Sam Ravnborg | f5e706a | 2008-07-17 21:55:51 -0700 | [diff] [blame] | 1 | /* |
| 2 | * uaccess.h: User space memore access functions. |
| 3 | * |
| 4 | * Copyright (C) 1996 David S. Miller (davem@caip.rutgers.edu) |
| 5 | * Copyright (C) 1996,1997 Jakub Jelinek (jj@sunsite.mff.cuni.cz) |
| 6 | */ |
| 7 | #ifndef _ASM_UACCESS_H |
| 8 | #define _ASM_UACCESS_H |
| 9 | |
| 10 | #ifdef __KERNEL__ |
| 11 | #include <linux/compiler.h> |
| 12 | #include <linux/sched.h> |
| 13 | #include <linux/string.h> |
| 14 | #include <linux/errno.h> |
| 15 | #include <asm/vac-ops.h> |
| 16 | #endif |
| 17 | |
| 18 | #ifndef __ASSEMBLY__ |
| 19 | |
Rusty Russell | ad6561d | 2009-06-12 21:47:03 -0600 | [diff] [blame] | 20 | #define ARCH_HAS_SORT_EXTABLE |
| 21 | #define ARCH_HAS_SEARCH_EXTABLE |
| 22 | |
Sam Ravnborg | f5e706a | 2008-07-17 21:55:51 -0700 | [diff] [blame] | 23 | /* Sparc is not segmented, however we need to be able to fool access_ok() |
| 24 | * when doing system calls from kernel mode legitimately. |
| 25 | * |
| 26 | * "For historical reasons, these macros are grossly misnamed." -Linus |
| 27 | */ |
| 28 | |
| 29 | #define KERNEL_DS ((mm_segment_t) { 0 }) |
| 30 | #define USER_DS ((mm_segment_t) { -1 }) |
| 31 | |
| 32 | #define VERIFY_READ 0 |
| 33 | #define VERIFY_WRITE 1 |
| 34 | |
| 35 | #define get_ds() (KERNEL_DS) |
| 36 | #define get_fs() (current->thread.current_ds) |
| 37 | #define set_fs(val) ((current->thread.current_ds) = (val)) |
| 38 | |
| 39 | #define segment_eq(a,b) ((a).seg == (b).seg) |
| 40 | |
| 41 | /* We have there a nice not-mapped page at PAGE_OFFSET - PAGE_SIZE, so that this test |
| 42 | * can be fairly lightweight. |
| 43 | * No one can read/write anything from userland in the kernel space by setting |
| 44 | * large size and address near to PAGE_OFFSET - a fault will break his intentions. |
| 45 | */ |
| 46 | #define __user_ok(addr, size) ({ (void)(size); (addr) < STACK_TOP; }) |
| 47 | #define __kernel_ok (segment_eq(get_fs(), KERNEL_DS)) |
| 48 | #define __access_ok(addr,size) (__user_ok((addr) & get_fs().seg,(size))) |
| 49 | #define access_ok(type, addr, size) \ |
| 50 | ({ (void)(type); __access_ok((unsigned long)(addr), size); }) |
| 51 | |
| 52 | /* |
| 53 | * The exception table consists of pairs of addresses: the first is the |
| 54 | * address of an instruction that is allowed to fault, and the second is |
| 55 | * the address at which the program should continue. No registers are |
| 56 | * modified, so it is entirely up to the continuation code to figure out |
| 57 | * what to do. |
| 58 | * |
| 59 | * All the routines below use bits of fixup code that are out of line |
| 60 | * with the main instruction path. This means when everything is well, |
| 61 | * we don't even have to jump over them. Further, they do not intrude |
| 62 | * on our cache or tlb entries. |
| 63 | * |
| 64 | * There is a special way how to put a range of potentially faulting |
| 65 | * insns (like twenty ldd/std's with now intervening other instructions) |
