1 #ifndef _ASM_IA64_UACCESS_H 2 #define _ASM_IA64_UACCESS_H 3 4 /* 5 * This file defines various macros to transfer memory areas across 6 * the user/kernel boundary. This needs to be done carefully because 7 * this code is executed in kernel mode and uses user-specified 8 * addresses. Thus, we need to be careful not to let the user to 9 * trick us into accessing kernel memory that would normally be 10 * inaccessible. This code is also fairly performance sensitive, 11 * so we want to spend as little time doing safety checks as 12 * possible. 13 * 14 * To make matters a bit more interesting, these macros sometimes also 15 * called from within the kernel itself, in which case the address 16 * validity check must be skipped. The get_fs() macro tells us what 17 * to do: if get_fs()==USER_DS, checking is performed, if 18 * get_fs()==KERNEL_DS, checking is bypassed. 19 * 20 * Note that even if the memory area specified by the user is in a 21 * valid address range, it is still possible that we'll get a page 22 * fault while accessing it. This is handled by filling out an 23 * exception handler fixup entry for each instruction that has the 24 * potential to fault. When such a fault occurs, the page fault 25 * handler checks to see whether the faulting instruction has a fixup 26 * associated and, if so, sets r8 to -EFAULT and clears r9 to 0 and 27 * then resumes execution at the continuation point. 28 * 29 * Based on <asm-alpha/uaccess.h>. 30 * 31 * Copyright (C) 1998, 1999, 2001-2004 Hewlett-Packard Co 32 * David Mosberger-Tang <davidm@hpl.hp.com> 33 */ 34 35 #include <linux/compiler.h> 36 #include <linux/page-flags.h> 37 #include <linux/mm.h> 38 39 #include <asm/intrinsics.h> 40 #include <asm/pgtable.h> 41 #include <asm/io.h> 42 #include <asm/extable.h> 43 44 /* 45 * For historical reasons, the following macros are grossly misnamed: 46 */ 47 #define KERNEL_DS ((mm_segment_t) { ~0UL }) /* cf. access_ok() */ 48 #define USER_DS ((mm_segment_t) { TASK_SIZE-1 }) /* cf. access_ok() */ 49 50 #define get_ds() (KERNEL_DS) 51 #define get_fs() (current_thread_info()->addr_limit) 52 #define set_fs(x) (current_thread_info()->addr_limit = (x)) 53 54 #define segment_eq(a, b) ((a).seg == (b).seg) 55 56 /* 57 * When accessing user memory, we need to make sure the entire area really is in 58 * user-level space. In order to do this efficiently, we make sure that the page at 59 * address TASK_SIZE is never valid. We also need to make sure that the address doesn't 60 * point inside the virtually mapped linear page table. 61 */ 62 static inline int __access_ok(const void __user *p, unsigned long size) 63 { 64 unsigned long addr = (unsigned long)p; 65 unsigned long seg = get_fs().seg; 66 return likely(addr <= seg) && 67 (seg == KERNEL_DS.seg || likely(REGION_OFFSET(addr) < RGN_MAP_LIMIT)); 68 } 69 #define access_ok(type, addr, size) __access_ok((addr), (size)) 70 71 /* 72 * These are the main single-value transfer routines. They automatically 73 * use the right size if we just have the right pointer type. 74 * 75 * Careful to not 76 * (a) re-use the arguments for side effects (sizeof/typeof is ok) 77 * (b) require any knowledge of processes at this stage 78 */ 79 #define put_user(x, ptr) __put_user_check((__typeof__(*(ptr))) (x), (ptr), sizeof(*(ptr))) 80 #define get_user(x, ptr) __get_user_check((x), (ptr), sizeof(*(ptr))) 81 82 /* 83 * The "__xxx" versions do not do address space checking, useful when 84 * doing multiple accesses to the same area (the programmer has to do the 85 * checks by hand with "access_ok()") 86 */ 87 #define __put_user(x, ptr) __put_user_nocheck((__typeof__(*(ptr))) (x), (ptr), sizeof(*(ptr))) 88 #define __get_user(x, ptr) __get_user_nocheck((x), (ptr), sizeof(*(ptr))) 89 90 extern long __put_user_unaligned_unknown (void); 91 92 #define __put_user_unaligned(x, ptr) \ 93 ({ \ 94 long __ret; \ 95 switch (sizeof(*(ptr))) { \ 96 case 1: __ret = __put_user((x), (ptr)); break; \ 97 case 2: __ret = (__put_user((x), (u8 __user *)(ptr))) \ 98 | (__put_user((x) >> 8, ((u8 __user *)(ptr) + 1))); break; \ 99 case 4: __ret = (__put_user((x), (u16 __user *)(ptr))) \ 100 | (__put_user((x) >> 16, ((u16 __user *)(ptr) + 1))); break; \ 101 case 8: __ret = (__put_user((x), (u32 __user *)(ptr))) \ 102 | (__put_user((x) >> 32, ((u32 __user *)(ptr) + 1))); break; \ 103 default: __ret = __put_user_unaligned_unknown(); \ 104 } \ 105 __ret; \ 106 }) 107 108 extern long __get_user_unaligned_unknown (void); 109 110 #define __get_user_unaligned(x, ptr) \ 111 ({ \ 112 long __ret; \ 113 switch (sizeof(*(ptr))) { \ 114 case 1: __ret = __get_user((x), (ptr)); break; \ 115 case 2: __ret = (__get_user((x), (u8 __user *)(ptr))) \ 116 | (__get_user((x) >> 8, ((u8 __user *)(ptr) + 1))); break; \ 117 case 4: __ret = (__get_user((x), (u16 __user *)(ptr))) \ 118 | (__get_user((x) >> 16, ((u16 __user *)(ptr) + 1))); break; \ 119 case 8: __ret = (__get_user((x), (u32 __user *)(ptr))) \ 120 | (__get_user((x) >> 32, ((u32 __user *)(ptr) + 1))); break; \ 121 default: __ret = __get_user_unaligned_unknown(); \ 122 } \ 123 __ret; \ 124 }) 125 126 #ifdef ASM_SUPPORTED 127 struct __large_struct { unsigned long buf[100]; }; 128 # define __m(x) (*(struct __large_struct __user *)(x)) 129 130 /* We need to declare the __ex_table section before we can use it in .xdata. */ 131 asm (".section \"__ex_table\", \"a\"\n\t.previous"); 132 133 # define __get_user_size(val, addr, n, err) \ 134 do { \ 135 register long __gu_r8 asm ("r8") = 0; \ 136 register long __gu_r9 asm ("r9"); \ 137 asm ("\n[1:]\tld"#n" %0=%2%P2\t// %0 and %1 get overwritten by exception handler\n" \ 138 "\t.xdata4 \"__ex_table\", 1b-., 1f-.+4\n" \ 139 "[1:]" \ 140 : "=r"(__gu_r9), "=r"(__gu_r8) : "m"(__m(addr)), "1"(__gu_r8)); \ 141 (err) = __gu_r8; \ 142 (val) = __gu_r9; \ 143 } while (0) 144 145 /* 146 * The "__put_user_size()" macro tells gcc it reads from memory instead of writing it. This 147 * is because they do not write to any memory gcc knows about, so there are no aliasing 148 * issues. 