[thirdparty/linux.git] / arch / powerpc / include / asm / uaccess.h

/* SPDX-License-Identifier: GPL-2.0 */
#ifndef _ARCH_POWERPC_UACCESS_H
#define _ARCH_POWERPC_UACCESS_H

#include <asm/ppc_asm.h>
#include <asm/processor.h>
#include <asm/page.h>
#include <asm/extable.h>
#include <asm/kup.h>

/*
 * The fs value determines whether argument validity checking should be
 * performed or not.  If get_fs() == USER_DS, checking is performed, with
 * get_fs() == KERNEL_DS, checking is bypassed.
 *
 * For historical reasons, these macros are grossly misnamed.
 *
 * The fs/ds values are now the highest legal address in the "segment".
 * This simplifies the checking in the routines below.
 */

#define MAKE_MM_SEG(s)  ((mm_segment_t) { (s) })

#define KERNEL_DS	MAKE_MM_SEG(~0UL)
#ifdef __powerpc64__
/* We use TASK_SIZE_USER64 as TASK_SIZE is not constant */
#define USER_DS		MAKE_MM_SEG(TASK_SIZE_USER64 - 1)
#else
#define USER_DS		MAKE_MM_SEG(TASK_SIZE - 1)
#endif

#define get_fs()	(current->thread.addr_limit)

static inline void set_fs(mm_segment_t fs)
{
	current->thread.addr_limit = fs;
	/* On user-mode return check addr_limit (fs) is correct */
	set_thread_flag(TIF_FSCHECK);
}

#define segment_eq(a, b)	((a).seg == (b).seg)

#define user_addr_max()	(get_fs().seg)

#ifdef __powerpc64__
/*
 * This check is sufficient because there is a large enough
 * gap between user addresses and the kernel addresses
 */
#define __access_ok(addr, size, segment)	\
	(((addr) <= (segment).seg) && ((size) <= (segment).seg))

#else

static inline int __access_ok(unsigned long addr, unsigned long size,
			mm_segment_t seg)
{
	if (addr > seg.seg)
		return 0;
	return (size == 0 || size - 1 <= seg.seg - addr);
}

#endif

#define access_ok(addr, size)		\
	(__chk_user_ptr(addr),		\
	 __access_ok((__force unsigned long)(addr), (size), get_fs()))

/*
 * These are the main single-value transfer routines.  They automatically
 * use the right size if we just have the right pointer type.
 *
 * This gets kind of ugly. We want to return _two_ values in "get_user()"
 * and yet we don't want to do any pointers, because that is too much
 * of a performance impact. Thus we have a few rather ugly macros here,
 * and hide all the ugliness from the user.
 *
 * The "__xxx" versions of the user access functions are versions that
 * do not verify the address space, that must have been done previously
 * with a separate "access_ok()" call (this is used when we do multiple
 * accesses to the same area of user memory).
 *
 * As we use the same address space for kernel and user data on the
 * PowerPC, we can just do these as direct assignments.  (Of course, the
 * exception handling means that it's no longer "just"...)
 *
 */
#define get_user(x, ptr) \
	__get_user_check((x), (ptr), sizeof(*(ptr)))
#define put_user(x, ptr) \
	__put_user_check((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))

#define __get_user(x, ptr) \
	__get_user_nocheck((x), (ptr), sizeof(*(ptr)), true)
#define __put_user(x, ptr) \
	__put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)), true)

#define __get_user_allowed(x, ptr) \
	__get_user_nocheck((x), (ptr), sizeof(*(ptr)), false)
#define __put_user_allowed(x, ptr) \
	__put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)), false)

#define __get_user_inatomic(x, ptr) \
	__get_user_nosleep((x), (ptr), sizeof(*(ptr)))
#define __put_user_inatomic(x, ptr) \
	__put_user_nosleep((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))

extern long __put_user_bad(void);

/*
 * We don't tell gcc that we are accessing memory, but this is OK
 * because we do not write to any memory gcc knows about, so there
 * are no aliasing issues.
 */
#define __put_user_asm(x, addr, err, op)			\
	__asm__ __volatile__(					\
		"1:	" op " %1,0(%2)	# put_user\n"		\
		"2:\n"						\
		".section .fixup,\"ax\"\n"			\
		"3:	li %0,%3\n"				\
		"	b 2b\n"					\
		".previous\n"					\
		EX_TABLE(1b, 3b)				\
		: "=r" (err)					\
		: "r" (x), "b" (addr), "i" (-EFAULT), "0" (err))

#ifdef __powerpc64__
#define __put_user_asm2(x, ptr, retval)				\
	  __put_user_asm(x, ptr, retval, "std")
#else /* __powerpc64__ */
#define __put_user_asm2(x, addr, err)				\
	__asm__ __volatile__(					\
		"1:	stw %1,0(%2)\n"				\
		"2:	stw %1+1,4(%2)\n"			\
		"3:\n"						\
		".section .fixup,\"ax\"\n"			\
		"4:	li %0,%3\n"				\
		"	b 3b\n"					\
		".previous\n"					\
		EX_TABLE(1b, 4b)				\
		EX_TABLE(2b, 4b)				\
		: "=r" (err)					\
		: "r" (x), "b" (addr), "i" (-EFAULT), "0" (err))
#endif /* __powerpc64__ */

