1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0 */
2*4882a593Smuzhiyun #ifndef __ASM_GENERIC_UACCESS_H
3*4882a593Smuzhiyun #define __ASM_GENERIC_UACCESS_H
4*4882a593Smuzhiyun
5*4882a593Smuzhiyun /*
6*4882a593Smuzhiyun * User space memory access functions, these should work
7*4882a593Smuzhiyun * on any machine that has kernel and user data in the same
8*4882a593Smuzhiyun * address space, e.g. all NOMMU machines.
9*4882a593Smuzhiyun */
10*4882a593Smuzhiyun #include <linux/string.h>
11*4882a593Smuzhiyun
12*4882a593Smuzhiyun #ifdef CONFIG_UACCESS_MEMCPY
13*4882a593Smuzhiyun #include <asm/unaligned.h>
14*4882a593Smuzhiyun
15*4882a593Smuzhiyun static __always_inline int
__get_user_fn(size_t size,const void __user * from,void * to)16*4882a593Smuzhiyun __get_user_fn(size_t size, const void __user *from, void *to)
17*4882a593Smuzhiyun {
18*4882a593Smuzhiyun BUILD_BUG_ON(!__builtin_constant_p(size));
19*4882a593Smuzhiyun
20*4882a593Smuzhiyun switch (size) {
21*4882a593Smuzhiyun case 1:
22*4882a593Smuzhiyun *(u8 *)to = get_unaligned((u8 __force *)from);
23*4882a593Smuzhiyun return 0;
24*4882a593Smuzhiyun case 2:
25*4882a593Smuzhiyun *(u16 *)to = get_unaligned((u16 __force *)from);
26*4882a593Smuzhiyun return 0;
27*4882a593Smuzhiyun case 4:
28*4882a593Smuzhiyun *(u32 *)to = get_unaligned((u32 __force *)from);
29*4882a593Smuzhiyun return 0;
30*4882a593Smuzhiyun case 8:
31*4882a593Smuzhiyun *(u64 *)to = get_unaligned((u64 __force *)from);
32*4882a593Smuzhiyun return 0;
33*4882a593Smuzhiyun default:
34*4882a593Smuzhiyun BUILD_BUG();
35*4882a593Smuzhiyun return 0;
36*4882a593Smuzhiyun }
37*4882a593Smuzhiyun
38*4882a593Smuzhiyun }
39*4882a593Smuzhiyun #define __get_user_fn(sz, u, k) __get_user_fn(sz, u, k)
40*4882a593Smuzhiyun
41*4882a593Smuzhiyun static __always_inline int
__put_user_fn(size_t size,void __user * to,void * from)42*4882a593Smuzhiyun __put_user_fn(size_t size, void __user *to, void *from)
43*4882a593Smuzhiyun {
44*4882a593Smuzhiyun BUILD_BUG_ON(!__builtin_constant_p(size));
45*4882a593Smuzhiyun
46*4882a593Smuzhiyun switch (size) {
47*4882a593Smuzhiyun case 1:
48*4882a593Smuzhiyun put_unaligned(*(u8 *)from, (u8 __force *)to);
49*4882a593Smuzhiyun return 0;
50*4882a593Smuzhiyun case 2:
51*4882a593Smuzhiyun put_unaligned(*(u16 *)from, (u16 __force *)to);
52*4882a593Smuzhiyun return 0;
53*4882a593Smuzhiyun case 4:
54*4882a593Smuzhiyun put_unaligned(*(u32 *)from, (u32 __force *)to);
55*4882a593Smuzhiyun return 0;
56*4882a593Smuzhiyun case 8:
57*4882a593Smuzhiyun put_unaligned(*(u64 *)from, (u64 __force *)to);
58*4882a593Smuzhiyun return 0;
59*4882a593Smuzhiyun default:
60*4882a593Smuzhiyun BUILD_BUG();
61*4882a593Smuzhiyun return 0;
62*4882a593Smuzhiyun }
63*4882a593Smuzhiyun }
64*4882a593Smuzhiyun #define __put_user_fn(sz, u, k) __put_user_fn(sz, u, k)
65*4882a593Smuzhiyun
66*4882a593Smuzhiyun #define __get_kernel_nofault(dst, src, type, err_label) \
67*4882a593Smuzhiyun do { \
68*4882a593Smuzhiyun *((type *)dst) = get_unaligned((type *)(src)); \
69*4882a593Smuzhiyun if (0) /* make sure the label looks used to the compiler */ \
70*4882a593Smuzhiyun goto err_label; \
71*4882a593Smuzhiyun } while (0)
72*4882a593Smuzhiyun
