Commit 84624087 authored by Will Deacon's avatar Will Deacon Committed by Catalin Marinas

arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user

access_ok isn't an expensive operation once the addr_limit for the current
thread has been loaded into the cache. Given that the initial access_ok
check preceding a sequence of __{get,put}_user operations will take
the brunt of the miss, we can make the __* variants identical to the
full-fat versions, which brings with it the benefits of address masking.

The likely cost in these sequences will be from toggling PAN/UAO, which
we can address later by implementing the *_unsafe versions.
Reviewed-by: default avatarRobin Murphy <robin.murphy@arm.com>
Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
parent c2f0ad4f
......@@ -306,28 +306,33 @@ do { \
(x) = (__force __typeof__(*(ptr)))__gu_val; \
} while (0)
#define __get_user(x, ptr) \
#define __get_user_check(x, ptr, err) \
({ \
int __gu_err = 0; \
__get_user_err((x), (ptr), __gu_err); \
__gu_err; \
__typeof__(*(ptr)) __user *__p = (ptr); \
might_fault(); \
if (access_ok(VERIFY_READ, __p, sizeof(*__p))) { \
__p = uaccess_mask_ptr(__p); \
__get_user_err((x), __p, (err)); \
} else { \
(x) = 0; (err) = -EFAULT; \
} \
})
#define __get_user_error(x, ptr, err) \
({ \
__get_user_err((x), (ptr), (err)); \
__get_user_check((x), (ptr), (err)); \
(void)0; \
})
#define get_user(x, ptr) \
#define __get_user(x, ptr) \
({ \
__typeof__(*(ptr)) __user *__p = (ptr); \
might_fault(); \
access_ok(VERIFY_READ, __p, sizeof(*__p)) ? \
__p = uaccess_mask_ptr(__p), __get_user((x), __p) : \
((x) = 0, -EFAULT); \
int __gu_err = 0; \
__get_user_check((x), (ptr), __gu_err); \
__gu_err; \
})
#define get_user __get_user
#define __put_user_asm(instr, alt_instr, reg, x, addr, err, feature) \
asm volatile( \
"1:"ALTERNATIVE(instr " " reg "1, [%2]\n", \
......@@ -370,28 +375,33 @@ do { \
uaccess_disable_not_uao(); \
} while (0)
#define __put_user(x, ptr) \
#define __put_user_check(x, ptr, err) \
({ \
int __pu_err = 0; \
__put_user_err((x), (ptr), __pu_err); \
__pu_err; \
__typeof__(*(ptr)) __user *__p = (ptr); \
might_fault(); \
if (access_ok(VERIFY_WRITE, __p, sizeof(*__p))) { \
__p = uaccess_mask_ptr(__p); \
__put_user_err((x), __p, (err)); \
} else { \
(err) = -EFAULT; \
} \
})
#define __put_user_error(x, ptr, err) \
({ \
__put_user_err((x), (ptr), (err)); \
__put_user_check((x), (ptr), (err)); \
(void)0; \
})
#define put_user(x, ptr) \
#define __put_user(x, ptr) \
({ \
__typeof__(*(ptr)) __user *__p = (ptr); \
might_fault(); \
access_ok(VERIFY_WRITE, __p, sizeof(*__p)) ? \
__p = uaccess_mask_ptr(__p), __put_user((x), __p) : \
-EFAULT; \
int __pu_err = 0; \
__put_user_check((x), (ptr), __pu_err); \
__pu_err; \
})
#define put_user __put_user
extern unsigned long __must_check __arch_copy_from_user(void *to, const void __user *from, unsigned long n);
#define raw_copy_from_user __arch_copy_from_user
extern unsigned long __must_check __arch_copy_to_user(void __user *to, const void *from, unsigned long n);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment