1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _ASM_X86_UACCESS_H
3 #define _ASM_X86_UACCESS_H
4 /*
5 * User space memory access functions
6 */
7 #include <linux/compiler.h>
8 #include <linux/instrumented.h>
9 #include <linux/kasan-checks.h>
10 #include <linux/string.h>
11 #include <asm/asm.h>
12 #include <asm/page.h>
13 #include <asm/smap.h>
14 #include <asm/extable.h>
15
16 #ifdef CONFIG_DEBUG_ATOMIC_SLEEP
17 static inline bool pagefault_disabled(void);
18 # define WARN_ON_IN_IRQ() \
19 WARN_ON_ONCE(!in_task() && !pagefault_disabled())
20 #else
21 # define WARN_ON_IN_IRQ()
22 #endif
23
24 /**
25 * access_ok - Checks if a user space pointer is valid
26 * @addr: User space pointer to start of block to check
27 * @size: Size of block to check
28 *
29 * Context: User context only. This function may sleep if pagefaults are
30 * enabled.
31 *
32 * Checks if a pointer to a block of memory in user space is valid.
33 *
34 * Note that, depending on architecture, this function probably just
35 * checks that the pointer is in the user space range - after calling
36 * this function, memory access functions may still return -EFAULT.
37 *
38 * Return: true (nonzero) if the memory block may be valid, false (zero)
39 * if it is definitely invalid.
40 */
41 #define access_ok(addr, size) \
42 ({ \
43 WARN_ON_IN_IRQ(); \
44 likely(__access_ok(addr, size)); \
45 })
46
47 #include <asm-generic/access_ok.h>
48
49 extern int __get_user_1(void);
50 extern int __get_user_2(void);
51 extern int __get_user_4(void);
52 extern int __get_user_8(void);
53 extern int __get_user_nocheck_1(void);
54 extern int __get_user_nocheck_2(void);
55 extern int __get_user_nocheck_4(void);
56 extern int __get_user_nocheck_8(void);
57 extern int __get_user_bad(void);
58
59 #define __uaccess_begin() stac()
60 #define __uaccess_end() clac()
61 #define __uaccess_begin_nospec() \
62 ({ \
63 stac(); \
64 barrier_nospec(); \
65 })
66
67 /*
68 * This is the smallest unsigned integer type that can fit a value
69 * (up to 'long long')
70 */
71 #define __inttype(x) __typeof__( \
72 __typefits(x,char, \
73 __typefits(x,short, \
74 __typefits(x,int, \
75 __typefits(x,long,0ULL)))))
76
77 #define __typefits(x,type,not) \
78 __builtin_choose_expr(sizeof(x)<=sizeof(type),(unsigned type)0,not)
79
80 /*
81 * This is used for both get_user() and __get_user() to expand to
82 * the proper special function call that has odd calling conventions
83 * due to returning both a value and an error, and that depends on
84 * the size of the pointer passed in.
85 *
86 * Careful: we have to cast the result to the type of the pointer
87 * for sign reasons.
88 *
89 * The use of _ASM_DX as the register specifier is a bit of a
90 * simplification, as gcc only cares about it as the starting point
91 * and not size: for a 64-bit value it will use %ecx:%edx on 32 bits
92 * (%ecx being the next register in gcc's x86 register sequence), and
93 * %rdx on 64 bits.
94 *
95 * Clang/LLVM cares about the size of the register, but still wants
96 * the base register for something that ends up being a pair.
97 */
98 #define do_get_user_call(fn,x,ptr) \
99 ({ \
100 int __ret_gu; \
101 register __inttype(*(ptr)) __val_gu asm("%"_ASM_DX); \
102 __chk_user_ptr(ptr); \
103 asm volatile("call __" #fn "_%P4" \
104 : "=a" (__ret_gu), "=r" (__val_gu), \
105 ASM_CALL_CONSTRAINT \
106 : "0" (ptr), "i" (sizeof(*(ptr)))); \
107 instrument_get_user(__val_gu); \
108 (x) = (__force __typeof__(*(ptr))) __val_gu; \
109 __builtin_expect(__ret_gu, 0); \
110 })
111
112 /**
113 * get_user - Get a simple variable from user space.