#define __put_user_size_allowed(x, ptr, size, retval)		\
do {								\
	retval = 0;						\
	switch (size) {						\
	  case 1: __put_user_asm(x, ptr, retval, "stb"); break;	\
	  case 2: __put_user_asm(x, ptr, retval, "sth"); break;	\
	  case 4: __put_user_asm(x, ptr, retval, "stw"); break;	\
	  case 8: __put_user_asm2(x, ptr, retval); break;	\
	  default: __put_user_bad();				\
	}							\
} while (0)

#define __put_user_size(x, ptr, size, retval)			\
do {								\
	allow_write_to_user(ptr, size);				\
	__put_user_size_allowed(x, ptr, size, retval);		\
	prevent_write_to_user(ptr, size);			\
} while (0)

#define __put_user_nocheck(x, ptr, size, do_allow)			\
({								\
	long __pu_err;						\
	__typeof__(*(ptr)) __user *__pu_addr = (ptr);		\
	__typeof__(*(ptr)) __pu_val = (x);			\
	__typeof__(size) __pu_size = (size);			\
								\
	if (!is_kernel_addr((unsigned long)__pu_addr))		\
		might_fault();					\
	__chk_user_ptr(__pu_addr);				\
	if (do_allow)								\
		__put_user_size(__pu_val, __pu_addr, __pu_size, __pu_err);	\
	else									\
		__put_user_size_allowed(__pu_val, __pu_addr, __pu_size, __pu_err); \
								\
	__pu_err;						\
})

#define __put_user_check(x, ptr, size)					\
({									\
	long __pu_err = -EFAULT;					\
	__typeof__(*(ptr)) __user *__pu_addr = (ptr);			\
	__typeof__(*(ptr)) __pu_val = (x);				\
	__typeof__(size) __pu_size = (size);				\
									\
	might_fault();							\
	if (access_ok(__pu_addr, __pu_size))				\
		__put_user_size(__pu_val, __pu_addr, __pu_size, __pu_err); \
									\
	__pu_err;							\
})

#define __put_user_nosleep(x, ptr, size)			\
({								\
	long __pu_err;						\
	__typeof__(*(ptr)) __user *__pu_addr = (ptr);		\
	__typeof__(*(ptr)) __pu_val = (x);			\
	__typeof__(size) __pu_size = (size);			\
								\
	__chk_user_ptr(__pu_addr);				\
	__put_user_size(__pu_val, __pu_addr, __pu_size, __pu_err); \
								\
	__pu_err;						\
})


extern long __get_user_bad(void);

/*
 * This does an atomic 128 byte aligned load from userspace.
 * Upto caller to do enable_kernel_vmx() before calling!
 */
#define __get_user_atomic_128_aligned(kaddr, uaddr, err)		\
	__asm__ __volatile__(				\
		"1:	lvx  0,0,%1	# get user\n"	\
		" 	stvx 0,0,%2	# put kernel\n"	\
		"2:\n"					\
		".section .fixup,\"ax\"\n"		\
		"3:	li %0,%3\n"			\
		"	b 2b\n"				\
		".previous\n"				\
		EX_TABLE(1b, 3b)			\
		: "=r" (err)			\
		: "b" (uaddr), "b" (kaddr), "i" (-EFAULT), "0" (err))

#define __get_user_asm(x, addr, err, op)		\
	__asm__ __volatile__(				\
		"1:	"op" %1,0(%2)	# get_user\n"	\
		"2:\n"					\
		".section .fixup,\"ax\"\n"		\
		"3:	li %0,%3\n"			\
		"	li %1,0\n"			\
		"	b 2b\n"				\
		".previous\n"				\
		EX_TABLE(1b, 3b)			\
		: "=r" (err), "=r" (x)			\
		: "b" (addr), "i" (-EFAULT), "0" (err))

#ifdef __powerpc64__
#define __get_user_asm2(x, addr, err)			\
	__get_user_asm(x, addr, err, "ld")
#else /* __powerpc64__ */
#define __get_user_asm2(x, addr, err)			\
	__asm__ __volatile__(				\
		"1:	lwz %1,0(%2)\n"			\
		"2:	lwz %1+1,4(%2)\n"		\
		"3:\n"					\
		".section .fixup,\"ax\"\n"		\
		"4:	li %0,%3\n"			\
		"	li %1,0\n"			\
		"	li %1+1,0\n"			\
		"	b 3b\n"				\
		".previous\n"				\
		EX_TABLE(1b, 4b)			\
		EX_TABLE(2b, 4b)			\
		: "=r" (err), "=&r" (x)			\
		: "b" (addr), "i" (-EFAULT), "0" (err))
#endif /* __powerpc64__ */

#define __get_user_size_allowed(x, ptr, size, retval)		\
do {								\
	retval = 0;						\
	__chk_user_ptr(ptr);					\
	if (size > sizeof(x))					\
		(x) = __get_user_bad();				\
	switch (size) {						\
	case 1: __get_user_asm(x, ptr, retval, "lbz"); break;	\
	case 2: __get_user_asm(x, ptr, retval, "lhz"); break;	\
	case 4: __get_user_asm(x, ptr, retval, "lwz"); break;	\
	case 8: __get_user_asm2(x, ptr, retval);  break;	\
	default: (x) = __get_user_bad();			\
	}							\
} while (0)

