]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - arch/arm/include/asm/uaccess.h
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
new helper: uaccess_kernel()
[mirror_ubuntu-artful-kernel.git] / arch / arm / include / asm / uaccess.h
1 /*
2 * arch/arm/include/asm/uaccess.h
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
7 */
8 #ifndef _ASMARM_UACCESS_H
9 #define _ASMARM_UACCESS_H
10
11 /*
12 * User space memory access functions
13 */
14 #include <linux/string.h>
15 #include <asm/memory.h>
16 #include <asm/domain.h>
17 #include <asm/unified.h>
18 #include <asm/compiler.h>
19
20 #ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
21 #include <asm-generic/uaccess-unaligned.h>
22 #else
23 #define __get_user_unaligned __get_user
24 #define __put_user_unaligned __put_user
25 #endif
26
27 /*
28 * The exception table consists of pairs of addresses: the first is the
29 * address of an instruction that is allowed to fault, and the second is
30 * the address at which the program should continue. No registers are
31 * modified, so it is entirely up to the continuation code to figure out
32 * what to do.
33 *
34 * All the routines below use bits of fixup code that are out of line
35 * with the main instruction path. This means when everything is well,
36 * we don't even have to jump over them. Further, they do not intrude
37 * on our cache or tlb entries.
38 */
39
40 struct exception_table_entry
41 {
42 unsigned long insn, fixup;
43 };
44
45 extern int fixup_exception(struct pt_regs *regs);
46
47 /*
48 * These two functions allow hooking accesses to userspace to increase
49 * system integrity by ensuring that the kernel can not inadvertantly
50 * perform such accesses (eg, via list poison values) which could then
51 * be exploited for priviledge escalation.
52 */
53 static inline unsigned int uaccess_save_and_enable(void)
54 {
55 #ifdef CONFIG_CPU_SW_DOMAIN_PAN
56 unsigned int old_domain = get_domain();
57
58 /* Set the current domain access to permit user accesses */
59 set_domain((old_domain & ~domain_mask(DOMAIN_USER)) |
60 domain_val(DOMAIN_USER, DOMAIN_CLIENT));
61
62 return old_domain;
63 #else
64 return 0;
65 #endif
66 }
67
68 static inline void uaccess_restore(unsigned int flags)
69 {
70 #ifdef CONFIG_CPU_SW_DOMAIN_PAN
71 /* Restore the user access mask */
72 set_domain(flags);
73 #endif
74 }
75
76 /*
77 * These two are intentionally not defined anywhere - if the kernel
78 * code generates any references to them, that's a bug.
79 */
80 extern int __get_user_bad(void);
81 extern int __put_user_bad(void);
82
83 /*
84 * Note that this is actually 0x1,0000,0000
85 */
86 #define KERNEL_DS 0x00000000
87 #define get_ds() (KERNEL_DS)
88
89 #ifdef CONFIG_MMU
90
91 #define USER_DS TASK_SIZE
92 #define get_fs() (current_thread_info()->addr_limit)
93
94 static inline void set_fs(mm_segment_t fs)
95 {
96 current_thread_info()->addr_limit = fs;
97 modify_domain(DOMAIN_KERNEL, fs ? DOMAIN_CLIENT : DOMAIN_MANAGER);
98 }
99
100 #define segment_eq(a, b) ((a) == (b))
101
102 /* We use 33-bit arithmetic here... */
103 #define __range_ok(addr, size) ({ \
104 unsigned long flag, roksum; \
105 __chk_user_ptr(addr); \
106 __asm__("adds %1, %2, %3; sbcccs %1, %1, %0; movcc %0, #0" \
107 : "=&r" (flag), "=&r" (roksum) \
108 : "r" (addr), "Ir" (size), "0" (current_thread_info()->addr_limit) \
109 : "cc"); \
110 flag; })
111
112 /*
113 * Single-value transfer routines. They automatically use the right
114 * size if we just have the right pointer type. Note that the functions
115 * which read from user space (*get_*) need to take care not to leak
116 * kernel data even if the calling code is buggy and fails to check
117 * the return value. This means zeroing out the destination variable
118 * or buffer on error. Normally this is done out of line by the
119 * fixup code, but there are a few places where it intrudes on the
120 * main code path. When we only write to user space, there is no
121 * problem.
