2 * This file is subject to the terms and conditions of the GNU General Public
3 * License. See the file "COPYING" in the main directory of this archive
6 * Copyright (C) 1996, 1997, 1998, 1999, 2000, 03, 04 by Ralf Baechle
7 * Copyright (C) 1999, 2000 Silicon Graphics, Inc.
10 #define _ASM_UACCESS_H
12 #include <linux/config.h>
13 #include <linux/compiler.h>
14 #include <linux/errno.h>
15 #include <linux/thread_info.h>
18 * The fs value determines whether argument validity checking should be
19 * performed or not. If get_fs() == USER_DS, checking is performed, with
20 * get_fs() == KERNEL_DS, checking is bypassed.
22 * For historical reasons, these macros are grossly misnamed.
26 #define __UA_LIMIT 0x80000000UL
28 #define __UA_ADDR ".word"
30 #define __UA_ADDU "addu"
34 #endif /* CONFIG_MIPS32 */
38 #define __UA_LIMIT (- TASK_SIZE)
40 #define __UA_ADDR ".dword"
42 #define __UA_ADDU "daddu"
46 #endif /* CONFIG_MIPS64 */
49 * USER_DS is a bitmask that has the bits set that may not be set in a valid
50 * userspace address. Note that we limit 32-bit userspace to 0x7fff8000 but
51 * the arithmetic we're doing only works if the limit is a power of two, so
52 * we use 0x80000000 here on 32-bit kernels. If a process passes an invalid
53 * address in this range it's the process's problem, not ours :-)
56 #define KERNEL_DS ((mm_segment_t) { 0UL })
57 #define USER_DS ((mm_segment_t) { __UA_LIMIT })
60 #define VERIFY_WRITE 1
62 #define get_ds() (KERNEL_DS)
63 #define get_fs() (current_thread_info()->addr_limit)
64 #define set_fs(x) (current_thread_info()->addr_limit = (x))
66 #define segment_eq(a,b) ((a).seg == (b).seg)
70 * Is a address valid? This does a straighforward calculation rather
74 * - "addr" doesn't have any high-bits set
75 * - AND "size" doesn't have any high-bits set
76 * - AND "addr+size" doesn't have any high-bits set
77 * - OR we are in kernel mode.
79 * __ua_size() is a trick to avoid runtime checking of positive constant
80 * sizes; for those we already know at compile time that the size is ok.
82 #define __ua_size(size) \
83 ((__builtin_constant_p(size) && (signed long) (size) > 0) ? 0 : (size))
86 * access_ok: - Checks if a user space pointer is valid
87 * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that
88 * %VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe
89 * to write to a block, it is always safe to read from it.
90 * @addr: User space pointer to start of block to check
91 * @size: Size of block to check
93 * Context: User context only. This function may sleep.
95 * Checks if a pointer to a block of memory in user space is valid.
97 * Returns true (nonzero) if the memory block may be valid, false (zero)
98 * if it is definitely invalid.
100 * Note that, depending on architecture, this function probably just
101 * checks that the pointer is in the user space range - after calling
102 * this function, memory access functions may still return -EFAULT.
105 #define __access_mask get_fs().seg
107 #define __access_ok(addr, size, mask) \
108 (((signed long)((mask) & ((addr) | ((addr) + (size)) | __ua_size(size)))) == 0)
110 #define access_ok(type, addr, size) \
111 likely(__access_ok((unsigned long)(addr), (size),__access_mask))
114 * verify_area: - Obsolete, use access_ok()
115 * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE
116 * @addr: User space pointer to start of block to check
117 * @size: Size of block to check
119 * Context: User context only. This function may sleep.
121 * This function has been replaced by access_ok().
123 * Checks if a pointer to a block of memory in user space is valid.
125 * Returns zero if the memory block may be valid, -EFAULT
126 * if it is definitely invalid.
128 * See access_ok() for more details.
130 static inline int verify_area(int type, const void * addr, unsigned long size)
132 return access_ok(type, addr, size) ? 0 : -EFAULT;
136 * put_user: - Write a simple value into user space.
137 * @x: Value to copy to user space.
138 * @ptr: Destination address, in user space.
140 * Context: User context only. This function may sleep.
142 * This macro copies a single simple value from kernel space to user
143 * space. It supports simple types like char and int, but not larger
144 * data types like structures or arrays.
