Commit | Line | Data |
---|---|---|
1965aae3 PA |
1 | #ifndef _ASM_X86_UACCESS_H |
2 | #define _ASM_X86_UACCESS_H | |
ca233862 GC |
3 | /* |
4 | * User space memory access functions | |
5 | */ | |
6 | #include <linux/errno.h> | |
7 | #include <linux/compiler.h> | |
8 | #include <linux/thread_info.h> | |
9 | #include <linux/prefetch.h> | |
10 | #include <linux/string.h> | |
11 | #include <asm/asm.h> | |
12 | #include <asm/page.h> | |
13 | ||
14 | #define VERIFY_READ 0 | |
15 | #define VERIFY_WRITE 1 | |
16 | ||
17 | /* | |
18 | * The fs value determines whether argument validity checking should be | |
19 | * performed or not. If get_fs() == USER_DS, checking is performed, with | |
20 | * get_fs() == KERNEL_DS, checking is bypassed. | |
21 | * | |
22 | * For historical reasons, these macros are grossly misnamed. | |
23 | */ | |
24 | ||
25 | #define MAKE_MM_SEG(s) ((mm_segment_t) { (s) }) | |
26 | ||
27 | #define KERNEL_DS MAKE_MM_SEG(-1UL) | |
28 | #define USER_DS MAKE_MM_SEG(PAGE_OFFSET) | |
29 | ||
30 | #define get_ds() (KERNEL_DS) | |
31 | #define get_fs() (current_thread_info()->addr_limit) | |
32 | #define set_fs(x) (current_thread_info()->addr_limit = (x)) | |
33 | ||
34 | #define segment_eq(a, b) ((a).seg == (b).seg) | |
35 | ||
002ca169 GC |
36 | #define __addr_ok(addr) \ |
37 | ((unsigned long __force)(addr) < \ | |
38 | (current_thread_info()->addr_limit.seg)) | |
39 | ||
ca233862 GC |
40 | /* |
41 | * Test whether a block of memory is a valid user space address. | |
42 | * Returns 0 if the range is valid, nonzero otherwise. | |
43 | * | |
44 | * This is equivalent to the following test: | |
45 | * (u33)addr + (u33)size >= (u33)current->addr_limit.seg (u65 for x86_64) | |
46 | * | |
47 | * This needs 33-bit (65-bit for x86_64) arithmetic. We have a carry... | |
48 | */ | |
49 | ||
50 | #define __range_not_ok(addr, size) \ | |
51 | ({ \ | |
52 | unsigned long flag, roksum; \ | |
53 | __chk_user_ptr(addr); \ | |
54 | asm("add %3,%1 ; sbb %0,%0 ; cmp %1,%4 ; sbb $0,%0" \ | |
55 | : "=&r" (flag), "=r" (roksum) \ | |
56 | : "1" (addr), "g" ((long)(size)), \ | |
57 | "rm" (current_thread_info()->addr_limit.seg)); \ | |
58 | flag; \ | |
59 | }) | |
60 | ||
61 | /** | |
62 | * access_ok: - Checks if a user space pointer is valid | |
63 | * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that | |
64 | * %VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe | |
65 | * to write to a block, it is always safe to read from it. | |
66 | * @addr: User space pointer to start of block to check | |
67 | * @size: Size of block to check | |
68 | * | |
69 | * Context: User context only. This function may sleep. | |
70 | * | |
71 | * Checks if a pointer to a block of memory in user space is valid. | |
72 | * | |
73 | * Returns true (nonzero) if the memory block may be valid, false (zero) | |
74 | * if it is definitely invalid. | |
75 | * | |
76 | * Note that, depending on architecture, this function probably just | |
77 | * checks that the pointer is in the user space range - after calling | |
78 | * this function, memory access functions may still return -EFAULT. | |
79 | */ | |
80 | #define access_ok(type, addr, size) (likely(__range_not_ok(addr, size) == 0)) | |
81 | ||
82 | /* | |
83 | * The exception table consists of pairs of addresses: the first is the | |
84 | * address of an instruction that is allowed to fault, and the second is | |
85 | * the address at which the program should continue. No registers are | |
