]> git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/blob - arch/arm64/include/asm/uaccess.h
projects / mirror_ubuntu-focal-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Remove 'type' argument from access_ok() function
[mirror_ubuntu-focal-kernel.git] / arch / arm64 / include / asm / uaccess.h
1 /*
2 * Based on arch/arm/include/asm/uaccess.h
3 *
4 * Copyright (C) 2012 ARM Ltd.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
17 */
18 #ifndef __ASM_UACCESS_H
19 #define __ASM_UACCESS_H
20
21 #include <asm/alternative.h>
22 #include <asm/kernel-pgtable.h>
23 #include <asm/sysreg.h>
24
25 /*
26 * User space memory access functions
27 */
28 #include <linux/bitops.h>
29 #include <linux/kasan-checks.h>
30 #include <linux/string.h>
31
32 #include <asm/cpufeature.h>
33 #include <asm/ptrace.h>
34 #include <asm/memory.h>
35 #include <asm/extable.h>
36
37 #define get_ds() (KERNEL_DS)
38 #define get_fs() (current_thread_info()->addr_limit)
39
40 static inline void set_fs(mm_segment_t fs)
41 {
42 current_thread_info()->addr_limit = fs;
43
44 /*
45 * Prevent a mispredicted conditional call to set_fs from forwarding
46 * the wrong address limit to access_ok under speculation.
47 */
48 spec_bar();
49
50 /* On user-mode return, check fs is correct */
51 set_thread_flag(TIF_FSCHECK);
52
53 /*
54 * Enable/disable UAO so that copy_to_user() etc can access
55 * kernel memory with the unprivileged instructions.
56 */
57 if (IS_ENABLED(CONFIG_ARM64_UAO) && fs == KERNEL_DS)
58 asm(ALTERNATIVE("nop", SET_PSTATE_UAO(1), ARM64_HAS_UAO));
59 else
60 asm(ALTERNATIVE("nop", SET_PSTATE_UAO(0), ARM64_HAS_UAO,
61 CONFIG_ARM64_UAO));
62 }
63
64 #define segment_eq(a, b) ((a) == (b))
65
66 /*
67 * Test whether a block of memory is a valid user space address.
68 * Returns 1 if the range is valid, 0 otherwise.
69 *
70 * This is equivalent to the following test:
71 * (u65)addr + (u65)size <= (u65)current->addr_limit + 1
72 */
73 static inline unsigned long __range_ok(const void __user *addr, unsigned long size)
74 {
75 unsigned long ret, limit = current_thread_info()->addr_limit;
76
77 __chk_user_ptr(addr);
78 asm volatile(
79 // A + B <= C + 1 for all A,B,C, in four easy steps:
80 // 1: X = A + B; X' = X % 2^64
81 " adds %0, %3, %2\n"
82 // 2: Set C = 0 if X > 2^64, to guarantee X' > C in step 4
83 " csel %1, xzr, %1, hi\n"
84 // 3: Set X' = ~0 if X >= 2^64. For X == 2^64, this decrements X'
85 // to compensate for the carry flag being set in step 4. For
86 // X > 2^64, X' merely has to remain nonzero, which it does.
87 " csinv %0, %0, xzr, cc\n"
88 // 4: For X < 2^64, this gives us X' - C - 1 <= 0, where the -1
89 // comes from the carry in being clear. Otherwise, we are
90 // testing X' - C == 0, subject to the previous adjustments.
91 " sbcs xzr, %0, %1\n"
92 " cset %0, ls\n"
93 : "=&r" (ret), "+r" (limit) : "Ir" (size), "0" (addr) : "cc");
94
95 return ret;
96 }
97
98 #define access_ok(addr, size) __range_ok(addr, size)
99 #define user_addr_max get_fs
100
101 #define _ASM_EXTABLE(from, to) \
102 " .pushsection __ex_table, \"a\"\n" \
103 " .align 3\n" \
104 " .long (" #from " - .), (" #to " - .)\n" \
105 " .popsection\n"
106
107 /*
108 * User access enabling/disabling.
