uaccess.h 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565
  1. /*
  2. * Copyright 2010 Tilera Corporation. All Rights Reserved.
  3. *
  4. * This program is free software; you can redistribute it and/or
  5. * modify it under the terms of the GNU General Public License
  6. * as published by the Free Software Foundation, version 2.
  7. *
  8. * This program is distributed in the hope that it will be useful, but
  9. * WITHOUT ANY WARRANTY; without even the implied warranty of
  10. * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, GOOD TITLE or
  11. * NON INFRINGEMENT. See the GNU General Public License for
  12. * more details.
  13. */
  14. #ifndef _ASM_TILE_UACCESS_H
  15. #define _ASM_TILE_UACCESS_H
  16. /*
  17. * User space memory access functions
  18. */
  19. #include <linux/sched.h>
  20. #include <linux/mm.h>
  21. #include <asm-generic/uaccess-unaligned.h>
  22. #include <asm/processor.h>
  23. #include <asm/page.h>
  24. #define VERIFY_READ 0
  25. #define VERIFY_WRITE 1
  26. /*
  27. * The fs value determines whether argument validity checking should be
  28. * performed or not. If get_fs() == USER_DS, checking is performed, with
  29. * get_fs() == KERNEL_DS, checking is bypassed.
  30. *
  31. * For historical reasons, these macros are grossly misnamed.
  32. */
  33. #define MAKE_MM_SEG(a) ((mm_segment_t) { (a) })
  34. #define KERNEL_DS MAKE_MM_SEG(-1UL)
  35. #define USER_DS MAKE_MM_SEG(PAGE_OFFSET)
  36. #define get_ds() (KERNEL_DS)
  37. #define get_fs() (current_thread_info()->addr_limit)
  38. #define set_fs(x) (current_thread_info()->addr_limit = (x))
  39. #define segment_eq(a, b) ((a).seg == (b).seg)
  40. #ifndef __tilegx__
  41. /*
  42. * We could allow mapping all 16 MB at 0xfc000000, but we set up a
  43. * special hack in arch_setup_additional_pages() to auto-create a mapping
  44. * for the first 16 KB, and it would seem strange to have different
  45. * user-accessible semantics for memory at 0xfc000000 and above 0xfc004000.
  46. */
  47. static inline int is_arch_mappable_range(unsigned long addr,
  48. unsigned long size)
  49. {
  50. return (addr >= MEM_USER_INTRPT &&
  51. addr < (MEM_USER_INTRPT + INTRPT_SIZE) &&
  52. size <= (MEM_USER_INTRPT + INTRPT_SIZE) - addr);
  53. }
  54. #define is_arch_mappable_range is_arch_mappable_range
  55. #else
  56. #define is_arch_mappable_range(addr, size) 0
  57. #endif
  58. /*
  59. * Note that using this definition ignores is_arch_mappable_range(),
  60. * so on tilepro code that uses user_addr_max() is constrained not
  61. * to reference the tilepro user-interrupt region.
  62. */
  63. #define user_addr_max() (current_thread_info()->addr_limit.seg)
  64. /*
  65. * Test whether a block of memory is a valid user space address.
  66. * Returns 0 if the range is valid, nonzero otherwise.
  67. */
  68. int __range_ok(unsigned long addr, unsigned long size);
  69. /**
  70. * access_ok: - Checks if a user space pointer is valid
  71. * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that
  72. * %VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe
  73. * to write to a block, it is always safe to read from it.
  74. * @addr: User space pointer to start of block to check
  75. * @size: Size of block to check
  76. *
  77. * Context: User context only. This function may sleep if pagefaults are
  78. * enabled.
  79. *
  80. * Checks if a pointer to a block of memory in user space is valid.
  81. *
  82. * Returns true (nonzero) if the memory block may be valid, false (zero)
  83. * if it is definitely invalid.
  84. *
  85. * Note that, depending on architecture, this function probably just
  86. * checks that the pointer is in the user space range - after calling
  87. * this function, memory access functions may still return -EFAULT.
  88. */
  89. #define access_ok(type, addr, size) ({ \
  90. __chk_user_ptr(addr); \
  91. likely(__range_ok((unsigned long)(addr), (size)) == 0); \
  92. })
  93. /*
  94. * The exception table consists of pairs of addresses: the first is the
  95. * address of an instruction that is allowed to fault, and the second is
  96. * the address at which the program should continue. No registers are
  97. * modified, so it is entirely up to the continuation code to figure out
  98. * what to do.