122 */
123 extern int __get_user_1(void *);
124 extern int __get_user_2(void *);
125 extern int __get_user_4(void *);
126 extern int __get_user_32t_8(void *);
127 extern int __get_user_8(void *);
128 extern int __get_user_64t_1(void *);
129 extern int __get_user_64t_2(void *);
130 extern int __get_user_64t_4(void *);
131
132 #define __GUP_CLOBBER_1 "lr", "cc"
133 #ifdef CONFIG_CPU_USE_DOMAINS
134 #define __GUP_CLOBBER_2 "ip", "lr", "cc"
135 #else
136 #define __GUP_CLOBBER_2 "lr", "cc"
137 #endif
138 #define __GUP_CLOBBER_4 "lr", "cc"
139 #define __GUP_CLOBBER_32t_8 "lr", "cc"
140 #define __GUP_CLOBBER_8 "lr", "cc"
141
142 #define __get_user_x(__r2, __p, __e, __l, __s) \
143 __asm__ __volatile__ ( \
144 __asmeq("%0", "r0") __asmeq("%1", "r2") \
145 __asmeq("%3", "r1") \
146 "bl __get_user_" #__s \
147 : "=&r" (__e), "=r" (__r2) \
148 : "0" (__p), "r" (__l) \
149 : __GUP_CLOBBER_##__s)
150
151 /* narrowing a double-word get into a single 32bit word register: */
152 #ifdef __ARMEB__
153 #define __get_user_x_32t(__r2, __p, __e, __l, __s) \
154 __get_user_x(__r2, __p, __e, __l, 32t_8)
155 #else
156 #define __get_user_x_32t __get_user_x
157 #endif
158
159 /*
160 * storing result into proper least significant word of 64bit target var,
161 * different only for big endian case where 64 bit __r2 lsw is r3:
162 */
163 #ifdef __ARMEB__
164 #define __get_user_x_64t(__r2, __p, __e, __l, __s) \
165 __asm__ __volatile__ ( \
166 __asmeq("%0", "r0") __asmeq("%1", "r2") \
167 __asmeq("%3", "r1") \
168 "bl __get_user_64t_" #__s \
169 : "=&r" (__e), "=r" (__r2) \
170 : "0" (__p), "r" (__l) \
171 : __GUP_CLOBBER_##__s)
172 #else
173 #define __get_user_x_64t __get_user_x
174 #endif
175
176
177 #define __get_user_check(x, p) \
178 ({ \
179 unsigned long __limit = current_thread_info()->addr_limit - 1; \
180 register const typeof(*(p)) __user *__p asm("r0") = (p);\
181 register typeof(x) __r2 asm("r2"); \
182 register unsigned long __l asm("r1") = __limit; \
183 register int __e asm("r0"); \
184 unsigned int __ua_flags = uaccess_save_and_enable(); \
185 switch (sizeof(*(__p))) { \
186 case 1: \
187 if (sizeof((x)) >= 8) \
188 __get_user_x_64t(__r2, __p, __e, __l, 1); \
189 else \
190 __get_user_x(__r2, __p, __e, __l, 1); \
191 break; \
192 case 2: \
193 if (sizeof((x)) >= 8) \
194 __get_user_x_64t(__r2, __p, __e, __l, 2); \
195 else \
196 __get_user_x(__r2, __p, __e, __l, 2); \
197 break; \
198 case 4: \
199 if (sizeof((x)) >= 8) \
200 __get_user_x_64t(__r2, __p, __e, __l, 4); \
201 else \
202 __get_user_x(__r2, __p, __e, __l, 4); \
203 break; \
204 case 8: \
205 if (sizeof((x)) < 8) \
206 __get_user_x_32t(__r2, __p, __e, __l, 4); \
207 else \
208 __get_user_x(__r2, __p, __e, __l, 8); \
209 break; \
210 default: __e = __get_user_bad(); break; \
211 } \
212 uaccess_restore(__ua_flags); \
213 x = (typeof(*(p))) __r2; \
214 __e; \
215 })
216
217 #define get_user(x, p) \
218 ({ \
219 might_fault(); \
220 __get_user_check(x, p); \
221 })
222
223 extern int __put_user_1(void *, unsigned int);
224 extern int __put_user_2(void *, unsigned int);
225 extern int __put_user_4(void *, unsigned int);
226 extern int __put_user_8(void *, unsigned long long);
227
228 #define __put_user_check(__pu_val, __ptr, __err, __s) \
229 ({ \
230 unsigned long __limit = current_thread_info()->addr_limit - 1; \
231 register typeof(__pu_val) __r2 asm("r2") = __pu_val; \
232 register const void __user *__p asm("r0") = __ptr; \
233 register unsigned long __l asm("r1") = __limit; \
234 register int __e asm("r0"); \
235 __asm__ __volatile__ ( \
236 __asmeq("%0", "r0") __asmeq("%2", "r2") \
237 __asmeq("%3", "r1") \
238 "bl __put_user_" #__s \
239 : "=&r" (__e) \
240 : "0" (__p), "r" (__r2), "r" (__l) \
241 : "ip", "lr", "cc"); \
242 __err = __e; \
243 })
244
245 #else /* CONFIG_MMU */
246
247 /*
248 * uClinux has only one addr space, so has simplified address limits.