86 | * modified, so it is entirely up to the continuation code to figure out | |
87 | * what to do. | |
88 | * | |
89 | * All the routines below use bits of fixup code that are out of line | |
90 | * with the main instruction path. This means when everything is well, | |
91 | * we don't even have to jump over them. Further, they do not intrude | |
92 | * on our cache or tlb entries. | |
93 | */ | |
94 | ||
95 | struct exception_table_entry { | |
96 | unsigned long insn, fixup; | |
97 | }; | |
98 | ||
99 | extern int fixup_exception(struct pt_regs *regs); | |
100 | ||
101 | /* | |
102 | * These are the main single-value transfer routines. They automatically | |
103 | * use the right size if we just have the right pointer type. | |
104 | * | |
105 | * This gets kind of ugly. We want to return _two_ values in "get_user()" | |
106 | * and yet we don't want to do any pointers, because that is too much | |
107 | * of a performance impact. Thus we have a few rather ugly macros here, | |
108 | * and hide all the ugliness from the user. | |
109 | * | |
110 | * The "__xxx" versions of the user access functions are versions that | |
111 | * do not verify the address space, that must have been done previously | |
112 | * with a separate "access_ok()" call (this is used when we do multiple | |
113 | * accesses to the same area of user memory). | |
114 | */ | |
115 | ||
116 | extern int __get_user_1(void); | |
117 | extern int __get_user_2(void); | |
118 | extern int __get_user_4(void); | |
119 | extern int __get_user_8(void); | |
120 | extern int __get_user_bad(void); | |
121 | ||
122 | #define __get_user_x(size, ret, x, ptr) \ | |
123 | asm volatile("call __get_user_" #size \ | |
124 | : "=a" (ret),"=d" (x) \ | |
125 | : "0" (ptr)) \ | |
126 | ||
865e5b76 GC |
127 | /* Careful: we have to cast the result to the type of the pointer |
128 | * for sign reasons */ | |
129 | ||
130 | /** | |
131 | * get_user: - Get a simple variable from user space. | |
132 | * @x: Variable to store result. | |
133 | * @ptr: Source address, in user space. | |
134 | * | |
135 | * Context: User context only. This function may sleep. | |
136 | * | |
137 | * This macro copies a single simple variable from user space to kernel | |
138 | * space. It supports simple types like char and int, but not larger | |
139 | * data types like structures or arrays. | |
140 | * | |
141 | * @ptr must have pointer-to-simple-variable type, and the result of | |
142 | * dereferencing @ptr must be assignable to @x without a cast. | |
143 | * | |
144 | * Returns zero on success, or -EFAULT on error. | |
145 | * On error, the variable @x is set to zero. | |
146 | */ | |
147 | #ifdef CONFIG_X86_32 | |
148 | #define __get_user_8(__ret_gu, __val_gu, ptr) \ | |
149 | __get_user_x(X, __ret_gu, __val_gu, ptr) | |
150 | #else | |
151 | #define __get_user_8(__ret_gu, __val_gu, ptr) \ | |
152 | __get_user_x(8, __ret_gu, __val_gu, ptr) | |
153 | #endif | |
154 | ||
155 | #define get_user(x, ptr) \ | |
156 | ({ \ | |
157 | int __ret_gu; \ | |
158 | unsigned long __val_gu; \ | |
159 | __chk_user_ptr(ptr); \ | |
3ee1afa3 | 160 | might_fault(); \ |
865e5b76 GC |
161 | switch (sizeof(*(ptr))) { \ |
162 | case 1: \ | |
163 | __get_user_x(1, __ret_gu, __val_gu, ptr); \ | |
164 | break; \ | |
165 | case 2: \ | |
166 | __get_user_x(2, __ret_gu, __val_gu, ptr); \ | |
167 | break; \ | |
168 | case 4: \ | |
169 | __get_user_x(4, __ret_gu, __val_gu, ptr); \ | |