#define __get_user_size(x, ptr, size, retval)			\
do {								\
	allow_read_from_user(ptr, size);			\
	__get_user_size_allowed(x, ptr, size, retval);		\
	prevent_read_from_user(ptr, size);			\
} while (0)

/*
 * This is a type: either unsigned long, if the argument fits into
 * that type, or otherwise unsigned long long.
 */
#define __long_type(x) \
	__typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))

#define __get_user_nocheck(x, ptr, size, do_allow)			\
({								\
	long __gu_err;						\
	__long_type(*(ptr)) __gu_val;				\
	__typeof__(*(ptr)) __user *__gu_addr = (ptr);	\
	__typeof__(size) __gu_size = (size);			\
								\
	__chk_user_ptr(__gu_addr);				\
	if (!is_kernel_addr((unsigned long)__gu_addr))		\
		might_fault();					\
	barrier_nospec();					\
	if (do_allow)								\
		__get_user_size(__gu_val, __gu_addr, __gu_size, __gu_err);	\
	else									\
		__get_user_size_allowed(__gu_val, __gu_addr, __gu_size, __gu_err); \
	(x) = (__typeof__(*(ptr)))__gu_val;			\
								\
	__gu_err;						\
})

#define __get_user_check(x, ptr, size)					\
({									\
	long __gu_err = -EFAULT;					\
	__long_type(*(ptr)) __gu_val = 0;				\
	__typeof__(*(ptr)) __user *__gu_addr = (ptr);		\
	__typeof__(size) __gu_size = (size);				\
									\
	might_fault();							\
	if (access_ok(__gu_addr, __gu_size)) {				\
		barrier_nospec();					\
		__get_user_size(__gu_val, __gu_addr, __gu_size, __gu_err); \
	}								\
	(x) = (__force __typeof__(*(ptr)))__gu_val;				\
									\
	__gu_err;							\
})

#define __get_user_nosleep(x, ptr, size)			\
({								\
	long __gu_err;						\
	__long_type(*(ptr)) __gu_val;				\
	__typeof__(*(ptr)) __user *__gu_addr = (ptr);	\
	__typeof__(size) __gu_size = (size);			\
								\
	__chk_user_ptr(__gu_addr);				\
	barrier_nospec();					\
	__get_user_size(__gu_val, __gu_addr, __gu_size, __gu_err); \
	(x) = (__force __typeof__(*(ptr)))__gu_val;			\
								\
	__gu_err;						\
})


/* more complex routines */

extern unsigned long __copy_tofrom_user(void __user *to,
		const void __user *from, unsigned long size);

#ifdef __powerpc64__
static inline unsigned long
raw_copy_in_user(void __user *to, const void __user *from, unsigned long n)
{
	unsigned long ret;

	barrier_nospec();
	allow_read_write_user(to, from, n);
	ret = __copy_tofrom_user(to, from, n);
	prevent_read_write_user(to, from, n);
	return ret;
}
#endif /* __powerpc64__ */

static inline unsigned long raw_copy_from_user(void *to,
		const void __user *from, unsigned long n)
{
	unsigned long ret;
	if (__builtin_constant_p(n) && (n <= 8)) {
		ret = 1;

		switch (n) {
		case 1:
			barrier_nospec();
			__get_user_size(*(u8 *)to, from, 1, ret);
			break;
		case 2:
			barrier_nospec();
			__get_user_size(*(u16 *)to, from, 2, ret);
			break;
		case 4:
			barrier_nospec();
			__get_user_size(*(u32 *)to, from, 4, ret);
			break;
		case 8:
			barrier_nospec();
			__get_user_size(*(u64 *)to, from, 8, ret);
			break;
		}
		if (ret == 0)
			return 0;
	}

	barrier_nospec();
	allow_read_from_user(from, n);
	ret = __copy_tofrom_user((__force void __user *)to, from, n);
	prevent_read_from_user(from, n);
	return ret;
}

static inline unsigned long
raw_copy_to_user_allowed(void __user *to, const void *from, unsigned long n)
{
	if (__builtin_constant_p(n) && (n <= 8)) {
		unsigned long ret = 1;

		switch (n) {
		case 1:
			__put_user_size_allowed(*(u8 *)from, (u8 __user *)to, 1, ret);
			break;
		case 2:
			__put_user_size_allowed(*(u16 *)from, (u16 __user *)to, 2, ret);
			break;
		case 4:
			__put_user_size_allowed(*(u32 *)from, (u32 __user *)to, 4, ret);
			break;
		case 8:
			__put_user_size_allowed(*(u64 *)from, (u64 __user *)to, 8, ret);
			break;
		}
		if (ret == 0)
			return 0;
	}

	return __copy_tofrom_user(to, (__force const void __user *)from, n);
}

static inline unsigned long
raw_copy_to_user(void __user *to, const void *from, unsigned long n)
{
	unsigned long ret;

	allow_write_to_user(to, n);
	ret = raw_copy_to_user_allowed(to, from, n);
	prevent_write_to_user(to, n);
	return ret;
}

static __always_inline unsigned long __must_check
copy_to_user_mcsafe(void __user *to, const void *from, unsigned long n)
{
	if (likely(check_copy_size(from, n, true))) {
		if (access_ok(to, n)) {
			allow_write_to_user(to, n);
			n = memcpy_mcsafe((void *)to, from, n);
			prevent_write_to_user(to, n);
		}
	}

