Rev 475 | Go to most recent revision | Details | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
422 | giacomo | 1 | #ifndef __i386_UACCESS_H |
2 | #define __i386_UACCESS_H |
||
3 | |||
4 | /* |
||
5 | * User space memory access functions |
||
6 | */ |
||
7 | #include <linux/config.h> |
||
8 | #include <linux/errno.h> |
||
9 | #include <linux/thread_info.h> |
||
10 | #include <linux/prefetch.h> |
||
11 | #include <linux/string.h> |
||
12 | #include <asm/page.h> |
||
13 | |||
14 | #define VERIFY_READ 0 |
||
15 | #define VERIFY_WRITE 1 |
||
16 | |||
17 | /* |
||
18 | * The fs value determines whether argument validity checking should be |
||
19 | * performed or not. If get_fs() == USER_DS, checking is performed, with |
||
20 | * get_fs() == KERNEL_DS, checking is bypassed. |
||
21 | * |
||
22 | * For historical reasons, these macros are grossly misnamed. |
||
23 | */ |
||
24 | |||
25 | #define MAKE_MM_SEG(s) ((mm_segment_t) { (s) }) |
||
26 | |||
27 | |||
28 | #define KERNEL_DS MAKE_MM_SEG(0xFFFFFFFFUL) |
||
29 | #define USER_DS MAKE_MM_SEG(PAGE_OFFSET) |
||
30 | |||
31 | #define get_ds() (KERNEL_DS) |
||
32 | #define get_fs() (current_thread_info()->addr_limit) |
||
33 | #define set_fs(x) (current_thread_info()->addr_limit = (x)) |
||
34 | |||
35 | #define segment_eq(a,b) ((a).seg == (b).seg) |
||
36 | |||
37 | /* |
||
38 | * movsl can be slow when source and dest are not both 8-byte aligned |
||
39 | */ |
||
40 | #ifdef CONFIG_X86_INTEL_USERCOPY |
||
41 | extern struct movsl_mask { |
||
42 | int mask; |
||
43 | } ____cacheline_aligned_in_smp movsl_mask; |
||
44 | #endif |
||
45 | |||
46 | #define __addr_ok(addr) ((unsigned long)(addr) < (current_thread_info()->addr_limit.seg)) |
||
47 | |||
48 | /* |
||
49 | * Test whether a block of memory is a valid user space address. |
||
50 | * Returns 0 if the range is valid, nonzero otherwise. |
||
51 | * |
||
52 | * This is equivalent to the following test: |
||
53 | * (u33)addr + (u33)size >= (u33)current->addr_limit.seg |
||
54 | * |
||
55 | * This needs 33-bit arithmetic. We have a carry... |
||
56 | */ |
||
57 | #define __range_ok(addr,size) ({ \ |
||
58 | unsigned long flag,sum; \ |
||
59 | asm("addl %3,%1 ; sbbl %0,%0; cmpl %1,%4; sbbl $0,%0" \ |
||
60 | :"=&r" (flag), "=r" (sum) \ |
||
61 | :"1" (addr),"g" ((int)(size)),"g" (current_thread_info()->addr_limit.seg)); \ |
||
62 | flag; }) |
||
63 | |||
64 | /** |
||
65 | * access_ok: - Checks if a user space pointer is valid |
||
66 | * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that |
||
67 | * %VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe |
||
68 | * to write to a block, it is always safe to read from it. |
||
69 | * @addr: User space pointer to start of block to check |
||
70 | * @size: Size of block to check |
||
71 | * |
||
72 | * Context: User context only. This function may sleep. |
||
73 | * |
||
74 | * Checks if a pointer to a block of memory in user space is valid. |
||
75 | * |
||
76 | * Returns true (nonzero) if the memory block may be valid, false (zero) |
||
77 | * if it is definitely invalid. |
||
78 | * |
||
79 | * Note that, depending on architecture, this function probably just |
||
80 | * checks that the pointer is in the user space range - after calling |
||
81 | * this function, memory access functions may still return -EFAULT. |
||
82 | */ |
||
83 | #define access_ok(type,addr,size) (likely(__range_ok(addr,size) == 0)) |
||
84 | |||
85 | /** |
||
86 | * verify_area: - Obsolete, use access_ok() |
||