73*4882a593Smuzhiyun #define __put_kernel_nofault(dst, src, type, err_label) \
74*4882a593Smuzhiyun do { \
75*4882a593Smuzhiyun put_unaligned(*((type *)src), (type *)(dst)); \
76*4882a593Smuzhiyun if (0) /* make sure the label looks used to the compiler */ \
77*4882a593Smuzhiyun goto err_label; \
78*4882a593Smuzhiyun } while (0)
79*4882a593Smuzhiyun
80*4882a593Smuzhiyun #define HAVE_GET_KERNEL_NOFAULT 1
81*4882a593Smuzhiyun
82*4882a593Smuzhiyun static inline __must_check unsigned long
raw_copy_from_user(void * to,const void __user * from,unsigned long n)83*4882a593Smuzhiyun raw_copy_from_user(void *to, const void __user * from, unsigned long n)
84*4882a593Smuzhiyun {
85*4882a593Smuzhiyun memcpy(to, (const void __force *)from, n);
86*4882a593Smuzhiyun return 0;
87*4882a593Smuzhiyun }
88*4882a593Smuzhiyun
89*4882a593Smuzhiyun static inline __must_check unsigned long
raw_copy_to_user(void __user * to,const void * from,unsigned long n)90*4882a593Smuzhiyun raw_copy_to_user(void __user *to, const void *from, unsigned long n)
91*4882a593Smuzhiyun {
92*4882a593Smuzhiyun memcpy((void __force *)to, from, n);
93*4882a593Smuzhiyun return 0;
94*4882a593Smuzhiyun }
95*4882a593Smuzhiyun #define INLINE_COPY_FROM_USER
96*4882a593Smuzhiyun #define INLINE_COPY_TO_USER
97*4882a593Smuzhiyun #endif /* CONFIG_UACCESS_MEMCPY */
98*4882a593Smuzhiyun
99*4882a593Smuzhiyun #ifdef CONFIG_SET_FS
100*4882a593Smuzhiyun #define MAKE_MM_SEG(s) ((mm_segment_t) { (s) })
101*4882a593Smuzhiyun
102*4882a593Smuzhiyun #ifndef KERNEL_DS
103*4882a593Smuzhiyun #define KERNEL_DS MAKE_MM_SEG(~0UL)
104*4882a593Smuzhiyun #endif
105*4882a593Smuzhiyun
106*4882a593Smuzhiyun #ifndef USER_DS
107*4882a593Smuzhiyun #define USER_DS MAKE_MM_SEG(TASK_SIZE - 1)
108*4882a593Smuzhiyun #endif
109*4882a593Smuzhiyun
110*4882a593Smuzhiyun #ifndef get_fs
111*4882a593Smuzhiyun #define get_fs() (current_thread_info()->addr_limit)
112*4882a593Smuzhiyun
set_fs(mm_segment_t fs)113*4882a593Smuzhiyun static inline void set_fs(mm_segment_t fs)
114*4882a593Smuzhiyun {
115*4882a593Smuzhiyun current_thread_info()->addr_limit = fs;
116*4882a593Smuzhiyun }
117*4882a593Smuzhiyun #endif
118*4882a593Smuzhiyun
119*4882a593Smuzhiyun #ifndef uaccess_kernel
120*4882a593Smuzhiyun #define uaccess_kernel() (get_fs().seg == KERNEL_DS.seg)
121*4882a593Smuzhiyun #endif
122*4882a593Smuzhiyun #endif /* CONFIG_SET_FS */
123*4882a593Smuzhiyun
124*4882a593Smuzhiyun #define access_ok(addr, size) __access_ok((unsigned long)(addr),(size))
125*4882a593Smuzhiyun
126*4882a593Smuzhiyun /*
127*4882a593Smuzhiyun * The architecture should really override this if possible, at least
128*4882a593Smuzhiyun * doing a check on the get_fs()
129*4882a593Smuzhiyun */
130*4882a593Smuzhiyun #ifndef __access_ok
__access_ok(unsigned long addr,unsigned long size)131*4882a593Smuzhiyun static inline int __access_ok(unsigned long addr, unsigned long size)
132*4882a593Smuzhiyun {
133*4882a593Smuzhiyun return 1;
134*4882a593Smuzhiyun }
135*4882a593Smuzhiyun #endif
136*4882a593Smuzhiyun
137*4882a593Smuzhiyun /*
138*4882a593Smuzhiyun * These are the main single-value transfer routines. They automatically
139*4882a593Smuzhiyun * use the right size if we just have the right pointer type.