| 66 | * You specify address of first in insn and 0 in fixup and in the next |
| 67 | * exception_table_entry you specify last potentially faulting insn + 1 |
| 68 | * and in fixup the routine which should handle the fault. |
| 69 | * That fixup code will get |
| 70 | * (faulting_insn_address - first_insn_in_the_range_address)/4 |
| 71 | * in %g2 (ie. index of the faulting instruction in the range). |
| 72 | */ |
| 73 | |
| 74 | struct exception_table_entry |
| 75 | { |
| 76 | unsigned long insn, fixup; |
| 77 | }; |
| 78 | |
| 79 | /* Returns 0 if exception not found and fixup otherwise. */ |
| 80 | extern unsigned long search_extables_range(unsigned long addr, unsigned long *g2); |
| 81 | |
| 82 | extern void __ret_efault(void); |
| 83 | |
| 84 | /* Uh, these should become the main single-value transfer routines.. |
| 85 | * They automatically use the right size if we just have the right |
| 86 | * pointer type.. |
| 87 | * |
| 88 | * This gets kind of ugly. We want to return _two_ values in "get_user()" |
| 89 | * and yet we don't want to do any pointers, because that is too much |
| 90 | * of a performance impact. Thus we have a few rather ugly macros here, |
| 91 | * and hide all the ugliness from the user. |
| 92 | */ |
| 93 | #define put_user(x,ptr) ({ \ |
| 94 | unsigned long __pu_addr = (unsigned long)(ptr); \ |
| 95 | __chk_user_ptr(ptr); \ |
| 96 | __put_user_check((__typeof__(*(ptr)))(x),__pu_addr,sizeof(*(ptr))); }) |
| 97 | |
| 98 | #define get_user(x,ptr) ({ \ |
| 99 | unsigned long __gu_addr = (unsigned long)(ptr); \ |
| 100 | __chk_user_ptr(ptr); \ |
| 101 | __get_user_check((x),__gu_addr,sizeof(*(ptr)),__typeof__(*(ptr))); }) |
| 102 | |
| 103 | /* |
| 104 | * The "__xxx" versions do not do address space checking, useful when |
| 105 | * doing multiple accesses to the same area (the user has to do the |
| 106 | * checks by hand with "access_ok()") |
| 107 | */ |
| 108 | #define __put_user(x,ptr) __put_user_nocheck((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr))) |
| 109 | #define __get_user(x,ptr) __get_user_nocheck((x),(ptr),sizeof(*(ptr)),__typeof__(*(ptr))) |
| 110 | |
| 111 | struct __large_struct { unsigned long buf[100]; }; |
| 112 | #define __m(x) ((struct __large_struct __user *)(x)) |
| 113 | |
| 114 | #define __put_user_check(x,addr,size) ({ \ |
| 115 | register int __pu_ret; \ |
| 116 | if (__access_ok(addr,size)) { \ |
| 117 | switch (size) { \ |
| 118 | case 1: __put_user_asm(x,b,addr,__pu_ret); break; \ |
| 119 | case 2: __put_user_asm(x,h,addr,__pu_ret); break; \ |
| 120 | case 4: __put_user_asm(x,,addr,__pu_ret); break; \ |
| 121 | case 8: __put_user_asm(x,d,addr,__pu_ret); break; \ |
| 122 | default: __pu_ret = __put_user_bad(); break; \ |
| 123 | } } else { __pu_ret = -EFAULT; } __pu_ret; }) |
| 124 | |
| 125 | #define __put_user_nocheck(x,addr,size) ({ \ |
| 126 | register int __pu_ret; \ |
| 127 | switch (size) { \ |
| 128 | case 1: __put_user_asm(x,b,addr,__pu_ret); break; \ |
| 129 | case 2: __put_user_asm(x,h,addr,__pu_ret); break; \ |