149 */ 150 # define __put_user_size(val, addr, n, err) \ 151 do { \ 152 register long __pu_r8 asm ("r8") = 0; \ 153 asm volatile ("\n[1:]\tst"#n" %1=%r2%P1\t// %0 gets overwritten by exception handler\n" \ 154 "\t.xdata4 \"__ex_table\", 1b-., 1f-.\n" \ 155 "[1:]" \ 156 : "=r"(__pu_r8) : "m"(__m(addr)), "rO"(val), "0"(__pu_r8)); \ 157 (err) = __pu_r8; \ 158 } while (0) 159 160 #else /* !ASM_SUPPORTED */ 161 # define RELOC_TYPE 2 /* ip-rel */ 162 # define __get_user_size(val, addr, n, err) \ 163 do { \ 164 __ld_user("__ex_table", (unsigned long) addr, n, RELOC_TYPE); \ 165 (err) = ia64_getreg(_IA64_REG_R8); \ 166 (val) = ia64_getreg(_IA64_REG_R9); \ 167 } while (0) 168 # define __put_user_size(val, addr, n, err) \ 169 do { \ 170 __st_user("__ex_table", (unsigned long) addr, n, RELOC_TYPE, \ 171 (__force unsigned long) (val)); \ 172 (err) = ia64_getreg(_IA64_REG_R8); \ 173 } while (0) 174 #endif /* !ASM_SUPPORTED */ 175 176 extern void __get_user_unknown (void); 177 178 /* 179 * Evaluating arguments X, PTR, SIZE, and SEGMENT may involve subroutine-calls, which 180 * could clobber r8 and r9 (among others). Thus, be careful not to evaluate it while 181 * using r8/r9. 182 */ 183 #define __do_get_user(check, x, ptr, size) \ 184 ({ \ 185 const __typeof__(*(ptr)) __user *__gu_ptr = (ptr); \ 186 __typeof__ (size) __gu_size = (size); \ 187 long __gu_err = -EFAULT; \ 188 unsigned long __gu_val = 0; \ 189 if (!check || __access_ok(__gu_ptr, size)) \ 190 switch (__gu_size) { \ 191 case 1: __get_user_size(__gu_val, __gu_ptr, 1, __gu_err); break; \ 192 case 2: __get_user_size(__gu_val, __gu_ptr, 2, __gu_err); break; \ 193 case 4: __get_user_size(__gu_val, __gu_ptr, 4, __gu_err); break; \ 194 case 8: __get_user_size(__gu_val, __gu_ptr, 8, __gu_err); break; \ 195 default: __get_user_unknown(); break; \ 196 } \ 197 (x) = (__force __typeof__(*(__gu_ptr))) __gu_val; \ 198 __gu_err; \ 199 }) 200 201 #define __get_user_nocheck(x, ptr, size) __do_get_user(0, x, ptr, size) 202 #define __get_user_check(x, ptr, size) __do_get_user(1, x, ptr, size) 203 204 extern void __put_user_unknown (void); 205 206 /* 207 * Evaluating arguments X, PTR, SIZE, and SEGMENT may involve subroutine-calls, which 208 * could clobber r8 (among others). Thus, be careful not to evaluate them while using r8. 209 */ 210 #define __do_put_user(check, x, ptr, size) \ 211 ({ \ 212 __typeof__ (x) __pu_x = (x); \ 213 __typeof__ (*(ptr)) __user *__pu_ptr = (ptr); \ 214 __typeof__ (size) __pu_size = (size); \ 215 long __pu_err = -EFAULT; \ 216 \ 217 if (!check || __access_ok(__pu_ptr, __pu_size)) \ 218 switch (__pu_size) { \ 219 case 1: __put_user_size(__pu_x, __pu_ptr, 1, __pu_err); break; \ 220 case 2: __put_user_size(__pu_x, __pu_ptr, 2, __pu_err); break; \ 221 case 4: __put_user_size(__pu_x, __pu_ptr, 4, __pu_err); break; \ 222 case 8: __put_user_size(__pu_x, __pu_ptr, 8, __pu_err); break; \ 223 default: __put_user_unknown(); break; \ 224 } \ 225 __pu_err; \ 226 }) 227 228 #define __put_user_nocheck(x, ptr, size) __do_put_user(0, x, ptr, size) 229 #define __put_user_check(x, ptr, size) __do_put_user(1, x, ptr, size) 