  99. *
  100. * All the routines below use bits of fixup code that are out of line
  101. * with the main instruction path. This means when everything is well,
  102. * we don't even have to jump over them. Further, they do not intrude
  103. * on our cache or tlb entries.
  104. */
  105. struct exception_table_entry {
  106. unsigned long insn, fixup;
  107. };
  108. extern int fixup_exception(struct pt_regs *regs);
  109. /*
  110. * This is a type: either unsigned long, if the argument fits into
  111. * that type, or otherwise unsigned long long.
  112. */
  113. #define __inttype(x) \
  114. __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
  115. /*
  116. * Support macros for __get_user().
  117. * Note that __get_user() and __put_user() assume proper alignment.
  118. */
  119. #ifdef __LP64__
  120. #define _ASM_PTR ".quad"
  121. #define _ASM_ALIGN ".align 8"
  122. #else
  123. #define _ASM_PTR ".long"
  124. #define _ASM_ALIGN ".align 4"
  125. #endif
  126. #define __get_user_asm(OP, x, ptr, ret) \
  127. asm volatile("1: {" #OP " %1, %2; movei %0, 0 }\n" \
  128. ".pushsection .fixup,\"ax\"\n" \
  129. "0: { movei %1, 0; movei %0, %3 }\n" \
  130. "j 9f\n" \
  131. ".section __ex_table,\"a\"\n" \
  132. _ASM_ALIGN "\n" \
  133. _ASM_PTR " 1b, 0b\n" \
  134. ".popsection\n" \
  135. "9:" \
  136. : "=r" (ret), "=r" (x) \
  137. : "r" (ptr), "i" (-EFAULT))
  138. #ifdef __tilegx__
  139. #define __get_user_1(x, ptr, ret) __get_user_asm(ld1u, x, ptr, ret)
  140. #define __get_user_2(x, ptr, ret) __get_user_asm(ld2u, x, ptr, ret)
  141. #define __get_user_4(x, ptr, ret) __get_user_asm(ld4s, x, ptr, ret)
  142. #define __get_user_8(x, ptr, ret) __get_user_asm(ld, x, ptr, ret)
  143. #else
  144. #define __get_user_1(x, ptr, ret) __get_user_asm(lb_u, x, ptr, ret)
  145. #define __get_user_2(x, ptr, ret) __get_user_asm(lh_u, x, ptr, ret)
  146. #define __get_user_4(x, ptr, ret) __get_user_asm(lw, x, ptr, ret)
  147. #ifdef __LITTLE_ENDIAN
  148. #define __lo32(a, b) a
  149. #define __hi32(a, b) b
  150. #else
  151. #define __lo32(a, b) b
  152. #define __hi32(a, b) a
  153. #endif
  154. #define __get_user_8(x, ptr, ret) \
  155. ({ \
  156. unsigned int __a, __b; \
  157. asm volatile("1: { lw %1, %3; addi %2, %3, 4 }\n" \
  158. "2: { lw %2, %2; movei %0, 0 }\n" \
  159. ".pushsection .fixup,\"ax\"\n" \
  160. "0: { movei %1, 0; movei %2, 0 }\n" \
  161. "{ movei %0, %4; j 9f }\n" \
  162. ".section __ex_table,\"a\"\n" \
  163. ".align 4\n" \
  164. ".word 1b, 0b\n" \
  165. ".word 2b, 0b\n" \
  166. ".popsection\n" \
  167. "9:" \
  168. : "=r" (ret), "=r" (__a), "=&r" (__b) \
  169. : "r" (ptr), "i" (-EFAULT)); \
  170. (x) = (__force __typeof(x))(__inttype(x)) \
  171. (((u64)__hi32(__a, __b) << 32) | \
  172. __lo32(__a, __b)); \
  173. })
  174. #endif
  175. extern int __get_user_bad(void)
  176. __attribute__((warning("sizeof __get_user argument not 1, 2, 4 or 8")));
  177. /**
  178. * __get_user: - Get a simple variable from user space, with less checking.
  179. * @x: Variable to store result.
  180. * @ptr: Source address, in user space.
  181. *
  182. * Context: User context only. This function may sleep if pagefaults are
  183. * enabled.
  184. *
  185. * This macro copies a single simple variable from user space to kernel
  186. * space. It supports simple types like char and int, but not larger
  187. * data types like structures or arrays.
  188. *
  189. * @ptr must have pointer-to-simple-variable type, and the result of
  190. * dereferencing @ptr must be assignable to @x without a cast.
  191. *
  192. * Returns zero on success, or -EFAULT on error.
  193. * On error, the variable @x is set to zero.
