1 /*
2  *  linux/arch/arm/lib/uaccess_with_memcpy.c
3  *
4  *  Written by: Lennert Buytenhek and Nicolas Pitre
5  *  Copyright (C) 2009 Marvell Semiconductor
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License version 2 as
9  * published by the Free Software Foundation.
10  */
11 
12 #include <linux/kernel.h>
13 #include <linux/ctype.h>
14 #include <linux/uaccess.h>
15 #include <linux/rwsem.h>
16 #include <linux/mm.h>
17 #include <linux/sched.h>
18 #include <linux/hardirq.h> /* for in_atomic() */
19 #include <linux/gfp.h>
20 #include <linux/highmem.h>
21 #include <linux/hugetlb.h>
22 #include <asm/current.h>
23 #include <asm/page.h>
24 
25 static int
26 pin_page_for_write(const void __user *_addr, pte_t **ptep, spinlock_t **ptlp)
27 {
28 	unsigned long addr = (unsigned long)_addr;
29 	pgd_t *pgd;
30 	pmd_t *pmd;
31 	pte_t *pte;
32 	pud_t *pud;
33 	spinlock_t *ptl;
34 
35 	pgd = pgd_offset(current->mm, addr);
36 	if (unlikely(pgd_none(*pgd) || pgd_bad(*pgd)))
37 		return 0;
38 
39 	pud = pud_offset(pgd, addr);
40 	if (unlikely(pud_none(*pud) || pud_bad(*pud)))
41 		return 0;
42 
43 	pmd = pmd_offset(pud, addr);
44 	if (unlikely(pmd_none(*pmd)))
45 		return 0;
46 
47 	/*
48 	 * A pmd can be bad if it refers to a HugeTLB or THP page.
49 	 *
50 	 * Both THP and HugeTLB pages have the same pmd layout
51 	 * and should not be manipulated by the pte functions.
52 	 *
53 	 * Lock the page table for the destination and check
54 	 * to see that it's still huge and whether or not we will
55 	 * need to fault on write.
56 	 */
57 	if (unlikely(pmd_thp_or_huge(*pmd))) {
58 		ptl = &current->mm->page_table_lock;
59 		spin_lock(ptl);
60 		if (unlikely(!pmd_thp_or_huge(*pmd)
61 			|| pmd_hugewillfault(*pmd))) {
62 			spin_unlock(ptl);
63 			return 0;
64 		}
65 
66 		*ptep = NULL;
67 		*ptlp = ptl;
68 		return 1;
69 	}
70 
71 	if (unlikely(pmd_bad(*pmd)))
72 		return 0;
73 
74 	pte = pte_offset_map_lock(current->mm, pmd, addr, &ptl);
75 	if (unlikely(!pte_present(*pte) || !pte_young(*pte) ||
76 	    !pte_write(*pte) || !pte_dirty(*pte))) {
77 		pte_unmap_unlock(pte, ptl);
78 		return 0;
79 	}
80 
81 	*ptep = pte;
82 	*ptlp = ptl;
83 
84 	return 1;
85 }
86 
87 static unsigned long noinline
88 __copy_to_user_memcpy(void __user *to, const void *from, unsigned long n)
89 {
90 	unsigned long ua_flags;
91 	int atomic;
92 
93 	if (uaccess_kernel()) {
94 		memcpy((void *)to, from, n);
95 		return 0;
96 	}
97 
98 	/* the mmap semaphore is taken only if not in an atomic context */
99 	atomic = faulthandler_disabled();
100 
101 	if (!atomic)
102 		down_read(&current->mm->mmap_sem);
103 	while (n) {
104 		pte_t *pte;
105 		spinlock_t *ptl;
106 		int tocopy;
107 
108 		while (!pin_page_for_write(to, &pte, &ptl)) {
109 			if (!atomic)
110 				up_read(&current->mm->mmap_sem);
111 			if (__put_user(0, (char __user *)to))
112 				goto out;
113 			if (!atomic)
114 				down_read(&current->mm->mmap_sem);
115 		}
116 
117 		tocopy = (~(unsigned long)to & ~PAGE_MASK) + 1;
118 		if (tocopy > n)
119 			tocopy = n;
120 
121 		ua_flags = uaccess_save_and_enable();
122 		memcpy((void *)to, from, tocopy);
123 		uaccess_restore(ua_flags);
124 		to += tocopy;
125 		from += tocopy;
126 		n -= tocopy;
127 
128 		if (pte)
129 			pte_unmap_unlock(pte, ptl);
130 		else
131 			spin_unlock(ptl);
132 	}
133 	if (!atomic)
134 		up_read(&current->mm->mmap_sem);
135 
136 out:
137 	return n;
138 }
139 
140 unsigned long
141 arm_copy_to_user(void __user *to, const void *from, unsigned long n)
142 {
143 	/*
144 	 * This test is stubbed out of the main function above to keep
145 	 * the overhead for small copies low by avoiding a large
146 	 * register dump on the stack just to reload them right away.
