Commit | Line | Data |
---|---|---|
61e85e36 JB |
1 | /* |
2 | * OpenRISC Linux | |
3 | * | |
4 | * Linux architectural port borrowing liberally from similar works of | |
5 | * others. All original copyrights apply as per the original source | |
6 | * declaration. | |
7 | * | |
8 | * OpenRISC implementation: | |
9 | * Copyright (C) 2003 Matjaz Breskvar <phoenix@bsemi.com> | |
10 | * Copyright (C) 2010-2011 Jonas Bonn <jonas@southpole.se> | |
11 | * et al. | |
12 | * | |
13 | * This program is free software; you can redistribute it and/or modify | |
14 | * it under the terms of the GNU General Public License as published by | |
15 | * the Free Software Foundation; either version 2 of the License, or | |
16 | * (at your option) any later version. | |
17 | */ | |
18 | ||
19 | #ifndef __ASM_OPENRISC_UACCESS_H | |
20 | #define __ASM_OPENRISC_UACCESS_H | |
21 | ||
22 | /* | |
23 | * User space memory access functions | |
24 | */ | |
25 | #include <linux/errno.h> | |
26 | #include <linux/thread_info.h> | |
27 | #include <linux/prefetch.h> | |
28 | #include <linux/string.h> | |
29 | #include <linux/thread_info.h> | |
30 | #include <asm/page.h> | |
31 | ||
32 | #define VERIFY_READ 0 | |
33 | #define VERIFY_WRITE 1 | |
34 | ||
35 | /* | |
36 | * The fs value determines whether argument validity checking should be | |
37 | * performed or not. If get_fs() == USER_DS, checking is performed, with | |
38 | * get_fs() == KERNEL_DS, checking is bypassed. | |
39 | * | |
40 | * For historical reasons, these macros are grossly misnamed. | |
41 | */ | |
42 | ||
43 | /* addr_limit is the maximum accessible address for the task. we misuse | |
44 | * the KERNEL_DS and USER_DS values to both assign and compare the | |
45 | * addr_limit values through the equally misnamed get/set_fs macros. | |
46 | * (see above) | |
47 | */ | |
48 | ||
49 | #define KERNEL_DS (~0UL) | |
50 | #define get_ds() (KERNEL_DS) | |
51 | ||
52 | #define USER_DS (TASK_SIZE) | |
53 | #define get_fs() (current_thread_info()->addr_limit) | |
54 | #define set_fs(x) (current_thread_info()->addr_limit = (x)) | |
55 | ||
56 | #define segment_eq(a, b) ((a) == (b)) | |
57 | ||
58 | /* Ensure that the range from addr to addr+size is all within the process' | |
59 | * address space | |
60 | */ | |
61 | #define __range_ok(addr, size) (size <= get_fs() && addr <= (get_fs()-size)) | |
62 | ||
63 | /* Ensure that addr is below task's addr_limit */ | |
64 | #define __addr_ok(addr) ((unsigned long) addr < get_fs()) | |
65 | ||
66 | #define access_ok(type, addr, size) \ | |
67 | __range_ok((unsigned long)addr, (unsigned long)size) | |
68 | ||
69 | /* | |
70 | * The exception table consists of pairs of addresses: the first is the | |
71 | * address of an instruction that is allowed to fault, and the second is | |
72 | * the address at which the program should continue. No registers are | |
73 | * modified, so it is entirely up to the continuation code to figure out | |
74 | * what to do. | |
75 | * | |
76 | * All the routines below use bits of fixup code that are out of line | |
77 | * with the main instruction path. This means when everything is well, | |
78 | * we don't even have to jump over them. Further, they do not intrude | |
79 | * on our cache or tlb entries. | |
80 | */ | |
81 | ||
