Commit | Line | Data |
---|---|---|
ca233862 GC |
1 | #ifndef _ASM_UACCES_H_ |
2 | #define _ASM_UACCES_H_ | |
3 | /* | |
4 | * User space memory access functions | |
5 | */ | |
6 | #include <linux/errno.h> | |
7 | #include <linux/compiler.h> | |
8 | #include <linux/thread_info.h> | |
9 | #include <linux/prefetch.h> | |
10 | #include <linux/string.h> | |
11 | #include <asm/asm.h> | |
12 | #include <asm/page.h> | |
13 | ||
14 | #define VERIFY_READ 0 | |
15 | #define VERIFY_WRITE 1 | |
16 | ||
17 | /* | |
18 | * The fs value determines whether argument validity checking should be | |
19 | * performed or not. If get_fs() == USER_DS, checking is performed, with | |
20 | * get_fs() == KERNEL_DS, checking is bypassed. | |
21 | * | |
22 | * For historical reasons, these macros are grossly misnamed. | |
23 | */ | |
24 | ||
25 | #define MAKE_MM_SEG(s) ((mm_segment_t) { (s) }) | |
26 | ||
27 | #define KERNEL_DS MAKE_MM_SEG(-1UL) | |
28 | #define USER_DS MAKE_MM_SEG(PAGE_OFFSET) | |
29 | ||
30 | #define get_ds() (KERNEL_DS) | |
31 | #define get_fs() (current_thread_info()->addr_limit) | |
32 | #define set_fs(x) (current_thread_info()->addr_limit = (x)) | |
33 | ||
34 | #define segment_eq(a, b) ((a).seg == (b).seg) | |
35 | ||
002ca169 GC |
36 | #define __addr_ok(addr) \ |
37 | ((unsigned long __force)(addr) < \ | |
38 | (current_thread_info()->addr_limit.seg)) | |
39 | ||
ca233862 GC |
40 | /* |
41 | * Test whether a block of memory is a valid user space address. | |
42 | * Returns 0 if the range is valid, nonzero otherwise. | |
43 | * | |
44 | * This is equivalent to the following test: | |
45 | * (u33)addr + (u33)size >= (u33)current->addr_limit.seg (u65 for x86_64) | |
46 | * | |
47 | * This needs 33-bit (65-bit for x86_64) arithmetic. We have a carry... | |
48 | */ | |
49 | ||
50 | #define __range_not_ok(addr, size) \ | |
51 | ({ \ | |
52 | unsigned long flag, roksum; \ | |
53 | __chk_user_ptr(addr); \ | |
54 | asm("add %3,%1 ; sbb %0,%0 ; cmp %1,%4 ; sbb $0,%0" \ | |
55 | : "=&r" (flag), "=r" (roksum) \ | |
56 | : "1" (addr), "g" ((long)(size)), \ | |
57 | "rm" (current_thread_info()->addr_limit.seg)); \ | |
58 | flag; \ | |
59 | }) | |
60 | ||
61 | /** | |
62 | * access_ok: - Checks if a user space pointer is valid | |
63 | * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that | |
64 | * %VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe | |
65 | * to write to a block, it is always safe to read from it. | |
66 | * @addr: User space pointer to start of block to check | |
67 | * @size: Size of block to check | |
68 | * | |
69 | * Context: User context only. This function may sleep. | |
70 | * | |
71 | * Checks if a pointer to a block of memory in user space is valid. | |
72 | * | |
73 | * Returns true (nonzero) if the memory block may be valid, false (zero) | |
74 | * if it is definitely invalid. | |
75 | * | |
76 | * Note that, depending on architecture, this function probably just | |
77 | * checks that the pointer is in the user space range - after calling | |
78 | * this function, memory access functions may still return -EFAULT. | |
79 | */ | |
80 | #define access_ok(type, addr, size) (likely(__range_not_ok(addr, size) == 0)) | |
81 | ||
82 | /* | |
83 | * The exception table consists of pairs of addresses: the first is the | |
84 | * address of an instruction that is allowed to fault, and the second is | |
85 | * the address at which the program should continue. No registers are | |