	return n;
}

unsigned long __arch_clear_user(void __user *addr, unsigned long size);

static inline unsigned long clear_user(void __user *addr, unsigned long size)
{
	unsigned long ret = size;
	might_fault();
	if (likely(access_ok(addr, size))) {
		allow_write_to_user(addr, size);
		ret = __arch_clear_user(addr, size);
		prevent_write_to_user(addr, size);
	}
	return ret;
}

static inline unsigned long __clear_user(void __user *addr, unsigned long size)
{
	return clear_user(addr, size);
}

extern long strncpy_from_user(char *dst, const char __user *src, long count);
extern __must_check long strnlen_user(const char __user *str, long n);

extern long __copy_from_user_flushcache(void *dst, const void __user *src,
		unsigned size);
extern void memcpy_page_flushcache(char *to, struct page *page, size_t offset,
			   size_t len);

static __must_check inline bool user_access_begin(const void __user *ptr, size_t len)
{
	if (unlikely(!access_ok(ptr, len)))
		return false;
	allow_read_write_user((void __user *)ptr, ptr, len);
	return true;
}
#define user_access_begin	user_access_begin
#define user_access_end		prevent_current_access_user
#define user_access_save	prevent_user_access_return
#define user_access_restore	restore_user_access

#define unsafe_op_wrap(op, err) do { if (unlikely(op)) goto err; } while (0)
#define unsafe_get_user(x, p, e) unsafe_op_wrap(__get_user_allowed(x, p), e)
#define unsafe_put_user(x, p, e) unsafe_op_wrap(__put_user_allowed(x, p), e)
#define unsafe_copy_to_user(d, s, l, e) \
	unsafe_op_wrap(raw_copy_to_user_allowed(d, s, l), e)

