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx")
 183
 184
 185
 186#ifdef CONFIG_X86_32
 187#define __put_user_goto_u64(x, addr, label)                     \
 188        asm_volatile_goto("\n"                                  \
 189                     "1:        movl %%eax,0(%1)\n"             \
 190                     "2:        movl %%edx,4(%1)\n"             \
 191                     _ASM_EXTABLE_UA(1b, %l2)                   \
 192                     _ASM_EXTABLE_UA(2b, %l2)                   \
 193                     : : "A" (x), "r" (addr)                    \
 194                     : : label)
 195
 196#define __put_user_asm_ex_u64(x, addr)                                  \
 197        asm volatile("\n"                                               \
 198                     "1:        movl %%eax,0(%1)\n"                     \
 199                     "2:        movl %%edx,4(%1)\n"                     \
 200                     "3:"                                               \
 201                     _ASM_EXTABLE_EX(1b, 2b)                            \
 202                     _ASM_EXTABLE_EX(2b, 3b)                            \
 203                     : : "A" (x), "r" (addr))
 204
 205#define __put_user_x8(x, ptr, __ret_pu)                         \
 206        asm volatile("call __put_user_8" : "=a" (__ret_pu)      \
 207                     : "A" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx")
 208#else
 209#define __put_user_goto_u64(x, ptr, label) \
 210        __put_user_goto(x, ptr, "q", "", "er", label)
 211#define __put_user_asm_ex_u64(x, addr)  \
 212        __put_user_asm_ex(x, addr, "q", "", "er")
 213#define __put_user_x8(x, ptr, __ret_pu) __put_user_x(8, x, ptr, __ret_pu)
 214#endif
 215
 216extern void __put_user_bad(void);
 217
 218/*
 219 * Strange magic calling convention: pointer in %ecx,
 220 * value in %eax(:%edx), return value in %eax. clobbers %rbx
 221 */
 222extern void __put_user_1(void);
 223extern void __put_user_2(void);
 224extern void __put_user_4(void);
 225extern void __put_user_8(void);
 226
 227/**
 228 * put_user - Write a simple value into user space.
 229 * @x:   Value to copy to user space.
 230 * @ptr: Destination address, in user space.
 231 *
 232 * Context: User context only. This function may sleep if pagefaults are
 233 *          enabled.
 234 *
 235 * This macro copies a single simple value from kernel space to user
 236 * space.  It supports simple types like char and int, but not larger
 237 * data types like structures or arrays.
 238 *
 239 * @ptr must have pointer-to-simple-variable type, and @x must be assignable
 240 * to the result of dereferencing @ptr.
 241 *
 242 * Return: zero on success, or -EFAULT on error.
 243 */
 244#define put_user(x, ptr)                                        \
 245({                                                              \
 246        int __ret_pu;                                           \
 247        __typeof__(*(ptr)) __pu_val;                            \
 248        __chk_user_ptr(ptr);                                    \
 249        might_fault();                                          \
 250        __pu_val = x;                                           \
 251        switch (sizeof(*(ptr))) {                               \
 252        case 1:                                                 \
 253                __put_user_x(1, __pu_val, ptr, __ret_pu);       \
 254                break;                                          \
 255        case 2:                                                 \
 256                __put_user_x(2, __pu_val, ptr, __ret_pu);       \
 257                break;                                          \
 258        case 4:                                                 \
 259                __put_user_x(4, __pu_val, ptr, __ret_pu);       \
 260                break;                                          \
 261        case 8:                                                 \
 262                __put_user_x8(__pu_val, ptr, __ret_pu);         \
 263                break;                                          \
 264        default:                                                \
 265                __put_user_x(X, __pu_val, ptr, __ret_pu);       \
 266                break;                                          \
 267        }                                                       \
 268        __builtin_expect(__ret_pu, 0);                          \
 269})
 270
 271#define __put_user_size(x, ptr, size, label)                            \
 272do {                                                                    \
 273        __chk_user_ptr(ptr);                                            \
 274        switch (size) {                                                 \
 275        case 1:                                                         \
 276                __put_user_goto(x, ptr, "b", "b", "iq", label); \
 277                break;                                                  \
 278        case 2:                                                         \
 279                __put_user_goto(x, ptr, "w", "w", "ir", label);         \
 280                break;                                                  \
 281        case 4:                                                         \
 282                __put_user_goto(x, ptr, "l", "k", "ir", label);         \
 283                break;                                                  \
 284        case 8:                                                         \
 285                __put_user_goto_u64(x, ptr, label);                     \
 286                break;                                                  \
 287        default:                                                        \
 288                __put_user_bad();                                       \
 289        }                                                               \
 290} while (0)
 291
 292/*
 293 * This doesn't do __uaccess_begin/end - the exception handling
 294 * around it must do that.