86 | * modified, so it is entirely up to the continuation code to figure out | |
87 | * what to do. | |
88 | * | |
89 | * All the routines below use bits of fixup code that are out of line | |
90 | * with the main instruction path. This means when everything is well, | |
91 | * we don't even have to jump over them. Further, they do not intrude | |
92 | * on our cache or tlb entries. | |
93 | */ | |
94 | ||
95 | struct exception_table_entry { | |
96 | unsigned long insn, fixup; | |
97 | }; | |
98 | ||
99 | extern int fixup_exception(struct pt_regs *regs); | |
100 | ||
101 | /* | |
102 | * These are the main single-value transfer routines. They automatically | |
103 | * use the right size if we just have the right pointer type. | |
104 | * | |
105 | * This gets kind of ugly. We want to return _two_ values in "get_user()" | |
106 | * and yet we don't want to do any pointers, because that is too much | |
107 | * of a performance impact. Thus we have a few rather ugly macros here, | |
108 | * and hide all the ugliness from the user. | |
109 | * | |
110 | * The "__xxx" versions of the user access functions are versions that | |
111 | * do not verify the address space, that must have been done previously | |
112 | * with a separate "access_ok()" call (this is used when we do multiple | |
113 | * accesses to the same area of user memory). | |
114 | */ | |
115 | ||
116 | extern int __get_user_1(void); | |
117 | extern int __get_user_2(void); | |
118 | extern int __get_user_4(void); | |
119 | extern int __get_user_8(void); | |
120 | extern int __get_user_bad(void); | |
121 | ||
122 | #define __get_user_x(size, ret, x, ptr) \ | |
123 | asm volatile("call __get_user_" #size \ | |
124 | : "=a" (ret),"=d" (x) \ | |
125 | : "0" (ptr)) \ | |
126 | ||
865e5b76 GC |
127 | /* Careful: we have to cast the result to the type of the pointer |
128 | * for sign reasons */ | |
129 | ||
130 | /** | |
131 | * get_user: - Get a simple variable from user space. | |
132 | * @x: Variable to store result. | |
133 | * @ptr: Source address, in user space. | |
134 | * | |
135 | * Context: User context only. This function may sleep. | |
136 | * | |
137 | * This macro copies a single simple variable from user space to kernel | |
138 | * space. It supports simple types like char and int, but not larger | |
139 | * data types like structures or arrays. | |
140 | * | |
141 | * @ptr must have pointer-to-simple-variable type, and the result of | |
142 | * dereferencing @ptr must be assignable to @x without a cast. | |
143 | * | |
144 | * Returns zero on success, or -EFAULT on error. | |
145 | * On error, the variable @x is set to zero. | |
146 | */ | |
147 | #ifdef CONFIG_X86_32 | |
148 | #define __get_user_8(__ret_gu, __val_gu, ptr) \ | |
149 | __get_user_x(X, __ret_gu, __val_gu, ptr) | |
150 | #else | |
151 | #define __get_user_8(__ret_gu, __val_gu, ptr) \ | |
152 | __get_user_x(8, __ret_gu, __val_gu, ptr) | |
153 | #endif | |
154 | ||
155 | #define get_user(x, ptr) \ | |
156 | ({ \ | |
157 | int __ret_gu; \ | |
158 | unsigned long __val_gu; \ | |
159 | __chk_user_ptr(ptr); \ | |
160 | switch (sizeof(*(ptr))) { \ | |
161 | case 1: \ | |
162 | __get_user_x(1, __ret_gu, __val_gu, ptr); \ | |
163 | break; \ | |
164 | case 2: \ | |
165 | __get_user_x(2, __ret_gu, __val_gu, ptr); \ | |
166 | break; \ | |
167 | case 4: \ | |
168 | __get_user_x(4, __ret_gu, __val_gu, ptr); \ | |