109 */
110 #ifdef CONFIG_ARM64_SW_TTBR0_PAN
111 static inline void __uaccess_ttbr0_disable(void)
112 {
113 unsigned long flags, ttbr;
114
115 local_irq_save(flags);
116 ttbr = read_sysreg(ttbr1_el1);
117 ttbr &= ~TTBR_ASID_MASK;
118 /* reserved_ttbr0 placed before swapper_pg_dir */
119 write_sysreg(ttbr - RESERVED_TTBR0_SIZE, ttbr0_el1);
120 isb();
121 /* Set reserved ASID */
122 write_sysreg(ttbr, ttbr1_el1);
123 isb();
124 local_irq_restore(flags);
125 }
126
127 static inline void __uaccess_ttbr0_enable(void)
128 {
129 unsigned long flags, ttbr0, ttbr1;
130
131 /*
132 * Disable interrupts to avoid preemption between reading the 'ttbr0'
133 * variable and the MSR. A context switch could trigger an ASID
134 * roll-over and an update of 'ttbr0'.
135 */
136 local_irq_save(flags);
137 ttbr0 = READ_ONCE(current_thread_info()->ttbr0);
138
139 /* Restore active ASID */
140 ttbr1 = read_sysreg(ttbr1_el1);
141 ttbr1 &= ~TTBR_ASID_MASK; /* safety measure */
142 ttbr1 |= ttbr0 & TTBR_ASID_MASK;
143 write_sysreg(ttbr1, ttbr1_el1);
144 isb();
145
146 /* Restore user page table */
147 write_sysreg(ttbr0, ttbr0_el1);
148 isb();
149 local_irq_restore(flags);
150 }
151
152 static inline bool uaccess_ttbr0_disable(void)
153 {
154 if (!system_uses_ttbr0_pan())
155 return false;
156 __uaccess_ttbr0_disable();
157 return true;
158 }
159
160 static inline bool uaccess_ttbr0_enable(void)
161 {
162 if (!system_uses_ttbr0_pan())
163 return false;
164 __uaccess_ttbr0_enable();
165 return true;
166 }
167 #else
168 static inline bool uaccess_ttbr0_disable(void)
169 {
170 return false;
171 }
172
173 static inline bool uaccess_ttbr0_enable(void)
174 {
175 return false;
176 }
177 #endif
178
179 static inline void __uaccess_disable_hw_pan(void)
180 {
181 asm(ALTERNATIVE("nop", SET_PSTATE_PAN(0), ARM64_HAS_PAN,
182 CONFIG_ARM64_PAN));
183 }
184
185 static inline void __uaccess_enable_hw_pan(void)
186 {
187 asm(ALTERNATIVE("nop", SET_PSTATE_PAN(1), ARM64_HAS_PAN,
188 CONFIG_ARM64_PAN));
189 }
190
191 #define __uaccess_disable(alt) \
192 do { \
193 if (!uaccess_ttbr0_disable()) \
194 asm(ALTERNATIVE("nop", SET_PSTATE_PAN(1), alt, \
195 CONFIG_ARM64_PAN)); \
196 } while (0)
197
198 #define __uaccess_enable(alt) \
199 do { \
200 if (!uaccess_ttbr0_enable()) \
201 asm(ALTERNATIVE("nop", SET_PSTATE_PAN(0), alt, \
202 CONFIG_ARM64_PAN)); \
203 } while (0)
204
205 static inline void uaccess_disable(void)
206 {
207 __uaccess_disable(ARM64_HAS_PAN);
208 }
209
210 static inline void uaccess_enable(void)
211 {
212 __uaccess_enable(ARM64_HAS_PAN);
213 }
214
215 /*
216 * These functions are no-ops when UAO is present.
217 */
218 static inline void uaccess_disable_not_uao(void)
219 {
220 __uaccess_disable(ARM64_ALT_PAN_NOT_UAO);
221 }
222
223 static inline void uaccess_enable_not_uao(void)
224 {
225 __uaccess_enable(ARM64_ALT_PAN_NOT_UAO);
226 }
227
228 /*
229 * Sanitise a uaccess pointer such that it becomes NULL if above the
230 * current addr_limit.