 295 */
 296#define __put_user_size_ex(x, ptr, size)                                \
 297do {                                                                    \
 298        __chk_user_ptr(ptr);                                            \
 299        switch (size) {                                                 \
 300        case 1:                                                         \
 301                __put_user_asm_ex(x, ptr, "b", "b", "iq");              \
 302                break;                                                  \
 303        case 2:                                                         \
 304                __put_user_asm_ex(x, ptr, "w", "w", "ir");              \
 305                break;                                                  \
 306        case 4:                                                         \
 307                __put_user_asm_ex(x, ptr, "l", "k", "ir");              \
 308                break;                                                  \
 309        case 8:                                                         \
 310                __put_user_asm_ex_u64((__typeof__(*ptr))(x), ptr);      \
 311                break;                                                  \
 312        default:                                                        \
 313                __put_user_bad();                                       \
 314        }                                                               \
 315} while (0)
 316
 317#ifdef CONFIG_X86_32
 318#define __get_user_asm_u64(x, ptr, retval, errret)                      \
 319({                                                                      \
 320        __typeof__(ptr) __ptr = (ptr);                                  \
 321        asm volatile("\n"                                       \
 322                     "1:        movl %2,%%eax\n"                        \
 323                     "2:        movl %3,%%edx\n"                        \
 324                     "3:\n"                             \
 325                     ".section .fixup,\"ax\"\n"                         \
 326                     "4:        mov %4,%0\n"                            \
 327                     "  xorl %%eax,%%eax\n"                             \
 328                     "  xorl %%edx,%%edx\n"                             \
 329                     "  jmp 3b\n"                                       \
 330                     ".previous\n"                                      \
 331                     _ASM_EXTABLE_UA(1b, 4b)                            \
 332                     _ASM_EXTABLE_UA(2b, 4b)                            \
 333                     : "=r" (retval), "=&A"(x)                          \
 334                     : "m" (__m(__ptr)), "m" __m(((u32 __user *)(__ptr)) + 1),  \
 335                       "i" (errret), "0" (retval));                     \
 336})
 337
 338#define __get_user_asm_ex_u64(x, ptr)                   (x) = __get_user_bad()
 339#else
 340#define __get_user_asm_u64(x, ptr, retval, errret) \
 341         __get_user_asm(x, ptr, retval, "q", "", "=r", errret)
 342#define __get_user_asm_ex_u64(x, ptr) \
 343         __get_user_asm_ex(x, ptr, "q", "", "=r")
 344#endif
 345
 346#define __get_user_size(x, ptr, size, retval, errret)                   \
 347do {                                                                    \
 348        retval = 0;                                                     \
 349        __chk_user_ptr(ptr);                                            \
 350        switch (size) {                                                 \
 351        case 1:                                                         \
 352                __get_user_asm(x, ptr, retval, "b", "b", "=q", errret); \
 353                break;                                                  \
 354        case 2:                                                         \
 355                __get_user_asm(x, ptr, retval, "w", "w", "=r", errret); \
 356                break;                                                  \
 357        case 4:                                                         \
 358                __get_user_asm(x, ptr, retval, "l", "k", "=r", errret); \
 359                break;                                                  \
 360        case 8:                                                         \
 361                __get_user_asm_u64(x, ptr, retval, errret);             \
 362                break;                                                  \
 363        default:                                                        \
 364                (x) = __get_user_bad();                                 \
 365        }                                                               \
 366} while (0)
 367
 368#define __get_user_asm(x, addr, err, itype, rtype, ltype, errret)       \
 369        asm volatile("\n"                                               \
 370                     "1:        mov"itype" %2,%"rtype"1\n"              \
 371                     "2:\n"                                             \
 372                     ".section .fixup,\"ax\"\n"                         \
 373                     "3:        mov %3,%0\n"                            \
 374                     "  xor"itype" %"rtype"1,%"rtype"1\n"               \
 375                     "  jmp 2b\n"                                       \
 376                     ".previous\n"                                      \