169 | break; \ | |
170 | case 8: \ | |
171 | __get_user_8(__ret_gu, __val_gu, ptr); \ | |
172 | break; \ | |
173 | default: \ | |
174 | __get_user_x(X, __ret_gu, __val_gu, ptr); \ | |
175 | break; \ | |
176 | } \ | |
177 | (x) = (__typeof__(*(ptr)))__val_gu; \ | |
178 | __ret_gu; \ | |
179 | }) | |
180 | ||
e30a44fd GC |
181 | #define __put_user_x(size, x, ptr, __ret_pu) \ |
182 | asm volatile("call __put_user_" #size : "=a" (__ret_pu) \ | |
183 | :"0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx") | |
184 | ||
185 | ||
186 | ||
dc70ddf4 GC |
187 | #ifdef CONFIG_X86_32 |
188 | #define __put_user_u64(x, addr, err) \ | |
189 | asm volatile("1: movl %%eax,0(%2)\n" \ | |
190 | "2: movl %%edx,4(%2)\n" \ | |
191 | "3:\n" \ | |
192 | ".section .fixup,\"ax\"\n" \ | |
193 | "4: movl %3,%0\n" \ | |
194 | " jmp 3b\n" \ | |
195 | ".previous\n" \ | |
196 | _ASM_EXTABLE(1b, 4b) \ | |
197 | _ASM_EXTABLE(2b, 4b) \ | |
198 | : "=r" (err) \ | |
199 | : "A" (x), "r" (addr), "i" (-EFAULT), "0" (err)) | |
e30a44fd GC |
200 | |
201 | #define __put_user_x8(x, ptr, __ret_pu) \ | |
202 | asm volatile("call __put_user_8" : "=a" (__ret_pu) \ | |
203 | : "A" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx") | |
dc70ddf4 GC |
204 | #else |
205 | #define __put_user_u64(x, ptr, retval) \ | |
206 | __put_user_asm(x, ptr, retval, "q", "", "Zr", -EFAULT) | |
e30a44fd | 207 | #define __put_user_x8(x, ptr, __ret_pu) __put_user_x(8, x, ptr, __ret_pu) |
dc70ddf4 GC |
208 | #endif |
209 | ||
e30a44fd GC |
210 | extern void __put_user_bad(void); |
211 | ||
212 | /* | |
213 | * Strange magic calling convention: pointer in %ecx, | |
214 | * value in %eax(:%edx), return value in %eax. clobbers %rbx | |
215 | */ | |
216 | extern void __put_user_1(void); | |
217 | extern void __put_user_2(void); | |
218 | extern void __put_user_4(void); | |
219 | extern void __put_user_8(void); | |
220 | ||
dc70ddf4 GC |
221 | #ifdef CONFIG_X86_WP_WORKS_OK |
222 | ||
e30a44fd GC |
223 | /** |
224 | * put_user: - Write a simple value into user space. | |
225 | * @x: Value to copy to user space. | |
226 | * @ptr: Destination address, in user space. | |
227 | * | |
228 | * Context: User context only. This function may sleep. | |
229 | * | |
230 | * This macro copies a single simple value from kernel space to user | |
231 | * space. It supports simple types like char and int, but not larger | |
232 | * data types like structures or arrays. | |
233 | * | |
234 | * @ptr must have pointer-to-simple-variable type, and @x must be assignable | |
235 | * to the result of dereferencing @ptr. | |
236 | * | |
237 | * Returns zero on success, or -EFAULT on error. | |
238 | */ | |
239 | #define put_user(x, ptr) \ | |
240 | ({ \ | |
241 | int __ret_pu; \ | |
242 | __typeof__(*(ptr)) __pu_val; \ | |
243 | __chk_user_ptr(ptr); \ | |
244 | __pu_val = x; \ | |
245 | switch (sizeof(*(ptr))) { \ | |
246 | case 1: \ | |
247 | __put_user_x(1, __pu_val, ptr, __ret_pu); \ | |
248 | break; \ | |
249 | case 2: \ | |
250 | __put_user_x(2, __pu_val, ptr, __ret_pu); \ | |
251 | break; \ | |
252 | case 4: \ | |
253 | __put_user_x(4, __pu_val, ptr, __ret_pu); \ | |
254 | break; \ | |
255 | case 8: \ | |
256 | __put_user_x8(__pu_val, ptr, __ret_pu); \ | |
257 | break; \ | |
258 | default: \ | |
259 | __put_user_x(X, __pu_val, ptr, __ret_pu); \ | |
260 | break; \ | |
261 | } \ | |
262 | __ret_pu; \ | |
263 | }) | |
264 | ||
dc70ddf4 GC |
