1 /*
2  *  linux/arch/arm/lib/uaccess_with_memcpy.c
3  *
4  *  Written by: Lennert Buytenhek and Nicolas Pitre
5  *  Copyright (C) 2009 Marvell Semiconductor
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License version 2 as
9  * published by the Free Software Foundation.
10  */
11 
12 #include <linux/kernel.h>
13 #include <linux/ctype.h>
14 #include <linux/uaccess.h>
15 #include <linux/rwsem.h>
16 #include <linux/mm.h>
17 #include <linux/sched.h>
18 #include <linux/hardirq.h> /* for in_atomic() */
19 #include <linux/gfp.h>
20 #include <linux/highmem.h>
21 #include <linux/hugetlb.h>
22 #include <linux/export.h>
23 #include <asm/current.h>
24 #include <asm/page.h>
25 
26 static int
27 pin_page_for_write(const void __user *_addr, pte_t **ptep, spinlock_t **ptlp)
28 {
29 	unsigned long addr = (unsigned long)_addr;
30 	pgd_t *pgd;
31 	pmd_t *pmd;
32 	pte_t *pte;
33 	pud_t *pud;
34 	spinlock_t *ptl;
35 
36 	pgd = pgd_offset(current->mm, addr);
37 	if (unlikely(pgd_none(*pgd) || pgd_bad(*pgd)))
38 		return 0;
39 
40 	pud = pud_offset(pgd, addr);
41 	if (unlikely(pud_none(*pud) || pud_bad(*pud)))
42 		return 0;
43 
44 	pmd = pmd_offset(pud, addr);
45 	if (unlikely(pmd_none(*pmd)))
46 		return 0;
47 
48 	/*
49 	 * A pmd can be bad if it refers to a HugeTLB or THP page.
50 	 *
51 	 * Both THP and HugeTLB pages have the same pmd layout
52 	 * and should not be manipulated by the pte functions.
53 	 *
54 	 * Lock the page table for the destination and check
55 	 * to see that it's still huge and whether or not we will
56 	 * need to fault on write.
57 	 */
58 	if (unlikely(pmd_thp_or_huge(*pmd))) {
59 		ptl = &current->mm->page_table_lock;
60 		spin_lock(ptl);
61 		if (unlikely(!pmd_thp_or_huge(*pmd)
62 			|| pmd_hugewillfault(*pmd))) {
63 			spin_unlock(ptl);
64 			return 0;
65 		}
66 
67 		*ptep = NULL;
68 		*ptlp = ptl;
69 		return 1;
70 	}
71 
72 	if (unlikely(pmd_bad(*pmd)))
73 		return 0;
74 
75 	pte = pte_offset_map_lock(current->mm, pmd, addr, &ptl);
76 	if (unlikely(!pte_present(*pte) || !pte_young(*pte) ||
77 	    !pte_write(*pte) || !pte_dirty(*pte))) {
78 		pte_unmap_unlock(pte, ptl);
79 		return 0;
80 	}
81 
82 	*ptep = pte;
83 	*ptlp = ptl;
84 
85 	return 1;
86 }
87 
88 static unsigned long noinline
89 __copy_to_user_memcpy(void __user *to, const void *from, unsigned long n)
90 {
91 	unsigned long ua_flags;
92 	int atomic;
93 
94 	if (unlikely(segment_eq(get_fs(), KERNEL_DS))) {
95 		memcpy((void *)to, from, n);
96 		return 0;
97 	}
98 
99 	/* the mmap semaphore is taken only if not in an atomic context */
100 	atomic = faulthandler_disabled();
101 
102 	if (!atomic)
103 		down_read(&current->mm->mmap_sem);
104 	while (n) {
105 		pte_t *pte;
106 		spinlock_t *ptl;
107 		int tocopy;
108 
109 		while (!pin_page_for_write(to, &pte, &ptl)) {
110 			if (!atomic)
111 				up_read(&current->mm->mmap_sem);
112 			if (__put_user(0, (char __user *)to))
113 				goto out;
114 			if (!atomic)
115 				down_read(&current->mm->mmap_sem);
116 		}
117 
118 		tocopy = (~(unsigned long)to & ~PAGE_MASK) + 1;
119 		if (tocopy > n)
120 			tocopy = n;
121 
122 		ua_flags = uaccess_save_and_enable();
123 		memcpy((void *)to, from, tocopy);
124 		uaccess_restore(ua_flags);
125 		to += tocopy;
126 		from += tocopy;
127 		n -= tocopy;
128 
129 		if (pte)
130 			pte_unmap_unlock(pte, ptl);
131 		else
132 			spin_unlock(ptl);
133 	}
134 	if (!atomic)
135 		up_read(&current->mm->mmap_sem);
136 
137 out:
138 	return n;
139 }
140 
141 unsigned long
142 arm_copy_to_user(void __user *to, const void *from, unsigned long n)
143 {
144 	/*
145 	 * This test is stubbed out of the main function above to keep
146 	 * the overhead for small copies low by avoiding a large
147 	 * register dump on the stack just to reload them right away.