| 130 | case 4: __put_user_asm(x,,addr,__pu_ret); break; \ |
| 131 | case 8: __put_user_asm(x,d,addr,__pu_ret); break; \ |
| 132 | default: __pu_ret = __put_user_bad(); break; \ |
| 133 | } __pu_ret; }) |
| 134 | |
| 135 | #define __put_user_asm(x,size,addr,ret) \ |
| 136 | __asm__ __volatile__( \ |
| 137 | "/* Put user asm, inline. */\n" \ |
| 138 | "1:\t" "st"#size " %1, %2\n\t" \ |
| 139 | "clr %0\n" \ |
| 140 | "2:\n\n\t" \ |
| 141 | ".section .fixup,#alloc,#execinstr\n\t" \ |
| 142 | ".align 4\n" \ |
| 143 | "3:\n\t" \ |
| 144 | "b 2b\n\t" \ |
| 145 | " mov %3, %0\n\t" \ |
| 146 | ".previous\n\n\t" \ |
| 147 | ".section __ex_table,#alloc\n\t" \ |
| 148 | ".align 4\n\t" \ |
| 149 | ".word 1b, 3b\n\t" \ |
| 150 | ".previous\n\n\t" \ |
| 151 | : "=&r" (ret) : "r" (x), "m" (*__m(addr)), \ |
| 152 | "i" (-EFAULT)) |
| 153 | |
| 154 | extern int __put_user_bad(void); |
| 155 | |
| 156 | #define __get_user_check(x,addr,size,type) ({ \ |
| 157 | register int __gu_ret; \ |
| 158 | register unsigned long __gu_val; \ |
| 159 | if (__access_ok(addr,size)) { \ |
| 160 | switch (size) { \ |
| 161 | case 1: __get_user_asm(__gu_val,ub,addr,__gu_ret); break; \ |
| 162 | case 2: __get_user_asm(__gu_val,uh,addr,__gu_ret); break; \ |
| 163 | case 4: __get_user_asm(__gu_val,,addr,__gu_ret); break; \ |
| 164 | case 8: __get_user_asm(__gu_val,d,addr,__gu_ret); break; \ |
| 165 | default: __gu_val = 0; __gu_ret = __get_user_bad(); break; \ |
| 166 | } } else { __gu_val = 0; __gu_ret = -EFAULT; } x = (type) __gu_val; __gu_ret; }) |
| 167 | |
| 168 | #define __get_user_check_ret(x,addr,size,type,retval) ({ \ |
| 169 | register unsigned long __gu_val __asm__ ("l1"); \ |
| 170 | if (__access_ok(addr,size)) { \ |
| 171 | switch (size) { \ |
| 172 | case 1: __get_user_asm_ret(__gu_val,ub,addr,retval); break; \ |
| 173 | case 2: __get_user_asm_ret(__gu_val,uh,addr,retval); break; \ |
| 174 | case 4: __get_user_asm_ret(__gu_val,,addr,retval); break; \ |
| 175 | case 8: __get_user_asm_ret(__gu_val,d,addr,retval); break; \ |
| 176 | default: if (__get_user_bad()) return retval; \ |
| 177 | } x = (type) __gu_val; } else return retval; }) |
| 178 | |
| 179 | #define __get_user_nocheck(x,addr,size,type) ({ \ |
| 180 | register int __gu_ret; \ |
| 181 | register unsigned long __gu_val; \ |
| 182 | switch (size) { \ |
| 183 | case 1: __get_user_asm(__gu_val,ub,addr,__gu_ret); break; \ |
| 184 | case 2: __get_user_asm(__gu_val,uh,addr,__gu_ret); break; \ |
| 185 | case 4: __get_user_asm(__gu_val,,addr,__gu_ret); break; \ |
| 186 | case 8: __get_user_asm(__gu_val,d,addr,__gu_ret); break; \ |
| 187 | default: __gu_val = 0; __gu_ret = __get_user_bad(); break; \ |
| 188 | } x = (type) __gu_val; __gu_ret; }) |
| 189 | |
| 190 | #define __get_user_nocheck_ret(x,addr,size,type,retval) ({ \ |
| 191 | register unsigned long __gu_val __asm__ ("l1"); \ |
| 192 | switch (size) { \ |
| 193 | case 1: __get_user_asm_ret(__gu_val,ub,addr,retval); break; \ |
| 194 | case 2: __get_user_asm_ret(__gu_val,uh,addr,retval); break; \ |