82 | struct exception_table_entry { | |
83 | unsigned long insn, fixup; | |
84 | }; | |
85 | ||
86 | /* Returns 0 if exception not found and fixup otherwise. */ | |
87 | extern unsigned long search_exception_table(unsigned long); | |
88 | extern void sort_exception_table(void); | |
89 | ||
90 | /* | |
91 | * These are the main single-value transfer routines. They automatically | |
92 | * use the right size if we just have the right pointer type. | |
93 | * | |
94 | * This gets kind of ugly. We want to return _two_ values in "get_user()" | |
95 | * and yet we don't want to do any pointers, because that is too much | |
96 | * of a performance impact. Thus we have a few rather ugly macros here, | |
97 | * and hide all the uglyness from the user. | |
98 | * | |
99 | * The "__xxx" versions of the user access functions are versions that | |
100 | * do not verify the address space, that must have been done previously | |
101 | * with a separate "access_ok()" call (this is used when we do multiple | |
102 | * accesses to the same area of user memory). | |
103 | * | |
104 | * As we use the same address space for kernel and user data on the | |
105 | * PowerPC, we can just do these as direct assignments. (Of course, the | |
106 | * exception handling means that it's no longer "just"...) | |
107 | */ | |
108 | #define get_user(x, ptr) \ | |
109 | __get_user_check((x), (ptr), sizeof(*(ptr))) | |
110 | #define put_user(x, ptr) \ | |
111 | __put_user_check((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr))) | |
112 | ||
113 | #define __get_user(x, ptr) \ | |
114 | __get_user_nocheck((x), (ptr), sizeof(*(ptr))) | |
115 | #define __put_user(x, ptr) \ | |
116 | __put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr))) | |
117 | ||
118 | extern long __put_user_bad(void); | |
119 | ||
120 | #define __put_user_nocheck(x, ptr, size) \ | |
121 | ({ \ | |
122 | long __pu_err; \ | |
123 | __put_user_size((x), (ptr), (size), __pu_err); \ | |
124 | __pu_err; \ | |
125 | }) | |
126 | ||
127 | #define __put_user_check(x, ptr, size) \ | |
128 | ({ \ | |
129 | long __pu_err = -EFAULT; \ | |
130 | __typeof__(*(ptr)) *__pu_addr = (ptr); \ | |
131 | if (access_ok(VERIFY_WRITE, __pu_addr, size)) \ | |
132 | __put_user_size((x), __pu_addr, (size), __pu_err); \ | |
133 | __pu_err; \ | |
134 | }) | |
135 | ||
136 | #define __put_user_size(x, ptr, size, retval) \ | |
137 | do { \ | |
138 | retval = 0; \ | |
139 | switch (size) { \ | |
140 | case 1: __put_user_asm(x, ptr, retval, "l.sb"); break; \ | |
141 | case 2: __put_user_asm(x, ptr, retval, "l.sh"); break; \ | |
142 | case 4: __put_user_asm(x, ptr, retval, "l.sw"); break; \ | |
143 | case 8: __put_user_asm2(x, ptr, retval); break; \ | |
144 | default: __put_user_bad(); \ | |
145 | } \ | |
146 | } while (0) | |
147 | ||
148 | struct __large_struct { | |
149 | unsigned long buf[100]; | |
150 | }; | |
151 | #define __m(x) (*(struct __large_struct *)(x)) | |
152 | ||
153 | /* | |
154 | * We don't tell gcc that we are accessing memory, but this is OK | |
155 | * because we do not write to any memory gcc knows about, so there | |
156 | * are no aliasing issues. | |
157 | */ | |
158 | #define __put_user_asm(x, addr, err, op) \ | |
159 | __asm__ __volatile__( \ | |
160 | "1: "op" 0(%2),%1\n" \ | |
161 | "2:\n" \ | |
162 | ".section .fixup,\"ax\"\n" \ | |
163 | "3: l.addi %0,r0,%3\n" \ | |
164 | " l.j 2b\n" \ | |
165 | " l.nop\n" \ | |
166 | ".previous\n" \ | |
167 | ".section __ex_table,\"a\"\n" \ | |
168 | " .align 2\n" \ | |
169 | " .long 1b,3b\n" \ | |
170 | ".previous" \ | |
171 | : "=r"(err) \ | |
172 | : "r"(x), "r"(addr), "i"(-EFAULT), "0"(err)) | |
173 | ||
174 | #define __put_user_asm2(x, addr, err) \ | |
175 | __asm__ __volatile__( \ | |
176 | "1: l.sw 0(%2),%1\n" \ | |
177 | "2: l.sw 4(%2),%H1\n" \ | |
178 | "3:\n" \ | |
179 | ".section .fixup,\"ax\"\n" \ | |
180 | "4: l.addi %0,r0,%3\n" \ | |
181 | " l.j 3b\n" \ | |
182 | " l.nop\n" \ | |
183 | ".previous\n" \ | |
184 | ".section __ex_table,\"a\"\n" \ | |
185 | " .align 2\n" \ | |
186 | " .long 1b,4b\n" \ | |
187 | " .long 2b,4b\n" \ | |
188 | ".previous" \ | |
189 | : "=r"(err) \ | |
190 | : "r"(x), "r"(addr), "i"(-EFAULT), "0"(err)) | |
191 | ||
192 | #define __get_user_nocheck(x, ptr, size) \ | |
193 | ({ \ | |
194 | long __gu_err, __gu_val; \ | |
195 | __get_user_size(__gu_val, (ptr), (size), __gu_err); \ | |
196 | (x) = (__typeof__(*(ptr)))__gu_val; \ | |
197 | __gu_err; \ | |
198 | }) | |
199 | ||
200 | #define __get_user_check(x, ptr, size) \ | |
201 | ({ \ | |
202 | long __gu_err = -EFAULT, __gu_val = 0; \ | |
203 | const __typeof__(*(ptr)) * __gu_addr = (ptr); \ | |
204 | if (access_ok(VERIFY_READ, __gu_addr, size)) \ | |
205 | __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \ | |
206 | (x) = (__typeof__(*(ptr)))__gu_val; \ | |
207 | __gu_err; \ | |
208 | }) | |
209 | ||
210 | extern long __get_user_bad(void); | |
211 | ||
212 | #define __get_user_size(x, ptr, size, retval) \ | |
213 | do { \ | |
214 | retval = 0; \ | |
215 | switch (size) { \ | |
216 | case 1: __get_user_asm(x, ptr, retval, "l.lbz"); break; \ | |
217 | case 2: __get_user_asm(x, ptr, retval, "l.lhz"); break; \ | |
218 | case 4: __get_user_asm(x, ptr, retval, "l.lwz"); break; \ | |
219 | case 8: __get_user_asm2(x, ptr, retval); \ | |
220 | default: (x) = __get_user_bad(); \ | |
221 | } \ | |
222 | } while (0) | |
223 | ||
224 | #define __get_user_asm(x, addr, err, op) \ | |
225 | __asm__ __volatile__( \ | |
226 | "1: "op" %1,0(%2)\n" \ | |
227 | "2:\n" \ | |
228 | ".section .fixup,\"ax\"\n" \ | |
229 | "3: l.addi %0,r0,%3\n" \ | |
230 | " l.addi %1,r0,0\n" \ | |
231 | " l.j 2b\n" \ | |
232 | " l.nop\n" \ | |
233 | ".previous\n" \ | |
234 | ".section __ex_table,\"a\"\n" \ | |
235 | " .align 2\n" \ | |
236 | " .long 1b,3b\n" \ | |
237 | ".previous" \ | |
238 | : "=r"(err), "=r"(x) \ | |
239 | : "r"(addr), "i"(-EFAULT), "0"(err)) | |
240 | ||
241 | #define __get_user_asm2(x, addr, err) \ | |
242 | __asm__ __volatile__( \ | |
243 | "1: l.lwz %1,0(%2)\n" \ | |
244 | "2: l.lwz %H1,4(%2)\n" \ | |
245 | "3:\n" \ | |
246 | ".section .fixup,\"ax\"\n" \ | |
247 | "4: l.addi %0,r0,%3\n" \ | |
248 | " l.addi %1,r0,0\n" \ | |
249 | " l.addi %H1,r0,0\n" \ | |
250 | " l.j 3b\n" \ | |
251 | " l.nop\n" \ | |
252 | ".previous\n" \ | |
253 | ".section __ex_table,\"a\"\n" \ | |
254 | " .align 2\n" \ | |
255 | " .long 1b,4b\n" \ | |
256 | " .long 2b,4b\n" \ | |
257 | ".previous" \ | |
258 | : "=r"(err), "=&r"(x) \ | |
259 | : "r"(addr), "i"(-EFAULT), "0"(err)) | |
260 | ||
261 | /* more complex routines */ | |
262 | ||
263 | extern unsigned long __must_check | |
