tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1/*
2 * include/asm-xtensa/uaccess.h
3 *
4 * User space memory access functions
5 *
6 * These routines provide basic accessing functions to the user memory
7 * space for the kernel. This header file provides fuctions such as:
8 *
9 * This file is subject to the terms and conditions of the GNU General Public
10 * License. See the file "COPYING" in the main directory of this archive
11 * for more details.
12 *
13 * Copyright (C) 2001 - 2005 Tensilica Inc.
14 */
15
16#ifndef _XTENSA_UACCESS_H
17#define _XTENSA_UACCESS_H
18
19#include <linux/errno.h>
20
21#define VERIFY_READ 0
22#define VERIFY_WRITE 1
23
24#ifdef __ASSEMBLY__
25
26#define _ASMLANGUAGE
27#include <asm/current.h>
28#include <asm/asm-offsets.h>
29#include <asm/processor.h>
30
31/*
32 * These assembly macros mirror the C macros that follow below. They
33 * should always have identical functionality. See
34 * arch/xtensa/kernel/sys.S for usage.
35 */
36
37#define KERNEL_DS 0
38#define USER_DS 1
39
40#define get_ds (KERNEL_DS)
41
42/*
43 * get_fs reads current->thread.current_ds into a register.
44 * On Entry:
45 * <ad> anything
46 * <sp> stack
47 * On Exit:
48 * <ad> contains current->thread.current_ds
49 */
50 .macro get_fs ad, sp
51 GET_CURRENT(\ad,\sp)
52 l32i \ad, \ad, THREAD_CURRENT_DS
53 .endm
54
55/*
56 * set_fs sets current->thread.current_ds to some value.
57 * On Entry:
58 * <at> anything (temp register)
59 * <av> value to write
60 * <sp> stack
61 * On Exit:
62 * <at> destroyed (actually, current)
63 * <av> preserved, value to write
64 */
65 .macro set_fs at, av, sp
66 GET_CURRENT(\at,\sp)
67 s32i \av, \at, THREAD_CURRENT_DS
68 .endm
69
70/*
71 * kernel_ok determines whether we should bypass addr/size checking.
72 * See the equivalent C-macro version below for clarity.
73 * On success, kernel_ok branches to a label indicated by parameter
74 * <success>. This implies that the macro falls through to the next
75 * insruction on an error.
76 *
77 * Note that while this macro can be used independently, we designed
78 * in for optimal use in the access_ok macro below (i.e., we fall
79 * through on error).
80 *
81 * On Entry:
82 * <at> anything (temp register)
83 * <success> label to branch to on success; implies
84 * fall-through macro on error
85 * <sp> stack pointer
86 * On Exit:
87 * <at> destroyed (actually, current->thread.current_ds)
88 */
89
90#if ((KERNEL_DS != 0) || (USER_DS == 0))
91# error Assembly macro kernel_ok fails
92#endif
93 .macro kernel_ok at, sp, success
94 get_fs \at, \sp
95 beqz \at, \success
96 .endm
97
98/*
99 * user_ok determines whether the access to user-space memory is allowed.
100 * See the equivalent C-macro version below for clarity.
101 *
102 * On error, user_ok branches to a label indicated by parameter
103 * <error>. This implies that the macro falls through to the next
104 * instruction on success.
105 *
106 * Note that while this macro can be used independently, we designed
107 * in for optimal use in the access_ok macro below (i.e., we fall
108 * through on success).
109 *
110 * On Entry:
111 * <aa> register containing memory address
112 * <as> register containing memory size
113 * <at> temp register
114 * <error> label to branch to on error; implies fall-through
115 * macro on success
116 * On Exit:
117 * <aa> preserved
118 * <as> preserved
119 * <at> destroyed (actually, (TASK_SIZE + 1 - size))
120 */
121 .macro user_ok aa, as, at, error
122 movi \at, (TASK_SIZE+1)
123 bgeu \as, \at, \error
124 sub \at, \at, \as
125 bgeu \aa, \at, \error
126 .endm
127
128/*
129 * access_ok determines whether a memory access is allowed. See the
130 * equivalent C-macro version below for clarity.
131 *
132 * On error, access_ok branches to a label indicated by parameter
133 * <error>. This implies that the macro falls through to the next
134 * instruction on success.
135 *
136 * Note that we assume success is the common case, and we optimize the
137 * branch fall-through case on success.