87 | * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE |
||
88 | * @addr: User space pointer to start of block to check |
||
89 | * @size: Size of block to check |
||
90 | * |
||
91 | * Context: User context only. This function may sleep. |
||
92 | * |
||
93 | * This function has been replaced by access_ok(). |
||
94 | * |
||
95 | * Checks if a pointer to a block of memory in user space is valid. |
||
96 | * |
||
97 | * Returns zero if the memory block may be valid, -EFAULT |
||
98 | * if it is definitely invalid. |
||
99 | * |
||
100 | * See access_ok() for more details. |
||
101 | */ |
||
102 | static inline int verify_area(int type, const void __user * addr, unsigned long size) |
||
103 | { |
||
104 | return access_ok(type,addr,size) ? 0 : -EFAULT; |
||
105 | } |
||
106 | |||
107 | |||
108 | /* |
||
109 | * The exception table consists of pairs of addresses: the first is the |
||
110 | * address of an instruction that is allowed to fault, and the second is |
||
111 | * the address at which the program should continue. No registers are |
||
112 | * modified, so it is entirely up to the continuation code to figure out |
||
113 | * what to do. |
||
114 | * |
||
115 | * All the routines below use bits of fixup code that are out of line |
||
116 | * with the main instruction path. This means when everything is well, |
||
117 | * we don't even have to jump over them. Further, they do not intrude |
||
118 | * on our cache or tlb entries. |
||
119 | */ |
||
120 | |||
121 | struct exception_table_entry |
||
122 | { |
||
123 | unsigned long insn, fixup; |
||
124 | }; |
||
125 | |||
126 | extern int fixup_exception(struct pt_regs *regs); |
||
127 | |||
128 | /* |
||
129 | * These are the main single-value transfer routines. They automatically |
||
130 | * use the right size if we just have the right pointer type. |
||
131 | * |
||
132 | * This gets kind of ugly. We want to return _two_ values in "get_user()" |
||
133 | * and yet we don't want to do any pointers, because that is too much |
||
134 | * of a performance impact. Thus we have a few rather ugly macros here, |
||
135 | * and hide all the ugliness from the user. |
||
136 | * |
||
137 | * The "__xxx" versions of the user access functions are versions that |
||
138 | * do not verify the address space, that must have been done previously |
||
139 | * with a separate "access_ok()" call (this is used when we do multiple |
||
140 | * accesses to the same area of user memory). |
||
141 | */ |
||
142 | |||
143 | extern void __get_user_1(void); |
||
144 | extern void __get_user_2(void); |
||
145 | extern void __get_user_4(void); |
||
146 | |||
147 | #define __get_user_x(size,ret,x,ptr) \ |
||
148 | __asm__ __volatile__("call __get_user_" #size \ |
||
149 | :"=a" (ret),"=d" (x) \ |
||
150 | :"0" (ptr)) |
||
151 | |||
152 | |||
153 | /* Careful: we have to cast the result to the type of the pointer for sign reasons */ |
||
154 | /** |
||
155 | * get_user: - Get a simple variable from user space. |
||
156 | * @x: Variable to store result. |
||
157 | * @ptr: Source address, in user space. |
||
158 | * |
||
159 | * Context: User context only. This function may sleep. |
||
160 | * |
||
161 | * This macro copies a single simple variable from user space to kernel |
||
162 | * space. It supports simple types like char and int, but not larger |
||
163 | * data types like structures or arrays. |
||
164 | * |
||
165 | * @ptr must have pointer-to-simple-variable type, and the result of |
||