146 * @ptr must have pointer-to-simple-variable type, and @x must be assignable
147 * to the result of dereferencing @ptr.
149 * Returns zero on success, or -EFAULT on error.
151 #define put_user(x,ptr) \
152 __put_user_check((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr)))
155 * get_user: - Get a simple variable from user space.
156 * @x: Variable to store result.
157 * @ptr: Source address, in user space.
159 * Context: User context only. This function may sleep.
161 * This macro copies a single simple variable from user space to kernel
162 * space. It supports simple types like char and int, but not larger
163 * data types like structures or arrays.
165 * @ptr must have pointer-to-simple-variable type, and the result of
166 * dereferencing @ptr must be assignable to @x without a cast.
168 * Returns zero on success, or -EFAULT on error.
169 * On error, the variable @x is set to zero.
171 #define get_user(x,ptr) \
172 __get_user_check((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr)))
175 * __put_user: - Write a simple value into user space, with less checking.
176 * @x: Value to copy to user space.
177 * @ptr: Destination address, in user space.
179 * Context: User context only. This function may sleep.
181 * This macro copies a single simple value from kernel space to user
182 * space. It supports simple types like char and int, but not larger
183 * data types like structures or arrays.
185 * @ptr must have pointer-to-simple-variable type, and @x must be assignable
186 * to the result of dereferencing @ptr.
188 * Caller must check the pointer with access_ok() before calling this
191 * Returns zero on success, or -EFAULT on error.
193 #define __put_user(x,ptr) \
194 __put_user_nocheck((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr)))
197 * __get_user: - Get a simple variable from user space, with less checking.
198 * @x: Variable to store result.
199 * @ptr: Source address, in user space.
201 * Context: User context only. This function may sleep.
203 * This macro copies a single simple variable from user space to kernel
204 * space. It supports simple types like char and int, but not larger
205 * data types like structures or arrays.
207 * @ptr must have pointer-to-simple-variable type, and the result of
208 * dereferencing @ptr must be assignable to @x without a cast.
210 * Caller must check the pointer with access_ok() before calling this
213 * Returns zero on success, or -EFAULT on error.
214 * On error, the variable @x is set to zero.
216 #define __get_user(x,ptr) \
217 __get_user_nocheck((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr)))
219 struct __large_struct { unsigned long buf[100]; };
220 #define __m(x) (*(struct __large_struct *)(x))
223 * Yuck. We need two variants, one for 64bit operation and one
224 * for 32 bit mode and old iron.
227 #define __GET_USER_DW __get_user_asm("ld")
229 #define __GET_USER_DW __get_user_asm_ll32
232 #define __get_user_nocheck(x,ptr,size) \
235 __typeof(*(ptr)) __gu_val; \
238 __asm__("":"=r" (__gu_val)); \
239 __gu_addr = (long) (ptr); \
240 __asm__("":"=r" (__gu_err)); \
242 case 1: __get_user_asm("lb"); break; \
243 case 2: __get_user_asm("lh"); break; \
244 case 4: __get_user_asm("lw"); break; \
245 case 8: __GET_USER_DW; break; \
246 default: __get_user_unknown(); break; \
247 } x = (__typeof__(*(ptr))) __gu_val; __gu_err; \
250 #define __get_user_check(x,ptr,size) \
253 __typeof__(*(ptr)) __gu_val; \
256 __asm__("":"=r" (__gu_val)); \
257 __gu_addr = (long) (ptr); \
258 __asm__("":"=r" (__gu_err)); \
259 if (access_ok(VERIFY_READ,__gu_addr,size)) { \
261 case 1: __get_user_asm("lb"); break; \
262 case 2: __get_user_asm("lh"); break; \
263 case 4: __get_user_asm("lw"); break; \
264 case 8: __GET_USER_DW; break; \
265 default: __get_user_unknown(); break; \
267 } x = (__typeof__(*(ptr))) __gu_val; __gu_err; \
270 #define __get_user_asm(insn) \
272 __asm__ __volatile__( \
273 "1:\t" insn "\t%1,%2\n\t" \
276 ".section\t.fixup,\"ax\"\n" \
277 "3:\tli\t%0,%3\n\t" \
281 ".section\t__ex_table,\"a\"\n\t" \
282 __UA_ADDR "\t1b,3b\n\t" \
284 :"=r" (__gu_err), "=r" (__gu_val) \
285 :"o" (__m(__gu_addr)), "i" (-EFAULT)); \
289 * Get a long long 64 using 32 bit registers.