138 *
139 * On Entry:
140 * <aa> register containing memory address
141 * <as> register containing memory size
142 * <at> temp register
143 * <sp>
144 * <error> label to branch to on error; implies fall-through
145 * macro on success
146 * On Exit:
147 * <aa> preserved
148 * <as> preserved
149 * <at> destroyed
150 */
151 .macro access_ok aa, as, at, sp, error
152 kernel_ok \at, \sp, .Laccess_ok_\@
153 user_ok \aa, \as, \at, \error
154.Laccess_ok_\@:
155 .endm
156
157/*
158 * verify_area determines whether a memory access is allowed. It's
159 * mostly an unnecessary wrapper for access_ok, but we provide it as a
160 * duplicate of the verify_area() C inline function below. See the
161 * equivalent C version below for clarity.
162 *
163 * On error, verify_area branches to a label indicated by parameter
164 * <error>. This implies that the macro falls through to the next
165 * instruction on success.
166 *
167 * Note that we assume success is the common case, and we optimize the
168 * branch fall-through case on success.
169 *
170 * On Entry:
171 * <aa> register containing memory address
172 * <as> register containing memory size
173 * <at> temp register
174 * <error> label to branch to on error; implies fall-through
175 * macro on success
176 * On Exit:
177 * <aa> preserved
178 * <as> preserved
179 * <at> destroyed
180 */
181 .macro verify_area aa, as, at, sp, error
182 access_ok \at, \aa, \as, \sp, \error
183 .endm
184
185
186#else /* __ASSEMBLY__ not defined */
187
188#include <linux/sched.h>
189#include <asm/types.h>
190
191/*
192 * The fs value determines whether argument validity checking should
193 * be performed or not. If get_fs() == USER_DS, checking is
194 * performed, with get_fs() == KERNEL_DS, checking is bypassed.
195 *
196 * For historical reasons (Data Segment Register?), these macros are
197 * grossly misnamed.
198 */
199
200#define KERNEL_DS ((mm_segment_t) { 0 })
201#define USER_DS ((mm_segment_t) { 1 })
202
203#define get_ds() (KERNEL_DS)
204#define get_fs() (current->thread.current_ds)
205#define set_fs(val) (current->thread.current_ds = (val))
206
207#define segment_eq(a,b) ((a).seg == (b).seg)
208
209#define __kernel_ok (segment_eq(get_fs(), KERNEL_DS))
210#define __user_ok(addr,size) (((size) <= TASK_SIZE)&&((addr) <= TASK_SIZE-(size)))
211#define __access_ok(addr,size) (__kernel_ok || __user_ok((addr),(size)))
212#define access_ok(type,addr,size) __access_ok((unsigned long)(addr),(size))
213
214static inline int verify_area(int type, const void * addr, unsigned long size)
215{
216 return access_ok(type,addr,size) ? 0 : -EFAULT;
217}
218
219/*
220 * These are the main single-value transfer routines. They
221 * automatically use the right size if we just have the right pointer
222 * type.
223 *
224 * This gets kind of ugly. We want to return _two_ values in
225 * "get_user()" and yet we don't want to do any pointers, because that
226 * is too much of a performance impact. Thus we have a few rather ugly
227 * macros here, and hide all the uglyness from the user.
228 *
229 * Careful to not
230 * (a) re-use the arguments for side effects (sizeof is ok)
231 * (b) require any knowledge of processes at this stage
232 */
233#define put_user(x,ptr) __put_user_check((x),(ptr),sizeof(*(ptr)))
234#define get_user(x,ptr) __get_user_check((x),(ptr),sizeof(*(ptr)))
235
236/*
237 * The "__xxx" versions of the user access functions are versions that
238 * do not verify the address space, that must have been done previously
239 * with a separate "access_ok()" call (this is used when we do multiple
240 * accesses to the same area of user memory).
241 */
242#define __put_user(x,ptr) __put_user_nocheck((x),(ptr),sizeof(*(ptr)))
243#define __get_user(x,ptr) __get_user_nocheck((x),(ptr),sizeof(*(ptr)))
244
245
246extern long __put_user_bad(void);
247
248#define __put_user_nocheck(x,ptr,size) \
249({ \
250 long __pu_err; \
251 __put_user_size((x),(ptr),(size),__pu_err); \
252 __pu_err; \
253})
254
255#define __put_user_check(x,ptr,size) \
256({ \
257 long __pu_err = -EFAULT; \
258 __typeof__(*(ptr)) *__pu_addr = (ptr); \
259 if (access_ok(VERIFY_WRITE,__pu_addr,size)) \
260 __put_user_size((x),__pu_addr,(size),__pu_err); \
261 __pu_err; \
262})
263
264#define __put_user_size(x,ptr,size,retval) \
265do { \
266 retval = 0; \
267 switch (size) { \
268 case 1: __put_user_asm(x,ptr,retval,1,"s8i"); break; \
269 case 2: __put_user_asm(x,ptr,retval,2,"s16i"); break; \
270 case 4: __put_user_asm(x,ptr,retval,4,"s32i"); break; \
271 case 8: { \
272 __typeof__(*ptr) __v64 = x; \
273 retval = __copy_to_user(ptr,&__v64,8); \
274 break; \
275 } \
276 default: __put_user_bad(); \
277 } \
278} while (0)
279
280
281/*
282 * Consider a case of a user single load/store would cause both an
283 * unaligned exception and an MMU-related exception (unaligned
284 * exceptions happen first):
285 *
286 * User code passes a bad variable ptr to a system call.