166 | * dereferencing @ptr must be assignable to @x without a cast. |
||
167 | * |
||
168 | * Returns zero on success, or -EFAULT on error. |
||
169 | * On error, the variable @x is set to zero. |
||
170 | */ |
||
171 | #define get_user(x,ptr) \ |
||
172 | ({ int __ret_gu,__val_gu; \ |
||
173 | switch(sizeof (*(ptr))) { \ |
||
174 | case 1: __get_user_x(1,__ret_gu,__val_gu,ptr); break; \ |
||
175 | case 2: __get_user_x(2,__ret_gu,__val_gu,ptr); break; \ |
||
176 | case 4: __get_user_x(4,__ret_gu,__val_gu,ptr); break; \ |
||
177 | default: __get_user_x(X,__ret_gu,__val_gu,ptr); break; \ |
||
178 | } \ |
||
179 | (x) = (__typeof__(*(ptr)))__val_gu; \ |
||
180 | __ret_gu; \ |
||
181 | }) |
||
182 | |||
183 | extern void __put_user_bad(void); |
||
184 | |||
185 | /** |
||
186 | * put_user: - Write a simple value into user space. |
||
187 | * @x: Value to copy to user space. |
||
188 | * @ptr: Destination address, in user space. |
||
189 | * |
||
190 | * Context: User context only. This function may sleep. |
||
191 | * |
||
192 | * This macro copies a single simple value from kernel space to user |
||
193 | * space. It supports simple types like char and int, but not larger |
||
194 | * data types like structures or arrays. |
||
195 | * |
||
196 | * @ptr must have pointer-to-simple-variable type, and @x must be assignable |
||
197 | * to the result of dereferencing @ptr. |
||
198 | * |
||
199 | * Returns zero on success, or -EFAULT on error. |
||
200 | */ |
||
201 | #define put_user(x,ptr) \ |
||
202 | __put_user_check((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr))) |
||
203 | |||
204 | |||
205 | /** |
||
206 | * __get_user: - Get a simple variable from user space, with less checking. |
||
207 | * @x: Variable to store result. |
||
208 | * @ptr: Source address, in user space. |
||
209 | * |
||
210 | * Context: User context only. This function may sleep. |
||
211 | * |
||
212 | * This macro copies a single simple variable from user space to kernel |
||
213 | * space. It supports simple types like char and int, but not larger |
||
214 | * data types like structures or arrays. |
||
215 | * |
||
216 | * @ptr must have pointer-to-simple-variable type, and the result of |
||
217 | * dereferencing @ptr must be assignable to @x without a cast. |
||
218 | * |
||
219 | * Caller must check the pointer with access_ok() before calling this |
||
220 | * function. |
||
221 | * |
||
222 | * Returns zero on success, or -EFAULT on error. |
||
223 | * On error, the variable @x is set to zero. |
||
224 | */ |
||
225 | #define __get_user(x,ptr) \ |
||
226 | __get_user_nocheck((x),(ptr),sizeof(*(ptr))) |
||
227 | |||
228 | |||
229 | /** |
||
230 | * __put_user: - Write a simple value into user space, with less checking. |
||
231 | * @x: Value to copy to user space. |
||
232 | * @ptr: Destination address, in user space. |
||
233 | * |
||
234 | * Context: User context only. This function may sleep. |
||
235 | * |
||
236 | * This macro copies a single simple value from kernel space to user |
||
237 | * space. It supports simple types like char and int, but not larger |
||
238 | * data types like structures or arrays. |
||
239 | * |
||
240 | * @ptr must have pointer-to-simple-variable type, and @x must be assignable |
||
241 | * to the result of dereferencing @ptr. |
||
242 | * |
||
243 | * Caller must check the pointer with access_ok() before calling this |
||
244 | * function. |
||
245 | * |
||
246 | * Returns zero on success, or -EFAULT on error. |
||
247 | */ |
||
248 | #define __put_user(x,ptr) \ |
