/* * This file is subject to the terms and conditions of the GNU General Public * License. See the file "COPYING" in the main directory of this archive * for more details. * * Copyright (C) 1996, 1997, 1998, 1999, 2000, 03, 04 by Ralf Baechle * Copyright (C) 1999, 2000 Silicon Graphics, Inc. * Copyright (C) 2007 Maciej W. Rozycki */ #ifndef _ASM_UACCESS_H #define _ASM_UACCESS_H #include #include #include /* * The fs value determines whether argument validity checking should be * performed or not. If get_fs() == USER_DS, checking is performed, with * get_fs() == KERNEL_DS, checking is bypassed. * * For historical reasons, these macros are grossly misnamed. */ #ifdef CONFIG_32BIT #define __UA_LIMIT 0x80000000UL #define __UA_ADDR ".word" #define __UA_LA "la" #define __UA_ADDU "addu" #define __UA_t0 "$8" #define __UA_t1 "$9" #endif /* CONFIG_32BIT */ #ifdef CONFIG_64BIT extern u64 __ua_limit; #define __UA_LIMIT __ua_limit #define __UA_ADDR ".dword" #define __UA_LA "dla" #define __UA_ADDU "daddu" #define __UA_t0 "$12" #define __UA_t1 "$13" #endif /* CONFIG_64BIT */ /* * USER_DS is a bitmask that has the bits set that may not be set in a valid * userspace address. Note that we limit 32-bit userspace to 0x7fff8000 but * the arithmetic we're doing only works if the limit is a power of two, so * we use 0x80000000 here on 32-bit kernels. If a process passes an invalid * address in this range it's the process's problem, not ours :-) */ #define KERNEL_DS ((mm_segment_t) { 0UL }) #define USER_DS ((mm_segment_t) { __UA_LIMIT }) #define VERIFY_READ 0 #define VERIFY_WRITE 1 #define get_ds() (KERNEL_DS) #define get_fs() (current_thread_info()->addr_limit) #define set_fs(x) (current_thread_info()->addr_limit = (x)) #define segment_eq(a, b) ((a).seg == (b).seg) /* * Is a address valid? This does a straighforward calculation rather * than tests. * * Address valid if: * - "addr" doesn't have any high-bits set * - AND "size" doesn't have any high-bits set * - AND "addr+size" doesn't have any high-bits set * - OR we are in kernel mode. * * __ua_size() is a trick to avoid runtime checking of positive constant * sizes; for those we already know at compile time that the size is ok. */ #define __ua_size(size) \ ((__builtin_constant_p(size) && (signed long) (size) > 0) ? 0 : (size)) /* * access_ok: - Checks if a user space pointer is valid * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that * %VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe * to write to a block, it is always safe to read from it. * @addr: User space pointer to start of block to check * @size: Size of block to check * * Context: User context only. This function may sleep. * * Checks if a pointer to a block of memory in user space is valid. * * Returns true (nonzero) if the memory block may be valid, false (zero) * if it is definitely invalid. * * Note that, depending on architecture, this function probably just * checks that the pointer is in the user space range - after calling * this function, memory access functions may still return -EFAULT. */ #define __access_mask get_fs().seg #define __access_ok(addr, size, mask) \ ({ \ unsigned long __addr = (unsigned long) (addr); \ unsigned long __size = size; \ unsigned long __mask = mask; \ unsigned long __ok; \ \ __chk_user_ptr(addr); \ __ok = (signed long)(__mask & (__addr | (__addr + __size) | \ __ua_size(__size))); \ __ok == 0; \ }) #define access_ok(type, addr, size) \ likely(__access_ok((addr), (size), __access_mask)) /* * put_user: - Write a simple value into user space. * @x: Value to copy to user space. * @ptr: Destination address, in user space. * * Context: User context only. This function may sleep. * * This macro copies a single simple value from kernel space to user * space. It supports simple types like char and int, but not larger * data types like structures or arrays. * * @ptr must have pointer-to-simple-variable type, and @x must be assignable * to the result of dereferencing @ptr. * * Returns zero on success, or -EFAULT on error. */ #define put_user(x,ptr) \ __put_user_check((x), (ptr), sizeof(*(ptr))) /* * get_user: - Get a simple variable from user space. * @x: Variable to store result. * @ptr: Source address, in user space. * * Context: User context only. This function may sleep. * * This macro copies a single simple variable from user space to kernel * space. It supports simple