  194. *
  195. * Caller must check the pointer with access_ok() before calling this
  196. * function.
  197. */
  198. #define __get_user(x, ptr) \
  199. ({ \
  200. int __ret; \
  201. typeof(x) _x; \
  202. __chk_user_ptr(ptr); \
  203. switch (sizeof(*(ptr))) { \
  204. case 1: __get_user_1(_x, ptr, __ret); break; \
  205. case 2: __get_user_2(_x, ptr, __ret); break; \
  206. case 4: __get_user_4(_x, ptr, __ret); break; \
  207. case 8: __get_user_8(_x, ptr, __ret); break; \
  208. default: __ret = __get_user_bad(); break; \
  209. } \
  210. (x) = (typeof(*(ptr))) _x; \
  211. __ret; \
  212. })
  213. /* Support macros for __put_user(). */
  214. #define __put_user_asm(OP, x, ptr, ret) \
  215. asm volatile("1: {" #OP " %1, %2; movei %0, 0 }\n" \
  216. ".pushsection .fixup,\"ax\"\n" \
  217. "0: { movei %0, %3; j 9f }\n" \
  218. ".section __ex_table,\"a\"\n" \
  219. _ASM_ALIGN "\n" \
  220. _ASM_PTR " 1b, 0b\n" \
  221. ".popsection\n" \
  222. "9:" \
  223. : "=r" (ret) \
  224. : "r" (ptr), "r" (x), "i" (-EFAULT))
  225. #ifdef __tilegx__
  226. #define __put_user_1(x, ptr, ret) __put_user_asm(st1, x, ptr, ret)
  227. #define __put_user_2(x, ptr, ret) __put_user_asm(st2, x, ptr, ret)
  228. #define __put_user_4(x, ptr, ret) __put_user_asm(st4, x, ptr, ret)
  229. #define __put_user_8(x, ptr, ret) __put_user_asm(st, x, ptr, ret)
  230. #else
  231. #define __put_user_1(x, ptr, ret) __put_user_asm(sb, x, ptr, ret)
  232. #define __put_user_2(x, ptr, ret) __put_user_asm(sh, x, ptr, ret)
  233. #define __put_user_4(x, ptr, ret) __put_user_asm(sw, x, ptr, ret)
  234. #define __put_user_8(x, ptr, ret) \
  235. ({ \
  236. u64 __x = (__force __inttype(x))(x); \
  237. int __lo = (int) __x, __hi = (int) (__x >> 32); \
  238. asm volatile("1: { sw %1, %2; addi %0, %1, 4 }\n" \
  239. "2: { sw %0, %3; movei %0, 0 }\n" \
  240. ".pushsection .fixup,\"ax\"\n" \
  241. "0: { movei %0, %4; j 9f }\n" \
  242. ".section __ex_table,\"a\"\n" \
  243. ".align 4\n" \
  244. ".word 1b, 0b\n" \
  245. ".word 2b, 0b\n" \
  246. ".popsection\n" \
  247. "9:" \
  248. : "=&r" (ret) \
  249. : "r" (ptr), "r" (__lo32(__lo, __hi)), \
  250. "r" (__hi32(__lo, __hi)), "i" (-EFAULT)); \
  251. })
  252. #endif
  253. extern int __put_user_bad(void)
  254. __attribute__((warning("sizeof __put_user argument not 1, 2, 4 or 8")));
  255. /**
  256. * __put_user: - Write a simple value into user space, with less checking.
  257. * @x: Value to copy to user space.
  258. * @ptr: Destination address, in user space.
  259. *
  260. * Context: User context only. This function may sleep if pagefaults are
  261. * enabled.
  262. *
  263. * This macro copies a single simple value from kernel space to user
  264. * space. It supports simple types like char and int, but not larger
  265. * data types like structures or arrays.
  266. *
  267. * @ptr must have pointer-to-simple-variable type, and @x must be assignable
  268. * to the result of dereferencing @ptr.
  269. *
  270. * Caller must check the pointer with access_ok() before calling this
  271. * function.
  272. *
  273. * Returns zero on success, or -EFAULT on error.
  274. */
  275. #define __put_user(x, ptr) \
  276. ({ \
  277. int __ret; \
  278. typeof(*(ptr)) _x = (x); \
  279. __chk_user_ptr(ptr); \
  280. switch (sizeof(*(ptr))) { \
  281. case 1: __put_user_1(_x, ptr, __ret); break; \
  282. case 2: __put_user_2(_x, ptr, __ret); break; \
  283. case 4: __put_user_4(_x, ptr, __ret); break; \
  284. case 8: __put_user_8(_x, ptr, __ret); break; \
  285. default: __ret = __put_user_bad(); break; \
  286. } \
  287. __ret; \
  288. })
  289. /*
  290. * The versions of get_user and put_user without initial underscores
  291. * check the address of their arguments to make sure they are not
  292. * in kernel space.