114 * @x: Variable to store result.
115 * @ptr: Source address, in user space.
116 *
117 * Context: User context only. This function may sleep if pagefaults are
118 * enabled.
119 *
120 * This macro copies a single simple variable from user space to kernel
121 * space. It supports simple types like char and int, but not larger
122 * data types like structures or arrays.
123 *
124 * @ptr must have pointer-to-simple-variable type, and the result of
125 * dereferencing @ptr must be assignable to @x without a cast.
126 *
127 * Return: zero on success, or -EFAULT on error.
128 * On error, the variable @x is set to zero.
129 */
130 #define get_user(x,ptr) ({ might_fault(); do_get_user_call(get_user,x,ptr); })
131
132 /**
133 * __get_user - Get a simple variable from user space, with less checking.
134 * @x: Variable to store result.
135 * @ptr: Source address, in user space.
136 *
137 * Context: User context only. This function may sleep if pagefaults are
138 * enabled.
139 *
140 * This macro copies a single simple variable from user space to kernel
141 * space. It supports simple types like char and int, but not larger
142 * data types like structures or arrays.
143 *
144 * @ptr must have pointer-to-simple-variable type, and the result of
145 * dereferencing @ptr must be assignable to @x without a cast.
146 *
147 * Caller must check the pointer with access_ok() before calling this
148 * function.
149 *
150 * Return: zero on success, or -EFAULT on error.
151 * On error, the variable @x is set to zero.
152 */
153 #define __get_user(x,ptr) do_get_user_call(get_user_nocheck,x,ptr)
154
155
156 #ifdef CONFIG_X86_32
157 #define __put_user_goto_u64(x, addr, label) \
158 asm_volatile_goto("\n" \
159 "1: movl %%eax,0(%1)\n" \
160 "2: movl %%edx,4(%1)\n" \
161 _ASM_EXTABLE_UA(1b, %l2) \
162 _ASM_EXTABLE_UA(2b, %l2) \
163 : : "A" (x), "r" (addr) \
164 : : label)
165
166 #else
167 #define __put_user_goto_u64(x, ptr, label) \
168 __put_user_goto(x, ptr, "q", "er", label)
169 #endif
170
171 extern void __put_user_bad(void);
172
173 /*
174 * Strange magic calling convention: pointer in %ecx,
175 * value in %eax(:%edx), return value in %ecx. clobbers %rbx
176 */
177 extern void __put_user_1(void);
178 extern void __put_user_2(void);
179 extern void __put_user_4(void);
180 extern void __put_user_8(void);
181 extern void __put_user_nocheck_1(void);
182 extern void __put_user_nocheck_2(void);
183 extern void __put_user_nocheck_4(void);
184 extern void __put_user_nocheck_8(void);
185
186 /*
187 * ptr must be evaluated and assigned to the temporary __ptr_pu before
188 * the assignment of x to __val_pu, to avoid any function calls
189 * involved in the ptr expression (possibly implicitly generated due
190 * to KASAN) from clobbering %ax.
191 */
192 #define do_put_user_call(fn,x,ptr) \
193 ({ \
194 int __ret_pu; \
195 void __user *__ptr_pu; \
196 register __typeof__(*(ptr)) __val_pu asm("%"_ASM_AX); \
197 __typeof__(*(ptr)) __x = (x); /* eval x once */ \
198 __typeof__(ptr) __ptr = (ptr); /* eval ptr once */ \
199 __chk_user_ptr(__ptr); \
200 __ptr_pu = __ptr; \
201 __val_pu = __x; \
202 asm volatile("call __" #fn "_%P[size]" \
203 : "=c" (__ret_pu), \
204 ASM_CALL_CONSTRAINT \
205 : "0" (__ptr_pu), \
206 "r" (__val_pu), \
207 [size] "i" (sizeof(*(ptr))) \
208 :"ebx"); \
209 instrument_put_user(__x, __ptr, sizeof(*(ptr))); \
210 __builtin_expect(__ret_pu, 0); \
211 })
212
213 /**
214 * put_user - Write a simple value into user space.