170 | break; \ | |
171 | case 8: \ | |
172 | __get_user_8(__ret_gu, __val_gu, ptr); \ | |
173 | break; \ | |
174 | default: \ | |
175 | __get_user_x(X, __ret_gu, __val_gu, ptr); \ | |
176 | break; \ | |
177 | } \ | |
178 | (x) = (__typeof__(*(ptr)))__val_gu; \ | |
179 | __ret_gu; \ | |
180 | }) | |
181 | ||
e30a44fd GC |
182 | #define __put_user_x(size, x, ptr, __ret_pu) \ |
183 | asm volatile("call __put_user_" #size : "=a" (__ret_pu) \ | |
184 | :"0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx") | |
185 | ||
186 | ||
187 | ||
dc70ddf4 GC |
188 | #ifdef CONFIG_X86_32 |
189 | #define __put_user_u64(x, addr, err) \ | |
190 | asm volatile("1: movl %%eax,0(%2)\n" \ | |
191 | "2: movl %%edx,4(%2)\n" \ | |
192 | "3:\n" \ | |
193 | ".section .fixup,\"ax\"\n" \ | |
194 | "4: movl %3,%0\n" \ | |
195 | " jmp 3b\n" \ | |
196 | ".previous\n" \ | |
197 | _ASM_EXTABLE(1b, 4b) \ | |
198 | _ASM_EXTABLE(2b, 4b) \ | |
199 | : "=r" (err) \ | |
200 | : "A" (x), "r" (addr), "i" (-EFAULT), "0" (err)) | |
e30a44fd GC |
201 | |
202 | #define __put_user_x8(x, ptr, __ret_pu) \ | |
203 | asm volatile("call __put_user_8" : "=a" (__ret_pu) \ | |
204 | : "A" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx") | |
dc70ddf4 GC |
205 | #else |
206 | #define __put_user_u64(x, ptr, retval) \ | |
207 | __put_user_asm(x, ptr, retval, "q", "", "Zr", -EFAULT) | |
e30a44fd | 208 | #define __put_user_x8(x, ptr, __ret_pu) __put_user_x(8, x, ptr, __ret_pu) |
dc70ddf4 GC |
209 | #endif |
210 | ||
e30a44fd GC |
211 | extern void __put_user_bad(void); |
212 | ||
213 | /* | |
214 | * Strange magic calling convention: pointer in %ecx, | |
215 | * value in %eax(:%edx), return value in %eax. clobbers %rbx | |
216 | */ | |
217 | extern void __put_user_1(void); | |
218 | extern void __put_user_2(void); | |
219 | extern void __put_user_4(void); | |
220 | extern void __put_user_8(void); | |
221 | ||
dc70ddf4 GC |
222 | #ifdef CONFIG_X86_WP_WORKS_OK |
223 | ||
e30a44fd GC |
224 | /** |
225 | * put_user: - Write a simple value into user space. | |
226 | * @x: Value to copy to user space. | |
227 | * @ptr: Destination address, in user space. | |
228 | * | |
229 | * Context: User context only. This function may sleep. | |
230 | * | |
231 | * This macro copies a single simple value from kernel space to user | |
232 | * space. It supports simple types like char and int, but not larger | |
233 | * data types like structures or arrays. | |
234 | * | |
235 | * @ptr must have pointer-to-simple-variable type, and @x must be assignable | |
236 | * to the result of dereferencing @ptr. | |
237 | * | |
238 | * Returns zero on success, or -EFAULT on error. | |
239 | */ | |
240 | #define put_user(x, ptr) \ | |
241 | ({ \ | |
242 | int __ret_pu; \ | |
243 | __typeof__(*(ptr)) __pu_val; \ | |
244 | __chk_user_ptr(ptr); \ | |
3ee1afa3 | 245 | might_fault(); \ |
e30a44fd GC |
246 | __pu_val = x; \ |
247 | switch (sizeof(*(ptr))) { \ | |
248 | case 1: \ | |
249 | __put_user_x(1, __pu_val, ptr, __ret_pu); \ | |
250 | break; \ | |
251 | case 2: \ | |
252 | __put_user_x(2, __pu_val, ptr, __ret_pu); \ | |
253 | break; \ | |
254 | case 4: \ | |
255 | __put_user_x(4, __pu_val, ptr, __ret_pu); \ | |
256 | break; \ | |
257 | case 8: \ | |
258 | __put_user_x8(__pu_val, ptr, __ret_pu); \ | |
259 | break; \ | |
260 | default: \ | |
261 | __put_user_x(X, __pu_val, ptr, __ret_pu); \ | |
262 | break; \ | |
263 | } \ | |
264 | __ret_pu; \ | |
265 | }) | |
266 | ||
dc70ddf4 GC |