#endif	/* _ARCH_POWERPC_UACCESS_H */
Commit	Line	Data
b2441318	1	/* SPDX-License-Identifier: GPL-2.0 */
2df5e8bc SR	2	#ifndef _ARCH_POWERPC_UACCESS_H
	3	#define _ARCH_POWERPC_UACCESS_H
	4
24bfa6a9	5	#include <asm/ppc_asm.h>
2df5e8bc	6	#include <asm/processor.h>
6bfd93c3	7	#include <asm/page.h>
527b5bae	8	#include <asm/extable.h>
de78a9c4	9	#include <asm/kup.h>
2df5e8bc	10
2df5e8bc SR	11	/*
	12	* The fs value determines whether argument validity checking should be
	13	* performed or not. If get_fs() == USER_DS, checking is performed, with
	14	* get_fs() == KERNEL_DS, checking is bypassed.
	15	*
	16	* For historical reasons, these macros are grossly misnamed.
	17	*
	18	* The fs/ds values are now the highest legal address in the "segment".
	19	* This simplifies the checking in the routines below.
	20	*/
	21
	22	#define MAKE_MM_SEG(s) ((mm_segment_t) { (s) })
	23
5015b494	24	#define KERNEL_DS MAKE_MM_SEG(~0UL)
2df5e8bc	25	#ifdef __powerpc64__
5015b494 SR	26	/* We use TASK_SIZE_USER64 as TASK_SIZE is not constant */
5015b494 SR	27	#define USER_DS MAKE_MM_SEG(TASK_SIZE_USER64 - 1)
2df5e8bc	28	#else
2df5e8bc SR	29	#define USER_DS MAKE_MM_SEG(TASK_SIZE - 1)
	30	#endif
	31
ba0635fc	32	#define get_fs() (current->thread.addr_limit)
3e378680 ME	33
	34	static inline void set_fs(mm_segment_t fs)
	35	{
	36	current->thread.addr_limit = fs;
	37	/* On user-mode return check addr_limit (fs) is correct */
	38	set_thread_flag(TIF_FSCHECK);
	39	}
2df5e8bc SR	40
	41	#define segment_eq(a, b) ((a).seg == (b).seg)
	42
1629372c PM	43	#define user_addr_max() (get_fs().seg)
1629372c PM	44
2df5e8bc SR	45	#ifdef __powerpc64__
2df5e8bc SR	46	/*
5015b494 SR	47	* This check is sufficient because there is a large enough
5015b494 SR	48	* gap between user addresses and the kernel addresses
2df5e8bc SR	49	*/
2df5e8bc SR	50	#define __access_ok(addr, size, segment) \
5015b494	51	(((addr) <= (segment).seg) && ((size) <= (segment).seg))
2df5e8bc SR	52
	53	#else
	54
ef85dffd MM	55	static inline int __access_ok(unsigned long addr, unsigned long size,
	56	mm_segment_t seg)
	57	{
	58	if (addr > seg.seg)
	59	return 0;
	60	return (size == 0 \|\| size - 1 <= seg.seg - addr);
	61	}
2df5e8bc SR	62
	63	#endif
	64
96d4f267	65	#define access_ok(addr, size) \
4caf4ebf	66	(__chk_user_ptr(addr), \
2df5e8bc SR	67	__access_ok((__force unsigned long)(addr), (size), get_fs()))
2df5e8bc SR	68
2df5e8bc SR	69	/*
	70	* These are the main single-value transfer routines. They automatically
	71	* use the right size if we just have the right pointer type.
	72	*
	73	* This gets kind of ugly. We want to return _two_ values in "get_user()"
	74	* and yet we don't want to do any pointers, because that is too much
	75	* of a performance impact. Thus we have a few rather ugly macros here,
	76	* and hide all the ugliness from the user.
	77	*
	78	* The "__xxx" versions of the user access functions are versions that
	79	* do not verify the address space, that must have been done previously
	80	* with a separate "access_ok()" call (this is used when we do multiple
	81	* accesses to the same area of user memory).
	82	*
	83	* As we use the same address space for kernel and user data on the
	84	* PowerPC, we can just do these as direct assignments. (Of course, the
	85	* exception handling means that it's no longer "just"...)
	86	*
2df5e8bc SR	87	*/
	88	#define get_user(x, ptr) \
	89	__get_user_check((x), (ptr), sizeof(*(ptr)))
	90	#define put_user(x, ptr) \
	91	__put_user_check((__typeof__((ptr)))(x), (ptr), sizeof((ptr)))
	92
	93	#define __get_user(x, ptr) \
5cd62333	94	__get_user_nocheck((x), (ptr), sizeof(*(ptr)), true)
2df5e8bc	95	#define __put_user(x, ptr) \
5cd62333 CL	96	__put_user_nocheck((__typeof__((ptr)))(x), (ptr), sizeof((ptr)), true)
	97
	98	#define __get_user_allowed(x, ptr) \
	99	__get_user_nocheck((x), (ptr), sizeof(*(ptr)), false)
	100	#define __put_user_allowed(x, ptr) \
	101	__put_user_nocheck((__typeof__((ptr)))(x), (ptr), sizeof((ptr)), false)
e68c825b	102
e68c825b BH	103	#define __get_user_inatomic(x, ptr) \
	104	__get_user_nosleep((x), (ptr), sizeof(*(ptr)))
	105	#define __put_user_inatomic(x, ptr) \
	106	__put_user_nosleep((__typeof__((ptr)))(x), (ptr), sizeof((ptr)))
	107
2df5e8bc SR	108	extern long __put_user_bad(void);
2df5e8bc SR	109
2df5e8bc SR	110	/*
	111	* We don't tell gcc that we are accessing memory, but this is OK
	112	* because we do not write to any memory gcc knows about, so there