140*4882a593Smuzhiyun * This version just falls back to copy_{from,to}_user, which should
141*4882a593Smuzhiyun * provide a fast-path for small values.
142*4882a593Smuzhiyun */
143*4882a593Smuzhiyun #define __put_user(x, ptr) \
144*4882a593Smuzhiyun ({ \
145*4882a593Smuzhiyun __typeof__(*(ptr)) __x = (x); \
146*4882a593Smuzhiyun int __pu_err = -EFAULT; \
147*4882a593Smuzhiyun __chk_user_ptr(ptr); \
148*4882a593Smuzhiyun switch (sizeof (*(ptr))) { \
149*4882a593Smuzhiyun case 1: \
150*4882a593Smuzhiyun case 2: \
151*4882a593Smuzhiyun case 4: \
152*4882a593Smuzhiyun case 8: \
153*4882a593Smuzhiyun __pu_err = __put_user_fn(sizeof (*(ptr)), \
154*4882a593Smuzhiyun ptr, &__x); \
155*4882a593Smuzhiyun break; \
156*4882a593Smuzhiyun default: \
157*4882a593Smuzhiyun __put_user_bad(); \
158*4882a593Smuzhiyun break; \
159*4882a593Smuzhiyun } \
160*4882a593Smuzhiyun __pu_err; \
161*4882a593Smuzhiyun })
162*4882a593Smuzhiyun
163*4882a593Smuzhiyun #define put_user(x, ptr) \
164*4882a593Smuzhiyun ({ \
165*4882a593Smuzhiyun void __user *__p = (ptr); \
166*4882a593Smuzhiyun might_fault(); \
167*4882a593Smuzhiyun access_ok(__p, sizeof(*ptr)) ? \
168*4882a593Smuzhiyun __put_user((x), ((__typeof__(*(ptr)) __user *)__p)) : \
169*4882a593Smuzhiyun -EFAULT; \
170*4882a593Smuzhiyun })
171*4882a593Smuzhiyun
172*4882a593Smuzhiyun #ifndef __put_user_fn
173*4882a593Smuzhiyun
__put_user_fn(size_t size,void __user * ptr,void * x)174*4882a593Smuzhiyun static inline int __put_user_fn(size_t size, void __user *ptr, void *x)
175*4882a593Smuzhiyun {
176*4882a593Smuzhiyun return unlikely(raw_copy_to_user(ptr, x, size)) ? -EFAULT : 0;
177*4882a593Smuzhiyun }
178*4882a593Smuzhiyun
179*4882a593Smuzhiyun #define __put_user_fn(sz, u, k) __put_user_fn(sz, u, k)
180*4882a593Smuzhiyun
181*4882a593Smuzhiyun #endif
182*4882a593Smuzhiyun
183*4882a593Smuzhiyun extern int __put_user_bad(void) __attribute__((noreturn));
184*4882a593Smuzhiyun
185*4882a593Smuzhiyun #define __get_user(x, ptr) \
186*4882a593Smuzhiyun ({ \
187*4882a593Smuzhiyun int __gu_err = -EFAULT; \
188*4882a593Smuzhiyun __chk_user_ptr(ptr); \
189*4882a593Smuzhiyun switch (sizeof(*(ptr))) { \
190*4882a593Smuzhiyun case 1: { \
191*4882a593Smuzhiyun unsigned char __x = 0; \
192*4882a593Smuzhiyun __gu_err = __get_user_fn(sizeof (*(ptr)), \
193*4882a593Smuzhiyun ptr, &__x); \