215 * @x: Value to copy to user space.
216 * @ptr: Destination address, in user space.
217 *
218 * Context: User context only. This function may sleep if pagefaults are
219 * enabled.
220 *
221 * This macro copies a single simple value from kernel space to user
222 * space. It supports simple types like char and int, but not larger
223 * data types like structures or arrays.
224 *
225 * @ptr must have pointer-to-simple-variable type, and @x must be assignable
226 * to the result of dereferencing @ptr.
227 *
228 * Return: zero on success, or -EFAULT on error.
229 */
230 #define put_user(x, ptr) ({ might_fault(); do_put_user_call(put_user,x,ptr); })
231
232 /**
233 * __put_user - Write a simple value into user space, with less checking.
234 * @x: Value to copy to user space.
235 * @ptr: Destination address, in user space.
236 *
237 * Context: User context only. This function may sleep if pagefaults are
238 * enabled.
239 *
240 * This macro copies a single simple value from kernel space to user
241 * space. It supports simple types like char and int, but not larger
242 * data types like structures or arrays.
243 *
244 * @ptr must have pointer-to-simple-variable type, and @x must be assignable
245 * to the result of dereferencing @ptr.
246 *
247 * Caller must check the pointer with access_ok() before calling this
248 * function.
249 *
250 * Return: zero on success, or -EFAULT on error.
251 */
252 #define __put_user(x, ptr) do_put_user_call(put_user_nocheck,x,ptr)
253
254 #define __put_user_size(x, ptr, size, label) \
255 do { \
256 __typeof__(*(ptr)) __x = (x); /* eval x once */ \
257 __typeof__(ptr) __ptr = (ptr); /* eval ptr once */ \
258 __chk_user_ptr(__ptr); \
259 switch (size) { \
260 case 1: \
261 __put_user_goto(__x, __ptr, "b", "iq", label); \
262 break; \
263 case 2: \
264 __put_user_goto(__x, __ptr, "w", "ir", label); \
265 break; \
266 case 4: \
267 __put_user_goto(__x, __ptr, "l", "ir", label); \
268 break; \
269 case 8: \
270 __put_user_goto_u64(__x, __ptr, label); \
271 break; \
272 default: \
273 __put_user_bad(); \
274 } \
275 instrument_put_user(__x, __ptr, size); \
276 } while (0)
277
278 #ifdef CONFIG_CC_HAS_ASM_GOTO_OUTPUT
279
280 #ifdef CONFIG_X86_32
281 #define __get_user_asm_u64(x, ptr, label) do { \
282 unsigned int __gu_low, __gu_high; \
283 const unsigned int __user *__gu_ptr; \
284 __gu_ptr = (const void __user *)(ptr); \
285 __get_user_asm(__gu_low, __gu_ptr, "l", "=r", label); \
286 __get_user_asm(__gu_high, __gu_ptr+1, "l", "=r", label); \
287 (x) = ((unsigned long long)__gu_high << 32) | __gu_low; \
288 } while (0)
289 #else
290 #define __get_user_asm_u64(x, ptr, label) \
291 __get_user_asm(x, ptr, "q", "=r", label)
292 #endif
293
294 #define __get_user_size(x, ptr, size, label) \
295 do { \
296 __chk_user_ptr(ptr); \
297 switch (size) { \
298 case 1: { \
299 unsigned char x_u8__; \
300 __get_user_asm(x_u8__, ptr, "b", "=q", label); \
301 (x) = x_u8__; \
302 break; \
303 } \
304 case 2: \