148 	 * With frame pointer disabled, tail call optimization kicks in
149 	 * as well making this test almost invisible.
150 	 */
151 	if (n < 64) {
152 		unsigned long ua_flags = uaccess_save_and_enable();
153 		n = __copy_to_user_std(to, from, n);
154 		uaccess_restore(ua_flags);
155 	} else {
156 		n = __copy_to_user_memcpy(to, from, n);
157 	}
158 	return n;
159 }
160 EXPORT_SYMBOL(arm_copy_to_user);
161 
162 static unsigned long noinline
163 __clear_user_memset(void __user *addr, unsigned long n)
164 {
165 	unsigned long ua_flags;
166 
167 	if (unlikely(segment_eq(get_fs(), KERNEL_DS))) {
168 		memset((void *)addr, 0, n);
169 		return 0;
170 	}
171 
172 	down_read(&current->mm->mmap_sem);
173 	while (n) {
174 		pte_t *pte;
175 		spinlock_t *ptl;
176 		int tocopy;
177 
178 		while (!pin_page_for_write(addr, &pte, &ptl)) {
179 			up_read(&current->mm->mmap_sem);
180 			if (__put_user(0, (char __user *)addr))
181 				goto out;
182 			down_read(&current->mm->mmap_sem);
183 		}
184 
185 		tocopy = (~(unsigned long)addr & ~PAGE_MASK) + 1;
186 		if (tocopy > n)
187 			tocopy = n;
188 
189 		ua_flags = uaccess_save_and_enable();
190 		memset((void *)addr, 0, tocopy);
191 		uaccess_restore(ua_flags);
192 		addr += tocopy;
193 		n -= tocopy;
194 
195 		if (pte)
196 			pte_unmap_unlock(pte, ptl);
197 		else
198 			spin_unlock(ptl);
199 	}
200 	up_read(&current->mm->mmap_sem);
201 
202 out:
203 	return n;
204 }
205 
206 unsigned long arm_clear_user(void __user *addr, unsigned long n)
207 {
208 	/* See rational for this in __copy_to_user() above. */
209 	if (n < 64) {
210 		unsigned long ua_flags = uaccess_save_and_enable();
211 		n = __clear_user_std(addr, n);
212 		uaccess_restore(ua_flags);
213 	} else {
214 		n = __clear_user_memset(addr, n);
215 	}
216 	return n;
217 }
218 EXPORT_SYMBOL(arm_clear_user);
219 
220 #if 0
221 
222 /*
223  * This code is disabled by default, but kept around in case the chosen
224  * thresholds need to be revalidated.  Some overhead (small but still)
225  * would be implied by a runtime determined variable threshold, and
226  * so far the measurement on concerned targets didn't show a worthwhile
227  * variation.
228  *
229  * Note that a fairly precise sched_clock() implementation is needed
230  * for results to make some sense.
231  */
232 
233 #include <linux/vmalloc.h>
234 
235 static int __init test_size_treshold(void)
236 {
237 	struct page *src_page, *dst_page;
238 	void *user_ptr, *kernel_ptr;
239 	unsigned long long t0, t1, t2;
240 	int size, ret;
241 
242 	ret = -ENOMEM;
243 	src_page = alloc_page(GFP_KERNEL);
244 	if (!src_page)
245 		goto no_src;
246 	dst_page = alloc_page(GFP_KERNEL);
247 	if (!dst_page)
248 		goto no_dst;
249 	kernel_ptr = page_address(src_page);
250 	user_ptr = vmap(&dst_page, 1, VM_IOREMAP, __pgprot(__P010));
251 	if (!user_ptr)
252 		goto no_vmap;
253 
254 	/* warm up the src page dcache */
255 	ret = __copy_to_user_memcpy(user_ptr, kernel_ptr, PAGE_SIZE);
256 
257 	for (size = PAGE_SIZE; size >= 4; size /= 2) {
258 		t0 = sched_clock();
259 		ret |= __copy_to_user_memcpy(user_ptr, kernel_ptr, size);
260 		t1 = sched_clock();
261 		ret |= __copy_to_user_std(user_ptr, kernel_ptr, size);
262 		t2 = sched_clock();
263 		printk("copy_to_user: %d %llu %llu\n", size, t1 - t0, t2 - t1);
264 	}
265 
266 	for (size = PAGE_SIZE; size >= 4; size /= 2) {
267 		t0 = sched_clock();
268 		ret |= __clear_user_memset(user_ptr, size);
269 		t1 = sched_clock();
270 		ret |= __clear_user_std(user_ptr, size);
271 		t2 = sched_clock();
272 		printk("clear_user: %d %llu %llu\n", size, t1 - t0, t2 - t1);
273 	}
274 
275 	if (ret)
276 		ret = -EFAULT;
277 
278 	vunmap(user_ptr);
279 no_vmap:
280 	put_page(dst_page);
281 no_dst:
282 	put_page(src_page);
283 no_src:
284 	return ret;
285 }
286 
287 subsys_initcall(test_size_treshold);
288 
289 #endif
290