231 */
232 #define uaccess_mask_ptr(ptr) (__typeof__(ptr))__uaccess_mask_ptr(ptr)
233 static inline void __user *__uaccess_mask_ptr(const void __user *ptr)
234 {
235 void __user *safe_ptr;
236
237 asm volatile(
238 " bics xzr, %1, %2\n"
239 " csel %0, %1, xzr, eq\n"
240 : "=&r" (safe_ptr)
241 : "r" (ptr), "r" (current_thread_info()->addr_limit)
242 : "cc");
243
244 csdb();
245 return safe_ptr;
246 }
247
248 /*
249 * The "__xxx" versions of the user access functions do not verify the address
250 * space - it must have been done previously with a separate "access_ok()"
251 * call.
252 *
253 * The "__xxx_error" versions set the third argument to -EFAULT if an error
254 * occurs, and leave it unchanged on success.
255 */
256 #define __get_user_asm(instr, alt_instr, reg, x, addr, err, feature) \
257 asm volatile( \
258 "1:"ALTERNATIVE(instr " " reg "1, [%2]\n", \
259 alt_instr " " reg "1, [%2]\n", feature) \
260 "2:\n" \
261 " .section .fixup, \"ax\"\n" \
262 " .align 2\n" \
263 "3: mov %w0, %3\n" \
264 " mov %1, #0\n" \
265 " b 2b\n" \
266 " .previous\n" \
267 _ASM_EXTABLE(1b, 3b) \
268 : "+r" (err), "=&r" (x) \
269 : "r" (addr), "i" (-EFAULT))
270
271 #define __get_user_err(x, ptr, err) \
272 do { \
273 unsigned long __gu_val; \
274 __chk_user_ptr(ptr); \
275 uaccess_enable_not_uao(); \
276 switch (sizeof(*(ptr))) { \
277 case 1: \
278 __get_user_asm("ldrb", "ldtrb", "%w", __gu_val, (ptr), \
279 (err), ARM64_HAS_UAO); \
280 break; \
281 case 2: \
282 __get_user_asm("ldrh", "ldtrh", "%w", __gu_val, (ptr), \
283 (err), ARM64_HAS_UAO); \
284 break; \
285 case 4: \
286 __get_user_asm("ldr", "ldtr", "%w", __gu_val, (ptr), \
287 (err), ARM64_HAS_UAO); \
288 break; \
289 case 8: \
290 __get_user_asm("ldr", "ldtr", "%x", __gu_val, (ptr), \
291 (err), ARM64_HAS_UAO); \
292 break; \
293 default: \
294 BUILD_BUG(); \
295 } \
296 uaccess_disable_not_uao(); \
297 (x) = (__force __typeof__(*(ptr)))__gu_val; \
298 } while (0)
299
300 #define __get_user_check(x, ptr, err) \
301 ({ \
302 __typeof__(*(ptr)) __user *__p = (ptr); \
303 might_fault(); \
304 if (access_ok(__p, sizeof(*__p))) { \
305 __p = uaccess_mask_ptr(__p); \
306 __get_user_err((x), __p, (err)); \
307 } else { \
308 (x) = 0; (err) = -EFAULT; \
309 } \
310 })
311
312 #define __get_user_error(x, ptr, err) \
313 ({ \
314 __get_user_check((x), (ptr), (err)); \
315 (void)0; \
316 })
317
318 #define __get_user(x, ptr) \
319 ({ \
320 int __gu_err = 0; \
321 __get_user_check((x), (ptr), __gu_err); \
322 __gu_err; \
323 })
324
325 #define get_user __get_user
326
327 #define __put_user_asm(instr, alt_instr, reg, x, addr, err, feature) \
328 asm volatile( \
329 "1:"ALTERNATIVE(instr " " reg "1, [%2]\n", \
330 alt_instr " " reg "1, [%2]\n", feature) \
331 "2:\n" \
332 " .section .fixup,\"ax\"\n" \
333 " .align 2\n" \
334 "3: mov %w0, %3\n" \
335 " b 2b\n" \
336 " .previous\n" \
337 _ASM_EXTABLE(1b, 3b) \
338 : "+r" (err) \
339 : "r" (x), "r" (addr), "i" (-EFAULT))
340
341 #define __put_user_err(x, ptr, err) \
342 do { \
343 __typeof__(*(ptr)) __pu_val = (x); \
344 __chk_user_ptr(ptr); \
345 uaccess_enable_not_uao(); \