  293. */
  294. #define put_user(x, ptr) \
  295. ({ \
  296. __typeof__(*(ptr)) __user *__Pu_addr = (ptr); \
  297. access_ok(VERIFY_WRITE, (__Pu_addr), sizeof(*(__Pu_addr))) ? \
  298. __put_user((x), (__Pu_addr)) : \
  299. -EFAULT; \
  300. })
  301. #define get_user(x, ptr) \
  302. ({ \
  303. __typeof__(*(ptr)) const __user *__Gu_addr = (ptr); \
  304. access_ok(VERIFY_READ, (__Gu_addr), sizeof(*(__Gu_addr))) ? \
  305. __get_user((x), (__Gu_addr)) : \
  306. ((x) = 0, -EFAULT); \
  307. })
  308. /**
  309. * __copy_to_user() - copy data into user space, with less checking.
  310. * @to: Destination address, in user space.
  311. * @from: Source address, in kernel space.
  312. * @n: Number of bytes to copy.
  313. *
  314. * Context: User context only. This function may sleep if pagefaults are
  315. * enabled.
  316. *
  317. * Copy data from kernel space to user space. Caller must check
  318. * the specified block with access_ok() before calling this function.
  319. *
  320. * Returns number of bytes that could not be copied.
  321. * On success, this will be zero.
  322. *
  323. * An alternate version - __copy_to_user_inatomic() - is designed
  324. * to be called from atomic context, typically bracketed by calls
  325. * to pagefault_disable() and pagefault_enable().
  326. */
  327. extern unsigned long __must_check __copy_to_user_inatomic(
  328. void __user *to, const void *from, unsigned long n);
  329. static inline unsigned long __must_check
  330. __copy_to_user(void __user *to, const void *from, unsigned long n)
  331. {
  332. might_fault();
  333. return __copy_to_user_inatomic(to, from, n);
  334. }
  335. static inline unsigned long __must_check
  336. copy_to_user(void __user *to, const void *from, unsigned long n)
  337. {
  338. if (access_ok(VERIFY_WRITE, to, n))
  339. n = __copy_to_user(to, from, n);
  340. return n;
  341. }
  342. /**
  343. * __copy_from_user() - copy data from user space, with less checking.
  344. * @to: Destination address, in kernel space.
  345. * @from: Source address, in user space.
  346. * @n: Number of bytes to copy.
  347. *
  348. * Context: User context only. This function may sleep if pagefaults are
  349. * enabled.
  350. *
  351. * Copy data from user space to kernel space. Caller must check
  352. * the specified block with access_ok() before calling this function.
  353. *
  354. * Returns number of bytes that could not be copied.
  355. * On success, this will be zero.
  356. *
  357. * If some data could not be copied, this function will pad the copied
  358. * data to the requested size using zero bytes.
  359. *
  360. * An alternate version - __copy_from_user_inatomic() - is designed
  361. * to be called from atomic context, typically bracketed by calls
  362. * to pagefault_disable() and pagefault_enable(). This version
  363. * does *NOT* pad with zeros.
  364. */
  365. extern unsigned long __must_check __copy_from_user_inatomic(
  366. void *to, const void __user *from, unsigned long n);
  367. extern unsigned long __must_check __copy_from_user_zeroing(
  368. void *to, const void __user *from, unsigned long n);
  369. static inline unsigned long __must_check
  370. __copy_from_user(void *to, const void __user *from, unsigned long n)
  371. {
  372. might_fault();
  373. return __copy_from_user_zeroing(to, from, n);
  374. }
  375. static inline unsigned long __must_check
  376. _copy_from_user(void *to, const void __user *from, unsigned long n)
  377. {
  378. if (access_ok(VERIFY_READ, from, n))
  379. n = __copy_from_user(to, from, n);
  380. else
  381. memset(to, 0, n);
  382. return n;
  383. }
  384. #ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
  385. /*
  386. * There are still unprovable places in the generic code as of 2.6.34, so this
  387. * option is not really compatible with -Werror, which is more useful in
  388. * general.
