|
|
@@ -0,0 +1,197 @@
|
|
|
+/*
|
|
|
+ * This file is subject to the terms and conditions of the GNU General Public
|
|
|
+ * License. See the file "COPYING" in the main directory of this archive
|
|
|
+ * for more details.
|
|
|
+ *
|
|
|
+ * Copyright (C) 1996, 1997, 1998, 1999, 2000, 03, 04 by Ralf Baechle
|
|
|
+ * Copyright (C) 1999, 2000 Silicon Graphics, Inc.
|
|
|
+ * Copyright (C) 2007 Maciej W. Rozycki
|
|
|
+ */
|
|
|
+#ifndef _ASM_UACCESS_H
|
|
|
+#define _ASM_UACCESS_H
|
|
|
+
|
|
|
+#include <linux/kernel.h>
|
|
|
+#include <linux/errno.h>
|
|
|
+#include <linux/thread_info.h>
|
|
|
+
|
|
|
+/*
|
|
|
+ * The fs value determines whether argument validity checking should be
|
|
|
+ * performed or not. If get_fs() == USER_DS, checking is performed, with
|
|
|
+ * get_fs() == KERNEL_DS, checking is bypassed.
|
|
|
+ *
|
|
|
+ * For historical reasons, these macros are grossly misnamed.
|
|
|
+ */
|
|
|
+#ifdef CONFIG_32BIT
|
|
|
+
|
|
|
+#define __UA_LIMIT 0x80000000UL
|
|
|
+
|
|
|
+#define __UA_ADDR ".word"
|
|
|
+#define __UA_LA "la"
|
|
|
+#define __UA_ADDU "addu"
|
|
|
+#define __UA_t0 "$8"
|
|
|
+#define __UA_t1 "$9"
|
|
|
+
|
|
|
+#endif /* CONFIG_32BIT */
|
|
|
+
|
|
|
+#ifdef CONFIG_64BIT
|
|
|
+
|
|
|
+extern u64 __ua_limit;
|
|
|
+
|
|
|
+#define __UA_LIMIT __ua_limit
|
|
|
+
|
|
|
+#define __UA_ADDR ".dword"
|
|
|
+#define __UA_LA "dla"
|
|
|
+#define __UA_ADDU "daddu"
|
|
|
+#define __UA_t0 "$12"
|
|
|
+#define __UA_t1 "$13"
|
|
|
+
|
|
|
+#endif /* CONFIG_64BIT */
|
|
|
+
|
|
|
+/*
|
|
|
+ * USER_DS is a bitmask that has the bits set that may not be set in a valid
|
|
|
+ * userspace address. Note that we limit 32-bit userspace to 0x7fff8000 but
|
|
|
+ * the arithmetic we're doing only works if the limit is a power of two, so
|
|
|
+ * we use 0x80000000 here on 32-bit kernels. If a process passes an invalid
|
|
|
+ * address in this range it's the process's problem, not ours :-)
|
|
|
+ */
|
|
|
+
|
|
|
+#define KERNEL_DS ((mm_segment_t) { 0UL })
|
|
|
+#define USER_DS ((mm_segment_t) { __UA_LIMIT })
|
|
|
+
|
|
|
+#define VERIFY_READ 0
|
|
|
+#define VERIFY_WRITE 1
|
|
|
+
|
|
|
+#define get_ds() (KERNEL_DS)
|
|
|
+#define get_fs() (current_thread_info()->addr_limit)
|
|
|
+#define set_fs(x) (current_thread_info()->addr_limit = (x))
|
|
|
+
|
|
|
+#define segment_eq(a, b) ((a).seg == (b).seg)
|
|
|
+
|
|
|
+
|
|
|
+/*
|
|
|
+ * Is a address valid? This does a straighforward calculation rather
|
|
|
+ * than tests.
|
|
|
+ *
|
|
|
+ * Address valid if:
|
|
|
+ * - "addr" doesn't have any high-bits set
|
|
|
+ * - AND "size" doesn't have any high-bits set
|
|
|
+ * - AND "addr+size" doesn't have any high-bits set
|
|
|
+ * - OR we are in kernel mode.
|
|
|
+ *
|
|
|
+ * __ua_size() is a trick to avoid runtime checking of positive constant
|
|
|
+ * sizes; for those we already know at compile time that the size is ok.
|
|
|
+ */
|
|
|
+#define __ua_size(size) \
|
|
|
+ ((__builtin_constant_p(size) && (signed long) (size) > 0) ? 0 : (size))
|
|
|
+
|
|
|
+/*
|
|
|
+ * access_ok: - Checks if a user space pointer is valid
|
|
|
+ * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that
|
|
|
+ * %VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe
|
|
|
+ * to write to a block, it is always safe to read from it.
|
|
|
+ * @addr: User space pointer to start of block to check
|
|
|
+ * @size: Size of block to check
|
|
|
+ *
|
|
|
+ * Context: User context only. This function may sleep.
|
|
|
+ *
|
|
|
+ * Checks if a pointer to a block of memory in user space is valid.