194*4882a593Smuzhiyun (x) = *(__force __typeof__(*(ptr)) *) &__x; \
195*4882a593Smuzhiyun break; \
196*4882a593Smuzhiyun }; \
197*4882a593Smuzhiyun case 2: { \
198*4882a593Smuzhiyun unsigned short __x = 0; \
199*4882a593Smuzhiyun __gu_err = __get_user_fn(sizeof (*(ptr)), \
200*4882a593Smuzhiyun ptr, &__x); \
201*4882a593Smuzhiyun (x) = *(__force __typeof__(*(ptr)) *) &__x; \
202*4882a593Smuzhiyun break; \
203*4882a593Smuzhiyun }; \
204*4882a593Smuzhiyun case 4: { \
205*4882a593Smuzhiyun unsigned int __x = 0; \
206*4882a593Smuzhiyun __gu_err = __get_user_fn(sizeof (*(ptr)), \
207*4882a593Smuzhiyun ptr, &__x); \
208*4882a593Smuzhiyun (x) = *(__force __typeof__(*(ptr)) *) &__x; \
209*4882a593Smuzhiyun break; \
210*4882a593Smuzhiyun }; \
211*4882a593Smuzhiyun case 8: { \
212*4882a593Smuzhiyun unsigned long long __x = 0; \
213*4882a593Smuzhiyun __gu_err = __get_user_fn(sizeof (*(ptr)), \
214*4882a593Smuzhiyun ptr, &__x); \
215*4882a593Smuzhiyun (x) = *(__force __typeof__(*(ptr)) *) &__x; \
216*4882a593Smuzhiyun break; \
217*4882a593Smuzhiyun }; \
218*4882a593Smuzhiyun default: \
219*4882a593Smuzhiyun __get_user_bad(); \
220*4882a593Smuzhiyun break; \
221*4882a593Smuzhiyun } \
222*4882a593Smuzhiyun __gu_err; \
223*4882a593Smuzhiyun })
224*4882a593Smuzhiyun
225*4882a593Smuzhiyun #define get_user(x, ptr) \
226*4882a593Smuzhiyun ({ \
227*4882a593Smuzhiyun const void __user *__p = (ptr); \
228*4882a593Smuzhiyun might_fault(); \
229*4882a593Smuzhiyun access_ok(__p, sizeof(*ptr)) ? \
230*4882a593Smuzhiyun __get_user((x), (__typeof__(*(ptr)) __user *)__p) :\
231*4882a593Smuzhiyun ((x) = (__typeof__(*(ptr)))0,-EFAULT); \
232*4882a593Smuzhiyun })
233*4882a593Smuzhiyun
234*4882a593Smuzhiyun #ifndef __get_user_fn
__get_user_fn(size_t size,const void __user * ptr,void * x)235*4882a593Smuzhiyun static inline int __get_user_fn(size_t size, const void __user *ptr, void *x)
236*4882a593Smuzhiyun {
237*4882a593Smuzhiyun return unlikely(raw_copy_from_user(x, ptr, size)) ? -EFAULT : 0;
238*4882a593Smuzhiyun }
239*4882a593Smuzhiyun
240*4882a593Smuzhiyun #define __get_user_fn(sz, u, k) __get_user_fn(sz, u, k)
241*4882a593Smuzhiyun
242*4882a593Smuzhiyun #endif
243*4882a593Smuzhiyun
244*4882a593Smuzhiyun extern int __get_user_bad(void) __attribute__((noreturn));
245*4882a593Smuzhiyun
246*4882a593Smuzhiyun /*
247*4882a593Smuzhiyun * Copy a null terminated string from userspace.