305 __get_user_asm(x, ptr, "w", "=r", label); \
306 break; \
307 case 4: \
308 __get_user_asm(x, ptr, "l", "=r", label); \
309 break; \
310 case 8: \
311 __get_user_asm_u64(x, ptr, label); \
312 break; \
313 default: \
314 (x) = __get_user_bad(); \
315 } \
316 instrument_get_user(x); \
317 } while (0)
318
319 #define __get_user_asm(x, addr, itype, ltype, label) \
320 asm_volatile_goto("\n" \
321 "1: mov"itype" %[umem],%[output]\n" \
322 _ASM_EXTABLE_UA(1b, %l2) \
323 : [output] ltype(x) \
324 : [umem] "m" (__m(addr)) \
325 : : label)
326
327 #else // !CONFIG_CC_HAS_ASM_GOTO_OUTPUT
328
329 #ifdef CONFIG_X86_32
330 #define __get_user_asm_u64(x, ptr, retval) \
331 ({ \
332 __typeof__(ptr) __ptr = (ptr); \
333 asm volatile("\n" \
334 "1: movl %[lowbits],%%eax\n" \
335 "2: movl %[highbits],%%edx\n" \
336 "3:\n" \
337 _ASM_EXTABLE_TYPE_REG(1b, 3b, EX_TYPE_EFAULT_REG | \
338 EX_FLAG_CLEAR_AX_DX, \
339 %[errout]) \
340 _ASM_EXTABLE_TYPE_REG(2b, 3b, EX_TYPE_EFAULT_REG | \
341 EX_FLAG_CLEAR_AX_DX, \
342 %[errout]) \
343 : [errout] "=r" (retval), \
344 [output] "=&A"(x) \
345 : [lowbits] "m" (__m(__ptr)), \
346 [highbits] "m" __m(((u32 __user *)(__ptr)) + 1), \
347 "0" (retval)); \
348 })
349
350 #else
351 #define __get_user_asm_u64(x, ptr, retval) \
352 __get_user_asm(x, ptr, retval, "q")
353 #endif
354
355 #define __get_user_size(x, ptr, size, retval) \
356 do { \
357 unsigned char x_u8__; \
358 \
359 retval = 0; \
360 __chk_user_ptr(ptr); \
361 switch (size) { \
362 case 1: \
363 __get_user_asm(x_u8__, ptr, retval, "b"); \
364 (x) = x_u8__; \
365 break; \
366 case 2: \
367 __get_user_asm(x, ptr, retval, "w"); \
368 break; \
369 case 4: \
370 __get_user_asm(x, ptr, retval, "l"); \
371 break; \
372 case 8: \
373 __get_user_asm_u64(x, ptr, retval); \
374 break; \
375 default: \
376 (x) = __get_user_bad(); \
377 } \
378 } while (0)
379
380 #define __get_user_asm(x, addr, err, itype) \
381 asm volatile("\n" \
382 "1: mov"itype" %[umem],%[output]\n" \
383 "2:\n" \
384 _ASM_EXTABLE_TYPE_REG(1b, 2b, EX_TYPE_EFAULT_REG | \
385 EX_FLAG_CLEAR_AX, \
386 %[errout]) \
387 : [errout] "=r" (err), \
388 [output] "=a" (x) \
389 : [umem] "m" (__m(addr)), \
390 "0" (err))
391
392 #endif // CONFIG_CC_HAS_ASM_GOTO_OUTPUT
393
394 #ifdef CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT
395 #define __try_cmpxchg_user_asm(itype, ltype, _ptr, _pold, _new, label) ({ \
396 bool success; \
397 __typeof__(_ptr) _old = (__typeof__(_ptr))(_pold); \
398 __typeof__(*(_ptr)) __old = *_old; \
399 __typeof__(*(_ptr)) __new = (_new); \
400 asm_volatile_goto("\n" \
401 "1: " LOCK_PREFIX "cmpxchg"itype" %[new], %[ptr]\n"\
402 _ASM_EXTABLE_UA(1b, %l[label]) \
403 : CC_OUT(z) (success), \
404 [ptr] "+m" (*_ptr), \
405 [old] "+a" (__old) \
406 : [new] ltype (__new) \
407 : "memory" \
408 : label); \
409 if (unlikely(!success)) \
410 *_old = __old; \
411 likely(success); })
412
413 #ifdef CONFIG_X86_32
414 #define __try_cmpxchg64_user_asm(_ptr, _pold, _new, label) ({ \