346 switch (sizeof(*(ptr))) { \
347 case 1: \
348 __put_user_asm("strb", "sttrb", "%w", __pu_val, (ptr), \
349 (err), ARM64_HAS_UAO); \
350 break; \
351 case 2: \
352 __put_user_asm("strh", "sttrh", "%w", __pu_val, (ptr), \
353 (err), ARM64_HAS_UAO); \
354 break; \
355 case 4: \
356 __put_user_asm("str", "sttr", "%w", __pu_val, (ptr), \
357 (err), ARM64_HAS_UAO); \
358 break; \
359 case 8: \
360 __put_user_asm("str", "sttr", "%x", __pu_val, (ptr), \
361 (err), ARM64_HAS_UAO); \
362 break; \
363 default: \
364 BUILD_BUG(); \
365 } \
366 uaccess_disable_not_uao(); \
367 } while (0)
368
369 #define __put_user_check(x, ptr, err) \
370 ({ \
371 __typeof__(*(ptr)) __user *__p = (ptr); \
372 might_fault(); \
373 if (access_ok(__p, sizeof(*__p))) { \
374 __p = uaccess_mask_ptr(__p); \
375 __put_user_err((x), __p, (err)); \
376 } else { \
377 (err) = -EFAULT; \
378 } \
379 })
380
381 #define __put_user_error(x, ptr, err) \
382 ({ \
383 __put_user_check((x), (ptr), (err)); \
384 (void)0; \
385 })
386
387 #define __put_user(x, ptr) \
388 ({ \
389 int __pu_err = 0; \
390 __put_user_check((x), (ptr), __pu_err); \
391 __pu_err; \
392 })
393
394 #define put_user __put_user
395
396 extern unsigned long __must_check __arch_copy_from_user(void *to, const void __user *from, unsigned long n);
397 #define raw_copy_from_user(to, from, n) \
398 ({ \
399 __arch_copy_from_user((to), __uaccess_mask_ptr(from), (n)); \
400 })
401
402 extern unsigned long __must_check __arch_copy_to_user(void __user *to, const void *from, unsigned long n);
403 #define raw_copy_to_user(to, from, n) \
404 ({ \
405 __arch_copy_to_user(__uaccess_mask_ptr(to), (from), (n)); \
406 })
407
408 extern unsigned long __must_check __arch_copy_in_user(void __user *to, const void __user *from, unsigned long n);
409 #define raw_copy_in_user(to, from, n) \
410 ({ \
411 __arch_copy_in_user(__uaccess_mask_ptr(to), \
412 __uaccess_mask_ptr(from), (n)); \
413 })
414
415 #define INLINE_COPY_TO_USER
416 #define INLINE_COPY_FROM_USER
417
418 extern unsigned long __must_check __arch_clear_user(void __user *to, unsigned long n);
419 static inline unsigned long __must_check __clear_user(void __user *to, unsigned long n)
420 {
421 if (access_ok(to, n))
422 n = __arch_clear_user(__uaccess_mask_ptr(to), n);
423 return n;
424 }
425 #define clear_user __clear_user
426
427 extern long strncpy_from_user(char *dest, const char __user *src, long count);
428
429 extern __must_check long strnlen_user(const char __user *str, long n);
430
431 #ifdef CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE
432 struct page;
433 void memcpy_page_flushcache(char *to, struct page *page, size_t offset, size_t len);
434 extern unsigned long __must_check __copy_user_flushcache(void *to, const void __user *from, unsigned long n);
435
436 static inline int __copy_from_user_flushcache(void *dst, const void __user *src, unsigned size)
437 {
438 kasan_check_write(dst, size);
439 return __copy_user_flushcache(dst, __uaccess_mask_ptr(src), size);
440 }
441 #endif
442
443 #endif /* __ASM_UACCESS_H */
Ubuntu Focal Linux kernel mirror