248*4882a593Smuzhiyun */
249*4882a593Smuzhiyun #ifndef __strncpy_from_user
250*4882a593Smuzhiyun static inline long
__strncpy_from_user(char * dst,const char __user * src,long count)251*4882a593Smuzhiyun __strncpy_from_user(char *dst, const char __user *src, long count)
252*4882a593Smuzhiyun {
253*4882a593Smuzhiyun char *tmp;
254*4882a593Smuzhiyun strncpy(dst, (const char __force *)src, count);
255*4882a593Smuzhiyun for (tmp = dst; *tmp && count > 0; tmp++, count--)
256*4882a593Smuzhiyun ;
257*4882a593Smuzhiyun return (tmp - dst);
258*4882a593Smuzhiyun }
259*4882a593Smuzhiyun #endif
260*4882a593Smuzhiyun
261*4882a593Smuzhiyun static inline long
strncpy_from_user(char * dst,const char __user * src,long count)262*4882a593Smuzhiyun strncpy_from_user(char *dst, const char __user *src, long count)
263*4882a593Smuzhiyun {
264*4882a593Smuzhiyun if (!access_ok(src, 1))
265*4882a593Smuzhiyun return -EFAULT;
266*4882a593Smuzhiyun return __strncpy_from_user(dst, src, count);
267*4882a593Smuzhiyun }
268*4882a593Smuzhiyun
269*4882a593Smuzhiyun /*
270*4882a593Smuzhiyun * Return the size of a string (including the ending 0)
271*4882a593Smuzhiyun *
272*4882a593Smuzhiyun * Return 0 on exception, a value greater than N if too long
273*4882a593Smuzhiyun */
274*4882a593Smuzhiyun #ifndef __strnlen_user
275*4882a593Smuzhiyun #define __strnlen_user(s, n) (strnlen((s), (n)) + 1)
276*4882a593Smuzhiyun #endif
277*4882a593Smuzhiyun
278*4882a593Smuzhiyun /*
279*4882a593Smuzhiyun * Unlike strnlen, strnlen_user includes the nul terminator in
280*4882a593Smuzhiyun * its returned count. Callers should check for a returned value
281*4882a593Smuzhiyun * greater than N as an indication the string is too long.
282*4882a593Smuzhiyun */
strnlen_user(const char __user * src,long n)283*4882a593Smuzhiyun static inline long strnlen_user(const char __user *src, long n)
284*4882a593Smuzhiyun {
285*4882a593Smuzhiyun if (!access_ok(src, 1))
286*4882a593Smuzhiyun return 0;
287*4882a593Smuzhiyun return __strnlen_user(src, n);
288*4882a593Smuzhiyun }
289*4882a593Smuzhiyun
290*4882a593Smuzhiyun /*
291*4882a593Smuzhiyun * Zero Userspace
292*4882a593Smuzhiyun */
293*4882a593Smuzhiyun #ifndef __clear_user
294*4882a593Smuzhiyun static inline __must_check unsigned long
__clear_user(void __user * to,unsigned long n)295*4882a593Smuzhiyun __clear_user(void __user *to, unsigned long n)
296*4882a593Smuzhiyun {
297*4882a593Smuzhiyun memset((void __force *)to, 0, n);
298*4882a593Smuzhiyun return 0;
299*4882a593Smuzhiyun }
300*4882a593Smuzhiyun #endif
301*4882a593Smuzhiyun
302*4882a593Smuzhiyun static inline __must_check unsigned long
clear_user(void __user * to,unsigned long n)303*4882a593Smuzhiyun clear_user(void __user *to, unsigned long n)
304*4882a593Smuzhiyun {
305*4882a593Smuzhiyun might_fault();
306*4882a593Smuzhiyun if (!access_ok(to, n))
307*4882a593Smuzhiyun return n;
308*4882a593Smuzhiyun
309*4882a593Smuzhiyun return __clear_user(to, n);
310*4882a593Smuzhiyun }
311*4882a593Smuzhiyun
312*4882a593Smuzhiyun #include <asm/extable.h>
313*4882a593Smuzhiyun
314*4882a593Smuzhiyun #endif /* __ASM_GENERIC_UACCESS_H */
315