1 #ifndef __i386_UACCESS_H
2 #define __i386_UACCESS_H
5 * User space memory access functions
7 #include <linux/config.h>
8 #include <linux/errno.h>
9 #include <linux/thread_info.h>
10 #include <linux/prefetch.h>
11 #include <linux/string.h>
15 #define VERIFY_WRITE 1
18 * The fs value determines whether argument validity checking should be
19 * performed or not. If get_fs() == USER_DS, checking is performed, with
20 * get_fs() == KERNEL_DS, checking is bypassed.
22 * For historical reasons, these macros are grossly misnamed.
25 #define MAKE_MM_SEG(s) ((mm_segment_t) { (s) })
28 #define KERNEL_DS MAKE_MM_SEG(0xFFFFFFFFUL)
29 #define USER_DS MAKE_MM_SEG(PAGE_OFFSET)
31 #define get_ds() (KERNEL_DS)
32 #define get_fs() (current_thread_info()->addr_limit)
33 #define set_fs(x) (current_thread_info()->addr_limit = (x))
35 #define segment_eq(a,b) ((a).seg == (b).seg)
38 * movsl can be slow when source and dest are not both 8-byte aligned
40 #ifdef CONFIG_X86_INTEL_USERCOPY
41 extern struct movsl_mask {
43 } ____cacheline_aligned_in_smp movsl_mask;
46 #define __addr_ok(addr) ((unsigned long __force)(addr) < (current_thread_info()->addr_limit.seg))
49 * Test whether a block of memory is a valid user space address.
50 * Returns 0 if the range is valid, nonzero otherwise.
52 * This is equivalent to the following test:
53 * (u33)addr + (u33)size >= (u33)current->addr_limit.seg
55 * This needs 33-bit arithmetic. We have a carry...
57 #define __range_ok(addr,size) ({ \
58 unsigned long flag,sum; \
59 __chk_user_ptr(addr); \
60 asm("addl %3,%1 ; sbbl %0,%0; cmpl %1,%4; sbbl $0,%0" \
61 :"=&r" (flag), "=r" (sum) \
62 :"1" (addr),"g" ((int)(size)),"g" (current_thread_info()->addr_limit.seg)); \
66 * access_ok: - Checks if a user space pointer is valid
67 * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that
68 * %VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe
69 * to write to a block, it is always safe to read from it.
70 * @addr: User space pointer to start of block to check
71 * @size: Size of block to check
73 * Context: User context only. This function may sleep.
75 * Checks if a pointer to a block of memory in user space is valid.
77 * Returns true (nonzero) if the memory block may be valid, false (zero)
78 * if it is definitely invalid.
80 * Note that, depending on architecture, this function probably just
81 * checks that the pointer is in the user space range - after calling
82 * this function, memory access functions may still return -EFAULT.
84 #define access_ok(type,addr,size) (likely(__range_ok(addr,size) == 0))
87 * verify_area: - Obsolete, use access_ok()
88 * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE
89 * @addr: User space pointer to start of block to check
90 * @size: Size of block to check
92 * Context: User context only. This function may sleep.
94 * This function has been replaced by access_ok().
96 * Checks if a pointer to a block of memory in user space is valid.
98 * Returns zero if the memory block may be valid, -EFAULT
99 * if it is definitely invalid.
101 * See access_ok() for more details.
103 static inline int verify_area(int type, const void __user * addr, unsigned long size)
105 return access_ok(type,addr,size) ? 0 : -EFAULT;
110 * The exception table consists of pairs of addresses: the first is the
111 * address of an instruction that is allowed to fault, and the second is
112 * the address at which the program should continue. No registers are
113 * modified, so it is entirely up to the continuation code to figure out
116 * All the routines below use bits of fixup code that are out of line
117 * with the main instruction path. This means when everything is well,
118 * we don't even have to jump over them. Further, they do not intrude
119 * on our cache or tlb entries.
122 struct exception_table_entry
124 unsigned long insn, fixup;
127 extern int fixup_exception(struct pt_regs *regs);
130 * These are the main single-value transfer routines. They automatically
131 * use the right size if we just have the right pointer type.
133 * This gets kind of ugly. We want to return _two_ values in "get_user()"
134 * and yet we don't want to do any pointers, because that is too much
135 * of a performance impact. Thus we have a few rather ugly macros here,
136 * and hide all the ugliness from the user.
138 * The "__xxx" versions of the user access functions are versions that
139 * do not verify the address space, that must have been done previously
140 * with a separate "access_ok()" call (this is used when we do multiple
141 * accesses to the same area of user memory).
144 extern void __get_user_1(void);
145 extern void __get_user_2(void);
146 extern void __get_user_4(void);
148 #define __get_user_x(size,ret,x,ptr) \
149 __asm__ __volatile__("call __get_user_" #size \
150 :"=a" (ret),"=d" (x) \
154 /* Careful: we have to cast the result to the type of the pointer for sign reasons */
156 * get_user: - Get a simple variable from user space.
157 * @x: Variable to store result.
158 * @ptr: Source address, in user space.
160 * Context: User context only. This function may sleep.