291 #define __get_user_asm_ll32 \
293 __asm__ __volatile__( \
295 "2:\tlw\t%D1,%3\n\t" \
297 "3:\t.section\t.fixup,\"ax\"\n" \
298 "4:\tli\t%0,%4\n\t" \
303 ".section\t__ex_table,\"a\"\n\t" \
304 __UA_ADDR "\t1b,4b\n\t" \
305 __UA_ADDR "\t2b,4b\n\t" \
307 :"=r" (__gu_err), "=&r" (__gu_val) \
308 :"o" (__m(__gu_addr)), "o" (__m(__gu_addr + 4)), \
312 extern void __get_user_unknown(void);
315 * Yuck. We need two variants, one for 64bit operation and one
316 * for 32 bit mode and old iron.
319 #define __PUT_USER_DW __put_user_asm("sd")
321 #define __PUT_USER_DW __put_user_asm_ll32
324 #define __put_user_nocheck(x,ptr,size) \
327 __typeof__(*(ptr)) __pu_val; \
331 __pu_addr = (long) (ptr); \
332 __asm__("":"=r" (__pu_err)); \
334 case 1: __put_user_asm("sb"); break; \
335 case 2: __put_user_asm("sh"); break; \
336 case 4: __put_user_asm("sw"); break; \
337 case 8: __PUT_USER_DW; break; \
338 default: __put_user_unknown(); break; \
343 #define __put_user_check(x,ptr,size) \
346 __typeof__(*(ptr)) __pu_val; \
350 __pu_addr = (long) (ptr); \
351 __asm__("":"=r" (__pu_err)); \
352 if (access_ok(VERIFY_WRITE, __pu_addr, size)) { \
354 case 1: __put_user_asm("sb"); break; \
355 case 2: __put_user_asm("sh"); break; \
356 case 4: __put_user_asm("sw"); break; \
357 case 8: __PUT_USER_DW; break; \
358 default: __put_user_unknown(); break; \
364 #define __put_user_asm(insn) \
366 __asm__ __volatile__( \
367 "1:\t" insn "\t%z1, %2\t\t\t# __put_user_asm\n\t" \
370 ".section\t.fixup,\"ax\"\n" \
371 "3:\tli\t%0,%3\n\t" \
374 ".section\t__ex_table,\"a\"\n\t" \
375 __UA_ADDR "\t1b,3b\n\t" \
378 :"Jr" (__pu_val), "o" (__m(__pu_addr)), "i" (-EFAULT)); \
381 #define __put_user_asm_ll32 \
383 __asm__ __volatile__( \
384 "1:\tsw\t%1, %2\t\t\t# __put_user_asm_ll32\n\t" \
385 "2:\tsw\t%D1, %3\n" \
388 ".section\t.fixup,\"ax\"\n" \
389 "4:\tli\t%0,%4\n\t" \
392 ".section\t__ex_table,\"a\"\n\t" \
393 __UA_ADDR "\t1b,4b\n\t" \
394 __UA_ADDR "\t2b,4b\n\t" \
397 :"r" (__pu_val), "o" (__m(__pu_addr)), \
398 "o" (__m(__pu_addr + 4)), "i" (-EFAULT)); \
401 extern void __put_user_unknown(void);
404 * We're generating jump to subroutines which will be outside the range of
408 #define __MODULE_JAL(destination) \
410 __UA_LA "\t$1, " #destination "\n\t" \
414 #define __MODULE_JAL(destination) \
415 "jal\t" #destination "\n\t"
418 extern size_t __copy_user(void *__to, const void *__from, size_t __n);
420 #define __invoke_copy_to_user(to,from,n) \
422 register void *__cu_to_r __asm__ ("$4"); \
423 register const void *__cu_from_r __asm__ ("$5"); \
424 register long __cu_len_r __asm__ ("$6"); \
427 __cu_from_r = (from); \
429 __asm__ __volatile__( \
430 __MODULE_JAL(__copy_user) \
431 : "+r" (__cu_to_r), "+r" (__cu_from_r), "+r" (__cu_len_r) \
433 : "$8", "$9", "$10", "$11", "$12", "$15", "$24", "$31", \
439 * __copy_to_user: - Copy a block of data into user space, with less checking.
440 * @to: Destination address, in user space.
441 * @from: Source address, in kernel space.