287 * Kernel tries to access the variable.
288 * Unaligned exception occurs.
289 * Unaligned exception handler tries to make aligned accesses.
290 * Double exception occurs for MMU-related cause (e.g., page not mapped).
291 * do_page_fault() thinks the fault address belongs to the kernel, not the
292 * user, and panics.
293 *
294 * The kernel currently prohibits user unaligned accesses. We use the
295 * __check_align_* macros to check for unaligned addresses before
296 * accessing user space so we don't crash the kernel. Both
297 * __put_user_asm and __get_user_asm use these alignment macros, so
298 * macro-specific labels such as 0f, 1f, %0, %2, and %3 must stay in
299 * sync.
300 */
301
302#define __check_align_1 ""
303
304#define __check_align_2 \
305 " _bbci.l %2, 0, 1f \n" \
306 " movi %0, %3 \n" \
307 " _j 2f \n"
308
309#define __check_align_4 \
310 " _bbsi.l %2, 0, 0f \n" \
311 " _bbci.l %2, 1, 1f \n" \
312 "0: movi %0, %3 \n" \
313 " _j 2f \n"
314
315
316/*
317 * We don't tell gcc that we are accessing memory, but this is OK
318 * because we do not write to any memory gcc knows about, so there
319 * are no aliasing issues.
320 *
321 * WARNING: If you modify this macro at all, verify that the
322 * __check_align_* macros still work.
323 */
324#define __put_user_asm(x, addr, err, align, insn) \
325 __asm__ __volatile__( \
326 __check_align_##align \
327 "1: "insn" %1, %2, 0 \n" \
328 "2: \n" \
329 " .section .fixup,\"ax\" \n" \
330 " .align 4 \n" \
331 "4: \n" \
332 " .long 2b \n" \
333 "5: \n" \
334 " l32r %2, 4b \n" \
335 " movi %0, %3 \n" \
336 " jx %2 \n" \
337 " .previous \n" \
338 " .section __ex_table,\"a\" \n" \
339 " .long 1b, 5b \n" \
340 " .previous" \
341 :"=r" (err) \
342 :"r" ((int)(x)), "r" (addr), "i" (-EFAULT), "0" (err))
343
344#define __get_user_nocheck(x,ptr,size) \
345({ \
346 long __gu_err, __gu_val; \
347 __get_user_size(__gu_val,(ptr),(size),__gu_err); \
348 (x) = (__typeof__(*(ptr)))__gu_val; \
349 __gu_err; \
350})
351
352#define __get_user_check(x,ptr,size) \
353({ \
354 long __gu_err = -EFAULT, __gu_val = 0; \
355 const __typeof__(*(ptr)) *__gu_addr = (ptr); \
356 if (access_ok(VERIFY_READ,__gu_addr,size)) \
357 __get_user_size(__gu_val,__gu_addr,(size),__gu_err); \
358 (x) = (__typeof__(*(ptr)))__gu_val; \
359 __gu_err; \
360})
361
362extern long __get_user_bad(void);
363
364#define __get_user_size(x,ptr,size,retval) \
365do { \
366 retval = 0; \
367 switch (size) { \
368 case 1: __get_user_asm(x,ptr,retval,1,"l8ui"); break; \
369 case 2: __get_user_asm(x,ptr,retval,2,"l16ui"); break; \
370 case 4: __get_user_asm(x,ptr,retval,4,"l32i"); break; \
371 case 8: retval = __copy_from_user(&x,ptr,8); break; \
372 default: (x) = __get_user_bad(); \
373 } \
374} while (0)
375
376
377/*
378 * WARNING: If you modify this macro at all, verify that the
379 * __check_align_* macros still work.