162 * This macro copies a single simple variable from user space to kernel
163 * space. It supports simple types like char and int, but not larger
164 * data types like structures or arrays.
166 * @ptr must have pointer-to-simple-variable type, and the result of
167 * dereferencing @ptr must be assignable to @x without a cast.
169 * Returns zero on success, or -EFAULT on error.
170 * On error, the variable @x is set to zero.
172 #define get_user(x,ptr) \
173 ({ int __ret_gu,__val_gu; \
174 __chk_user_ptr(ptr); \
175 switch(sizeof (*(ptr))) { \
176 case 1: __get_user_x(1,__ret_gu,__val_gu,ptr); break; \
177 case 2: __get_user_x(2,__ret_gu,__val_gu,ptr); break; \
178 case 4: __get_user_x(4,__ret_gu,__val_gu,ptr); break; \
179 default: __get_user_x(X,__ret_gu,__val_gu,ptr); break; \
181 (x) = (__typeof__(*(ptr)))__val_gu; \
185 extern void __put_user_bad(void);
188 * put_user: - Write a simple value into user space.
189 * @x: Value to copy to user space.
190 * @ptr: Destination address, in user space.
192 * Context: User context only. This function may sleep.
194 * This macro copies a single simple value from kernel space to user
195 * space. It supports simple types like char and int, but not larger
196 * data types like structures or arrays.
198 * @ptr must have pointer-to-simple-variable type, and @x must be assignable
199 * to the result of dereferencing @ptr.
201 * Returns zero on success, or -EFAULT on error.
203 #define put_user(x,ptr) \
204 __put_user_check((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr)))
208 * __get_user: - Get a simple variable from user space, with less checking.
209 * @x: Variable to store result.
210 * @ptr: Source address, in user space.
212 * Context: User context only. This function may sleep.
214 * This macro copies a single simple variable from user space to kernel
215 * space. It supports simple types like char and int, but not larger
216 * data types like structures or arrays.
218 * @ptr must have pointer-to-simple-variable type, and the result of
219 * dereferencing @ptr must be assignable to @x without a cast.
221 * Caller must check the pointer with access_ok() before calling this
224 * Returns zero on success, or -EFAULT on error.
225 * On error, the variable @x is set to zero.
227 #define __get_user(x,ptr) \
228 __get_user_nocheck((x),(ptr),sizeof(*(ptr)))
232 * __put_user: - Write a simple value into user space, with less checking.
233 * @x: Value to copy to user space.
234 * @ptr: Destination address, in user space.
236 * Context: User context only. This function may sleep.
238 * This macro copies a single simple value from kernel space to user
239 * space. It supports simple types like char and int, but not larger
240 * data types like structures or arrays.
242 * @ptr must have pointer-to-simple-variable type, and @x must be assignable
243 * to the result of dereferencing @ptr.
245 * Caller must check the pointer with access_ok() before calling this
248 * Returns zero on success, or -EFAULT on error.
250 #define __put_user(x,ptr) \
251 __put_user_nocheck((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr)))
253 #define __put_user_nocheck(x,ptr,size) \
256 __put_user_size((x),(ptr),(size),__pu_err,-EFAULT); \
261 #define __put_user_check(x,ptr,size) \
263 long __pu_err = -EFAULT; \
264 __typeof__(*(ptr)) __user *__pu_addr = (ptr); \
266 if (access_ok(VERIFY_WRITE,__pu_addr,size)) \
267 __put_user_size((x),__pu_addr,(size),__pu_err,-EFAULT); \
271 #define __put_user_u64(x, addr, err) \
272 __asm__ __volatile__( \
273 "1: movl %%eax,0(%2)\n" \
274 "2: movl %%edx,4(%2)\n" \
276 ".section .fixup,\"ax\"\n" \
280 ".section __ex_table,\"a\"\n" \
286 : "A" (x), "r" (addr), "i"(-EFAULT), "0"(err))
288 #ifdef CONFIG_X86_WP_WORKS_OK
290 #define __put_user_size(x,ptr,size,retval,errret) \
293 __chk_user_ptr(ptr); \
295 case 1: __put_user_asm(x,ptr,retval,"b","b","iq",errret);break; \
296 case 2: __put_user_asm(x,ptr,retval,"w","w","ir",errret);break; \
297 case 4: __put_user_asm(x,ptr,retval,"l","","ir",errret); break; \
298 case 8: __put_user_u64((__typeof__(*ptr))(x),ptr,retval); break;\
299 default: __put_user_bad(); \
305 #define __put_user_size(x,ptr,size,retval,errret) \
307 __typeof__(*(ptr)) __pus_tmp = x; \
310 if(unlikely(__copy_to_user_ll(ptr, &__pus_tmp, size) != 0)) \
315 struct __large_struct { unsigned long buf[100]; };
316 #define __m(x) (*(struct __large_struct *)(x))
319 * Tell gcc we read from memory instead of writing: this is because
320 * we do not write to any memory gcc knows about, so there are no
323 #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \
324 __asm__ __volatile__( \
325 "1: mov"itype" %"rtype"1,%2\n" \
327 ".section .fixup,\"ax\"\n" \