442 * @n: Number of bytes to copy.
444 * Context: User context only. This function may sleep.
446 * Copy data from kernel space to user space. Caller must check
447 * the specified block with access_ok() before calling this function.
449 * Returns number of bytes that could not be copied.
450 * On success, this will be zero.
452 #define __copy_to_user(to,from,n) \
455 const void *__cu_from; \
460 __cu_from = (from); \
462 __cu_len = __invoke_copy_to_user(__cu_to, __cu_from, __cu_len); \
466 #define __copy_to_user_inatomic __copy_to_user
467 #define __copy_from_user_inatomic __copy_from_user
470 * copy_to_user: - Copy a block of data into user space.
471 * @to: Destination address, in user space.
472 * @from: Source address, in kernel space.
473 * @n: Number of bytes to copy.
475 * Context: User context only. This function may sleep.
477 * Copy data from kernel space to user space.
479 * Returns number of bytes that could not be copied.
480 * On success, this will be zero.
482 #define copy_to_user(to,from,n) \
485 const void *__cu_from; \
490 __cu_from = (from); \
492 if (access_ok(VERIFY_WRITE, __cu_to, __cu_len)) \
493 __cu_len = __invoke_copy_to_user(__cu_to, __cu_from, \
498 #define __invoke_copy_from_user(to,from,n) \
500 register void *__cu_to_r __asm__ ("$4"); \
501 register const void *__cu_from_r __asm__ ("$5"); \
502 register long __cu_len_r __asm__ ("$6"); \
505 __cu_from_r = (from); \
507 __asm__ __volatile__( \
508 ".set\tnoreorder\n\t" \
509 __MODULE_JAL(__copy_user) \
511 __UA_ADDU "\t$1, %1, %2\n\t" \
513 ".set\treorder\n\t" \
514 "move\t%0, $6" /* XXX */ \
515 : "+r" (__cu_to_r), "+r" (__cu_from_r), "+r" (__cu_len_r) \
517 : "$8", "$9", "$10", "$11", "$12", "$15", "$24", "$31", \
523 * __copy_from_user: - Copy a block of data from user space, with less checking. * @to: Destination address, in kernel space.
524 * @from: Source address, in user space.
525 * @n: Number of bytes to copy.
527 * Context: User context only. This function may sleep.
529 * Copy data from user space to kernel space. Caller must check
530 * the specified block with access_ok() before calling this function.
532 * Returns number of bytes that could not be copied.
533 * On success, this will be zero.
535 * If some data could not be copied, this function will pad the copied
536 * data to the requested size using zero bytes.
538 #define __copy_from_user(to,from,n) \
541 const void *__cu_from; \
546 __cu_from = (from); \
548 __cu_len = __invoke_copy_from_user(__cu_to, __cu_from, \
554 * copy_from_user: - Copy a block of data from user space.
555 * @to: Destination address, in kernel space.
556 * @from: Source address, in user space.
557 * @n: Number of bytes to copy.
559 * Context: User context only. This function may sleep.
561 * Copy data from user space to kernel space.
563 * Returns number of bytes that could not be copied.
564 * On success, this will be zero.
566 * If some data could not be copied, this function will pad the copied
567 * data to the requested size using zero bytes.
569 #define copy_from_user(to,from,n) \
572 const void *__cu_from; \
577 __cu_from = (from); \
579 if (access_ok(VERIFY_READ, __cu_from, __cu_len)) \
580 __cu_len = __invoke_copy_from_user(__cu_to, __cu_from, \
585 #define __copy_in_user(to, from, n) __copy_from_user(to, from, n)
587 #define copy_in_user(to,from,n) \
590 const void *__cu_from; \
595 __cu_from = (from); \
597 if (likely(access_ok(VERIFY_READ, __cu_from, __cu_len) && \
598 access_ok(VERIFY_WRITE, __cu_to, __cu_len))) \
599 __cu_len = __invoke_copy_from_user(__cu_to, __cu_from, \
605 * __clear_user: - Zero a block of memory in user space, with less checking.
606 * @to: Destination address, in user space.
607 * @n: Number of bytes to zero.
609 * Zero a block of memory in user space. Caller must check
610 * the specified block with access_ok() before calling this function.
612 * Returns number of bytes that could not be cleared.
613 * On success, this will be zero.