265 | #define __put_user_size(x, ptr, size, retval, errret) \ |
266 | do { \ | |
267 | retval = 0; \ | |
268 | __chk_user_ptr(ptr); \ | |
269 | switch (size) { \ | |
270 | case 1: \ | |
271 | __put_user_asm(x, ptr, retval, "b", "b", "iq", errret); \ | |
272 | break; \ | |
273 | case 2: \ | |
274 | __put_user_asm(x, ptr, retval, "w", "w", "ir", errret); \ | |
275 | break; \ | |
276 | case 4: \ | |
277 | __put_user_asm(x, ptr, retval, "l", "k", "ir", errret);\ | |
278 | break; \ | |
279 | case 8: \ | |
280 | __put_user_u64((__typeof__(*ptr))(x), ptr, retval); \ | |
281 | break; \ | |
282 | default: \ | |
283 | __put_user_bad(); \ | |
284 | } \ | |
285 | } while (0) | |
286 | ||
287 | #else | |
288 | ||
289 | #define __put_user_size(x, ptr, size, retval, errret) \ | |
290 | do { \ | |
291 | __typeof__(*(ptr))__pus_tmp = x; \ | |
292 | retval = 0; \ | |
293 | \ | |
294 | if (unlikely(__copy_to_user_ll(ptr, &__pus_tmp, size) != 0)) \ | |
295 | retval = errret; \ | |
296 | } while (0) | |
297 | ||
e30a44fd GC |
298 | #define put_user(x, ptr) \ |
299 | ({ \ | |
300 | int __ret_pu; \ | |
301 | __typeof__(*(ptr))__pus_tmp = x; \ | |
302 | __ret_pu = 0; \ | |
303 | if (unlikely(__copy_to_user_ll(ptr, &__pus_tmp, \ | |
304 | sizeof(*(ptr))) != 0)) \ | |
305 | __ret_pu = -EFAULT; \ | |
306 | __ret_pu; \ | |
307 | }) | |
dc70ddf4 GC |
308 | #endif |
309 | ||
3f168221 GC |
310 | #ifdef CONFIG_X86_32 |
311 | #define __get_user_asm_u64(x, ptr, retval, errret) (x) = __get_user_bad() | |
312 | #else | |
313 | #define __get_user_asm_u64(x, ptr, retval, errret) \ | |
314 | __get_user_asm(x, ptr, retval, "q", "", "=r", errret) | |
315 | #endif | |
316 | ||
317 | #define __get_user_size(x, ptr, size, retval, errret) \ | |
318 | do { \ | |
319 | retval = 0; \ | |
320 | __chk_user_ptr(ptr); \ | |
321 | switch (size) { \ | |
322 | case 1: \ | |
323 | __get_user_asm(x, ptr, retval, "b", "b", "=q", errret); \ | |
324 | break; \ | |
325 | case 2: \ | |
326 | __get_user_asm(x, ptr, retval, "w", "w", "=r", errret); \ | |
327 | break; \ | |
328 | case 4: \ | |
329 | __get_user_asm(x, ptr, retval, "l", "k", "=r", errret); \ | |
330 | break; \ | |
331 | case 8: \ | |
332 | __get_user_asm_u64(x, ptr, retval, errret); \ | |
333 | break; \ | |
334 | default: \ | |
335 | (x) = __get_user_bad(); \ | |
336 | } \ | |
337 | } while (0) | |
338 | ||
339 | #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \ | |
340 | asm volatile("1: mov"itype" %2,%"rtype"1\n" \ | |
341 | "2:\n" \ | |
342 | ".section .fixup,\"ax\"\n" \ | |
343 | "3: mov %3,%0\n" \ | |
344 | " xor"itype" %"rtype"1,%"rtype"1\n" \ | |
345 | " jmp 2b\n" \ | |
346 | ".previous\n" \ | |
347 | _ASM_EXTABLE(1b, 3b) \ | |
348 | : "=r" (err), ltype(x) \ | |
349 | : "m" (__m(addr)), "i" (errret), "0" (err)) | |
350 | ||
dc70ddf4 GC |
351 | #define __put_user_nocheck(x, ptr, size) \ |
352 | ({ \ | |
353 | long __pu_err; \ | |
354 | __put_user_size((x), (ptr), (size), __pu_err, -EFAULT); \ | |
355 | __pu_err; \ | |
356 | }) | |
357 | ||
3f168221 GC |
358 | #define __get_user_nocheck(x, ptr, size) \ |
359 | ({ \ | |
360 | long __gu_err; \ | |
361 | unsigned long __gu_val; \ | |
362 | __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \ | |
363 | (x) = (__force __typeof__(*(ptr)))__gu_val; \ | |
364 | __gu_err; \ | |
365 | }) | |
dc70ddf4 GC |
366 | |
367 | /* FIXME: this hack is definitely wrong -AK */ | |
368 | struct __large_struct { unsigned long buf[100]; }; | |