 377                     _ASM_EXTABLE_UA(1b, 3b)                            \
 378                     : "=r" (err), ltype(x)                             \
 379                     : "m" (__m(addr)), "i" (errret), "0" (err))
 380
 381#define __get_user_asm_nozero(x, addr, err, itype, rtype, ltype, errret)        \
 382        asm volatile("\n"                                               \
 383                     "1:        mov"itype" %2,%"rtype"1\n"              \
 384                     "2:\n"                                             \
 385                     ".section .fixup,\"ax\"\n"                         \
 386                     "3:        mov %3,%0\n"                            \
 387                     "  jmp 2b\n"                                       \
 388                     ".previous\n"                                      \
 389                     _ASM_EXTABLE_UA(1b, 3b)                            \
 390                     : "=r" (err), ltype(x)                             \
 391                     : "m" (__m(addr)), "i" (errret), "0" (err))
 392
 393/*
 394 * This doesn't do __uaccess_begin/end - the exception handling
 395 * around it must do that.
 396 */
 397#define __get_user_size_ex(x, ptr, size)                                \
 398do {                                                                    \
 399        __chk_user_ptr(ptr);                                            \
 400        switch (size) {                                                 \
 401        case 1:                                                         \
 402                __get_user_asm_ex(x, ptr, "b", "b", "=q");              \
 403                break;                                                  \
 404        case 2:                                                         \
 405                __get_user_asm_ex(x, ptr, "w", "w", "=r");              \
 406                break;                                                  \
 407        case 4:                                                         \
 408                __get_user_asm_ex(x, ptr, "l", "k", "=r");              \
 409                break;                                                  \
 410        case 8:                                                         \
 411                __get_user_asm_ex_u64(x, ptr);                          \
 412                break;                                                  \
 413        default:                                                        \
 414                (x) = __get_user_bad();                                 \
 415        }                                                               \
 416} while (0)
 417
 418#define __get_user_asm_ex(x, addr, itype, rtype, ltype)                 \
 419        asm volatile("1:        mov"itype" %1,%"rtype"0\n"              \
 420                     "2:\n"                                             \
 421                     ".section .fixup,\"ax\"\n"                         \
 422                     "3:xor"itype" %"rtype"0,%"rtype"0\n"               \
 423                     "  jmp 2b\n"                                       \
 424                     ".previous\n"                                      \
 425                     _ASM_EXTABLE_EX(1b, 3b)                            \
 426                     : ltype(x) : "m" (__m(addr)))
 427
 428#define __put_user_nocheck(x, ptr, size)                        \
 429({                                                              \
 430        __label__ __pu_label;                                   \
 431        int __pu_err = -EFAULT;                                 \
 432        __typeof__(*(ptr)) __pu_val = (x);                      \
 433        __typeof__(ptr) __pu_ptr = (ptr);                       \
 434        __typeof__(size) __pu_size = (size);                    \
 435        __uaccess_begin();                                      \
 436        __put_user_size(__pu_val, __pu_ptr, __pu_size, __pu_label);     \
 437        __pu_err = 0;                                           \
 438__pu_label:                                                     \
 439        __uaccess_end();                                        \
 440        __builtin_expect(__pu_err, 0);                          \
 441})
 442
 443#define __get_user_nocheck(x, ptr, size)                                \
 444({                                                                      \
 445        int __gu_err;                                                   \
 446        __inttype(*(ptr)) __gu_val;                                     \
 447        __typeof__(ptr) __gu_ptr = (ptr);                               \
 448        __typeof__(size) __gu_size = (size);                            \
 449        __uaccess_begin_nospec();                                       \
 450        __get_user_size(__gu_val, __gu_ptr, __gu_size, __gu_err, -EFAULT);      \
 451        __uaccess_end();                                                \
 452        (x) = (__force __typeof__(*(ptr)))__gu_val;                     \
 453        __builtin_expect(__gu_err, 0);                                  \
 454})
 455
 456/* FIXME: this hack is definitely wrong -AK */
 457struct __large_struct { unsigned long buf[100]; };
 458#define __m(x) (*(struct __large_struct __user *)(x))
 459
 460/*
 461 * Tell gcc we read from memory instead of writing: this is because
 462 * we do not write to any memory gcc knows about, so there are no
 463 * aliasing issues.