147 	 * With frame pointer disabled, tail call optimization kicks in
148 	 * as well making this test almost invisible.
149 	 */
150 	if (n < 64) {
151 		unsigned long ua_flags = uaccess_save_and_enable();
152 		n = __copy_to_user_std(to, from, n);
153 		uaccess_restore(ua_flags);
154 	} else {
155 		n = __copy_to_user_memcpy(to, from, n);
156 	}
157 	return n;
158 }
159 
160 static unsigned long noinline
161 __clear_user_memset(void __user *addr, unsigned long n)
162 {
163 	unsigned long ua_flags;
164 
165 	if (uaccess_kernel()) {
166 		memset((void *)addr, 0, n);
167 		return 0;
168 	}
169 
170 	down_read(&current->mm->mmap_sem);
171 	while (n) {
172 		pte_t *pte;
173 		spinlock_t *ptl;
174 		int tocopy;
175 
176 		while (!pin_page_for_write(addr, &pte, &ptl)) {
177 			up_read(&current->mm->mmap_sem);
178 			if (__put_user(0, (char __user *)addr))
179 				goto out;
180 			down_read(&current->mm->mmap_sem);
181 		}
182 
183 		tocopy = (~(unsigned long)addr & ~PAGE_MASK) + 1;
184 		if (tocopy > n)
185 			tocopy = n;
186 
187 		ua_flags = uaccess_save_and_enable();
188 		memset((void *)addr, 0, tocopy);
189 		uaccess_restore(ua_flags);
190 		addr += tocopy;
191 		n -= tocopy;
192 
193 		if (pte)
194 			pte_unmap_unlock(pte, ptl);
195 		else
196 			spin_unlock(ptl);
197 	}
198 	up_read(&current->mm->mmap_sem);
199 
200 out:
201 	return n;
202 }
203 
204 unsigned long arm_clear_user(void __user *addr, unsigned long n)
205 {
206 	/* See rational for this in __copy_to_user() above. */
207 	if (n < 64) {
208 		unsigned long ua_flags = uaccess_save_and_enable();
209 		n = __clear_user_std(addr, n);
210 		uaccess_restore(ua_flags);
211 	} else {
212 		n = __clear_user_memset(addr, n);
213 	}
214 	return n;
215 }
216 
217 #if 0
218 
219 /*
220  * This code is disabled by default, but kept around in case the chosen
221  * thresholds need to be revalidated.  Some overhead (small but still)
222  * would be implied by a runtime determined variable threshold, and
223  * so far the measurement on concerned targets didn't show a worthwhile
224  * variation.
225  *
226  * Note that a fairly precise sched_clock() implementation is needed
227  * for results to make some sense.
228  */
229 
230 #include <linux/vmalloc.h>
231 
232 static int __init test_size_treshold(void)
233 {
234 	struct page *src_page, *dst_page;
235 	void *user_ptr, *kernel_ptr;
236 	unsigned long long t0, t1, t2;
237 	int size, ret;
238 
239 	ret = -ENOMEM;
240 	src_page = alloc_page(GFP_KERNEL);
241 	if (!src_page)
242 		goto no_src;
243 	dst_page = alloc_page(GFP_KERNEL);
244 	if (!dst_page)
245 		goto no_dst;
246 	kernel_ptr = page_address(src_page);
247 	user_ptr = vmap(&dst_page, 1, VM_IOREMAP, __pgprot(__P010));
248 	if (!user_ptr)
249 		goto no_vmap;
250 
251 	/* warm up the src page dcache */
252 	ret = __copy_to_user_memcpy(user_ptr, kernel_ptr, PAGE_SIZE);
253 
254 	for (size = PAGE_SIZE; size >= 4; size /= 2) {
255 		t0 = sched_clock();
256 		ret |= __copy_to_user_memcpy(user_ptr, kernel_ptr, size);
257 		t1 = sched_clock();
258 		ret |= __copy_to_user_std(user_ptr, kernel_ptr, size);
259 		t2 = sched_clock();
260 		printk("copy_to_user: %d %llu %llu\n", size, t1 - t0, t2 - t1);
261 	}
262 
263 	for (size = PAGE_SIZE; size >= 4; size /= 2) {
264 		t0 = sched_clock();
265 		ret |= __clear_user_memset(user_ptr, size);
266 		t1 = sched_clock();
267 		ret |= __clear_user_std(user_ptr, size);
268 		t2 = sched_clock();
269 		printk("clear_user: %d %llu %llu\n", size, t1 - t0, t2 - t1);
270 	}
271 
272 	if (ret)
273 		ret = -EFAULT;
274 
275 	vunmap(user_ptr);
276 no_vmap:
277 	put_page(dst_page);
278 no_dst:
279 	put_page(src_page);
280 no_src:
281 	return ret;
282 }
283 
284 subsys_initcall(test_size_treshold);
285 
286 #endif
287