6 #include <linux/sched.h>
7 #include <linux/errno.h>
8 #include <asm/processor.h>
11 #define VERIFY_WRITE 1
14 * The fs value determines whether argument validity checking should be
15 * performed or not. If get_fs() == USER_DS, checking is performed, with
16 * get_fs() == KERNEL_DS, checking is bypassed.
18 * For historical reasons, these macros are grossly misnamed.
20 * The fs/ds values are now the highest legal address in the "segment".
21 * This simplifies the checking in the routines below.
24 #define KERNEL_DS ((mm_segment_t) { ~0UL })
25 #define USER_DS ((mm_segment_t) { TASK_SIZE - 1 })
27 #define get_ds() (KERNEL_DS)
28 #define get_fs() (current->thread.fs)
29 #define set_fs(val) (current->thread.fs = (val))
31 #define segment_eq(a,b) ((a).seg == (b).seg)
33 #define __access_ok(addr,size) \
34 ((addr) <= current->thread.fs.seg \
35 && ((size) == 0 || (size) - 1 <= current->thread.fs.seg - (addr)))
37 #define access_ok(type, addr, size) \
38 (__chk_user_ptr(addr),__access_ok((unsigned long)(addr),(size)))
40 extern inline int verify_area(int type, const void __user * addr, unsigned long size)
42 return access_ok(type, addr, size) ? 0 : -EFAULT;
47 * The exception table consists of pairs of addresses: the first is the
48 * address of an instruction that is allowed to fault, and the second is
49 * the address at which the program should continue. No registers are
50 * modified, so it is entirely up to the continuation code to figure out
53 * All the routines below use bits of fixup code that are out of line
54 * with the main instruction path. This means when everything is well,
55 * we don't even have to jump over them. Further, they do not intrude
56 * on our cache or tlb entries.
59 struct exception_table_entry
61 unsigned long insn, fixup;
65 * These are the main single-value transfer routines. They automatically
66 * use the right size if we just have the right pointer type.
68 * This gets kind of ugly. We want to return _two_ values in "get_user()"
69 * and yet we don't want to do any pointers, because that is too much
70 * of a performance impact. Thus we have a few rather ugly macros here,
71 * and hide all the ugliness from the user.
73 * The "__xxx" versions of the user access functions are versions that
74 * do not verify the address space, that must have been done previously
75 * with a separate "access_ok()" call (this is used when we do multiple
76 * accesses to the same area of user memory).
78 * As we use the same address space for kernel and user data on the
79 * PowerPC, we can just do these as direct assignments. (Of course, the
80 * exception handling means that it's no longer "just"...)
82 * The "user64" versions of the user access functions are versions that
83 * allow access of 64-bit data. The "get_user" functions do not
84 * properly handle 64-bit data because the value gets down cast to a long.
85 * The "put_user" functions already handle 64-bit data properly but we add
86 * "user64" versions for completeness
88 #define get_user(x,ptr) \
89 __get_user_check((x),(ptr),sizeof(*(ptr)))
90 #define get_user64(x,ptr) \
91 __get_user64_check((x),(ptr),sizeof(*(ptr)))
92 #define put_user(x,ptr) \
93 __put_user_check((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr)))
94 #define put_user64(x,ptr) put_user(x,ptr)
96 #define __get_user(x,ptr) \
97 __get_user_nocheck((x),(ptr),sizeof(*(ptr)))
98 #define __get_user64(x,ptr) \
99 __get_user64_nocheck((x),(ptr),sizeof(*(ptr)))
100 #define __put_user(x,ptr) \
101 __put_user_nocheck((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr)))
102 #define __put_user64(x,ptr) __put_user(x,ptr)
104 extern long __put_user_bad(void);
106 #define __put_user_nocheck(x,ptr,size) \
109 __chk_user_ptr(ptr); \
110 __put_user_size((x),(ptr),(size),__pu_err); \
114 #define __put_user_check(x,ptr,size) \
116 long __pu_err = -EFAULT; \
117 __typeof__(*(ptr)) __user *__pu_addr = (ptr); \
118 if (access_ok(VERIFY_WRITE,__pu_addr,size)) \
119 __put_user_size((x),__pu_addr,(size),__pu_err); \
123 #define __put_user_size(x,ptr,size,retval) \
128 __put_user_asm(x, ptr, retval, "stb"); \
131 __put_user_asm(x, ptr, retval, "sth"); \
134 __put_user_asm(x, ptr, retval, "stw"); \
137 __put_user_asm2(x, ptr, retval); \
145 * We don't tell gcc that we are accessing memory, but this is OK
146 * because we do not write to any memory gcc knows about, so there
147 * are no aliasing issues.
