Chris Zankel | 9a8fd55 | 2005-06-23 22:01:26 -0700 | [diff] [blame^] | 1 | /* |
| 2 | * include/asm-xtensa/uaccess.h |
| 3 | * |
| 4 | * User space memory access functions |
| 5 | * |
| 6 | * These routines provide basic accessing functions to the user memory |
| 7 | * space for the kernel. This header file provides fuctions such as: |
| 8 | * |
| 9 | * This file is subject to the terms and conditions of the GNU General Public |
| 10 | * License. See the file "COPYING" in the main directory of this archive |
| 11 | * for more details. |
| 12 | * |
| 13 | * Copyright (C) 2001 - 2005 Tensilica Inc. |
| 14 | */ |
| 15 | |
| 16 | #ifndef _XTENSA_UACCESS_H |
| 17 | #define _XTENSA_UACCESS_H |
| 18 | |
| 19 | #include <linux/errno.h> |
| 20 | |
| 21 | #define VERIFY_READ 0 |
| 22 | #define VERIFY_WRITE 1 |
| 23 | |
| 24 | #ifdef __ASSEMBLY__ |
| 25 | |
| 26 | #define _ASMLANGUAGE |
| 27 | #include <asm/current.h> |
| 28 | #include <asm/offsets.h> |
| 29 | #include <asm/processor.h> |
| 30 | |
| 31 | /* |
| 32 | * These assembly macros mirror the C macros that follow below. They |
| 33 | * should always have identical functionality. See |
| 34 | * arch/xtensa/kernel/sys.S for usage. |
| 35 | */ |
| 36 | |
| 37 | #define KERNEL_DS 0 |
| 38 | #define USER_DS 1 |
| 39 | |
| 40 | #define get_ds (KERNEL_DS) |
| 41 | |
| 42 | /* |
| 43 | * get_fs reads current->thread.current_ds into a register. |
| 44 | * On Entry: |
| 45 | * <ad> anything |
| 46 | * <sp> stack |
| 47 | * On Exit: |
| 48 | * <ad> contains current->thread.current_ds |
| 49 | */ |
| 50 | .macro get_fs ad, sp |
| 51 | GET_CURRENT(\ad,\sp) |
| 52 | l32i \ad, \ad, THREAD_CURRENT_DS |
| 53 | .endm |
| 54 | |
| 55 | /* |
| 56 | * set_fs sets current->thread.current_ds to some value. |
| 57 | * On Entry: |
| 58 | * <at> anything (temp register) |
| 59 | * <av> value to write |
| 60 | * <sp> stack |
| 61 | * On Exit: |
| 62 | * <at> destroyed (actually, current) |
| 63 | * <av> preserved, value to write |
| 64 | */ |
| 65 | .macro set_fs at, av, sp |
| 66 | GET_CURRENT(\at,\sp) |
| 67 | s32i \av, \at, THREAD_CURRENT_DS |
| 68 | .endm |
| 69 | |
| 70 | /* |
| 71 | * kernel_ok determines whether we should bypass addr/size checking. |
| 72 | * See the equivalent C-macro version below for clarity. |
| 73 | * On success, kernel_ok branches to a label indicated by parameter |
| 74 | * <success>. This implies that the macro falls through to the next |
| 75 | * insruction on an error. |
| 76 | * |
| 77 | * Note that while this macro can be used independently, we designed |
| 78 | * in for optimal use in the access_ok macro below (i.e., we fall |
| 79 | * through on error). |
| 80 | * |
| 81 | * On Entry: |
| 82 | * <at> anything (temp register) |
| 83 | * <success> label to branch to on success; implies |
| 84 | * fall-through macro on error |
| 85 | * <sp> stack pointer |
| 86 | * On Exit: |
| 87 | * <at> destroyed (actually, current->thread.current_ds) |
| 88 | */ |
| 89 | |
| 90 | #if ((KERNEL_DS != 0) || (USER_DS == 0)) |
| 91 | # error Assembly macro kernel_ok fails |
| 92 | #endif |
| 93 | .macro kernel_ok at, sp, success |
| 94 | get_fs \at, \sp |
| 95 | beqz \at, \success |
| 96 | .endm |
| 97 | |
| 98 | /* |