||
249 | __put_user_nocheck((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr))) |
||
250 | |||
251 | #define __put_user_nocheck(x,ptr,size) \ |
||
252 | ({ \ |
||
253 | long __pu_err; \ |
||
254 | __put_user_size((x),(ptr),(size),__pu_err,-EFAULT); \ |
||
255 | __pu_err; \ |
||
256 | }) |
||
257 | |||
258 | |||
259 | #define __put_user_check(x,ptr,size) \ |
||
260 | ({ \ |
||
261 | long __pu_err = -EFAULT; \ |
||
262 | __typeof__(*(ptr)) *__pu_addr = (ptr); \ |
||
263 | might_sleep(); \ |
||
264 | if (access_ok(VERIFY_WRITE,__pu_addr,size)) \ |
||
265 | __put_user_size((x),__pu_addr,(size),__pu_err,-EFAULT); \ |
||
266 | __pu_err; \ |
||
267 | }) |
||
268 | |||
269 | #define __put_user_u64(x, addr, err) \ |
||
270 | __asm__ __volatile__( \ |
||
271 | "1: movl %%eax,0(%2)\n" \ |
||
272 | "2: movl %%edx,4(%2)\n" \ |
||
273 | "3:\n" \ |
||
274 | ".section .fixup,\"ax\"\n" \ |
||
275 | "4: movl %3,%0\n" \ |
||
276 | " jmp 3b\n" \ |
||
277 | ".previous\n" \ |
||
278 | ".section __ex_table,\"a\"\n" \ |
||
279 | " .align 4\n" \ |
||
280 | " .long 1b,4b\n" \ |
||
281 | " .long 2b,4b\n" \ |
||
282 | ".previous" \ |
||
283 | : "=r"(err) \ |
||
284 | : "A" (x), "r" (addr), "i"(-EFAULT), "0"(err)) |
||
285 | |||
286 | #ifdef CONFIG_X86_WP_WORKS_OK |
||
287 | |||
288 | #define __put_user_size(x,ptr,size,retval,errret) \ |
||
289 | do { \ |
||
290 | retval = 0; \ |
||
291 | switch (size) { \ |
||
292 | case 1: __put_user_asm(x,ptr,retval,"b","b","iq",errret);break; \ |
||
293 | case 2: __put_user_asm(x,ptr,retval,"w","w","ir",errret);break; \ |
||
294 | case 4: __put_user_asm(x,ptr,retval,"l","","ir",errret); break; \ |
||
295 | case 8: __put_user_u64((__typeof__(*ptr))(x),ptr,retval); break;\ |
||
296 | default: __put_user_bad(); \ |
||
297 | } \ |
||
298 | } while (0) |
||
299 | |||
300 | #else |
||
301 | |||
302 | #define __put_user_size(x,ptr,size,retval,errret) \ |
||
303 | do { \ |
||
304 | __typeof__(*(ptr)) __pus_tmp = x; \ |
||
305 | retval = 0; \ |
||
306 | \ |
||
307 | if(unlikely(__copy_to_user_ll(ptr, &__pus_tmp, size) != 0)) \ |
||
308 | retval = errret; \ |
||
309 | } while (0) |
||
310 | |||
311 | #endif |
||
312 | struct __large_struct { unsigned long buf[100]; }; |
||
313 | #define __m(x) (*(struct __large_struct *)(x)) |
||
314 | |||
315 | /* |
||
316 | * Tell gcc we read from memory instead of writing: this is because |
||
317 | * we do not write to any memory gcc knows about, so there are no |
||
318 | * aliasing issues. |
||
319 | */ |
||
320 | #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \ |
||
321 | __asm__ __volatile__( \ |
||
322 | "1: mov"itype" %"rtype"1,%2\n" \ |
||
323 | "2:\n" \ |
||
324 | ".section .fixup,\"ax\"\n" \ |
||
325 | "3: movl %3,%0\n" \ |
||
326 | " jmp 2b\n" \ |
||
327 | ".previous\n" \ |
||
328 | ".section __ex_table,\"a\"\n" \ |
||
329 | " .align 4\n" \ |
||
330 | " .long 1b,3b\n" \ |
||
331 | ".previous" \ |
||
332 | : "=r"(err) \ |
||
333 | : ltype (x), "m"(__m(addr)), "i"(errret), "0"(err)) |
||
334 | |||
335 | |||
336 | #define __get_user_nocheck(x,ptr,size) \ |
||
337 | ({ \ |
||
338 | long __gu_err, __gu_val; \ |
||
339 | __get_user_size(__gu_val,(ptr),(size),__gu_err,-EFAULT);\ |
||
340 | (x) = (__typeof__(*(ptr)))__gu_val; \ |
||
341 | __gu_err; \ |
||
342 | }) |
||
343 | |||
344 | extern long __get_user_bad(void); |
||
345 | |||
346 | #define __get_user_size(x,ptr,size,retval,errret) \ |
||
347 | do { \ |
||
348 | retval = 0; \ |
||
349 | switch (size) { \ |
||
350 | case 1: __get_user_asm(x,ptr,retval,"b","b","=q",errret);break; \ |
||
351 | case 2: __get_user_asm(x,ptr,retval,"w","w","=r",errret);break; \ |
||
352 | case 4: __get_user_asm(x,ptr,retval,"l","","=r",errret);break; \ |
||
353 | default: (x) = __get_user_bad(); \ |
||
354 | } \ |
||
355 | } while (0) |
||
356 | |||
357 | #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \ |
||
358 | __asm__ __volatile__( \ |
||
359 | "1: mov"itype" %2,%"rtype"1\n" \ |
||
360 | "2:\n" \ |
||
361 | ".section .fixup,\"ax\"\n" \ |
||
362 | "3: movl %3,%0\n" \ |
||
363 | " xor"itype" %"rtype"1,%"rtype"1\n" \ |
||
364 | " jmp 2b\n" \ |
||
365 | ".previous\n" \ |
||
366 | ".section __ex_table,\"a\"\n" \ |
||
367 | " .align 4\n" \ |
||
368 | " .long 1b,3b\n" \ |
||
369 | ".previous" \ |
||
370 | : "=r"(err), ltype (x) \ |
||
371 | : "m"(__m(addr)), "i"(errret), "0"(err)) |
||
372 | |||
373 | |||
374 | unsigned long __copy_to_user_ll(void __user *to, const void *from, unsigned long n); |
||
375 | unsigned long __copy_from_user_ll(void *to, const void __user *from, unsigned long n); |
||
376 | |||
377 | /* |
||
378 | * Here we special-case 1, 2 and 4-byte copy_*_user invocations. On a fault |
||
379 | * we return the initial request size (1, 2 or 4), as copy_*_user should do. |
||
380 | * If a store crosses a page boundary and gets a fault, the x86 will not write |
||
381 | * anything, so this is accurate. |
||
382 | */ |
||
383 | |||
384 | /** |
||
385 | * __copy_to_user: - Copy a block of data into user space, with less checking. |
||
386 | * @to: Destination address, in user space. |
||
387 | * @from: Source address, in kernel space. |
||
388 | * @n: Number of bytes to copy. |
||
389 | * |
||
390 | * Context: User context only. This function may sleep. |
||
391 | * |
||
392 | * Copy data from kernel space to user space. Caller must check |
||
393 | * the specified block with access_ok() before calling this function. |
||
394 | * |
||
395 | * Returns number of bytes that could not be copied. |
||
396 | * On success, this will be zero. |
||
397 | */ |
||
398 | static inline unsigned long |
||
399 | __copy_to_user(void __user *to, const void *from, unsigned long n) |
||
400 | { |
||
401 | if (__builtin_constant_p(n)) { |
||
402 | unsigned long ret; |
||
403 | |||
404 | switch (n) { |
||
405 | case 1: |
||
406 | __put_user_size(*(u8 *)from, (u8 *)to, 1, ret, 1); |
||
407 | return ret; |
||
408 | case 2: |
||
409 | __put_user_size(*(u16 *)from, (u16 *)to, 2, ret, 2); |
||
410 | return ret; |
||
411 | case 4: |
||
412 | __put_user_size(*(u32 *)from, (u32 *)to, 4, ret, 4); |
||
413 | return ret; |
||
414 | } |
||
415 | } |
||
416 | return __copy_to_user_ll(to, from, n); |
||
417 | } |
||
418 | |||
419 | /** |
||
420 | * __copy_from_user: - Copy a block of data from user space, with less checking. |
||
421 | * @to: Destination address, in kernel space. |
||
422 | * @from: Source address, in user space. |
||
423 | * @n: Number of bytes to copy. |
||
424 | * |
||
425 | * Context: User context only. This function may sleep. |
||
426 | * |
||
427 | * Copy data from user space to kernel space. Caller must check |
||
428 | * the specified block with access_ok() before calling this function. |
||
429 | * |
||
430 | * Returns number of bytes that could not be copied. |
||
431 | * On success, this will be zero. |
||
432 | * |
||
433 | * If some data could not be copied, this function will pad the copied |
||
434 | * data to the requested size using zero bytes. |
||
435 | */ |
||