| 195 | case 4: __get_user_asm_ret(__gu_val,,addr,retval); break; \ |
| 196 | case 8: __get_user_asm_ret(__gu_val,d,addr,retval); break; \ |
| 197 | default: if (__get_user_bad()) return retval; \ |
| 198 | } x = (type) __gu_val; }) |
| 199 | |
| 200 | #define __get_user_asm(x,size,addr,ret) \ |
| 201 | __asm__ __volatile__( \ |
| 202 | "/* Get user asm, inline. */\n" \ |
| 203 | "1:\t" "ld"#size " %2, %1\n\t" \ |
| 204 | "clr %0\n" \ |
| 205 | "2:\n\n\t" \ |
| 206 | ".section .fixup,#alloc,#execinstr\n\t" \ |
| 207 | ".align 4\n" \ |
| 208 | "3:\n\t" \ |
| 209 | "clr %1\n\t" \ |
| 210 | "b 2b\n\t" \ |
| 211 | " mov %3, %0\n\n\t" \ |
| 212 | ".previous\n\t" \ |
| 213 | ".section __ex_table,#alloc\n\t" \ |
| 214 | ".align 4\n\t" \ |
| 215 | ".word 1b, 3b\n\n\t" \ |
| 216 | ".previous\n\t" \ |
| 217 | : "=&r" (ret), "=&r" (x) : "m" (*__m(addr)), \ |
| 218 | "i" (-EFAULT)) |
| 219 | |
| 220 | #define __get_user_asm_ret(x,size,addr,retval) \ |
| 221 | if (__builtin_constant_p(retval) && retval == -EFAULT) \ |
| 222 | __asm__ __volatile__( \ |
| 223 | "/* Get user asm ret, inline. */\n" \ |
| 224 | "1:\t" "ld"#size " %1, %0\n\n\t" \ |
| 225 | ".section __ex_table,#alloc\n\t" \ |
| 226 | ".align 4\n\t" \ |
| 227 | ".word 1b,__ret_efault\n\n\t" \ |
| 228 | ".previous\n\t" \ |
| 229 | : "=&r" (x) : "m" (*__m(addr))); \ |
| 230 | else \ |
| 231 | __asm__ __volatile__( \ |
| 232 | "/* Get user asm ret, inline. */\n" \ |
| 233 | "1:\t" "ld"#size " %1, %0\n\n\t" \ |
| 234 | ".section .fixup,#alloc,#execinstr\n\t" \ |
| 235 | ".align 4\n" \ |
| 236 | "3:\n\t" \ |
| 237 | "ret\n\t" \ |
| 238 | " restore %%g0, %2, %%o0\n\n\t" \ |
| 239 | ".previous\n\t" \ |
| 240 | ".section __ex_table,#alloc\n\t" \ |
| 241 | ".align 4\n\t" \ |
| 242 | ".word 1b, 3b\n\n\t" \ |
| 243 | ".previous\n\t" \ |
| 244 | : "=&r" (x) : "m" (*__m(addr)), "i" (retval)) |
| 245 | |
| 246 | extern int __get_user_bad(void); |
| 247 | |
| 248 | extern unsigned long __copy_user(void __user *to, const void __user *from, unsigned long size); |
| 249 | |
| 250 | static inline unsigned long copy_to_user(void __user *to, const void *from, unsigned long n) |
| 251 | { |
| 252 | if (n && __access_ok((unsigned long) to, n)) |
| 253 | return __copy_user(to, (__force void __user *) from, n); |
| 254 | else |
| 255 | return n; |
| 256 | } |
| 257 | |
| 258 | static inline unsigned long __copy_to_user(void __user *to, const void *from, unsigned long n) |
| 259 | { |
| 260 | return __copy_user(to, (__force void __user *) from, n); |
| 261 | } |
| 262 | |
David S. Miller | fb34035 | 2009-12-10 23:05:23 -0800 | [diff] [blame] | 263 | extern void copy_from_user_overflow(void) |
| 264 | #ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS |
| 265 | __compiletime_error("copy_from_user() buffer size is not provably correct") |
| 266 | #else |
| 267 | __compiletime_warning("copy_from_user() buffer size is not provably correct") |
| 268 | #endif |
| 269 | ; |
| 270 | |