| 99 | * user_ok determines whether the access to user-space memory is allowed. |
| 100 | * See the equivalent C-macro version below for clarity. |
| 101 | * |
| 102 | * On error, user_ok branches to a label indicated by parameter |
| 103 | * <error>. This implies that the macro falls through to the next |
| 104 | * instruction on success. |
| 105 | * |
| 106 | * Note that while this macro can be used independently, we designed |
| 107 | * in for optimal use in the access_ok macro below (i.e., we fall |
| 108 | * through on success). |
| 109 | * |
| 110 | * On Entry: |
| 111 | * <aa> register containing memory address |
| 112 | * <as> register containing memory size |
| 113 | * <at> temp register |
| 114 | * <error> label to branch to on error; implies fall-through |
| 115 | * macro on success |
| 116 | * On Exit: |
| 117 | * <aa> preserved |
| 118 | * <as> preserved |
| 119 | * <at> destroyed (actually, (TASK_SIZE + 1 - size)) |
| 120 | */ |
| 121 | .macro user_ok aa, as, at, error |
| 122 | movi \at, (TASK_SIZE+1) |
| 123 | bgeu \as, \at, \error |
| 124 | sub \at, \at, \as |
| 125 | bgeu \aa, \at, \error |
| 126 | .endm |
| 127 | |
| 128 | /* |
| 129 | * access_ok determines whether a memory access is allowed. See the |
| 130 | * equivalent C-macro version below for clarity. |
| 131 | * |
| 132 | * On error, access_ok branches to a label indicated by parameter |
| 133 | * <error>. This implies that the macro falls through to the next |
| 134 | * instruction on success. |
| 135 | * |
| 136 | * Note that we assume success is the common case, and we optimize the |
| 137 | * branch fall-through case on success. |
| 138 | * |
| 139 | * On Entry: |
| 140 | * <aa> register containing memory address |
| 141 | * <as> register containing memory size |
| 142 | * <at> temp register |
| 143 | * <sp> |
| 144 | * <error> label to branch to on error; implies fall-through |
| 145 | * macro on success |
| 146 | * On Exit: |
| 147 | * <aa> preserved |
| 148 | * <as> preserved |
| 149 | * <at> destroyed |
| 150 | */ |
| 151 | .macro access_ok aa, as, at, sp, error |
| 152 | kernel_ok \at, \sp, .Laccess_ok_\@ |
| 153 | user_ok \aa, \as, \at, \error |
| 154 | .Laccess_ok_\@: |
| 155 | .endm |
| 156 | |
| 157 | /* |
| 158 | * verify_area determines whether a memory access is allowed. It's |
| 159 | * mostly an unnecessary wrapper for access_ok, but we provide it as a |
| 160 | * duplicate of the verify_area() C inline function below. See the |
| 161 | * equivalent C version below for clarity. |
| 162 | * |
| 163 | * On error, verify_area branches to a label indicated by parameter |
| 164 | * <error>. This implies that the macro falls through to the next |
| 165 | * instruction on success. |
| 166 | * |
| 167 | * Note that we assume success is the common case, and we optimize the |
| 168 | * branch fall-through case on success. |
| 169 | * |
| 170 | * On Entry: |
| 171 | * <aa> register containing memory address |
| 172 | * <as> register containing memory size |
| 173 | * <at> temp register |
| 174 | * <error> label to branch to on error; implies fall-through |
| 175 | * macro on success |
| 176 | * On Exit: |
| 177 | * <aa> preserved |
| 178 | * <as> preserved |
| 179 | * <at> destroyed |
| 180 | */ |