369 | #define __m(x) (*(struct __large_struct __user *)(x)) | |
370 | ||
371 | /* | |
372 | * Tell gcc we read from memory instead of writing: this is because | |
373 | * we do not write to any memory gcc knows about, so there are no | |
374 | * aliasing issues. | |
375 | */ | |
376 | #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \ | |
377 | asm volatile("1: mov"itype" %"rtype"1,%2\n" \ | |
378 | "2:\n" \ | |
379 | ".section .fixup,\"ax\"\n" \ | |
380 | "3: mov %3,%0\n" \ | |
381 | " jmp 2b\n" \ | |
382 | ".previous\n" \ | |
383 | _ASM_EXTABLE(1b, 3b) \ | |
384 | : "=r"(err) \ | |
385 | : ltype(x), "m" (__m(addr)), "i" (errret), "0" (err)) | |
8cb834e9 GC |
386 | /** |
387 | * __get_user: - Get a simple variable from user space, with less checking. | |
388 | * @x: Variable to store result. | |
389 | * @ptr: Source address, in user space. | |
390 | * | |
391 | * Context: User context only. This function may sleep. | |
392 | * | |
393 | * This macro copies a single simple variable from user space to kernel | |
394 | * space. It supports simple types like char and int, but not larger | |
395 | * data types like structures or arrays. | |
396 | * | |
397 | * @ptr must have pointer-to-simple-variable type, and the result of | |
398 | * dereferencing @ptr must be assignable to @x without a cast. | |
399 | * | |
400 | * Caller must check the pointer with access_ok() before calling this | |
401 | * function. | |
402 | * | |
403 | * Returns zero on success, or -EFAULT on error. | |
404 | * On error, the variable @x is set to zero. | |
405 | */ | |
406 | ||
407 | #define __get_user(x, ptr) \ | |
408 | __get_user_nocheck((x), (ptr), sizeof(*(ptr))) | |
409 | /** | |
410 | * __put_user: - Write a simple value into user space, with less checking. | |
411 | * @x: Value to copy to user space. | |
412 | * @ptr: Destination address, in user space. | |
413 | * | |
414 | * Context: User context only. This function may sleep. | |
415 | * | |
416 | * This macro copies a single simple value from kernel space to user | |
417 | * space. It supports simple types like char and int, but not larger | |
418 | * data types like structures or arrays. | |
419 | * | |
420 | * @ptr must have pointer-to-simple-variable type, and @x must be assignable | |
421 | * to the result of dereferencing @ptr. | |
422 | * | |
423 | * Caller must check the pointer with access_ok() before calling this | |
424 | * function. | |
425 | * | |
426 | * Returns zero on success, or -EFAULT on error. | |
427 | */ | |
428 | ||
429 | #define __put_user(x, ptr) \ | |
430 | __put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr))) | |
dc70ddf4 | 431 | |
8cb834e9 GC |
432 | #define __get_user_unaligned __get_user |
433 | #define __put_user_unaligned __put_user | |
865e5b76 | 434 | |
8bc7de0c GC |
435 | /* |
436 | * movsl can be slow when source and dest are not both 8-byte aligned | |
437 | */ | |
438 | #ifdef CONFIG_X86_INTEL_USERCOPY | |
439 | extern struct movsl_mask { | |
440 | int mask; | |
441 | } ____cacheline_aligned_in_smp movsl_mask; | |
442 | #endif | |
443 | ||
22cac167 GC |
444 | #define ARCH_HAS_NOCACHE_UACCESS 1 |
445 | ||
96a388de TG |
446 | #ifdef CONFIG_X86_32 |
447 | # include "uaccess_32.h" | |
448 | #else | |
22cac167 | 449 | # define ARCH_HAS_SEARCH_EXTABLE |
96a388de TG |
450 | # include "uaccess_64.h" |
451 | #endif | |
ca233862 GC |
452 | |
453 | #endif | |
8174c430 | 454 |