|
|
|
+ *
|
|
|
+ * Returns true (nonzero) if the memory block may be valid, false (zero)
|
|
|
+ * if it is definitely invalid.
|
|
|
+ *
|
|
|
+ * Note that, depending on architecture, this function probably just
|
|
|
+ * checks that the pointer is in the user space range - after calling
|
|
|
+ * this function, memory access functions may still return -EFAULT.
|
|
|
+ */
|
|
|
+
|
|
|
+#define __access_mask get_fs().seg
|
|
|
+
|
|
|
+#define __access_ok(addr, size, mask) \
|
|
|
+({ \
|
|
|
+ unsigned long __addr = (unsigned long) (addr); \
|
|
|
+ unsigned long __size = size; \
|
|
|
+ unsigned long __mask = mask; \
|
|
|
+ unsigned long __ok; \
|
|
|
+ \
|
|
|
+ __chk_user_ptr(addr); \
|
|
|
+ __ok = (signed long)(__mask & (__addr | (__addr + __size) | \
|
|
|
+ __ua_size(__size))); \
|
|
|
+ __ok == 0; \
|
|
|
+})
|
|
|
+
|
|
|
+#define access_ok(type, addr, size) \
|
|
|
+ likely(__access_ok((addr), (size), __access_mask))
|
|
|
+
|
|
|
+/*
|
|
|
+ * put_user: - Write a simple value into user space.
|
|
|
+ * @x: Value to copy to user space.
|
|
|
+ * @ptr: Destination address, in user space.
|
|
|
+ *
|
|
|
+ * Context: User context only. This function may sleep.
|
|
|
+ *
|
|
|
+ * This macro copies a single simple value from kernel space to user
|
|
|
+ * space. It supports simple types like char and int, but not larger
|
|
|
+ * data types like structures or arrays.
|
|
|
+ *
|
|
|
+ * @ptr must have pointer-to-simple-variable type, and @x must be assignable
|
|
|
+ * to the result of dereferencing @ptr.
|
|
|
+ *
|
|
|
+ * Returns zero on success, or -EFAULT on error.
|
|
|
+ */
|
|
|
+#define put_user(x,ptr) \
|
|
|
+ __put_user_check((x), (ptr), sizeof(*(ptr)))
|
|
|
+
|
|
|
+/*
|
|
|
+ * get_user: - Get a simple variable from user space.
|
|
|
+ * @x: Variable to store result.
|
|
|
+ * @ptr: Source address, in user space.
|
|
|
+ *
|
|
|
+ * Context: User context only. This function may sleep.
|
|
|
+ *
|
|
|
+ * This macro copies a single simple variable from user space to kernel
|
|
|
+ * space. It supports simple types like char and int, but not larger
|
|
|
+ * data types like structures or arrays.
|
|
|
+ *
|
|
|
+ * @ptr must have pointer-to-simple-variable type, and the result of
|
|
|
+ * dereferencing @ptr must be assignable to @x without a cast.
|
|
|
+ *
|
|
|
+ * Returns zero on success, or -EFAULT on error.
|
|
|
+ * On error, the variable @x is set to zero.
|
|
|
+ */
|
|
|
+#define get_user(x,ptr) \
|
|
|
+ __get_user_check((x), (ptr), sizeof(*(ptr)))
|
|
|
+
|
|
|
+/*
|
|
|
+ * __put_user: - Write a simple value into user space, with less checking.
|
|
|
+ * @x: Value to copy to user space.
|
|
|
+ * @ptr: Destination address, in user space.
|
|
|
+ *
|
|
|
+ * Context: User context only. This function may sleep.
|
|
|
+ *
|
|
|
+ * This macro copies a single simple value from kernel space to user
|
|
|
+ * space. It supports simple types like char and int, but not larger
|
|
|
+ * data types like structures or arrays.
|
|
|
+ *
|
|
|
+ * @ptr must have pointer-to-simple-variable type, and @x must be assignable
|
|
|
+ * to the result of dereferencing @ptr.
|
|
|
+ *
|
|
|
+ * Caller must check the pointer with access_ok() before calling this
|
|
|
+ * function.
|
|
|
+ *
|
|
|
+ * Returns zero on success, or -EFAULT on error.
|
|
|
+ */
|
|
|
+#define __put_user(x,ptr) \
|
|
|
+ __put_user_nocheck((x), (ptr), sizeof(*(ptr)))
|
|
|
+
|
|
|
+/*
|
|
|
+ * __get_user: - Get a simple variable from user space, with less checking.
|
|
|
+ * @x: Variable to store result.
|
|
|
+ * @ptr: Source address, in user space.
|
|
|
+ *
|
|
|
+ * Context: User context only. This function may sleep.
|
|
|
+ *
|
|
|
+ * This macro copies a single simple variable from user space to kernel
|
|
|
+ * space. It supports simple types like char and int, but not larger
|
|
|
+ * data types like structures or arrays.
|
|
|
+ *
|
|
|
+ * @ptr must have pointer-to-simple-variable type, and the result of
|
朱涛