267 | #define __put_user_size(x, ptr, size, retval, errret) \ |
268 | do { \ | |
269 | retval = 0; \ | |
270 | __chk_user_ptr(ptr); \ | |
271 | switch (size) { \ | |
272 | case 1: \ | |
273 | __put_user_asm(x, ptr, retval, "b", "b", "iq", errret); \ | |
274 | break; \ | |
275 | case 2: \ | |
276 | __put_user_asm(x, ptr, retval, "w", "w", "ir", errret); \ | |
277 | break; \ | |
278 | case 4: \ | |
279 | __put_user_asm(x, ptr, retval, "l", "k", "ir", errret);\ | |
280 | break; \ | |
281 | case 8: \ | |
282 | __put_user_u64((__typeof__(*ptr))(x), ptr, retval); \ | |
283 | break; \ | |
284 | default: \ | |
285 | __put_user_bad(); \ | |
286 | } \ | |
287 | } while (0) | |
288 | ||
289 | #else | |
290 | ||
291 | #define __put_user_size(x, ptr, size, retval, errret) \ | |
292 | do { \ | |
293 | __typeof__(*(ptr))__pus_tmp = x; \ | |
294 | retval = 0; \ | |
295 | \ | |
296 | if (unlikely(__copy_to_user_ll(ptr, &__pus_tmp, size) != 0)) \ | |
297 | retval = errret; \ | |
298 | } while (0) | |
299 | ||
e30a44fd GC |
300 | #define put_user(x, ptr) \ |
301 | ({ \ | |
302 | int __ret_pu; \ | |
303 | __typeof__(*(ptr))__pus_tmp = x; \ | |
304 | __ret_pu = 0; \ | |
305 | if (unlikely(__copy_to_user_ll(ptr, &__pus_tmp, \ | |
306 | sizeof(*(ptr))) != 0)) \ | |
307 | __ret_pu = -EFAULT; \ | |
308 | __ret_pu; \ | |
309 | }) | |
dc70ddf4 GC |
310 | #endif |
311 | ||
3f168221 GC |
312 | #ifdef CONFIG_X86_32 |
313 | #define __get_user_asm_u64(x, ptr, retval, errret) (x) = __get_user_bad() | |
314 | #else | |
315 | #define __get_user_asm_u64(x, ptr, retval, errret) \ | |
316 | __get_user_asm(x, ptr, retval, "q", "", "=r", errret) | |
317 | #endif | |
318 | ||
319 | #define __get_user_size(x, ptr, size, retval, errret) \ | |
320 | do { \ | |
321 | retval = 0; \ | |
322 | __chk_user_ptr(ptr); \ | |
323 | switch (size) { \ | |
324 | case 1: \ | |
325 | __get_user_asm(x, ptr, retval, "b", "b", "=q", errret); \ | |
326 | break; \ | |
327 | case 2: \ | |
328 | __get_user_asm(x, ptr, retval, "w", "w", "=r", errret); \ | |
329 | break; \ | |
330 | case 4: \ | |
331 | __get_user_asm(x, ptr, retval, "l", "k", "=r", errret); \ | |
332 | break; \ | |
333 | case 8: \ | |
334 | __get_user_asm_u64(x, ptr, retval, errret); \ | |
335 | break; \ | |
336 | default: \ | |
337 | (x) = __get_user_bad(); \ | |
338 | } \ | |
339 | } while (0) | |
340 | ||
341 | #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \ | |
342 | asm volatile("1: mov"itype" %2,%"rtype"1\n" \ | |
343 | "2:\n" \ | |
344 | ".section .fixup,\"ax\"\n" \ | |
345 | "3: mov %3,%0\n" \ | |
346 | " xor"itype" %"rtype"1,%"rtype"1\n" \ | |
347 | " jmp 2b\n" \ | |
348 | ".previous\n" \ | |
349 | _ASM_EXTABLE(1b, 3b) \ | |
350 | : "=r" (err), ltype(x) \ | |
351 | : "m" (__m(addr)), "i" (errret), "0" (err)) | |
352 | ||
dc70ddf4 GC |
353 | #define __put_user_nocheck(x, ptr, size) \ |
354 | ({ \ | |
16855f87 | 355 | int __pu_err; \ |
dc70ddf4 GC |
356 | __put_user_size((x), (ptr), (size), __pu_err, -EFAULT); \ |
357 | __pu_err; \ | |
358 | }) | |
359 | ||
3f168221 GC |
360 | #define __get_user_nocheck(x, ptr, size) \ |
361 | ({ \ | |
16855f87 | 362 | int __gu_err; \ |
3f168221 GC |
363 | unsigned long __gu_val; \ |
364 | __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \ | |
365 | (x) = (__force __typeof__(*(ptr)))__gu_val; \ | |
366 | __gu_err; \ | |
367 | }) | |
dc70ddf4 GC |
368 | |
369 | /* FIXME: this hack is definitely wrong -AK */ | |
370 | struct __large_struct { unsigned long buf[100]; }; | |