230 231 /* 232 * Complex access routines 233 */ 234 extern unsigned long __must_check __copy_user (void __user *to, const void __user *from, 235 unsigned long count); 236 237 static inline unsigned long 238 raw_copy_to_user(void __user *to, const void *from, unsigned long count) 239 { 240 return __copy_user(to, (__force void __user *) from, count); 241 } 242 243 static inline unsigned long 244 raw_copy_from_user(void *to, const void __user *from, unsigned long count) 245 { 246 return __copy_user((__force void __user *) to, from, count); 247 } 248 249 #define INLINE_COPY_FROM_USER 250 #define INLINE_COPY_TO_USER 251 252 extern unsigned long __do_clear_user (void __user *, unsigned long); 253 254 #define __clear_user(to, n) __do_clear_user(to, n) 255 256 #define clear_user(to, n) \ 257 ({ \ 258 unsigned long __cu_len = (n); \ 259 if (__access_ok(to, __cu_len)) \ 260 __cu_len = __do_clear_user(to, __cu_len); \ 261 __cu_len; \ 262 }) 263 264 265 /* 266 * Returns: -EFAULT if exception before terminator, N if the entire buffer filled, else 267 * strlen. 268 */ 269 extern long __must_check __strncpy_from_user (char *to, const char __user *from, long to_len); 270 271 #define strncpy_from_user(to, from, n) \ 272 ({ \ 273 const char __user * __sfu_from = (from); \ 274 long __sfu_ret = -EFAULT; \ 275 if (__access_ok(__sfu_from, 0)) \ 276 __sfu_ret = __strncpy_from_user((to), __sfu_from, (n)); \ 277 __sfu_ret; \ 278 }) 279 280 /* Returns: 0 if bad, string length+1 (memory size) of string if ok */ 281 extern unsigned long __strlen_user (const char __user *); 282 283 #define strlen_user(str) \ 284 ({ \ 285 const char __user *__su_str = (str); \ 286 unsigned long __su_ret = 0; \ 287 if (__access_ok(__su_str, 0)) \ 288 __su_ret = __strlen_user(__su_str); \ 289 __su_ret; \ 290 }) 291 292 /* 293 * Returns: 0 if exception before NUL or reaching the supplied limit 294 * (N), a value greater than N if the limit would be exceeded, else 295 * strlen. 296 */ 297 extern unsigned long __strnlen_user (const char __user *, long); 298 299 #define strnlen_user(str, len) \ 300 ({ \ 301 const char __user *__su_str = (str); \ 302 unsigned long __su_ret = 0; \ 303 if (__access_ok(__su_str, 0)) \ 304 __su_ret = __strnlen_user(__su_str, len); \ 305 __su_ret; \ 306 }) 307 308 #define ARCH_HAS_TRANSLATE_MEM_PTR 1 309 static __inline__ void * 310 xlate_dev_mem_ptr(phys_addr_t p) 311 { 312 struct page *page; 313 void *ptr; 314 315 page = pfn_to_page(p >> PAGE_SHIFT); 316 if (PageUncached(page)) 317 ptr = (void *)p + __IA64_UNCACHED_OFFSET; 318 else 319 ptr = __va(p); 320 321 return ptr; 322 } 323 324 /* 325 * Convert a virtual cached kernel memory pointer to an uncached pointer 326 */ 327 static __inline__ void * 328 xlate_dev_kmem_ptr(void *p) 329 { 330 struct page *page; 331 void *ptr; 332 333 page = virt_to_page((unsigned long)p); 334 if (PageUncached(page)) 335 ptr = (void *)__pa(p) + __IA64_UNCACHED_OFFSET; 336 else 337 ptr = p; 338 339 return ptr; 340 } 341 342 #endif /* _ASM_IA64_UACCESS_H */ 343