 464 */
 465#define __put_user_goto(x, addr, itype, rtype, ltype, label)    \
 466        asm_volatile_goto("\n"                                          \
 467                "1:     mov"itype" %"rtype"0,%1\n"                      \
 468                _ASM_EXTABLE_UA(1b, %l2)                                        \
 469                : : ltype(x), "m" (__m(addr))                           \
 470                : : label)
 471
 472#define __put_user_failed(x, addr, itype, rtype, ltype, errret)         \
 473        ({      __label__ __puflab;                                     \
 474                int __pufret = errret;                                  \
 475                __put_user_goto(x,addr,itype,rtype,ltype,__puflab);     \
 476                __pufret = 0;                                           \
 477        __puflab: __pufret; })
 478
 479#define __put_user_asm(x, addr, retval, itype, rtype, ltype, errret)    do {    \
 480        retval = __put_user_failed(x, addr, itype, rtype, ltype, errret);       \
 481} while (0)
 482
 483#define __put_user_asm_ex(x, addr, itype, rtype, ltype)                 \
 484        asm volatile("1:        mov"itype" %"rtype"0,%1\n"              \
 485                     "2:\n"                                             \
 486                     _ASM_EXTABLE_EX(1b, 2b)                            \
 487                     : : ltype(x), "m" (__m(addr)))
 488
 489/*
 490 * uaccess_try and catch
 491 */
 492#define uaccess_try     do {                                            \
 493        current->thread.uaccess_err = 0;                                \
 494        __uaccess_begin();                                              \
 495        barrier();
 496
 497#define uaccess_try_nospec do {                                         \
 498        current->thread.uaccess_err = 0;                                \
 499        __uaccess_begin_nospec();                                       \
 500
 501#define uaccess_catch(err)                                              \
 502        __uaccess_end();                                                \
 503        (err) |= (current->thread.uaccess_err ? -EFAULT : 0);           \
 504} while (0)
 505
 506/**
 507 * __get_user - Get a simple variable from user space, with less checking.
 508 * @x:   Variable to store result.
 509 * @ptr: Source address, in user space.
 510 *
 511 * Context: User context only. This function may sleep if pagefaults are
 512 *          enabled.
 513 *
 514 * This macro copies a single simple variable from user space to kernel
 515 * space.  It supports simple types like char and int, but not larger
 516 * data types like structures or arrays.
 517 *
 518 * @ptr must have pointer-to-simple-variable type, and the result of
 519 * dereferencing @ptr must be assignable to @x without a cast.
 520 *
 521 * Caller must check the pointer with access_ok() before calling this
 522 * function.
 523 *
 524 * Return: zero on success, or -EFAULT on error.
 525 * On error, the variable @x is set to zero.
 526 */
 527
 528#define __get_user(x, ptr)                                              \
 529        __get_user_nocheck((x), (ptr), sizeof(*(ptr)))
 530
 531/**
 532 * __put_user - Write a simple value into user space, with less checking.
 533 * @x:   Value to copy to user space.
 534 * @ptr: Destination address, in user space.
 535 *
 536 * Context: User context only. This function may sleep if pagefaults are
 537 *          enabled.
 538 *
 539 * This macro copies a single simple value from kernel space to user
 540 * space.  It supports simple types like char and int, but not larger
 541 * data types like structures or arrays.
 542 *
 543 * @ptr must have pointer-to-simple-variable type, and @x must be assignable
 544 * to the result of dereferencing @ptr.
 545 *
 546 * Caller must check the pointer with access_ok() before calling this
 547 * function.
 548 *
 549 * Return: zero on success, or -EFAULT on error.