371 | #define __m(x) (*(struct __large_struct __user *)(x)) | |
372 | ||
373 | /* | |
374 | * Tell gcc we read from memory instead of writing: this is because | |
375 | * we do not write to any memory gcc knows about, so there are no | |
376 | * aliasing issues. | |
377 | */ | |
378 | #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \ | |
379 | asm volatile("1: mov"itype" %"rtype"1,%2\n" \ | |
380 | "2:\n" \ | |
381 | ".section .fixup,\"ax\"\n" \ | |
382 | "3: mov %3,%0\n" \ | |
383 | " jmp 2b\n" \ | |
384 | ".previous\n" \ | |
385 | _ASM_EXTABLE(1b, 3b) \ | |
386 | : "=r"(err) \ | |
387 | : ltype(x), "m" (__m(addr)), "i" (errret), "0" (err)) | |
8cb834e9 GC |
388 | /** |
389 | * __get_user: - Get a simple variable from user space, with less checking. | |
390 | * @x: Variable to store result. | |
391 | * @ptr: Source address, in user space. | |
392 | * | |
393 | * Context: User context only. This function may sleep. | |
394 | * | |
395 | * This macro copies a single simple variable from user space to kernel | |
396 | * space. It supports simple types like char and int, but not larger | |
397 | * data types like structures or arrays. | |
398 | * | |
399 | * @ptr must have pointer-to-simple-variable type, and the result of | |
400 | * dereferencing @ptr must be assignable to @x without a cast. | |
401 | * | |
402 | * Caller must check the pointer with access_ok() before calling this | |
403 | * function. | |
404 | * | |
405 | * Returns zero on success, or -EFAULT on error. | |
406 | * On error, the variable @x is set to zero. | |
407 | */ | |
408 | ||
409 | #define __get_user(x, ptr) \ | |
410 | __get_user_nocheck((x), (ptr), sizeof(*(ptr))) | |
411 | /** | |
412 | * __put_user: - Write a simple value into user space, with less checking. | |
413 | * @x: Value to copy to user space. | |
414 | * @ptr: Destination address, in user space. | |
415 | * | |
416 | * Context: User context only. This function may sleep. | |
417 | * | |
418 | * This macro copies a single simple value from kernel space to user | |
419 | * space. It supports simple types like char and int, but not larger | |
420 | * data types like structures or arrays. | |
421 | * | |
422 | * @ptr must have pointer-to-simple-variable type, and @x must be assignable | |
423 | * to the result of dereferencing @ptr. | |
424 | * | |
425 | * Caller must check the pointer with access_ok() before calling this | |
426 | * function. | |
427 | * | |
428 | * Returns zero on success, or -EFAULT on error. | |
429 | */ | |
430 | ||
431 | #define __put_user(x, ptr) \ | |
432 | __put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr))) | |
dc70ddf4 | 433 | |
8cb834e9 GC |
434 | #define __get_user_unaligned __get_user |
435 | #define __put_user_unaligned __put_user | |
865e5b76 | 436 | |
8bc7de0c GC |
437 | /* |
438 | * movsl can be slow when source and dest are not both 8-byte aligned | |
439 | */ | |
440 | #ifdef CONFIG_X86_INTEL_USERCOPY | |
441 | extern struct movsl_mask { | |
442 | int mask; | |
443 | } ____cacheline_aligned_in_smp movsl_mask; | |
444 | #endif | |
445 | ||
22cac167 GC |
446 | #define ARCH_HAS_NOCACHE_UACCESS 1 |
447 | ||
96a388de TG |
448 | #ifdef CONFIG_X86_32 |
449 | # include "uaccess_32.h" | |
450 | #else | |
22cac167 | 451 | # define ARCH_HAS_SEARCH_EXTABLE |
96a388de TG |
452 | # include "uaccess_64.h" |
453 | #endif | |
ca233862 | 454 | |
1965aae3 | 455 | #endif /* _ASM_X86_UACCESS_H */ |
8174c430 | 456 |