	113	* are no aliasing issues.
	114	*/
	115	#define __put_user_asm(x, addr, err, op) \
	116	__asm__ __volatile__( \
	117	"1: " op " %1,0(%2) # put_user\n" \
	118	"2:\n" \
	119	".section .fixup,\"ax\"\n" \
	120	"3: li %0,%3\n" \
	121	" b 2b\n" \
	122	".previous\n" \
24bfa6a9	123	EX_TABLE(1b, 3b) \
2df5e8bc	124	: "=r" (err) \
551c3c04	125	: "r" (x), "b" (addr), "i" (-EFAULT), "0" (err))
2df5e8bc	126
5015b494 SR	127	#ifdef __powerpc64__
	128	#define __put_user_asm2(x, ptr, retval) \
	129	__put_user_asm(x, ptr, retval, "std")
	130	#else /* __powerpc64__ */
2df5e8bc SR	131	#define __put_user_asm2(x, addr, err) \
	132	__asm__ __volatile__( \
	133	"1: stw %1,0(%2)\n" \
	134	"2: stw %1+1,4(%2)\n" \
	135	"3:\n" \
	136	".section .fixup,\"ax\"\n" \
	137	"4: li %0,%3\n" \
	138	" b 3b\n" \
	139	".previous\n" \
24bfa6a9 NP	140	EX_TABLE(1b, 4b) \
24bfa6a9 NP	141	EX_TABLE(2b, 4b) \
2df5e8bc	142	: "=r" (err) \
551c3c04	143	: "r" (x), "b" (addr), "i" (-EFAULT), "0" (err))
2df5e8bc SR	144	#endif /* __powerpc64__ */
2df5e8bc SR	145
5cd62333	146	#define __put_user_size_allowed(x, ptr, size, retval) \
2df5e8bc SR	147	do { \
	148	retval = 0; \
	149	switch (size) { \
	150	case 1: __put_user_asm(x, ptr, retval, "stb"); break; \
	151	case 2: __put_user_asm(x, ptr, retval, "sth"); break; \
	152	case 4: __put_user_asm(x, ptr, retval, "stw"); break; \
	153	case 8: __put_user_asm2(x, ptr, retval); break; \
	154	default: __put_user_bad(); \
	155	} \
5cd62333 CL	156	} while (0)
	157
	158	#define __put_user_size(x, ptr, size, retval) \
	159	do { \
	160	allow_write_to_user(ptr, size); \
	161	__put_user_size_allowed(x, ptr, size, retval); \
de78a9c4	162	prevent_write_to_user(ptr, size); \
2df5e8bc SR	163	} while (0)
2df5e8bc SR	164
5cd62333	165	#define __put_user_nocheck(x, ptr, size, do_allow) \
2df5e8bc SR	166	({ \
2df5e8bc SR	167	long __pu_err; \
6bfd93c3	168	__typeof__((ptr)) __user __pu_addr = (ptr); \
d02f6b7d NP	169	__typeof__(*(ptr)) __pu_val = (x); \
	170	__typeof__(size) __pu_size = (size); \
	171	\
6bfd93c3	172	if (!is_kernel_addr((unsigned long)__pu_addr)) \
1af1717d	173	might_fault(); \
d02f6b7d	174	__chk_user_ptr(__pu_addr); \
5cd62333	175	if (do_allow) \
d02f6b7d	176	__put_user_size(__pu_val, __pu_addr, __pu_size, __pu_err); \
5cd62333	177	else \
d02f6b7d NP	178	__put_user_size_allowed(__pu_val, __pu_addr, __pu_size, __pu_err); \
d02f6b7d NP	179	\
2df5e8bc SR	180	__pu_err; \
	181	})
	182
	183	#define __put_user_check(x, ptr, size) \
	184	({ \
	185	long __pu_err = -EFAULT; \
	186	__typeof__((ptr)) __user __pu_addr = (ptr); \
d02f6b7d NP	187	__typeof__(*(ptr)) __pu_val = (x); \
	188	__typeof__(size) __pu_size = (size); \
	189	\
1af1717d	190	might_fault(); \
d02f6b7d NP	191	if (access_ok(__pu_addr, __pu_size)) \
	192	__put_user_size(__pu_val, __pu_addr, __pu_size, __pu_err); \
	193	\
2df5e8bc SR	194	__pu_err; \
	195	})
	196
e68c825b BH	197	#define __put_user_nosleep(x, ptr, size) \
	198	({ \
	199	long __pu_err; \
	200	__typeof__((ptr)) __user __pu_addr = (ptr); \
d02f6b7d NP	201	__typeof__(*(ptr)) __pu_val = (x); \
	202	__typeof__(size) __pu_size = (size); \
	203	\
	204	__chk_user_ptr(__pu_addr); \
	205	__put_user_size(__pu_val, __pu_addr, __pu_size, __pu_err); \
	206	\
e68c825b BH	207	__pu_err; \
	208	})
	209
	210
2df5e8bc SR	211	extern long __get_user_bad(void);
2df5e8bc SR	212
5080332c MN	213	/*
	214	* This does an atomic 128 byte aligned load from userspace.
	215	* Upto caller to do enable_kernel_vmx() before calling!
	216	*/
	217	#define __get_user_atomic_128_aligned(kaddr, uaddr, err) \
	218	__asm__ __volatile__( \
	219	"1: lvx 0,0,%1 # get user\n" \
	220	" stvx 0,0,%2 # put kernel\n" \
	221	"2:\n" \
	222	".section .fixup,\"ax\"\n" \
	223	"3: li %0,%3\n" \
	224	" b 2b\n" \
	225	".previous\n" \
	226	EX_TABLE(1b, 3b) \
	227	: "=r" (err) \
	228	: "b" (uaddr), "b" (kaddr), "i" (-EFAULT), "0" (err))
	229
2df5e8bc SR	230	#define __get_user_asm(x, addr, err, op) \
2df5e8bc SR	231	__asm__ __volatile__( \
5015b494	232	"1: "op" %1,0(%2) # get_user\n" \
2df5e8bc SR	233	"2:\n" \
	234	".section .fixup,\"ax\"\n" \
	235	"3: li %0,%3\n" \
	236	" li %1,0\n" \
	237	" b 2b\n" \
	238	".previous\n" \
24bfa6a9	239	EX_TABLE(1b, 3b) \
2df5e8bc	240	: "=r" (err), "=r" (x) \
551c3c04	241	: "b" (addr), "i" (-EFAULT), "0" (err))
2df5e8bc	242
5015b494 SR	243	#ifdef __powerpc64__
	244	#define __get_user_asm2(x, addr, err) \
	245	__get_user_asm(x, addr, err, "ld")
	246	#else /* __powerpc64__ */