 550 */
 551
 552#define __put_user(x, ptr)                                              \
 553        __put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
 554
 555/*
 556 * {get|put}_user_try and catch
 557 *
 558 * get_user_try {
 559 *      get_user_ex(...);
 560 * } get_user_catch(err)
 561 */
 562#define get_user_try            uaccess_try_nospec
 563#define get_user_catch(err)     uaccess_catch(err)
 564
 565#define get_user_ex(x, ptr)     do {                                    \
 566        unsigned long __gue_val;                                        \
 567        __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr))));       \
 568        (x) = (__force __typeof__(*(ptr)))__gue_val;                    \
 569} while (0)
 570
 571#define put_user_try            uaccess_try
 572#define put_user_catch(err)     uaccess_catch(err)
 573
 574#define put_user_ex(x, ptr)                                             \
 575        __put_user_size_ex((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
 576
 577extern unsigned long
 578copy_from_user_nmi(void *to, const void __user *from, unsigned long n);
 579extern __must_check long
 580strncpy_from_user(char *dst, const char __user *src, long count);
 581
 582extern __must_check long strnlen_user(const char __user *str, long n);
 583
 584unsigned long __must_check clear_user(void __user *mem, unsigned long len);
 585unsigned long __must_check __clear_user(void __user *mem, unsigned long len);
 586
 587extern void __cmpxchg_wrong_size(void)
 588        __compiletime_error("Bad argument size for cmpxchg");
 589
 590#define __user_atomic_cmpxchg_inatomic(uval, ptr, old, new, size)       \
 591({                                                                      \
 592        int __ret = 0;                                                  \
 593        __typeof__(*(ptr)) __old = (old);                               \
 594        __typeof__(*(ptr)) __new = (new);                               \
 595        __uaccess_begin_nospec();                                       \
 596        switch (size) {                                                 \
 597        case 1:                                                         \
 598        {                                                               \
 599                asm volatile("\n"                                       \
 600                        "1:\t" LOCK_PREFIX "cmpxchgb %4, %2\n"          \
 601                        "2:\n"                                          \
 602                        "\t.section .fixup, \"ax\"\n"                   \
 603                        "3:\tmov     %3, %0\n"                          \
 604                        "\tjmp     2b\n"                                \
 605                        "\t.previous\n"                                 \
 606                        _ASM_EXTABLE_UA(1b, 3b)                         \
 607                        : "+r" (__ret), "=a" (__old), "+m" (*(ptr))     \
 608                        : "i" (-EFAULT), "q" (__new), "1" (__old)       \
 609                        : "memory"                                      \
 610                );                                                      \
 611                break;                                                  \
 612        }                                                               \
 613        case 2:                                                         \
 614        {                                                               \
 615                asm volatile("\n"                                       \
 616                        "1:\t" LOCK_PREFIX "cmpxchgw %4, %2\n"          \
 617                        "2:\n"                                          \
 618                        "\t.section .fixup, \"ax\"\n"                   \
 619                        "3:\tmov     %3, %0\n"                          \
 620                        "\tjmp     2b\n"                                \
 621                        "\t.previous\n"                                 \
 622                        _ASM_EXTABLE_UA(1b, 3b)                         \
 623                        : "+r" (__ret), "=a" (__old), "+m" (*(ptr))     \
 624                        : "i" (-EFAULT), "r" (__new), "1" (__old)       \
 625                        : "memory"                                      \
 626                );                                                      \
 627                break;                                                  \
 628        }                                                               \
 629        case 4:                                                         \
 630        {                                                               \
 631                asm volatile("\n"                                       \
 632                        "1:\t" LOCK_PREFIX "cmpxchgl %4, %2\n"          \
 633                        "2:\n"                                          \
 634                        "\t.section .fixup, \"ax\"\n"                   \
 635                        "3:\tmov     %3, %0\n"                          \
 636                        "\tjmp     2b\n"                                \