types like char and int, but not larger * data types like structures or arrays. * * @ptr must have pointer-to-simple-variable type, and the result of * dereferencing @ptr must be assignable to @x without a cast. * * Returns zero on success, or -EFAULT on error. * On error, the variable @x is set to zero. */ #define get_user(x,ptr) \ __get_user_check((x), (ptr), sizeof(*(ptr))) /* * __put_user: - Write a simple value into user space, with less checking. * @x: Value to copy to user space. * @ptr: Destination address, in user space. * * Context: User context only. This function may sleep. * * This macro copies a single simple value from kernel space to user * space. It supports simple types like char and int, but not larger * data types like structures or arrays. * * @ptr must have pointer-to-simple-variable type, and @x must be assignable * to the result of dereferencing @ptr. * * Caller must check the pointer with access_ok() before calling this * function. * * Returns zero on success, or -EFAULT on error. */ #define __put_user(x,ptr) \ __put_user_nocheck((x), (ptr), sizeof(*(ptr))) /* * __get_user: - Get a simple variable from user space, with less checking. * @x: Variable to store result. * @ptr: Source address, in user space. * * Context: User context only. This function may sleep. * * This macro copies a single simple variable from user space to kernel * space. It supports simple types like char and int, but not larger * data types like structures or arrays. * * @ptr must have pointer-to-simple-variable type, and the result of * dereferencing @ptr must be assignable to @x without a cast. * * Caller must check the pointer with access_ok() before calling this * function. * * Returns zero on success, or -EFAULT on error. * On error, the variable @x is set to zero. */ #define __get_user(x,ptr) \ __get_user_nocheck((x), (ptr), sizeof(*(ptr))) struct __large_struct { unsigned long buf[100]; }; #define __m(x) (*(struct __large_struct __user *)(x)) /* * Yuck. We need two variants, one for 64bit operation and one * for 32 bit mode and old iron. */ #ifdef CONFIG_32BIT #define __GET_USER_DW(val, ptr) __get_user_asm_ll32(val, ptr) #endif #ifdef CONFIG_64BIT #define __GET_USER_DW(val, ptr) __get_user_asm(val, "ld", ptr) #endif extern void __get_user_unknown(void); #define __get_user_common(val, size, ptr) \ do { \ switch (size) { \ case 1: __get_user_asm(val, "lb", ptr); break; \ case 2: __get_user_asm(val, "lh", ptr); break; \ case 4: __get_user_asm(val, "lw", ptr); break; \ case 8: __GET_USER_DW(val, ptr); break; \ default: __get_user_unknown(); break; \ } \ } while (0) #define __get_user_nocheck(x, ptr, size) \ ({ \ int __gu_err; \ \ __chk_user_ptr(ptr); \ __get_user_common((x), size, ptr); \ __gu_err; \ }) #define __get_user_check(x, ptr, size) \ ({ \ int __gu_err = -EFAULT; \ const __typeof__(*(ptr)) __user * __gu_ptr = (ptr); \ \ might_fault(); \ if (likely(access_ok(VERIFY_READ, __gu_ptr, size))) \ __get_user_common((x), size, __gu_ptr); \ \ __gu_err; \ }) #define __get_user_asm(val, insn, addr) \ { \ long __gu_tmp; \ \ __asm__ __volatile__( \ "1: " insn " %1, %3 \n" \ "2: \n" \ " .section .fixup,\"ax\" \n" \ "3: li %0, %4 \n" \ " j 2b \n" \ " .previous \n" \ " .section __ex_table,\"a\" \n" \ " "__UA_ADDR "\t1b, 3b \n" \ " .previous \n" \ : "=r" (__gu_err), "=r" (__gu_tmp) \ : "0" (0), "o" (__m(addr)), "i" (-EFAULT)); \ \ (val) = (__typeof__(*(addr))) __gu_tmp; \ } /* * Get a long long 64 using 32 bit registers. */ #define __get_user_asm_ll32(val, addr) \ { \ union { \ unsigned long long l; \ __typeof__(*(addr)) t; \ } __gu_tmp; \ \ __asm__ __volatile__( \ "1: lw %1, (%3) \n" \ "2: lw %D1, 4(%3) \n" \ "3: .section .fixup,\"ax\" \n" \ "4: li %0, %4 \n" \ " move %1, $0 \n" \ " move %D1, $0 \n" \ " j 3b \n" \ " .previous \n" \ " .section __ex_table,\"a\" \n" \ " " __UA_ADDR " 1b, 4b \n" \ " " __UA_ADDR " 2b, 4b \n" \ " .previous \n" \ : "=r" (__gu_err), "=&r" (__gu_tmp.l) \ : "0" (0), "r" (addr), "i" (-EFAULT)); \ \ (val) = __gu_tmp.t; \ } /* * Yuck. We need two variants, one for 64bit operation and one * for 32 bit mode and old iron. */ #ifdef CONFIG_32BIT #define __PUT_USER_DW(ptr) __put_user_asm_ll32(ptr) #endif #ifdef CONFIG_64BIT #define __PUT_USER_DW(ptr) __put_user_asm("sd", ptr) #endif #define __put_user_nocheck(x, ptr, size) \ ({ \ __typeof__(*(ptr)) __pu_val; \ int __pu_err = 0; \ \ __chk_user_ptr(ptr); \ __pu_val = (x); \ switch (size) { \ case 1: __put_user_asm("sb", ptr); break; \ case 2: __put_user_asm("sh", ptr); break; \ case 4: __put_user_asm("sw", ptr); break; \ case 8: __PUT_USER_DW(ptr); break; \ default: __put_user_unknown(); break; \ } \ __pu_err; \ }) #define __put_user_check(x, ptr, size) \ ({ \ __typeof__(*(ptr)) __user *__pu_addr = (ptr); \ __typeof__(*(ptr)) __pu_val = (x); \ int __pu_err = -EFAULT; \ \ might_fault(); \ if (likely(access_ok(VERIFY_WRITE, __pu_addr, size))) { \ switch (size) { \ case 1: __put_user_asm("sb", __pu_addr); break; \ case 2: __put_user_asm("sh", __pu_addr); break; \ case 4: __put_user_asm("sw", __pu_addr); break; \ case 8: __PUT_USER_DW(__pu_addr); break; \ default: __put_user_unknown(); break; \ } \ } \ __pu_err; \ }) #define __put_user_asm(insn, ptr) \ { \ __asm__ __volatile__( \ "1: " insn " %z2, %3 # __put_user_asm\n" \ "2: \n" \ " .section .fixup,\"ax\" \n" \ "3: li %0, %4 \n" \ " j 2b \n" \ " .previous \n" \ " .section __ex_table,\"a\" \n" \ " " __UA_ADDR " 1b, 3b \n" \ " .previous \n" \ : "=r" (__pu_err) \ : "0" (0), "Jr" (__pu_val), "o" (__m(ptr)), \ "i" (-EFAULT)); \ } #define __put_user_asm_ll32(ptr) \ { \ __asm__ __volatile__( \ "1: sw %2, (%3) # __put_user_asm_ll32 \n" \ "2: sw %D2, 4(%3) \n" \ "3: \n" \ " .section .fixup,\"ax\" \n" \ "4: li %0, %4 \n" \ " j 3b \n" \ " .previous \n" \ " .section __ex_table,\"a\" \n" \ " " __UA_ADDR " 1b, 4b \n" \ " " __UA_ADDR " 2b, 4b \n" \ " .previous" \ : "=r" (__pu_err) \ : "0" (0), "r" (__pu_val), "r" (ptr), \ "i" (-EFAULT)); \ } extern void __put_user_unknown(void); /* * put_user_unaligned: - Write a simple value into user space. * @x: Value to copy to user space. * @ptr: Destination address, in user space. * * Context: User context only. This function may sleep. * * This macro copies a single simple value from kernel space to user * space. It supports simple types like char and int, but not larger * data types like structures or arrays. * * @ptr must have pointer-to-simple-variable type, and @x must be assignable * to the result of dereferencing @ptr. * * Returns zero on success, or -EFAULT on error. */ #define put_user_unaligned(x,ptr) \ __put_user_unaligned_check((x),(ptr),sizeof(*(ptr))) /* * get_user_unaligned: - Get a simple variable from user space. * @x: Variable to store result. * @ptr: Source address, in user space. * * Context: User context only. This function may sleep. * * This macro copies a single simple variable from user space to kernel * space. It supports simple types like char and int, but not larger * data types like structures or arrays. * * @ptr must have pointer-to-simple-variable type, and the result of * dereferencing @ptr must be assignable to @x without a cast. * * Returns zero on success, or -EFAULT on error. * On error, the variable @x is set to zero. */ #define get_user_unaligned(x,ptr) \ __get_user_unaligned_check((x),(ptr),sizeof(*(ptr))) /* * __put_user_unaligned: - Write a simple value into user space, with less checking. * @x: Value to copy to user space. * @ptr: Destination address, in user space. * * Context: User context only. This function may sleep. * * This macro copies a single simple value from kernel space to user * space. It supports simple types like char and int, but not larger * data types like structures or arrays. * * @ptr must have pointer-to-simple-variable type, and @x must be assignable * to the result of dereferencing @ptr. * * Caller must check the pointer with access_ok() before calling this * function. * * Returns zero on success, or -EFAULT on error. */ #define __put_user_unaligned(x,ptr) \ __put_user_unaligned_nocheck((x),(ptr),sizeof(*(ptr))) /* * __get_user_unaligned: - Get a simple variable from user space, with less checking. * @x: Variable to store result. * @ptr: Source address, in user space. * * Context: User context only. This function may sleep. * * This macro copies a single simple variable from user space to kernel * space. It supports simple types like char and int, but not larger * data types like structures or arrays. * * @ptr must have pointer-to-simple-variable type, and the result of * dereferencing @ptr must be assignable to @x without a cast. * * Caller must check the pointer with access_ok() before calling this * function. * * Returns zero on success, or -EFAULT on error. * On error, the variable @x is set to zero. */