| 181 | .macro verify_area aa, as, at, sp, error |
| 182 | access_ok \at, \aa, \as, \sp, \error |
| 183 | .endm |
| 184 | |
| 185 | |
| 186 | #else /* __ASSEMBLY__ not defined */ |
| 187 | |
| 188 | #include <linux/sched.h> |
| 189 | #include <asm/types.h> |
| 190 | |
| 191 | /* |
| 192 | * The fs value determines whether argument validity checking should |
| 193 | * be performed or not. If get_fs() == USER_DS, checking is |
| 194 | * performed, with get_fs() == KERNEL_DS, checking is bypassed. |
| 195 | * |
| 196 | * For historical reasons (Data Segment Register?), these macros are |
| 197 | * grossly misnamed. |
| 198 | */ |
| 199 | |
| 200 | #define KERNEL_DS ((mm_segment_t) { 0 }) |
| 201 | #define USER_DS ((mm_segment_t) { 1 }) |
| 202 | |
| 203 | #define get_ds() (KERNEL_DS) |
| 204 | #define get_fs() (current->thread.current_ds) |
| 205 | #define set_fs(val) (current->thread.current_ds = (val)) |
| 206 | |
| 207 | #define segment_eq(a,b) ((a).seg == (b).seg) |
| 208 | |
| 209 | #define __kernel_ok (segment_eq(get_fs(), KERNEL_DS)) |
| 210 | #define __user_ok(addr,size) (((size) <= TASK_SIZE)&&((addr) <= TASK_SIZE-(size))) |
| 211 | #define __access_ok(addr,size) (__kernel_ok || __user_ok((addr),(size))) |
| 212 | #define access_ok(type,addr,size) __access_ok((unsigned long)(addr),(size)) |
| 213 | |
| 214 | extern inline int verify_area(int type, const void * addr, unsigned long size) |
| 215 | { |
| 216 | return access_ok(type,addr,size) ? 0 : -EFAULT; |
| 217 | } |
| 218 | |
| 219 | /* |
| 220 | * These are the main single-value transfer routines. They |
| 221 | * automatically use the right size if we just have the right pointer |
| 222 | * type. |
| 223 | * |
| 224 | * This gets kind of ugly. We want to return _two_ values in |
| 225 | * "get_user()" and yet we don't want to do any pointers, because that |
| 226 | * is too much of a performance impact. Thus we have a few rather ugly |
| 227 | * macros here, and hide all the uglyness from the user. |
| 228 | * |
| 229 | * Careful to not |
| 230 | * (a) re-use the arguments for side effects (sizeof is ok) |
| 231 | * (b) require any knowledge of processes at this stage |
| 232 | */ |
| 233 | #define put_user(x,ptr) __put_user_check((x),(ptr),sizeof(*(ptr))) |
| 234 | #define get_user(x,ptr) __get_user_check((x),(ptr),sizeof(*(ptr))) |
| 235 | |
| 236 | /* |
| 237 | * The "__xxx" versions of the user access functions are versions that |
| 238 | * do not verify the address space, that must have been done previously |
| 239 | * with a separate "access_ok()" call (this is used when we do multiple |
| 240 | * accesses to the same area of user memory). |
| 241 | */ |
| 242 | #define __put_user(x,ptr) __put_user_nocheck((x),(ptr),sizeof(*(ptr))) |
| 243 | #define __get_user(x,ptr) __get_user_nocheck((x),(ptr),sizeof(*(ptr))) |
| 244 | |
| 245 | |
| 246 | extern long __put_user_bad(void); |
| 247 | |
| 248 | #define __put_user_nocheck(x,ptr,size) \ |
| 249 | ({ \ |
| 250 | long __pu_err; \ |
| 251 | __put_user_size((x),(ptr),(size),__pu_err); \ |
| 252 | __pu_err; \ |
| 253 | }) |
| 254 | |
| 255 | #define __put_user_check(x,ptr,size) \ |
| 256 | ({ \ |
| 257 | long __pu_err = -EFAULT; \ |
| 258 | __typeof__(*(ptr)) *__pu_addr = (ptr); \ |