  389. */
  390. extern void copy_from_user_overflow(void)
  391. __compiletime_warning("copy_from_user() size is not provably correct");
  392. static inline unsigned long __must_check copy_from_user(void *to,
  393. const void __user *from,
  394. unsigned long n)
  395. {
  396. int sz = __compiletime_object_size(to);
  397. if (likely(sz == -1 || sz >= n))
  398. n = _copy_from_user(to, from, n);
  399. else
  400. copy_from_user_overflow();
  401. return n;
  402. }
  403. #else
  404. #define copy_from_user _copy_from_user
  405. #endif
  406. #ifdef __tilegx__
  407. /**
  408. * __copy_in_user() - copy data within user space, with less checking.
  409. * @to: Destination address, in user space.
  410. * @from: Source address, in user space.
  411. * @n: Number of bytes to copy.
  412. *
  413. * Context: User context only. This function may sleep if pagefaults are
  414. * enabled.
  415. *
  416. * Copy data from user space to user space. Caller must check
  417. * the specified blocks with access_ok() before calling this function.
  418. *
  419. * Returns number of bytes that could not be copied.
  420. * On success, this will be zero.
  421. */
  422. extern unsigned long __copy_in_user_inatomic(
  423. void __user *to, const void __user *from, unsigned long n);
  424. static inline unsigned long __must_check
  425. __copy_in_user(void __user *to, const void __user *from, unsigned long n)
  426. {
  427. might_fault();
  428. return __copy_in_user_inatomic(to, from, n);
  429. }
  430. static inline unsigned long __must_check
  431. copy_in_user(void __user *to, const void __user *from, unsigned long n)
  432. {
  433. if (access_ok(VERIFY_WRITE, to, n) && access_ok(VERIFY_READ, from, n))
  434. n = __copy_in_user(to, from, n);
  435. return n;
  436. }
  437. #endif
  438. extern long strnlen_user(const char __user *str, long n);
  439. extern long strlen_user(const char __user *str);
  440. extern long strncpy_from_user(char *dst, const char __user *src, long);
  441. /**
  442. * clear_user: - Zero a block of memory in user space.
  443. * @mem: Destination address, in user space.
  444. * @len: Number of bytes to zero.
  445. *
  446. * Zero a block of memory in user space.
  447. *
  448. * Returns number of bytes that could not be cleared.
  449. * On success, this will be zero.
  450. */
  451. extern unsigned long clear_user_asm(void __user *mem, unsigned long len);
  452. static inline unsigned long __must_check __clear_user(
  453. void __user *mem, unsigned long len)
  454. {
  455. might_fault();
  456. return clear_user_asm(mem, len);
  457. }
  458. static inline unsigned long __must_check clear_user(
  459. void __user *mem, unsigned long len)
  460. {
  461. if (access_ok(VERIFY_WRITE, mem, len))
  462. return __clear_user(mem, len);
  463. return len;
  464. }
  465. /**
  466. * flush_user: - Flush a block of memory in user space from cache.
  467. * @mem: Destination address, in user space.
  468. * @len: Number of bytes to flush.
  469. *
  470. * Returns number of bytes that could not be flushed.
  471. * On success, this will be zero.
  472. */
  473. extern unsigned long flush_user_asm(void __user *mem, unsigned long len);
  474. static inline unsigned long __must_check __flush_user(
  475. void __user *mem, unsigned long len)
  476. {
  477. int retval;
  478. might_fault();
  479. retval = flush_user_asm(mem, len);
  480. mb_incoherent();
  481. return retval;
  482. }
  483. static inline unsigned long __must_check flush_user(
  484. void __user *mem, unsigned long len)
  485. {
  486. if (access_ok(VERIFY_WRITE, mem, len))
  487. return __flush_user(mem, len);
  488. return len;
  489. }
  490. /**
  491. * finv_user: - Flush-inval a block of memory in user space from cache.
  492. * @mem: Destination address, in user space.
  493. * @len: Number of bytes to invalidate.
  494. *
  495. * Returns number of bytes that could not be flush-invalidated.
  496. * On success, this will be zero.
  497. */
  498. extern unsigned long finv_user_asm(void __user *mem, unsigned long len);
  499. static inline unsigned long __must_check __finv_user(
  500. void __user *mem, unsigned long len)
  501. {
  502. int retval;
  503. might_fault();
  504. retval = finv_user_asm(mem, len);
  505. mb_incoherent();
  506. return retval;
  507. }
  508. static inline unsigned long __must_check finv_user(
  509. void __user *mem, unsigned long len)
  510. {
  511. if (access_ok(VERIFY_WRITE, mem, len))
  512. return __finv_user(mem, len);
  513. return len;
  514. }
  515. #endif /* _ASM_TILE_UACCESS_H */