Sam Ravnborg | f5e706a | 2008-07-17 21:55:51 -0700 | [diff] [blame] | 271 | static inline unsigned long copy_from_user(void *to, const void __user *from, unsigned long n) |
| 272 | { |
David S. Miller | fb34035 | 2009-12-10 23:05:23 -0800 | [diff] [blame] | 273 | int sz = __compiletime_object_size(to); |
| 274 | |
| 275 | if (unlikely(sz != -1 && sz < n)) { |
| 276 | copy_from_user_overflow(); |
Heiko Carstens | 6df1c17 | 2010-01-05 20:41:48 -0800 | [diff] [blame] | 277 | return n; |
David S. Miller | fb34035 | 2009-12-10 23:05:23 -0800 | [diff] [blame] | 278 | } |
| 279 | |
Sam Ravnborg | f5e706a | 2008-07-17 21:55:51 -0700 | [diff] [blame] | 280 | if (n && __access_ok((unsigned long) from, n)) |
| 281 | return __copy_user((__force void __user *) to, from, n); |
| 282 | else |
| 283 | return n; |
| 284 | } |
| 285 | |
| 286 | static inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long n) |
| 287 | { |
| 288 | return __copy_user((__force void __user *) to, from, n); |
| 289 | } |
| 290 | |
| 291 | #define __copy_to_user_inatomic __copy_to_user |
| 292 | #define __copy_from_user_inatomic __copy_from_user |
| 293 | |
| 294 | static inline unsigned long __clear_user(void __user *addr, unsigned long size) |
| 295 | { |
| 296 | unsigned long ret; |
| 297 | |
| 298 | __asm__ __volatile__ ( |
| 299 | ".section __ex_table,#alloc\n\t" |
| 300 | ".align 4\n\t" |
| 301 | ".word 1f,3\n\t" |
| 302 | ".previous\n\t" |
| 303 | "mov %2, %%o1\n" |
| 304 | "1:\n\t" |
| 305 | "call __bzero\n\t" |
| 306 | " mov %1, %%o0\n\t" |
| 307 | "mov %%o0, %0\n" |
| 308 | : "=r" (ret) : "r" (addr), "r" (size) : |
| 309 | "o0", "o1", "o2", "o3", "o4", "o5", "o7", |
| 310 | "g1", "g2", "g3", "g4", "g5", "g7", "cc"); |
| 311 | |
| 312 | return ret; |
| 313 | } |
| 314 | |
| 315 | static inline unsigned long clear_user(void __user *addr, unsigned long n) |
| 316 | { |
| 317 | if (n && __access_ok((unsigned long) addr, n)) |
| 318 | return __clear_user(addr, n); |
| 319 | else |
| 320 | return n; |
| 321 | } |
| 322 | |
| 323 | extern long __strncpy_from_user(char *dest, const char __user *src, long count); |
| 324 | |
| 325 | static inline long strncpy_from_user(char *dest, const char __user *src, long count) |
| 326 | { |
| 327 | if (__access_ok((unsigned long) src, count)) |
| 328 | return __strncpy_from_user(dest, src, count); |
| 329 | else |
| 330 | return -EFAULT; |
| 331 | } |
| 332 | |
| 333 | extern long __strlen_user(const char __user *); |
| 334 | extern long __strnlen_user(const char __user *, long len); |
| 335 | |
| 336 | static inline long strlen_user(const char __user *str) |
| 337 | { |
| 338 | if (!access_ok(VERIFY_READ, str, 0)) |
| 339 | return 0; |
| 340 | else |
| 341 | return __strlen_user(str); |
| 342 | } |
| 343 | |
| 344 | static inline long strnlen_user(const char __user *str, long len) |
| 345 | { |
| 346 | if (!access_ok(VERIFY_READ, str, 0)) |
| 347 | return 0; |
| 348 | else |
| 349 | return __strnlen_user(str, len); |
| 350 | } |
| 351 | |
| 352 | #endif /* __ASSEMBLY__ */ |
| 353 | |
| 354 | #endif /* _ASM_UACCESS_H */ |