415 bool success; \
416 __typeof__(_ptr) _old = (__typeof__(_ptr))(_pold); \
417 __typeof__(*(_ptr)) __old = *_old; \
418 __typeof__(*(_ptr)) __new = (_new); \
419 asm_volatile_goto("\n" \
420 "1: " LOCK_PREFIX "cmpxchg8b %[ptr]\n" \
421 _ASM_EXTABLE_UA(1b, %l[label]) \
422 : CC_OUT(z) (success), \
423 "+A" (__old), \
424 [ptr] "+m" (*_ptr) \
425 : "b" ((u32)__new), \
426 "c" ((u32)((u64)__new >> 32)) \
427 : "memory" \
428 : label); \
429 if (unlikely(!success)) \
430 *_old = __old; \
431 likely(success); })
432 #endif // CONFIG_X86_32
433 #else // !CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT
434 #define __try_cmpxchg_user_asm(itype, ltype, _ptr, _pold, _new, label) ({ \
435 int __err = 0; \
436 bool success; \
437 __typeof__(_ptr) _old = (__typeof__(_ptr))(_pold); \
438 __typeof__(*(_ptr)) __old = *_old; \
439 __typeof__(*(_ptr)) __new = (_new); \
440 asm volatile("\n" \
441 "1: " LOCK_PREFIX "cmpxchg"itype" %[new], %[ptr]\n"\
442 CC_SET(z) \
443 "2:\n" \
444 _ASM_EXTABLE_TYPE_REG(1b, 2b, EX_TYPE_EFAULT_REG, \
445 %[errout]) \
446 : CC_OUT(z) (success), \
447 [errout] "+r" (__err), \
448 [ptr] "+m" (*_ptr), \
449 [old] "+a" (__old) \
450 : [new] ltype (__new) \
451 : "memory"); \
452 if (unlikely(__err)) \
453 goto label; \
454 if (unlikely(!success)) \
455 *_old = __old; \
456 likely(success); })
457
458 #ifdef CONFIG_X86_32
459 /*
460 * Unlike the normal CMPXCHG, use output GPR for both success/fail and error.
461 * There are only six GPRs available and four (EAX, EBX, ECX, and EDX) are
462 * hardcoded by CMPXCHG8B, leaving only ESI and EDI. If the compiler uses
463 * both ESI and EDI for the memory operand, compilation will fail if the error
464 * is an input+output as there will be no register available for input.
465 */
466 #define __try_cmpxchg64_user_asm(_ptr, _pold, _new, label) ({ \
467 int __result; \
468 __typeof__(_ptr) _old = (__typeof__(_ptr))(_pold); \
469 __typeof__(*(_ptr)) __old = *_old; \
470 __typeof__(*(_ptr)) __new = (_new); \
471 asm volatile("\n" \
472 "1: " LOCK_PREFIX "cmpxchg8b %[ptr]\n" \
473 "mov $0, %[result]\n\t" \
474 "setz %b[result]\n" \
475 "2:\n" \
476 _ASM_EXTABLE_TYPE_REG(1b, 2b, EX_TYPE_EFAULT_REG, \
477 %[result]) \
478 : [result] "=q" (__result), \
479 "+A" (__old), \
480 [ptr] "+m" (*_ptr) \
481 : "b" ((u32)__new), \
482 "c" ((u32)((u64)__new >> 32)) \
483 : "memory", "cc"); \
484 if (unlikely(__result < 0)) \
485 goto label; \
486 if (unlikely(!__result)) \
487 *_old = __old; \
488 likely(__result); })
489 #endif // CONFIG_X86_32
490 #endif // CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT
491
492 /* FIXME: this hack is definitely wrong -AK */
493 struct __large_struct { unsigned long buf[100]; };
494 #define __m(x) (*(struct __large_struct __user *)(x))
495
496 /*
497 * Tell gcc we read from memory instead of writing: this is because
498 * we do not write to any memory gcc knows about, so there are no
499 * aliasing issues.