| 259 | if (access_ok(VERIFY_WRITE,__pu_addr,size)) \ |
| 260 | __put_user_size((x),__pu_addr,(size),__pu_err); \ |
| 261 | __pu_err; \ |
| 262 | }) |
| 263 | |
| 264 | #define __put_user_size(x,ptr,size,retval) \ |
| 265 | do { \ |
| 266 | retval = 0; \ |
| 267 | switch (size) { \ |
| 268 | case 1: __put_user_asm(x,ptr,retval,1,"s8i"); break; \ |
| 269 | case 2: __put_user_asm(x,ptr,retval,2,"s16i"); break; \ |
| 270 | case 4: __put_user_asm(x,ptr,retval,4,"s32i"); break; \ |
| 271 | case 8: { \ |
| 272 | __typeof__(*ptr) __v64 = x; \ |
| 273 | retval = __copy_to_user(ptr,&__v64,8); \ |
| 274 | break; \ |
| 275 | } \ |
| 276 | default: __put_user_bad(); \ |
| 277 | } \ |
| 278 | } while (0) |
| 279 | |
| 280 | |
| 281 | /* |
| 282 | * Consider a case of a user single load/store would cause both an |
| 283 | * unaligned exception and an MMU-related exception (unaligned |
| 284 | * exceptions happen first): |
| 285 | * |
| 286 | * User code passes a bad variable ptr to a system call. |
| 287 | * Kernel tries to access the variable. |
| 288 | * Unaligned exception occurs. |
| 289 | * Unaligned exception handler tries to make aligned accesses. |
| 290 | * Double exception occurs for MMU-related cause (e.g., page not mapped). |
| 291 | * do_page_fault() thinks the fault address belongs to the kernel, not the |
| 292 | * user, and panics. |
| 293 | * |
| 294 | * The kernel currently prohibits user unaligned accesses. We use the |
| 295 | * __check_align_* macros to check for unaligned addresses before |
| 296 | * accessing user space so we don't crash the kernel. Both |
| 297 | * __put_user_asm and __get_user_asm use these alignment macros, so |
| 298 | * macro-specific labels such as 0f, 1f, %0, %2, and %3 must stay in |
| 299 | * sync. |
| 300 | */ |
| 301 | |
| 302 | #define __check_align_1 "" |
| 303 | |
| 304 | #define __check_align_2 \ |
| 305 | " _bbci.l %2, 0, 1f \n" \ |
| 306 | " movi %0, %3 \n" \ |
| 307 | " _j 2f \n" |
| 308 | |
| 309 | #define __check_align_4 \ |
| 310 | " _bbsi.l %2, 0, 0f \n" \ |
| 311 | " _bbci.l %2, 1, 1f \n" \ |
| 312 | "0: movi %0, %3 \n" \ |
| 313 | " _j 2f \n" |
| 314 | |
| 315 | |
| 316 | /* |
| 317 | * We don't tell gcc that we are accessing memory, but this is OK |
| 318 | * because we do not write to any memory gcc knows about, so there |
| 319 | * are no aliasing issues. |
| 320 | * |
| 321 | * WARNING: If you modify this macro at all, verify that the |
| 322 | * __check_align_* macros still work. |
| 323 | */ |
| 324 | #define __put_user_asm(x, addr, err, align, insn) \ |
| 325 | __asm__ __volatile__( \ |
| 326 | __check_align_##align \ |
| 327 | "1: "insn" %1, %2, 0 \n" \ |
| 328 | "2: \n" \ |
| 329 | " .section .fixup,\"ax\" \n" \ |
| 330 | " .align 4 \n" \ |
| 331 | "4: \n" \ |
| 332 | " .long 2b \n" \ |
| 333 | "5: \n" \ |
| 334 | " l32r %2, 4b \n" \ |
| 335 | " movi %0, %3 \n" \ |
| 336 | " jx %2 \n" \ |
| 337 | " .previous \n" \ |
| 338 | " .section __ex_table,\"a\" \n" \ |
| 339 | " .long 1b, 5b \n" \ |
| 340 | " .previous" \ |
| 341 | :"=r" (err) \ |
| 342 | :"r" ((int)(x)), "r" (addr), "i" (-EFAULT), "0" (err)) |
| 343 | |
| 344 | #define __get_user_nocheck(x,ptr,size) \ |
| 345 | ({ \ |
| 346 | long __gu_err, __gu_val; \ |