264 | __copy_tofrom_user(void *to, const void *from, unsigned long size); | |
265 | ||
266 | #define __copy_from_user(to, from, size) \ | |
267 | __copy_tofrom_user(to, from, size) | |
268 | #define __copy_to_user(to, from, size) \ | |
269 | __copy_tofrom_user(to, from, size) | |
270 | ||
271 | #define __copy_to_user_inatomic __copy_to_user | |
272 | #define __copy_from_user_inatomic __copy_from_user | |
273 | ||
274 | static inline unsigned long | |
275 | copy_from_user(void *to, const void *from, unsigned long n) | |
276 | { | |
277 | unsigned long over; | |
278 | ||
279 | if (access_ok(VERIFY_READ, from, n)) | |
280 | return __copy_tofrom_user(to, from, n); | |
281 | if ((unsigned long)from < TASK_SIZE) { | |
282 | over = (unsigned long)from + n - TASK_SIZE; | |
283 | return __copy_tofrom_user(to, from, n - over) + over; | |
284 | } | |
285 | return n; | |
286 | } | |
287 | ||
288 | static inline unsigned long | |
289 | copy_to_user(void *to, const void *from, unsigned long n) | |
290 | { | |
291 | unsigned long over; | |
292 | ||
293 | if (access_ok(VERIFY_WRITE, to, n)) | |
294 | return __copy_tofrom_user(to, from, n); | |
295 | if ((unsigned long)to < TASK_SIZE) { | |
296 | over = (unsigned long)to + n - TASK_SIZE; | |
297 | return __copy_tofrom_user(to, from, n - over) + over; | |
298 | } | |
299 | return n; | |
300 | } | |
301 | ||
302 | extern unsigned long __clear_user(void *addr, unsigned long size); | |
303 | ||
304 | static inline __must_check unsigned long | |
305 | clear_user(void *addr, unsigned long size) | |
306 | { | |
307 | ||
308 | if (access_ok(VERIFY_WRITE, addr, size)) | |
309 | return __clear_user(addr, size); | |
310 | if ((unsigned long)addr < TASK_SIZE) { | |
311 | unsigned long over = (unsigned long)addr + size - TASK_SIZE; | |
312 | return __clear_user(addr, size - over) + over; | |
313 | } | |
314 | return size; | |
315 | } | |
316 | ||
317 | extern int __strncpy_from_user(char *dst, const char *src, long count); | |
318 | ||
319 | static inline long strncpy_from_user(char *dst, const char *src, long count) | |
320 | { | |
321 | if (access_ok(VERIFY_READ, src, 1)) | |
322 | return __strncpy_from_user(dst, src, count); | |
323 | return -EFAULT; | |
324 | } | |
325 | ||
326 | /* | |
327 | * Return the size of a string (including the ending 0) | |
328 | * | |
329 | * Return 0 for error | |
330 | */ | |
331 | ||
332 | extern int __strnlen_user(const char *str, long len, unsigned long top); | |
333 | ||
334 | /* | |
335 | * Returns the length of the string at str (including the null byte), | |
336 | * or 0 if we hit a page we can't access, | |
337 | * or something > len if we didn't find a null byte. | |
338 | * | |
339 | * The `top' parameter to __strnlen_user is to make sure that | |
340 | * we can never overflow from the user area into kernel space. | |
341 | */ | |
342 | static inline long strnlen_user(const char __user *str, long len) | |
343 | { | |
344 | unsigned long top = (unsigned long)get_fs(); | |
345 | unsigned long res = 0; | |
346 | ||
347 | if (__addr_ok(str)) | |
348 | res = __strnlen_user(str, len, top); | |
349 | ||
350 | return res; | |
351 | } | |
352 | ||
353 | #define strlen_user(str) strnlen_user(str, TASK_SIZE-1) | |
354 | ||
355 | #endif /* __ASM_OPENRISC_UACCESS_H */ |