615 static inline __kernel_size_t
616 __clear_user(void *addr, __kernel_size_t size)
621 __asm__ __volatile__(
625 __MODULE_JAL(__bzero)
628 : "r" (addr), "r" (size)
629 : "$4", "$5", "$6", __UA_t0, __UA_t1, "$31");
634 #define clear_user(addr,n) \
636 void * __cl_addr = (addr); \
637 unsigned long __cl_size = (n); \
638 if (__cl_size && access_ok(VERIFY_WRITE, \
639 ((unsigned long)(__cl_addr)), __cl_size)) \
640 __cl_size = __clear_user(__cl_addr, __cl_size); \
645 * __strncpy_from_user: - Copy a NUL terminated string from userspace, with less checking.
646 * @dst: Destination address, in kernel space. This buffer must be at
647 * least @count bytes long.
648 * @src: Source address, in user space.
649 * @count: Maximum number of bytes to copy, including the trailing NUL.
651 * Copies a NUL-terminated string from userspace to kernel space.
652 * Caller must check the specified block with access_ok() before calling
655 * On success, returns the length of the string (not including the trailing
658 * If access to userspace fails, returns -EFAULT (some data may have been
661 * If @count is smaller than the length of the string, copies @count bytes
662 * and returns @count.
665 __strncpy_from_user(char *__to, const char *__from, long __len)
670 __asm__ __volatile__(
674 __MODULE_JAL(__strncpy_from_user_nocheck_asm)
677 : "r" (__to), "r" (__from), "r" (__len)
678 : "$2", "$3", "$4", "$5", "$6", __UA_t0, "$31", "memory");
684 * strncpy_from_user: - Copy a NUL terminated string from userspace.
685 * @dst: Destination address, in kernel space. This buffer must be at
686 * least @count bytes long.
687 * @src: Source address, in user space.
688 * @count: Maximum number of bytes to copy, including the trailing NUL.
690 * Copies a NUL-terminated string from userspace to kernel space.
692 * On success, returns the length of the string (not including the trailing
695 * If access to userspace fails, returns -EFAULT (some data may have been
698 * If @count is smaller than the length of the string, copies @count bytes
699 * and returns @count.
702 strncpy_from_user(char *__to, const char *__from, long __len)
707 __asm__ __volatile__(
711 __MODULE_JAL(__strncpy_from_user_asm)
714 : "r" (__to), "r" (__from), "r" (__len)
715 : "$2", "$3", "$4", "$5", "$6", __UA_t0, "$31", "memory");
720 /* Returns: 0 if bad, string length+1 (memory size) of string if ok */
721 static inline long __strlen_user(const char *s)
726 __asm__ __volatile__(
728 __MODULE_JAL(__strlen_user_nocheck_asm)
732 : "$2", "$4", __UA_t0, "$31");
738 * strlen_user: - Get the size of a string in user space.
739 * @str: The string to measure.
741 * Context: User context only. This function may sleep.
743 * Get the size of a NUL-terminated string in user space.
745 * Returns the size of the string INCLUDING the terminating NUL.
746 * On exception, returns 0.
748 * If there is a limit on the length of a valid string, you may wish to
749 * consider using strnlen_user() instead.
751 static inline long strlen_user(const char *s)
756 __asm__ __volatile__(
758 __MODULE_JAL(__strlen_user_asm)
762 : "$2", "$4", __UA_t0, "$31");
767 /* Returns: 0 if bad, string length+1 (memory size) of string if ok */
768 static inline long __strnlen_user(const char *s, long n)
773 __asm__ __volatile__(
776 __MODULE_JAL(__strnlen_user_nocheck_asm)
780 : "$2", "$4", "$5", __UA_t0, "$31");
786 * strlen_user: - Get the size of a string in user space.
787 * @str: The string to measure.
789 * Context: User context only. This function may sleep.
791 * Get the size of a NUL-terminated string in user space.
793 * Returns the size of the string INCLUDING the terminating NUL.
794 * On exception, returns 0.
796 * If there is a limit on the length of a valid string, you may wish to
797 * consider using strnlen_user() instead.
799 static inline long strnlen_user(const char *s, long n)
804 __asm__ __volatile__(
807 __MODULE_JAL(__strnlen_user_asm)
811 : "$2", "$4", "$5", __UA_t0, "$31");
816 struct exception_table_entry
819 unsigned long nextinsn;
822 extern int fixup_exception(struct pt_regs *regs);
824 #endif /* _ASM_UACCESS_H */