| 347 | __get_user_size(__gu_val,(ptr),(size),__gu_err); \ |
| 348 | (x) = (__typeof__(*(ptr)))__gu_val; \ |
| 349 | __gu_err; \ |
| 350 | }) |
| 351 | |
| 352 | #define __get_user_check(x,ptr,size) \ |
| 353 | ({ \ |
| 354 | long __gu_err = -EFAULT, __gu_val = 0; \ |
| 355 | const __typeof__(*(ptr)) *__gu_addr = (ptr); \ |
| 356 | if (access_ok(VERIFY_READ,__gu_addr,size)) \ |
| 357 | __get_user_size(__gu_val,__gu_addr,(size),__gu_err); \ |
| 358 | (x) = (__typeof__(*(ptr)))__gu_val; \ |
| 359 | __gu_err; \ |
| 360 | }) |
| 361 | |
| 362 | extern long __get_user_bad(void); |
| 363 | |
| 364 | #define __get_user_size(x,ptr,size,retval) \ |
| 365 | do { \ |
| 366 | retval = 0; \ |
| 367 | switch (size) { \ |
| 368 | case 1: __get_user_asm(x,ptr,retval,1,"l8ui"); break; \ |
| 369 | case 2: __get_user_asm(x,ptr,retval,2,"l16ui"); break; \ |
| 370 | case 4: __get_user_asm(x,ptr,retval,4,"l32i"); break; \ |
| 371 | case 8: retval = __copy_from_user(&x,ptr,8); break; \ |
| 372 | default: (x) = __get_user_bad(); \ |
| 373 | } \ |
| 374 | } while (0) |
| 375 | |
| 376 | |
| 377 | /* |
| 378 | * WARNING: If you modify this macro at all, verify that the |
| 379 | * __check_align_* macros still work. |
| 380 | */ |
| 381 | #define __get_user_asm(x, addr, err, align, insn) \ |
| 382 | __asm__ __volatile__( \ |
| 383 | __check_align_##align \ |
| 384 | "1: "insn" %1, %2, 0 \n" \ |
| 385 | "2: \n" \ |
| 386 | " .section .fixup,\"ax\" \n" \ |
| 387 | " .align 4 \n" \ |
| 388 | "4: \n" \ |
| 389 | " .long 2b \n" \ |
| 390 | "5: \n" \ |
| 391 | " l32r %2, 4b \n" \ |
| 392 | " movi %1, 0 \n" \ |
| 393 | " movi %0, %3 \n" \ |
| 394 | " jx %2 \n" \ |
| 395 | " .previous \n" \ |
| 396 | " .section __ex_table,\"a\" \n" \ |
| 397 | " .long 1b, 5b \n" \ |
| 398 | " .previous" \ |
| 399 | :"=r" (err), "=r" (x) \ |
| 400 | :"r" (addr), "i" (-EFAULT), "0" (err)) |
| 401 | |
| 402 | |
| 403 | /* |
| 404 | * Copy to/from user space |
| 405 | */ |
| 406 | |
| 407 | /* |
| 408 | * We use a generic, arbitrary-sized copy subroutine. The Xtensa |
| 409 | * architecture would cause heavy code bloat if we tried to inline |
| 410 | * these functions and provide __constant_copy_* equivalents like the |
| 411 | * i386 versions. __xtensa_copy_user is quite efficient. See the |
| 412 | * .fixup section of __xtensa_copy_user for a discussion on the |
| 413 | * X_zeroing equivalents for Xtensa. |
| 414 | */ |
| 415 | |
| 416 | extern unsigned __xtensa_copy_user(void *to, const void *from, unsigned n); |
| 417 | #define __copy_user(to,from,size) __xtensa_copy_user(to,from,size) |
| 418 | |
| 419 | |
| 420 | static inline unsigned long |
| 421 | __generic_copy_from_user_nocheck(void *to, const void *from, unsigned long n) |
| 422 | { |
| 423 | return __copy_user(to,from,n); |
| 424 | } |
| 425 | |
| 426 | static inline unsigned long |
| 427 | __generic_copy_to_user_nocheck(void *to, const void *from, unsigned long n) |
| 428 | { |
| 429 | return __copy_user(to,from,n); |
| 430 | } |
| 431 | |
| 432 | static inline unsigned long |
| 433 | __generic_copy_to_user(void *to, const void *from, unsigned long n) |
| 434 | { |
| 435 | prefetch(from); |
| 436 | if (access_ok(VERIFY_WRITE, to, n)) |
