1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * Copyright (c) 2014, STMicroelectronics International N.V. 4 * Copyright (c) 2020, Linaro Limited 5 */ 6 #ifndef __KERNEL_USER_ACCESS_H 7 #define __KERNEL_USER_ACCESS_H 8 9 #include <assert.h> 10 #include <kernel/user_access_arch.h> 11 #include <tee_api_types.h> 12 #include <types_ext.h> 13 14 #ifdef CFG_WITH_USER_TA 15 TEE_Result check_user_access(uint32_t flags, const void *uaddr, size_t len); 16 TEE_Result copy_from_user_private(void *kaddr, const void *uaddr, size_t len); 17 TEE_Result copy_from_user(void *kaddr, const void *uaddr, size_t len); 18 TEE_Result copy_to_user_private(void *uaddr, const void *kaddr, size_t len); 19 TEE_Result copy_to_user(void *uaddr, const void *kaddr, size_t len); 20 #else 21 static inline TEE_Result check_user_access(uint32_t flags __unused, 22 const void *uaddr __unused, 23 size_t len __unused) 24 { 25 return TEE_ERROR_NOT_SUPPORTED; 26 } 27 28 static inline TEE_Result copy_from_user_private(void *kaddr __unused, 29 const void *uaddr __unused, 30 size_t len __unused) 31 { 32 return TEE_ERROR_NOT_SUPPORTED; 33 } 34 35 static inline TEE_Result copy_from_user(void *kaddr __unused, 36 const void *uaddr __unused, 37 size_t len __unused) 38 { 39 return TEE_ERROR_NOT_SUPPORTED; 40 } 41 42 static inline TEE_Result copy_to_user_private(void *uaddr __unused, 43 const void *kaddr __unused, 44 size_t len __unused) 45 { 46 return TEE_ERROR_NOT_SUPPORTED; 47 } 48 49 static inline TEE_Result copy_to_user(void *uaddr __unused, 50 const void *kaddr __unused, 51 size_t len __unused) 52 { 53 return TEE_ERROR_NOT_SUPPORTED; 54 } 55 #endif 56 57 /* 58 * bb_alloc() - Allocate a bounce buffer 59 * @len: Length of bounce buffer 60 * 61 * The bounce buffer is allocated from a per user TA context region reserved 62 * for bounce buffers. Buffers are allocated in a stack like fashion so 63 * only the last buffer can be free. Buffers generally don't have to be 64 * freed, all bounce buffer allocations are reset on each syscall entry. 65 * 66 * Return NULL on failure or a valid pointer on success. 67 */ 68 void *bb_alloc(size_t len); 69 70 /* 71 * bb_free() - Free a bounce buffer 72 * @bb: Buffer 73 * @len: Length of buffer 74 * 75 * The bounce buffer is only freed if it is last on the stack of allocated 76 * bounce buffers. This function does normally not need to be called, see 77 * description of bb_alloc(). 78 */ 79 void bb_free(void *bb, size_t len); 80 81 /* 82 * bb_reset() - Reset bounce buffer allocation 83 * 84 * Resets the bounce buffer allocatation state, old pointers allocated 85 * with bb_alloc() should not be used any longer. 86 */ 87 void bb_reset(void); 88 89 TEE_Result clear_user(void *uaddr, size_t n); 90 91 size_t strnlen_user(const void *s, size_t n); 92 93 /* 94 * bb_memdup_user() - Duplicate a user-space buffer into a bounce buffer 95 * @src: Pointer to the user buffer to be duplicated. 96 * @len: Length of the user buffer to be duplicated. 97 * @p: Holds duplicated bounce buffer on success, or unchanged on failure. 98 * Note that the returned buffer is allocated by bb_alloc() and 99 * normally doesn't have to be freed. 100 * Return TEE_SUCCESS on success. 101 * Return TEE_ERROR_OUT_OF_MEMORY or TEE_ERROR_ACCESS_DENIED on error. 102 */ 103 TEE_Result bb_memdup_user(const void *src, size_t len, void **p); 104 105 /* 106 * bb_memdup_user_private() - Duplicate a private user-space buffer 107 * @src: Pointer to the user buffer to be duplicated. The buffer should 108 * be private to current TA (i.e., !TEE_MEMORY_ACCESS_ANY_OWNER). 109 * @len: Length of the user buffer to be duplicated. 110 * @p: Holds duplicated kernel buffer on success, or unchanged on failure. 111 * Note that the returned buffer is allocated by bb_alloc() and 112 * normally doesn't have to be freed. 113 * Return TEE_SUCCESS on success. 114 * Return TEE_ERROR_OUT_OF_MEMORY or TEE_ERROR_ACCESS_DENIED on error. 115 */ 116 TEE_Result bb_memdup_user_private(const void *src, size_t len, void **p); 117 118 /* 119 * bb_strndup_user() - Duplicate a user-space string into a bounce buffer 120 * @src: Pointer to the user string to be duplicated. 121 * @maxlen: Maximum length of the user string 122 * @dst: Holds duplicated string on success, or unchanged on failure. 123 * @dstlen: Length of string, excluding the terminating zero, returned in 124 * @dst. 125 * 126 * Note that the returned buffer is allocated by bb_alloc() and normally 127 * doesn't have to be freed. But if it is to be freed the supplied length 128 * to bb_free() should be dstlen + 1. 129 * 130 * Return TEE_SUCCESS on success. 131 * Return TEE_ERROR_OUT_OF_MEMORY or TEE_ERROR_ACCESS_DENIED on error. 132 */ 133 TEE_Result bb_strndup_user(const char *src, size_t maxlen, char **dst, 134 size_t *dstlen); 135 136 TEE_Result copy_kaddr_to_uref(uint32_t *uref, void *kaddr); 137 138 uint32_t kaddr_to_uref(void *kaddr); 139 vaddr_t uref_to_vaddr(uint32_t uref); 140 static inline void *uref_to_kaddr(uint32_t uref) 141 { 142 return (void *)uref_to_vaddr(uref); 143 } 144 145 #define GET_USER_SCALAR(_x, _p) ({ \ 146 TEE_Result __res = TEE_SUCCESS; \ 147 typeof(_p) __p = (_p); \ 148 \ 149 static_assert(sizeof(_x) == sizeof(*__p)); \ 150 \ 151 __res = copy_from_user(&(_x), (const void *)__p, sizeof(*__p)); \ 152 __res; \ 153 }) 154 155 #define PUT_USER_SCALAR(_x, _p) ({ \ 156 TEE_Result __res = TEE_SUCCESS; \ 157 typeof(_p) __p = (_p); \ 158 \ 159 static_assert(sizeof(_x) == sizeof(*__p)); \ 160 \ 161 __res = copy_to_user((void *)__p, &(_x), sizeof(*__p)); \ 162 __res; \ 163 }) 164 165 #endif /*__KERNEL_USER_ACCESS_H*/ 166