331 ".section __ex_table,\"a\"\n" \
336 : ltype (x), "m"(__m(addr)), "i"(errret), "0"(err))
339 #define __get_user_nocheck(x,ptr,size) \
341 long __gu_err, __gu_val; \
342 __get_user_size(__gu_val,(ptr),(size),__gu_err,-EFAULT);\
343 (x) = (__typeof__(*(ptr)))__gu_val; \
347 extern long __get_user_bad(void);
349 #define __get_user_size(x,ptr,size,retval,errret) \
352 __chk_user_ptr(ptr); \
354 case 1: __get_user_asm(x,ptr,retval,"b","b","=q",errret);break; \
355 case 2: __get_user_asm(x,ptr,retval,"w","w","=r",errret);break; \
356 case 4: __get_user_asm(x,ptr,retval,"l","","=r",errret);break; \
357 default: (x) = __get_user_bad(); \
361 #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \
362 __asm__ __volatile__( \
363 "1: mov"itype" %2,%"rtype"1\n" \
365 ".section .fixup,\"ax\"\n" \
367 " xor"itype" %"rtype"1,%"rtype"1\n" \
370 ".section __ex_table,\"a\"\n" \
374 : "=r"(err), ltype (x) \
375 : "m"(__m(addr)), "i"(errret), "0"(err))
378 unsigned long __must_check __copy_to_user_ll(void __user *to,
379 const void *from, unsigned long n);
380 unsigned long __must_check __copy_from_user_ll(void *to,
381 const void __user *from, unsigned long n);
384 * Here we special-case 1, 2 and 4-byte copy_*_user invocations. On a fault
385 * we return the initial request size (1, 2 or 4), as copy_*_user should do.
386 * If a store crosses a page boundary and gets a fault, the x86 will not write
387 * anything, so this is accurate.
391 * __copy_to_user: - Copy a block of data into user space, with less checking.
392 * @to: Destination address, in user space.
393 * @from: Source address, in kernel space.
394 * @n: Number of bytes to copy.
396 * Context: User context only. This function may sleep.
398 * Copy data from kernel space to user space. Caller must check
399 * the specified block with access_ok() before calling this function.
401 * Returns number of bytes that could not be copied.
402 * On success, this will be zero.
404 static inline unsigned long __must_check
405 __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
407 if (__builtin_constant_p(n)) {
412 __put_user_size(*(u8 *)from, (u8 __user *)to, 1, ret, 1);
415 __put_user_size(*(u16 *)from, (u16 __user *)to, 2, ret, 2);
418 __put_user_size(*(u32 *)from, (u32 __user *)to, 4, ret, 4);
422 return __copy_to_user_ll(to, from, n);
425 static inline unsigned long __must_check
426 __copy_to_user(void __user *to, const void *from, unsigned long n)
429 return __copy_to_user_inatomic(to, from, n);
433 * __copy_from_user: - Copy a block of data from user space, with less checking.
434 * @to: Destination address, in kernel space.
435 * @from: Source address, in user space.
436 * @n: Number of bytes to copy.
438 * Context: User context only. This function may sleep.
440 * Copy data from user space to kernel space. Caller must check
441 * the specified block with access_ok() before calling this function.
443 * Returns number of bytes that could not be copied.
444 * On success, this will be zero.
446 * If some data could not be copied, this function will pad the copied
447 * data to the requested size using zero bytes.
449 static inline unsigned long
450 __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n)
452 if (__builtin_constant_p(n)) {
457 __get_user_size(*(u8 *)to, from, 1, ret, 1);
460 __get_user_size(*(u16 *)to, from, 2, ret, 2);
463 __get_user_size(*(u32 *)to, from, 4, ret, 4);
467 return __copy_from_user_ll(to, from, n);
470 static inline unsigned long
471 __copy_from_user(void *to, const void __user *from, unsigned long n)
474 return __copy_from_user_inatomic(to, from, n);
476 unsigned long __must_check copy_to_user(void __user *to,
477 const void *from, unsigned long n);
478 unsigned long __must_check copy_from_user(void *to,
479 const void __user *from, unsigned long n);
480 long __must_check strncpy_from_user(char *dst, const char __user *src,
482 long __must_check __strncpy_from_user(char *dst,
483 const char __user *src, long count);
486 * strlen_user: - Get the size of a string in user space.
487 * @str: The string to measure.
489 * Context: User context only. This function may sleep.
491 * Get the size of a NUL-terminated string in user space.
493 * Returns the size of the string INCLUDING the terminating NUL.
494 * On exception, returns 0.
496 * If there is a limit on the length of a valid string, you may wish to
497 * consider using strnlen_user() instead.
499 #define strlen_user(str) strnlen_user(str, ~0UL >> 1)
501 long strnlen_user(const char __user *str, long n);
502 unsigned long __must_check clear_user(void __user *mem, unsigned long len);
503 unsigned long __must_check __clear_user(void __user *mem, unsigned long len);
505 #endif /* __i386_UACCESS_H */