436 | static inline unsigned long |
||
437 | __copy_from_user(void *to, const void __user *from, unsigned long n) |
||
438 | { |
||
439 | if (__builtin_constant_p(n)) { |
||
440 | unsigned long ret; |
||
441 | |||
442 | switch (n) { |
||
443 | case 1: |
||
444 | __get_user_size(*(u8 *)to, from, 1, ret, 1); |
||
445 | return ret; |
||
446 | case 2: |
||
447 | __get_user_size(*(u16 *)to, from, 2, ret, 2); |
||
448 | return ret; |
||
449 | case 4: |
||
450 | __get_user_size(*(u32 *)to, from, 4, ret, 4); |
||
451 | return ret; |
||
452 | } |
||
453 | } |
||
454 | return __copy_from_user_ll(to, from, n); |
||
455 | } |
||
456 | |||
457 | /** |
||
458 | * copy_to_user: - Copy a block of data into user space. |
||
459 | * @to: Destination address, in user space. |
||
460 | * @from: Source address, in kernel space. |
||
461 | * @n: Number of bytes to copy. |
||
462 | * |
||
463 | * Context: User context only. This function may sleep. |
||
464 | * |
||
465 | * Copy data from kernel space to user space. |
||
466 | * |
||
467 | * Returns number of bytes that could not be copied. |
||
468 | * On success, this will be zero. |
||
469 | */ |
||
470 | static inline unsigned long |
||
471 | copy_to_user(void __user *to, const void *from, unsigned long n) |
||
472 | { |
||
473 | might_sleep(); |
||
474 | if (access_ok(VERIFY_WRITE, to, n)) |
||
475 | n = __copy_to_user(to, from, n); |
||
476 | return n; |
||
477 | } |
||
478 | |||
479 | /** |
||
480 | * copy_from_user: - Copy a block of data from user space. |
||
481 | * @to: Destination address, in kernel space. |
||
482 | * @from: Source address, in user space. |
||
483 | * @n: Number of bytes to copy. |
||
484 | * |
||
485 | * Context: User context only. This function may sleep. |
||
486 | * |
||
487 | * Copy data from user space to kernel space. |
||
488 | * |
||
489 | * Returns number of bytes that could not be copied. |
||
490 | * On success, this will be zero. |
||
491 | * |
||
492 | * If some data could not be copied, this function will pad the copied |
||
493 | * data to the requested size using zero bytes. |
||
494 | */ |
||
495 | static inline unsigned long |
||
496 | copy_from_user(void *to, const void __user *from, unsigned long n) |
||
497 | { |
||
498 | might_sleep(); |
||
499 | if (access_ok(VERIFY_READ, from, n)) |
||
500 | n = __copy_from_user(to, from, n); |
||
501 | else |
||
502 | memset(to, 0, n); |
||
503 | return n; |
||
504 | } |
||
505 | |||
506 | long strncpy_from_user(char *dst, const char __user *src, long count); |
||
507 | long __strncpy_from_user(char *dst, const char __user *src, long count); |
||
508 | |||
509 | /** |
||
510 | * strlen_user: - Get the size of a string in user space. |
||
511 | * @str: The string to measure. |
||
512 | * |
||
513 | * Context: User context only. This function may sleep. |
||
514 | * |
||
515 | * Get the size of a NUL-terminated string in user space. |
||
516 | * |
||
517 | * Returns the size of the string INCLUDING the terminating NUL. |
||
518 | * On exception, returns 0. |
||
519 | * |
||
520 | * If there is a limit on the length of a valid string, you may wish to |
||
521 | * consider using strnlen_user() instead. |
||
522 | */ |
||
523 | #define strlen_user(str) strnlen_user(str, ~0UL >> 1) |
||
524 | |||
525 | long strnlen_user(const char __user *str, long n); |
||
526 | unsigned long clear_user(void __user *mem, unsigned long len); |
||
527 | unsigned long __clear_user(void __user *mem, unsigned long len); |
||
528 | |||
529 | #endif /* __i386_UACCESS_H */ |