	247	#define __get_user_asm2(x, addr, err) \
2df5e8bc SR	248	__asm__ __volatile__( \
	249	"1: lwz %1,0(%2)\n" \
	250	"2: lwz %1+1,4(%2)\n" \
	251	"3:\n" \
	252	".section .fixup,\"ax\"\n" \
	253	"4: li %0,%3\n" \
	254	" li %1,0\n" \
	255	" li %1+1,0\n" \
	256	" b 3b\n" \
	257	".previous\n" \
24bfa6a9 NP	258	EX_TABLE(1b, 4b) \
24bfa6a9 NP	259	EX_TABLE(2b, 4b) \
2df5e8bc	260	: "=r" (err), "=&r" (x) \
551c3c04	261	: "b" (addr), "i" (-EFAULT), "0" (err))
2df5e8bc SR	262	#endif /* __powerpc64__ */
2df5e8bc SR	263
5cd62333	264	#define __get_user_size_allowed(x, ptr, size, retval) \
2df5e8bc SR	265	do { \
	266	retval = 0; \
	267	__chk_user_ptr(ptr); \
5015b494 SR	268	if (size > sizeof(x)) \
5015b494 SR	269	(x) = __get_user_bad(); \
2df5e8bc SR	270	switch (size) { \
	271	case 1: __get_user_asm(x, ptr, retval, "lbz"); break; \
	272	case 2: __get_user_asm(x, ptr, retval, "lhz"); break; \
	273	case 4: __get_user_asm(x, ptr, retval, "lwz"); break; \
	274	case 8: __get_user_asm2(x, ptr, retval); break; \
	275	default: (x) = __get_user_bad(); \
	276	} \
5cd62333 CL	277	} while (0)
	278
	279	#define __get_user_size(x, ptr, size, retval) \
	280	do { \
	281	allow_read_from_user(ptr, size); \
	282	__get_user_size_allowed(x, ptr, size, retval); \
de78a9c4	283	prevent_read_from_user(ptr, size); \
2df5e8bc SR	284	} while (0)
2df5e8bc SR	285
f7a6947c ME	286	/*
	287	* This is a type: either unsigned long, if the argument fits into
	288	* that type, or otherwise unsigned long long.
	289	*/
	290	#define __long_type(x) \
	291	__typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
	292
5cd62333	293	#define __get_user_nocheck(x, ptr, size, do_allow) \
2df5e8bc SR	294	({ \
2df5e8bc SR	295	long __gu_err; \
f7a6947c	296	__long_type(*(ptr)) __gu_val; \
e00d93ac	297	__typeof__((ptr)) __user __gu_addr = (ptr); \
d02f6b7d NP	298	__typeof__(size) __gu_size = (size); \
	299	\
	300	__chk_user_ptr(__gu_addr); \
6bfd93c3	301	if (!is_kernel_addr((unsigned long)__gu_addr)) \
1af1717d	302	might_fault(); \
ddf35cf3	303	barrier_nospec(); \
5cd62333	304	if (do_allow) \
d02f6b7d	305	__get_user_size(__gu_val, __gu_addr, __gu_size, __gu_err); \
5cd62333	306	else \
d02f6b7d	307	__get_user_size_allowed(__gu_val, __gu_addr, __gu_size, __gu_err); \
2df5e8bc	308	(x) = (__typeof__(*(ptr)))__gu_val; \
d02f6b7d	309	\
2df5e8bc SR	310	__gu_err; \
	311	})
	312
2df5e8bc SR	313	#define __get_user_check(x, ptr, size) \
	314	({ \
	315	long __gu_err = -EFAULT; \
f7a6947c	316	__long_type(*(ptr)) __gu_val = 0; \
e00d93ac	317	__typeof__((ptr)) __user __gu_addr = (ptr); \
d02f6b7d NP	318	__typeof__(size) __gu_size = (size); \
d02f6b7d NP	319	\
1af1717d	320	might_fault(); \
d02f6b7d	321	if (access_ok(__gu_addr, __gu_size)) { \
ddf35cf3	322	barrier_nospec(); \
d02f6b7d	323	__get_user_size(__gu_val, __gu_addr, __gu_size, __gu_err); \
ddf35cf3	324	} \
505e4283	325	(x) = (__force __typeof__(*(ptr)))__gu_val; \
d02f6b7d	326	\
2df5e8bc SR	327	__gu_err; \
	328	})
	329
e68c825b BH	330	#define __get_user_nosleep(x, ptr, size) \
	331	({ \
	332	long __gu_err; \
f7a6947c	333	__long_type(*(ptr)) __gu_val; \
e00d93ac	334	__typeof__((ptr)) __user __gu_addr = (ptr); \
d02f6b7d NP	335	__typeof__(size) __gu_size = (size); \
	336	\
	337	__chk_user_ptr(__gu_addr); \
ddf35cf3	338	barrier_nospec(); \
d02f6b7d	339	__get_user_size(__gu_val, __gu_addr, __gu_size, __gu_err); \
505e4283	340	(x) = (__force __typeof__(*(ptr)))__gu_val; \
d02f6b7d	341	\
e68c825b BH	342	__gu_err; \
	343	})
	344
	345
2df5e8bc SR	346	/* more complex routines */
	347
	348	extern unsigned long __copy_tofrom_user(void __user *to,
	349	const void __user *from, unsigned long size);
	350
d6bd8194	351	#ifdef __powerpc64__
3448890c AV	352	static inline unsigned long
	353	raw_copy_in_user(void __user to, const void __user from, unsigned long n)
	354	{
de78a9c4 CL	355	unsigned long ret;
de78a9c4 CL	356
6fbcdd59	357	barrier_nospec();
1d8f739b	358	allow_read_write_user(to, from, n);
de78a9c4	359	ret = __copy_tofrom_user(to, from, n);
1d8f739b	360	prevent_read_write_user(to, from, n);
de78a9c4	361	return ret;
3448890c	362	}
48fe4871 SR	363	#endif /* __powerpc64__ */
48fe4871 SR	364
3448890c	365	static inline unsigned long raw_copy_from_user(void *to,
5015b494	366	const void __user *from, unsigned long n)
2df5e8bc	367	{
de78a9c4	368	unsigned long ret;
2df5e8bc	369	if (__builtin_constant_p(n) && (n <= 8)) {
de78a9c4	370	ret = 1;
2df5e8bc SR	371
	372	switch (n) {
	373	case 1:
ddf35cf3	374	barrier_nospec();
2df5e8bc SR	375	__get_user_size((u8 )to, from, 1, ret);
	376	break;
	377	case 2:
ddf35cf3	378	barrier_nospec();
2df5e8bc SR	379	__get_user_size((u16 )to, from, 2, ret);
	380	break;
	381	case 4:
ddf35cf3	382	barrier_nospec();
2df5e8bc SR	383	__get_user_size((u32 )to, from, 4, ret);
	384	break;
	385	case 8:
ddf35cf3	386	barrier_nospec();
2df5e8bc SR	387	__get_user_size((u64 )to, from, 8, ret);
	388	break;
	389	}
48fe4871 SR	390	if (ret == 0)
48fe4871 SR	391	return 0;
2df5e8bc	392	}
1d3c1324	393
ddf35cf3	394	barrier_nospec();
de78a9c4 CL	395	allow_read_from_user(from, n);
	396	ret = __copy_tofrom_user((__force void __user *)to, from, n);
	397	prevent_read_from_user(from, n);
	398	return ret;
2df5e8bc SR	399	}
2df5e8bc SR	400
5cd62333 CL	401	static inline unsigned long
5cd62333 CL	402	raw_copy_to_user_allowed(void __user to, const void from, unsigned long n)
2df5e8bc SR	403	{
2df5e8bc SR	404	if (__builtin_constant_p(n) && (n <= 8)) {
5cd62333	405	unsigned long ret = 1;
2df5e8bc SR	406
	407	switch (n) {
	408	case 1:
5cd62333	409	__put_user_size_allowed((u8 )from, (u8 __user *)to, 1, ret);
2df5e8bc SR	410	break;
2df5e8bc SR	411	case 2:
5cd62333	412	__put_user_size_allowed((u16 )from, (u16 __user *)to, 2, ret);
2df5e8bc SR	413	break;
2df5e8bc SR	414	case 4:
5cd62333	415	__put_user_size_allowed((u32 )from, (u32 __user *)to, 4, ret);
2df5e8bc SR	416	break;
2df5e8bc SR	417	case 8:
5cd62333	418	__put_user_size_allowed((u64 )from, (u64 __user *)to, 8, ret);
2df5e8bc SR	419	break;
2df5e8bc SR	420	}
48fe4871 SR	421	if (ret == 0)
48fe4871 SR	422	return 0;
2df5e8bc	423	}
81409e9e	424
5cd62333 CL	425	return __copy_tofrom_user(to, (__force const void __user *)from, n);
	426	}
	427
	428	static inline unsigned long
	429	raw_copy_to_user(void __user to, const void from, unsigned long n)
	430	{
	431	unsigned long ret;
	432
de78a9c4	433	allow_write_to_user(to, n);
5cd62333	434	ret = raw_copy_to_user_allowed(to, from, n);
de78a9c4 CL	435	prevent_write_to_user(to, n);
de78a9c4 CL	436	return ret;
2df5e8bc SR	437	}
2df5e8bc SR	438
42ac26d2 SS	439	static __always_inline unsigned long __must_check
	440	copy_to_user_mcsafe(void __user to, const void from, unsigned long n)
	441	{
	442	if (likely(check_copy_size(from, n, true))) {
	443	if (access_ok(to, n)) {
	444	allow_write_to_user(to, n);
	445	n = memcpy_mcsafe((void *)to, from, n);
	446	prevent_write_to_user(to, n);
	447	}
	448	}
	449
	450	return n;
	451	}
	452
61e3acd8	453	unsigned long __arch_clear_user(void __user *addr, unsigned long size);
2df5e8bc SR	454
	455	static inline unsigned long clear_user(void __user *addr, unsigned long size)
	456	{
de78a9c4	457	unsigned long ret = size;
1af1717d	458	might_fault();
de78a9c4 CL	459	if (likely(access_ok(addr, size))) {
de78a9c4 CL	460	allow_write_to_user(addr, size);
61e3acd8	461	ret = __arch_clear_user(addr, size);
de78a9c4 CL	462	prevent_write_to_user(addr, size);
	463	}
	464	return ret;
2df5e8bc SR	465	}
2df5e8bc SR	466
61e3acd8 AD	467	static inline unsigned long __clear_user(void __user *addr, unsigned long size)
	468	{
	469	return clear_user(addr, size);
	470	}
	471
1629372c	472	extern long strncpy_from_user(char dst, const char __user src, long count);
1629372c	473	extern __must_check long strnlen_user(const char __user *str, long n);
2df5e8bc	474
6c44741d OH	475	extern long __copy_from_user_flushcache(void dst, const void __user src,
	476	unsigned size);
	477	extern void memcpy_page_flushcache(char to, struct page page, size_t offset,
	478	size_t len);
	479
5cd62333 CL	480	static __must_check inline bool user_access_begin(const void __user *ptr, size_t len)
	481	{
	482	if (unlikely(!access_ok(ptr, len)))
	483	return false;
	484	allow_read_write_user((void __user *)ptr, ptr, len);
	485	return true;
	486	}
	487	#define user_access_begin user_access_begin
	488	#define user_access_end prevent_current_access_user
3d7dfd63 CL	489	#define user_access_save prevent_user_access_return
3d7dfd63 CL	490	#define user_access_restore restore_user_access
5cd62333 CL	491
	492	#define unsafe_op_wrap(op, err) do { if (unlikely(op)) goto err; } while (0)
	493	#define unsafe_get_user(x, p, e) unsafe_op_wrap(__get_user_allowed(x, p), e)
	494	#define unsafe_put_user(x, p, e) unsafe_op_wrap(__put_user_allowed(x, p), e)
	495	#define unsafe_copy_to_user(d, s, l, e) \
	496	unsafe_op_wrap(raw_copy_to_user_allowed(d, s, l), e)
	497
2df5e8bc	498	#endif /* _ARCH_POWERPC_UACCESS_H */