149 #define __put_user_asm(x, addr, err, op) \
150 __asm__ __volatile__( \
151 "1: "op" %1,0(%2)\n" \
153 ".section .fixup,\"ax\"\n" \
157 ".section __ex_table,\"a\"\n" \
162 : "r" (x), "b" (addr), "i" (-EFAULT), "0" (err))
164 #define __put_user_asm2(x, addr, err) \
165 __asm__ __volatile__( \
166 "1: stw %1,0(%2)\n" \
167 "2: stw %1+1,4(%2)\n" \
169 ".section .fixup,\"ax\"\n" \
173 ".section __ex_table,\"a\"\n" \
179 : "r" (x), "b" (addr), "i" (-EFAULT), "0" (err))
181 #define __get_user_nocheck(x, ptr, size) \
184 unsigned long __gu_val; \
185 __chk_user_ptr(ptr); \
186 __get_user_size(__gu_val, (ptr), (size), __gu_err); \
187 (x) = (__typeof__(*(ptr)))__gu_val; \
191 #define __get_user64_nocheck(x, ptr, size) \
194 long long __gu_val; \
195 __chk_user_ptr(ptr); \
196 __get_user_size64(__gu_val, (ptr), (size), __gu_err); \
197 (x) = (__typeof__(*(ptr)))__gu_val; \
201 #define __get_user_check(x, ptr, size) \
203 long __gu_err = -EFAULT; \
204 unsigned long __gu_val = 0; \
205 const __typeof__(*(ptr)) __user *__gu_addr = (ptr); \
206 if (access_ok(VERIFY_READ, __gu_addr, (size))) \
207 __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \
208 (x) = (__typeof__(*(ptr)))__gu_val; \
212 #define __get_user64_check(x, ptr, size) \
214 long __gu_err = -EFAULT; \
215 long long __gu_val = 0; \
216 const __typeof__(*(ptr)) __user *__gu_addr = (ptr); \
217 if (access_ok(VERIFY_READ, __gu_addr, (size))) \
218 __get_user_size64(__gu_val, __gu_addr, (size), __gu_err); \
219 (x) = (__typeof__(*(ptr)))__gu_val; \
223 extern long __get_user_bad(void);
225 #define __get_user_size(x, ptr, size, retval) \
230 __get_user_asm(x, ptr, retval, "lbz"); \
233 __get_user_asm(x, ptr, retval, "lhz"); \
236 __get_user_asm(x, ptr, retval, "lwz"); \
239 x = __get_user_bad(); \
243 #define __get_user_size64(x, ptr, size, retval) \
248 __get_user_asm(x, ptr, retval, "lbz"); \
251 __get_user_asm(x, ptr, retval, "lhz"); \
254 __get_user_asm(x, ptr, retval, "lwz"); \
257 __get_user_asm2(x, ptr, retval); \
260 x = __get_user_bad(); \
264 #define __get_user_asm(x, addr, err, op) \
265 __asm__ __volatile__( \
266 "1: "op" %1,0(%2)\n" \
268 ".section .fixup,\"ax\"\n" \
273 ".section __ex_table,\"a\"\n" \
277 : "=r"(err), "=r"(x) \
278 : "b"(addr), "i"(-EFAULT), "0"(err))
280 #define __get_user_asm2(x, addr, err) \
281 __asm__ __volatile__( \
282 "1: lwz %1,0(%2)\n" \
283 "2: lwz %1+1,4(%2)\n" \
285 ".section .fixup,\"ax\"\n" \
291 ".section __ex_table,\"a\"\n" \
296 : "=r"(err), "=&r"(x) \
297 : "b"(addr), "i"(-EFAULT), "0"(err))
299 /* more complex routines */
301 extern int __copy_tofrom_user(void __user *to, const void __user *from,
304 extern inline unsigned long
305 copy_from_user(void *to, const void __user *from, unsigned long n)
309 if (access_ok(VERIFY_READ, from, n))
310 return __copy_tofrom_user((__force void __user *)to, from, n);
311 if ((unsigned long)from < TASK_SIZE) {
312 over = (unsigned long)from + n - TASK_SIZE;
313 return __copy_tofrom_user((__force void __user *)to, from, n - over) + over;
318 extern inline unsigned long
319 copy_to_user(void __user *to, const void *from, unsigned long n)
323 if (access_ok(VERIFY_WRITE, to, n))
324 return __copy_tofrom_user(to, (__force void __user *) from, n);
325 if ((unsigned long)to < TASK_SIZE) {
326 over = (unsigned long)to + n - TASK_SIZE;
327 return __copy_tofrom_user(to, (__force void __user *) from, n - over) + over;
332 static inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long size)
334 return __copy_tofrom_user((__force void __user *)to, from, size);
337 static inline unsigned long __copy_to_user(void __user *to, const void *from, unsigned long size)
339 return __copy_tofrom_user(to, (__force void __user *)from, size);
342 #define __copy_to_user_inatomic __copy_to_user
343 #define __copy_from_user_inatomic __copy_from_user
345 extern unsigned long __clear_user(void __user *addr, unsigned long size);
347 extern inline unsigned long
348 clear_user(void __user *addr, unsigned long size)
350 if (access_ok(VERIFY_WRITE, addr, size))
351 return __clear_user(addr, size);
352 if ((unsigned long)addr < TASK_SIZE) {
353 unsigned long over = (unsigned long)addr + size - TASK_SIZE;
354 return __clear_user(addr, size - over) + over;
359 extern int __strncpy_from_user(char *dst, const char __user *src, long count);
362 strncpy_from_user(char *dst, const char __user *src, long count)
364 if (access_ok(VERIFY_READ, src, 1))
365 return __strncpy_from_user(dst, src, count);
370 * Return the size of a string (including the ending 0)
375 extern int __strnlen_user(const char __user *str, long len, unsigned long top);
378 * Returns the length of the string at str (including the null byte),
379 * or 0 if we hit a page we can't access,
380 * or something > len if we didn't find a null byte.
382 * The `top' parameter to __strnlen_user is to make sure that
383 * we can never overflow from the user area into kernel space.
385 extern __inline__ int strnlen_user(const char __user *str, long len)
387 unsigned long top = current->thread.fs.seg;
389 if ((unsigned long)str > top)
391 return __strnlen_user(str, len, top);
394 #define strlen_user(str) strnlen_user((str), 0x7ffffffe)
396 #endif /* __ASSEMBLY__ */
398 #endif /* _PPC_UACCESS_H */
399 #endif /* __KERNEL__ */