249 */
250 #define USER_DS KERNEL_DS
251
252 #define segment_eq(a, b) (1)
253 #define __addr_ok(addr) ((void)(addr), 1)
254 #define __range_ok(addr, size) ((void)(addr), 0)
255 #define get_fs() (KERNEL_DS)
256
257 static inline void set_fs(mm_segment_t fs)
258 {
259 }
260
261 #define get_user(x, p) __get_user(x, p)
262 #define __put_user_check __put_user_nocheck
263
264 #endif /* CONFIG_MMU */
265
266 #define access_ok(type, addr, size) (__range_ok(addr, size) == 0)
267
268 #define user_addr_max() \
269 (uaccess_kernel() ? ~0UL : get_fs())
270
271 /*
272 * The "__xxx" versions of the user access functions do not verify the
273 * address space - it must have been done previously with a separate
274 * "access_ok()" call.
275 *
276 * The "xxx_error" versions set the third argument to EFAULT if an
277 * error occurs, and leave it unchanged on success. Note that these
278 * versions are void (ie, don't return a value as such).
279 */
280 #define __get_user(x, ptr) \
281 ({ \
282 long __gu_err = 0; \
283 __get_user_err((x), (ptr), __gu_err); \
284 __gu_err; \
285 })
286
287 #define __get_user_error(x, ptr, err) \
288 ({ \
289 __get_user_err((x), (ptr), err); \
290 (void) 0; \
291 })
292
293 #define __get_user_err(x, ptr, err) \
294 do { \
295 unsigned long __gu_addr = (unsigned long)(ptr); \
296 unsigned long __gu_val; \
297 unsigned int __ua_flags; \
298 __chk_user_ptr(ptr); \
299 might_fault(); \
300 __ua_flags = uaccess_save_and_enable(); \
301 switch (sizeof(*(ptr))) { \
302 case 1: __get_user_asm_byte(__gu_val, __gu_addr, err); break; \
303 case 2: __get_user_asm_half(__gu_val, __gu_addr, err); break; \
304 case 4: __get_user_asm_word(__gu_val, __gu_addr, err); break; \
305 default: (__gu_val) = __get_user_bad(); \
306 } \
307 uaccess_restore(__ua_flags); \
308 (x) = (__typeof__(*(ptr)))__gu_val; \
309 } while (0)
310
311 #define __get_user_asm(x, addr, err, instr) \
312 __asm__ __volatile__( \
313 "1: " TUSER(instr) " %1, [%2], #0\n" \
314 "2:\n" \
315 " .pushsection .text.fixup,\"ax\"\n" \
316 " .align 2\n" \
317 "3: mov %0, %3\n" \
318 " mov %1, #0\n" \
319 " b 2b\n" \
320 " .popsection\n" \
321 " .pushsection __ex_table,\"a\"\n" \
322 " .align 3\n" \
323 " .long 1b, 3b\n" \
324 " .popsection" \
325 : "+r" (err), "=&r" (x) \
326 : "r" (addr), "i" (-EFAULT) \
327 : "cc")
328
329 #define __get_user_asm_byte(x, addr, err) \
330 __get_user_asm(x, addr, err, ldrb)
331
332 #ifndef __ARMEB__
333 #define __get_user_asm_half(x, __gu_addr, err) \
334 ({ \
335 unsigned long __b1, __b2; \
336 __get_user_asm_byte(__b1, __gu_addr, err); \
337 __get_user_asm_byte(__b2, __gu_addr + 1, err); \
338 (x) = __b1 | (__b2 << 8); \
339 })
340 #else
341 #define __get_user_asm_half(x, __gu_addr, err) \
342 ({ \
343 unsigned long __b1, __b2; \
344 __get_user_asm_byte(__b1, __gu_addr, err); \
345 __get_user_asm_byte(__b2, __gu_addr + 1, err); \
346 (x) = (__b1 << 8) | __b2; \
347 })
348 #endif
349
350 #define __get_user_asm_word(x, addr, err) \
351 __get_user_asm(x, addr, err, ldr)
352
353
354 #define __put_user_switch(x, ptr, __err, __fn) \
355 do { \
356 const __typeof__(*(ptr)) __user *__pu_ptr = (ptr); \
357 __typeof__(*(ptr)) __pu_val = (x); \
358 unsigned int __ua_flags; \
359 might_fault(); \
360 __ua_flags = uaccess_save_and_enable(); \
361 switch (sizeof(*(ptr))) { \
362 case 1: __fn(__pu_val, __pu_ptr, __err, 1); break; \