500 */
501 #define __put_user_goto(x, addr, itype, ltype, label) \
502 asm_volatile_goto("\n" \
503 "1: mov"itype" %0,%1\n" \
504 _ASM_EXTABLE_UA(1b, %l2) \
505 : : ltype(x), "m" (__m(addr)) \
506 : : label)
507
508 extern unsigned long
509 copy_from_user_nmi(void *to, const void __user *from, unsigned long n);
510 extern __must_check long
511 strncpy_from_user(char *dst, const char __user *src, long count);
512
513 extern __must_check long strnlen_user(const char __user *str, long n);
514
515 #ifdef CONFIG_ARCH_HAS_COPY_MC
516 unsigned long __must_check
517 copy_mc_to_kernel(void *to, const void *from, unsigned len);
518 #define copy_mc_to_kernel copy_mc_to_kernel
519
520 unsigned long __must_check
521 copy_mc_to_user(void *to, const void *from, unsigned len);
522 #endif
523
524 /*
525 * movsl can be slow when source and dest are not both 8-byte aligned
526 */
527 #ifdef CONFIG_X86_INTEL_USERCOPY
528 extern struct movsl_mask {
529 int mask;
530 } ____cacheline_aligned_in_smp movsl_mask;
531 #endif
532
533 #define ARCH_HAS_NOCACHE_UACCESS 1
534
535 #ifdef CONFIG_X86_32
536 unsigned long __must_check clear_user(void __user *mem, unsigned long len);
537 unsigned long __must_check __clear_user(void __user *mem, unsigned long len);
538 # include <asm/uaccess_32.h>
539 #else
540 # include <asm/uaccess_64.h>
541 #endif
542
543 /*
544 * The "unsafe" user accesses aren't really "unsafe", but the naming
545 * is a big fat warning: you have to not only do the access_ok()
546 * checking before using them, but you have to surround them with the
547 * user_access_begin/end() pair.
548 */
user_access_begin(const void __user * ptr,size_t len)549 static __must_check __always_inline bool user_access_begin(const void __user *ptr, size_t len)
550 {
551 if (unlikely(!access_ok(ptr,len)))
552 return 0;
553 __uaccess_begin_nospec();
554 return 1;
555 }
556 #define user_access_begin(a,b) user_access_begin(a,b)
557 #define user_access_end() __uaccess_end()
558
559 #define user_access_save() smap_save()
560 #define user_access_restore(x) smap_restore(x)
561
562 #define unsafe_put_user(x, ptr, label) \
563 __put_user_size((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)), label)
564
565 #ifdef CONFIG_CC_HAS_ASM_GOTO_OUTPUT
566 #define unsafe_get_user(x, ptr, err_label) \
567 do { \
568 __inttype(*(ptr)) __gu_val; \
569 __get_user_size(__gu_val, (ptr), sizeof(*(ptr)), err_label); \
570 (x) = (__force __typeof__(*(ptr)))__gu_val; \
571 } while (0)
572 #else // !CONFIG_CC_HAS_ASM_GOTO_OUTPUT
573 #define unsafe_get_user(x, ptr, err_label) \
574 do { \
575 int __gu_err; \
576 __inttype(*(ptr)) __gu_val; \
577 __get_user_size(__gu_val, (ptr), sizeof(*(ptr)), __gu_err); \
578 (x) = (__force __typeof__(*(ptr)))__gu_val; \
579 if (unlikely(__gu_err)) goto err_label; \
580 } while (0)
581 #endif // CONFIG_CC_HAS_ASM_GOTO_OUTPUT
582
583 extern void __try_cmpxchg_user_wrong_size(void);
584
585 #ifndef CONFIG_X86_32
586 #define __try_cmpxchg64_user_asm(_ptr, _oldp, _nval, _label) \
587 __try_cmpxchg_user_asm("q", "r", (_ptr), (_oldp), (_nval), _label)
588 #endif
589
590 /*
591 * Force the pointer to u<size> to match the size expected by the asm helper.