380 */
381#define __get_user_asm(x, addr, err, align, insn) \
382 __asm__ __volatile__( \
383 __check_align_##align \
384 "1: "insn" %1, %2, 0 \n" \
385 "2: \n" \
386 " .section .fixup,\"ax\" \n" \
387 " .align 4 \n" \
388 "4: \n" \
389 " .long 2b \n" \
390 "5: \n" \
391 " l32r %2, 4b \n" \
392 " movi %1, 0 \n" \
393 " movi %0, %3 \n" \
394 " jx %2 \n" \
395 " .previous \n" \
396 " .section __ex_table,\"a\" \n" \
397 " .long 1b, 5b \n" \
398 " .previous" \
399 :"=r" (err), "=r" (x) \
400 :"r" (addr), "i" (-EFAULT), "0" (err))
401
402
403/*
404 * Copy to/from user space
405 */
406
407/*
408 * We use a generic, arbitrary-sized copy subroutine. The Xtensa
409 * architecture would cause heavy code bloat if we tried to inline
410 * these functions and provide __constant_copy_* equivalents like the
411 * i386 versions. __xtensa_copy_user is quite efficient. See the
412 * .fixup section of __xtensa_copy_user for a discussion on the
413 * X_zeroing equivalents for Xtensa.
414 */
415
416extern unsigned __xtensa_copy_user(void *to, const void *from, unsigned n);
417#define __copy_user(to,from,size) __xtensa_copy_user(to,from,size)
418
419
420static inline unsigned long
421__generic_copy_from_user_nocheck(void *to, const void *from, unsigned long n)
422{
423 return __copy_user(to,from,n);
424}
425
426static inline unsigned long
427__generic_copy_to_user_nocheck(void *to, const void *from, unsigned long n)
428{
429 return __copy_user(to,from,n);
430}
431
432static inline unsigned long
433__generic_copy_to_user(void *to, const void *from, unsigned long n)
434{
435 prefetch(from);
436 if (access_ok(VERIFY_WRITE, to, n))
437 return __copy_user(to,from,n);
438 return n;
439}
440
441static inline unsigned long
442__generic_copy_from_user(void *to, const void *from, unsigned long n)
443{
444 prefetchw(to);
445 if (access_ok(VERIFY_READ, from, n))
446 return __copy_user(to,from,n);
447 else
448 memset(to, 0, n);
449 return n;
450}
451
452#define copy_to_user(to,from,n) __generic_copy_to_user((to),(from),(n))
453#define copy_from_user(to,from,n) __generic_copy_from_user((to),(from),(n))
454#define __copy_to_user(to,from,n) __generic_copy_to_user_nocheck((to),(from),(n))
455#define __copy_from_user(to,from,n) __generic_copy_from_user_nocheck((to),(from),(n))
456#define __copy_to_user_inatomic __copy_to_user
457#define __copy_from_user_inatomic __copy_from_user
458
459
460/*
461 * We need to return the number of bytes not cleared. Our memset()
462 * returns zero if a problem occurs while accessing user-space memory.
463 * In that event, return no memory cleared. Otherwise, zero for
464 * success.
465 */
466
467static inline unsigned long
468__xtensa_clear_user(void *addr, unsigned long size)
469{
470 if ( ! memset(addr, 0, size) )
471 return size;
472 return 0;
473}
474
475static inline unsigned long
476clear_user(void *addr, unsigned long size)
477{
478 if (access_ok(VERIFY_WRITE, addr, size))
479 return __xtensa_clear_user(addr, size);
480 return size ? -EFAULT : 0;
481}
482
483#define __clear_user __xtensa_clear_user
484
485
486extern long __strncpy_user(char *, const char *, long);
487#define __strncpy_from_user __strncpy_user
488
489static inline long
490strncpy_from_user(char *dst, const char *src, long count)
491{
492 if (access_ok(VERIFY_READ, src, 1))
493 return __strncpy_from_user(dst, src, count);
494 return -EFAULT;
495}
496
497
498#define strlen_user(str) strnlen_user((str), TASK_SIZE - 1)
499
500/*
501 * Return the size of a string (including the ending 0!)
502 */
503extern long __strnlen_user(const char *, long);
504
505static inline long strnlen_user(const char *str, long len)
506{
507 unsigned long top = __kernel_ok ? ~0UL : TASK_SIZE - 1;
508
509 if ((unsigned long)str > top)
510 return 0;
511 return __strnlen_user(str, len);
512}
513
514
515struct exception_table_entry
516{
517 unsigned long insn, fixup;
518};
519
520/* Returns 0 if exception not found and fixup.unit otherwise. */
521
522extern unsigned long search_exception_table(unsigned long addr);
523extern void sort_exception_table(void);
524
525/* Returns the new pc */
526#define fixup_exception(map_reg, fixup_unit, pc) \
527({ \
528 fixup_unit; \
529})
530
531#endif /* __ASSEMBLY__ */
532#endif /* _XTENSA_UACCESS_H */