363 case 2: __fn(__pu_val, __pu_ptr, __err, 2); break; \
364 case 4: __fn(__pu_val, __pu_ptr, __err, 4); break; \
365 case 8: __fn(__pu_val, __pu_ptr, __err, 8); break; \
366 default: __err = __put_user_bad(); break; \
367 } \
368 uaccess_restore(__ua_flags); \
369 } while (0)
370
371 #define put_user(x, ptr) \
372 ({ \
373 int __pu_err = 0; \
374 __put_user_switch((x), (ptr), __pu_err, __put_user_check); \
375 __pu_err; \
376 })
377
378 #define __put_user(x, ptr) \
379 ({ \
380 long __pu_err = 0; \
381 __put_user_switch((x), (ptr), __pu_err, __put_user_nocheck); \
382 __pu_err; \
383 })
384
385 #define __put_user_error(x, ptr, err) \
386 ({ \
387 __put_user_switch((x), (ptr), (err), __put_user_nocheck); \
388 (void) 0; \
389 })
390
391 #define __put_user_nocheck(x, __pu_ptr, __err, __size) \
392 do { \
393 unsigned long __pu_addr = (unsigned long)__pu_ptr; \
394 __put_user_nocheck_##__size(x, __pu_addr, __err); \
395 } while (0)
396
397 #define __put_user_nocheck_1 __put_user_asm_byte
398 #define __put_user_nocheck_2 __put_user_asm_half
399 #define __put_user_nocheck_4 __put_user_asm_word
400 #define __put_user_nocheck_8 __put_user_asm_dword
401
402 #define __put_user_asm(x, __pu_addr, err, instr) \
403 __asm__ __volatile__( \
404 "1: " TUSER(instr) " %1, [%2], #0\n" \
405 "2:\n" \
406 " .pushsection .text.fixup,\"ax\"\n" \
407 " .align 2\n" \
408 "3: mov %0, %3\n" \
409 " b 2b\n" \
410 " .popsection\n" \
411 " .pushsection __ex_table,\"a\"\n" \
412 " .align 3\n" \
413 " .long 1b, 3b\n" \
414 " .popsection" \
415 : "+r" (err) \
416 : "r" (x), "r" (__pu_addr), "i" (-EFAULT) \
417 : "cc")
418
419 #define __put_user_asm_byte(x, __pu_addr, err) \
420 __put_user_asm(x, __pu_addr, err, strb)
421
422 #ifndef __ARMEB__
423 #define __put_user_asm_half(x, __pu_addr, err) \
424 ({ \
425 unsigned long __temp = (__force unsigned long)(x); \
426 __put_user_asm_byte(__temp, __pu_addr, err); \
427 __put_user_asm_byte(__temp >> 8, __pu_addr + 1, err); \
428 })
429 #else
430 #define __put_user_asm_half(x, __pu_addr, err) \
431 ({ \
432 unsigned long __temp = (__force unsigned long)(x); \
433 __put_user_asm_byte(__temp >> 8, __pu_addr, err); \
434 __put_user_asm_byte(__temp, __pu_addr + 1, err); \
435 })
436 #endif
437
438 #define __put_user_asm_word(x, __pu_addr, err) \
439 __put_user_asm(x, __pu_addr, err, str)
440
441 #ifndef __ARMEB__
442 #define __reg_oper0 "%R2"
443 #define __reg_oper1 "%Q2"
444 #else
445 #define __reg_oper0 "%Q2"
446 #define __reg_oper1 "%R2"
447 #endif
448
449 #define __put_user_asm_dword(x, __pu_addr, err) \
450 __asm__ __volatile__( \
451 ARM( "1: " TUSER(str) " " __reg_oper1 ", [%1], #4\n" ) \
452 ARM( "2: " TUSER(str) " " __reg_oper0 ", [%1]\n" ) \
453 THUMB( "1: " TUSER(str) " " __reg_oper1 ", [%1]\n" ) \
454 THUMB( "2: " TUSER(str) " " __reg_oper0 ", [%1, #4]\n" ) \
455 "3:\n" \
456 " .pushsection .text.fixup,\"ax\"\n" \
457 " .align 2\n" \
458 "4: mov %0, %3\n" \
459 " b 3b\n" \
460 " .popsection\n" \
461 " .pushsection __ex_table,\"a\"\n" \
462 " .align 3\n" \
463 " .long 1b, 4b\n" \
464 " .long 2b, 4b\n" \
465 " .popsection" \
466 : "+r" (err), "+r" (__pu_addr) \
467 : "r" (x), "i" (-EFAULT) \
468 : "cc")
469
470
471 #ifdef CONFIG_MMU
472 extern unsigned long __must_check
473 arm_copy_from_user(void *to, const void __user *from, unsigned long n);
474
475 static inline unsigned long __must_check