592 * clang/LLVM compiles all cases and only discards the unused paths after
593 * processing errors, which breaks i386 if the pointer is an 8-byte value.
594 */
595 #define unsafe_try_cmpxchg_user(_ptr, _oldp, _nval, _label) ({ \
596 bool __ret; \
597 __chk_user_ptr(_ptr); \
598 switch (sizeof(*(_ptr))) { \
599 case 1: __ret = __try_cmpxchg_user_asm("b", "q", \
600 (__force u8 *)(_ptr), (_oldp), \
601 (_nval), _label); \
602 break; \
603 case 2: __ret = __try_cmpxchg_user_asm("w", "r", \
604 (__force u16 *)(_ptr), (_oldp), \
605 (_nval), _label); \
606 break; \
607 case 4: __ret = __try_cmpxchg_user_asm("l", "r", \
608 (__force u32 *)(_ptr), (_oldp), \
609 (_nval), _label); \
610 break; \
611 case 8: __ret = __try_cmpxchg64_user_asm((__force u64 *)(_ptr), (_oldp),\
612 (_nval), _label); \
613 break; \
614 default: __try_cmpxchg_user_wrong_size(); \
615 } \
616 __ret; })
617
618 /* "Returns" 0 on success, 1 on failure, -EFAULT if the access faults. */
619 #define __try_cmpxchg_user(_ptr, _oldp, _nval, _label) ({ \
620 int __ret = -EFAULT; \
621 __uaccess_begin_nospec(); \
622 __ret = !unsafe_try_cmpxchg_user(_ptr, _oldp, _nval, _label); \
623 _label: \
624 __uaccess_end(); \
625 __ret; \
626 })
627
628 /*
629 * We want the unsafe accessors to always be inlined and use
630 * the error labels - thus the macro games.
631 */
632 #define unsafe_copy_loop(dst, src, len, type, label) \
633 while (len >= sizeof(type)) { \
634 unsafe_put_user(*(type *)(src),(type __user *)(dst),label); \
635 dst += sizeof(type); \
636 src += sizeof(type); \
637 len -= sizeof(type); \
638 }
639
640 #define unsafe_copy_to_user(_dst,_src,_len,label) \
641 do { \
642 char __user *__ucu_dst = (_dst); \
643 const char *__ucu_src = (_src); \
644 size_t __ucu_len = (_len); \
645 unsafe_copy_loop(__ucu_dst, __ucu_src, __ucu_len, u64, label); \
646 unsafe_copy_loop(__ucu_dst, __ucu_src, __ucu_len, u32, label); \
647 unsafe_copy_loop(__ucu_dst, __ucu_src, __ucu_len, u16, label); \
648 unsafe_copy_loop(__ucu_dst, __ucu_src, __ucu_len, u8, label); \
649 } while (0)
650
651 #ifdef CONFIG_CC_HAS_ASM_GOTO_OUTPUT
652 #define __get_kernel_nofault(dst, src, type, err_label) \
653 __get_user_size(*((type *)(dst)), (__force type __user *)(src), \
654 sizeof(type), err_label)
655 #else // !CONFIG_CC_HAS_ASM_GOTO_OUTPUT
656 #define __get_kernel_nofault(dst, src, type, err_label) \
657 do { \
658 int __kr_err; \
659 \
660 __get_user_size(*((type *)(dst)), (__force type __user *)(src), \
661 sizeof(type), __kr_err); \
662 if (unlikely(__kr_err)) \
663 goto err_label; \
664 } while (0)
665 #endif // CONFIG_CC_HAS_ASM_GOTO_OUTPUT
666
667 #define __put_kernel_nofault(dst, src, type, err_label) \
668 __put_user_size(*((type *)(src)), (__force type __user *)(dst), \
669 sizeof(type), err_label)
670
671 #endif /* _ASM_X86_UACCESS_H */
672
673