| 437 | return __copy_user(to,from,n); |
| 438 | return n; |
| 439 | } |
| 440 | |
| 441 | static inline unsigned long |
| 442 | __generic_copy_from_user(void *to, const void *from, unsigned long n) |
| 443 | { |
| 444 | prefetchw(to); |
| 445 | if (access_ok(VERIFY_READ, from, n)) |
| 446 | return __copy_user(to,from,n); |
| 447 | else |
| 448 | memset(to, 0, n); |
| 449 | return n; |
| 450 | } |
| 451 | |
| 452 | #define copy_to_user(to,from,n) __generic_copy_to_user((to),(from),(n)) |
| 453 | #define copy_from_user(to,from,n) __generic_copy_from_user((to),(from),(n)) |
| 454 | #define __copy_to_user(to,from,n) __generic_copy_to_user_nocheck((to),(from),(n)) |
| 455 | #define __copy_from_user(to,from,n) __generic_copy_from_user_nocheck((to),(from),(n)) |
| 456 | #define __copy_to_user_inatomic __copy_to_user |
| 457 | #define __copy_from_user_inatomic __copy_from_user |
| 458 | |
| 459 | |
| 460 | /* |
| 461 | * We need to return the number of bytes not cleared. Our memset() |
| 462 | * returns zero if a problem occurs while accessing user-space memory. |
| 463 | * In that event, return no memory cleared. Otherwise, zero for |
| 464 | * success. |
| 465 | */ |
| 466 | |
| 467 | extern inline unsigned long |
| 468 | __xtensa_clear_user(void *addr, unsigned long size) |
| 469 | { |
| 470 | if ( ! memset(addr, 0, size) ) |
| 471 | return size; |
| 472 | return 0; |
| 473 | } |
| 474 | |
| 475 | extern inline unsigned long |
| 476 | clear_user(void *addr, unsigned long size) |
| 477 | { |
| 478 | if (access_ok(VERIFY_WRITE, addr, size)) |
| 479 | return __xtensa_clear_user(addr, size); |
| 480 | return size ? -EFAULT : 0; |
| 481 | } |
| 482 | |
| 483 | #define __clear_user __xtensa_clear_user |
| 484 | |
| 485 | |
| 486 | extern long __strncpy_user(char *, const char *, long); |
| 487 | #define __strncpy_from_user __strncpy_user |
| 488 | |
| 489 | extern inline long |
| 490 | strncpy_from_user(char *dst, const char *src, long count) |
| 491 | { |
| 492 | if (access_ok(VERIFY_READ, src, 1)) |
| 493 | return __strncpy_from_user(dst, src, count); |
| 494 | return -EFAULT; |
| 495 | } |
| 496 | |
| 497 | |
| 498 | #define strlen_user(str) strnlen_user((str), TASK_SIZE - 1) |
| 499 | |
| 500 | /* |
| 501 | * Return the size of a string (including the ending 0!) |
| 502 | */ |
| 503 | extern long __strnlen_user(const char *, long); |
| 504 | |
| 505 | extern inline long strnlen_user(const char *str, long len) |
| 506 | { |
| 507 | unsigned long top = __kernel_ok ? ~0UL : TASK_SIZE - 1; |
| 508 | |
| 509 | if ((unsigned long)str > top) |
| 510 | return 0; |
| 511 | return __strnlen_user(str, len); |
| 512 | } |
| 513 | |
| 514 | |
| 515 | struct exception_table_entry |
| 516 | { |
| 517 | unsigned long insn, fixup; |
| 518 | }; |
| 519 | |
| 520 | /* Returns 0 if exception not found and fixup.unit otherwise. */ |
| 521 | |
| 522 | extern unsigned long search_exception_table(unsigned long addr); |
| 523 | extern void sort_exception_table(void); |
| 524 | |
| 525 | /* Returns the new pc */ |
| 526 | #define fixup_exception(map_reg, fixup_unit, pc) \ |
| 527 | ({ \ |
| 528 | fixup_unit; \ |
| 529 | }) |
| 530 | |
| 531 | #endif /* __ASSEMBLY__ */ |
| 532 | #endif /* _XTENSA_UACCESS_H */ |