 637                        "\t.previous\n"                                 \
 638                        _ASM_EXTABLE_UA(1b, 3b)                         \
 639                        : "+r" (__ret), "=a" (__old), "+m" (*(ptr))     \
 640                        : "i" (-EFAULT), "r" (__new), "1" (__old)       \
 641                        : "memory"                                      \
 642                );                                                      \
 643                break;                                                  \
 644        }                                                               \
 645        case 8:                                                         \
 646        {                                                               \
 647                if (!IS_ENABLED(CONFIG_X86_64))                         \
 648                        __cmpxchg_wrong_size();                         \
 649                                                                        \
 650                asm volatile("\n"                                       \
 651                        "1:\t" LOCK_PREFIX "cmpxchgq %4, %2\n"          \
 652                        "2:\n"                                          \
 653                        "\t.section .fixup, \"ax\"\n"                   \
 654                        "3:\tmov     %3, %0\n"                          \
 655                        "\tjmp     2b\n"                                \
 656                        "\t.previous\n"                                 \
 657                        _ASM_EXTABLE_UA(1b, 3b)                         \
 658                        : "+r" (__ret), "=a" (__old), "+m" (*(ptr))     \
 659                        : "i" (-EFAULT), "r" (__new), "1" (__old)       \
 660                        : "memory"                                      \
 661                );                                                      \
 662                break;                                                  \
 663        }                                                               \
 664        default:                                                        \
 665                __cmpxchg_wrong_size();                                 \
 666        }                                                               \
 667        __uaccess_end();                                                \
 668        *(uval) = __old;                                                \
 669        __ret;                                                          \
 670})
 671
 672#define user_atomic_cmpxchg_inatomic(uval, ptr, old, new)               \
 673({                                                                      \
 674        access_ok((ptr), sizeof(*(ptr))) ?              \
 675                __user_atomic_cmpxchg_inatomic((uval), (ptr),           \
 676                                (old), (new), sizeof(*(ptr))) :         \
 677                -EFAULT;                                                \
 678})
 679
 680/*
 681 * movsl can be slow when source and dest are not both 8-byte aligned
 682 */
 683#ifdef CONFIG_X86_INTEL_USERCOPY
 684extern struct movsl_mask {
 685        int mask;
 686} ____cacheline_aligned_in_smp movsl_mask;
 687#endif
 688
 689#define ARCH_HAS_NOCACHE_UACCESS 1
 690
 691#ifdef CONFIG_X86_32
 692# include <asm/uaccess_32.h>
 693#else
 694# include <asm/uaccess_64.h>
 695#endif
 696
 697/*
 698 * We rely on the nested NMI work to allow atomic faults from the NMI path; the
 699 * nested NMI paths are careful to preserve CR2.
 700 *
 701 * Caller must use pagefault_enable/disable, or run in interrupt context,
 702 * and also do a uaccess_ok() check
 703 */
 704#define __copy_from_user_nmi __copy_from_user_inatomic
 705
 706/*
 707 * The "unsafe" user accesses aren't really "unsafe", but the naming
 708 * is a big fat warning: you have to not only do the access_ok()
 709 * checking before using them, but you have to surround them with the
 710 * user_access_begin/end() pair.
 711 */
 712static __must_check __always_inline bool user_access_begin(const void __user *ptr, size_t len)
 713{
 714        if (unlikely(!access_ok(ptr,len)))
 715                return 0;
 716        __uaccess_begin_nospec();
 717        return 1;
 718}
 719#define user_access_begin(a,b)  user_access_begin(a,b)
 720#define user_access_end()       __uaccess_end()
 721
 722#define user_access_save()      smap_save()
 723#define user_access_restore(x)  smap_restore(x)
 724
 725#define unsafe_put_user(x, ptr, label)  \
 726        __put_user_size((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)), label)
 727
 728#define unsafe_get_user(x, ptr, err_label)                                      \
 729do {                                                                            \
 730        int __gu_err;                                                           \
 731        __inttype(*(ptr)) __gu_val;                                             \
 732        __get_user_size(__gu_val, (ptr), sizeof(*(ptr)), __gu_err, -EFAULT);    \
 733        (x) = (__force __typeof__(*(ptr)))__gu_val;                             \
 734        if (unlikely(__gu_err)) goto err_label;                                 \
 735} while (0)
 736
 737#endif /* _ASM_X86_UACCESS_H */
 738
 739