476 __arch_copy_from_user(void *to, const void __user *from, unsigned long n)
477 {
478 unsigned int __ua_flags;
479
480 __ua_flags = uaccess_save_and_enable();
481 n = arm_copy_from_user(to, from, n);
482 uaccess_restore(__ua_flags);
483 return n;
484 }
485
486 extern unsigned long __must_check
487 arm_copy_to_user(void __user *to, const void *from, unsigned long n);
488 extern unsigned long __must_check
489 __copy_to_user_std(void __user *to, const void *from, unsigned long n);
490
491 static inline unsigned long __must_check
492 __arch_copy_to_user(void __user *to, const void *from, unsigned long n)
493 {
494 #ifndef CONFIG_UACCESS_WITH_MEMCPY
495 unsigned int __ua_flags;
496 __ua_flags = uaccess_save_and_enable();
497 n = arm_copy_to_user(to, from, n);
498 uaccess_restore(__ua_flags);
499 return n;
500 #else
501 return arm_copy_to_user(to, from, n);
502 #endif
503 }
504
505 extern unsigned long __must_check
506 arm_clear_user(void __user *addr, unsigned long n);
507 extern unsigned long __must_check
508 __clear_user_std(void __user *addr, unsigned long n);
509
510 static inline unsigned long __must_check
511 __clear_user(void __user *addr, unsigned long n)
512 {
513 unsigned int __ua_flags = uaccess_save_and_enable();
514 n = arm_clear_user(addr, n);
515 uaccess_restore(__ua_flags);
516 return n;
517 }
518
519 #else
520 #define __arch_copy_from_user(to, from, n) \
521 (memcpy(to, (void __force *)from, n), 0)
522 #define __arch_copy_to_user(to, from, n) \
523 (memcpy((void __force *)to, from, n), 0)
524 #define __clear_user(addr, n) (memset((void __force *)addr, 0, n), 0)
525 #endif
526
527 static inline unsigned long __must_check
528 __copy_from_user(void *to, const void __user *from, unsigned long n)
529 {
530 check_object_size(to, n, false);
531 return __arch_copy_from_user(to, from, n);
532 }
533
534 static inline unsigned long __must_check
535 copy_from_user(void *to, const void __user *from, unsigned long n)
536 {
537 unsigned long res = n;
538
539 check_object_size(to, n, false);
540
541 if (likely(access_ok(VERIFY_READ, from, n)))
542 res = __arch_copy_from_user(to, from, n);
543 if (unlikely(res))
544 memset(to + (n - res), 0, res);
545 return res;
546 }
547
548 static inline unsigned long __must_check
549 __copy_to_user(void __user *to, const void *from, unsigned long n)
550 {
551 check_object_size(from, n, true);
552
553 return __arch_copy_to_user(to, from, n);
554 }
555
556 static inline unsigned long __must_check
557 copy_to_user(void __user *to, const void *from, unsigned long n)
558 {
559 check_object_size(from, n, true);
560
561 if (access_ok(VERIFY_WRITE, to, n))
562 n = __arch_copy_to_user(to, from, n);
563 return n;
564 }
565
566 #define __copy_to_user_inatomic __copy_to_user
567 #define __copy_from_user_inatomic __copy_from_user
568
569 static inline unsigned long __must_check clear_user(void __user *to, unsigned long n)
570 {
571 if (access_ok(VERIFY_WRITE, to, n))
572 n = __clear_user(to, n);
573 return n;
574 }
575
576 /* These are from lib/ code, and use __get_user() and friends */
577 extern long strncpy_from_user(char *dest, const char __user *src, long count);
578
579 extern __must_check long strlen_user(const char __user *str);
580 extern __must_check long strnlen_user(const char __user *str, long n);
581
582 #endif /* _ASMARM_UACCESS_H */
Ubuntu Artful kernel mirror