xref: /openbmc/linux/arch/s390/include/asm/uaccess.h (revision 81d67439) 
1 /*
2  *  include/asm-s390/uaccess.h
3  *
4  *  S390 version
5  *    Copyright (C) 1999,2000 IBM Deutschland Entwicklung GmbH, IBM Corporation
6  *    Author(s): Hartmut Penner (hp@de.ibm.com),
7  *               Martin Schwidefsky (schwidefsky@de.ibm.com)
8  *
9  *  Derived from "include/asm-i386/uaccess.h"
10  */
11 #ifndef __S390_UACCESS_H
12 #define __S390_UACCESS_H
13 
14 /*
15  * User space memory access functions
16  */
17 #include <linux/sched.h>
18 #include <linux/errno.h>
19 
20 #define VERIFY_READ     0
21 #define VERIFY_WRITE    1
22 
23 
24 /*
25  * The fs value determines whether argument validity checking should be
26  * performed or not.  If get_fs() == USER_DS, checking is performed, with
27  * get_fs() == KERNEL_DS, checking is bypassed.
28  *
29  * For historical reasons, these macros are grossly misnamed.
30  */
31 
32 #define MAKE_MM_SEG(a)  ((mm_segment_t) { (a) })
33 
34 
35 #define KERNEL_DS       MAKE_MM_SEG(0)
36 #define USER_DS         MAKE_MM_SEG(1)
37 
38 #define get_ds()        (KERNEL_DS)
39 #define get_fs()        (current->thread.mm_segment)
40 
41 #define set_fs(x) \
42 ({									\
43 	unsigned long __pto;						\
44 	current->thread.mm_segment = (x);				\
45 	__pto = current->thread.mm_segment.ar4 ?			\
46 		S390_lowcore.user_asce : S390_lowcore.kernel_asce;	\
47 	__ctl_load(__pto, 7, 7);					\
48 })
49 
50 #define segment_eq(a,b) ((a).ar4 == (b).ar4)
51 
52 #define __access_ok(addr, size)	\
53 ({				\
54 	__chk_user_ptr(addr);	\
55 	1;			\
56 })
57 
58 #define access_ok(type, addr, size) __access_ok(addr, size)
59 
60 /*
61  * The exception table consists of pairs of addresses: the first is the
62  * address of an instruction that is allowed to fault, and the second is
63  * the address at which the program should continue.  No registers are
64  * modified, so it is entirely up to the continuation code to figure out
65  * what to do.
66  *
67  * All the routines below use bits of fixup code that are out of line
68  * with the main instruction path.  This means when everything is well,
69  * we don't even have to jump over them.  Further, they do not intrude
70  * on our cache or tlb entries.
71  */
72 
73 struct exception_table_entry
74 {
75         unsigned long insn, fixup;
76 };
77 
78 struct uaccess_ops {
79 	size_t (*copy_from_user)(size_t, const void __user *, void *);
80 	size_t (*copy_from_user_small)(size_t, const void __user *, void *);
81 	size_t (*copy_to_user)(size_t, void __user *, const void *);
82 	size_t (*copy_to_user_small)(size_t, void __user *, const void *);
83 	size_t (*copy_in_user)(size_t, void __user *, const void __user *);
84 	size_t (*clear_user)(size_t, void __user *);
85 	size_t (*strnlen_user)(size_t, const char __user *);
86 	size_t (*strncpy_from_user)(size_t, const char __user *, char *);
87 	int (*futex_atomic_op)(int op, u32 __user *, int oparg, int *old);
88 	int (*futex_atomic_cmpxchg)(u32 *, u32 __user *, u32 old, u32 new);
89 };
90 
91 extern struct uaccess_ops uaccess;
92 extern struct uaccess_ops uaccess_std;
93 extern struct uaccess_ops uaccess_mvcos;
94 extern struct uaccess_ops uaccess_mvcos_switch;
95 extern struct uaccess_ops uaccess_pt;
96 
97 extern int __handle_fault(unsigned long, unsigned long, int);
98 
99 static inline int __put_user_fn(size_t size, void __user *ptr, void *x)
100 {
101 	size = uaccess.copy_to_user_small(size, ptr, x);
102 	return size ? -EFAULT : size;
103 }
104 
105 static inline int __get_user_fn(size_t size, const void __user *ptr, void *x)
106 {
107 	size = uaccess.copy_from_user_small(size, ptr, x);
108 	return size ? -EFAULT : size;
109 }
110 
111 /*
112  * These are the main single-value transfer routines.  They automatically
113  * use the right size if we just have the right pointer type.
114  */
115 #define __put_user(x, ptr) \
116 ({								\
117 	__typeof__(*(ptr)) __x = (x);				\
118 	int __pu_err = -EFAULT;					\
119         __chk_user_ptr(ptr);                                    \
120 	switch (sizeof (*(ptr))) {				\
121 	case 1:							\
122 	case 2:							\
123 	case 4:							\
124 	case 8:							\
125 		__pu_err = __put_user_fn(sizeof (*(ptr)),	\
126 					 ptr, &__x);		\
127 		break;						\
128 	default:						\
129 		__put_user_bad();				\
130 		break;						\
131 	 }							\
132 	__pu_err;						\
133 })
134 
135 #define put_user(x, ptr)					\
136 ({								\
137 	might_fault();						\
138 	__put_user(x, ptr);					\
139 })
140 
141 
142 extern int __put_user_bad(void) __attribute__((noreturn));
143 
144 #define __get_user(x, ptr)					\
145 ({								\
146 	int __gu_err = -EFAULT;					\
147 	__chk_user_ptr(ptr);					\
148 	switch (sizeof(*(ptr))) {				\
149 	case 1: {						\
150 		unsigned char __x;				\
151 		__gu_err = __get_user_fn(sizeof (*(ptr)),	\
152 					 ptr, &__x);		\
153 		(x) = *(__force __typeof__(*(ptr)) *) &__x;	\
154 		break;						\
155 	};							\
156 	case 2: {						\
157 		unsigned short __x;				\
158 		__gu_err = __get_user_fn(sizeof (*(ptr)),	\
159 					 ptr, &__x);		\
160 		(x) = *(__force __typeof__(*(ptr)) *) &__x;	\
161 		break;						\
162 	};							\
163 	case 4: {						\
164 		unsigned int __x;				\
165 		__gu_err = __get_user_fn(sizeof (*(ptr)),	\
166 					 ptr, &__x);		\
167 		(x) = *(__force __typeof__(*(ptr)) *) &__x;	\
168 		break;						\
169 	};							\
170 	case 8: {						\
171 		unsigned long long __x;				\
172 		__gu_err = __get_user_fn(sizeof (*(ptr)),	\
173 					 ptr, &__x);		\
174 		(x) = *(__force __typeof__(*(ptr)) *) &__x;	\
175 		break;						\
176 	};							\
177 	default:						\
178 		__get_user_bad();				\
179 		break;						\
180 	}							\
181 	__gu_err;						\
182 })
183 
184 #define get_user(x, ptr)					\
185 ({								\
186 	might_fault();						\
187 	__get_user(x, ptr);					\
188 })
189 
190 extern int __get_user_bad(void) __attribute__((noreturn));
191 
192 #define __put_user_unaligned __put_user
193 #define __get_user_unaligned __get_user
194 
195 /**
196  * __copy_to_user: - Copy a block of data into user space, with less checking.
197  * @to:   Destination address, in user space.
198  * @from: Source address, in kernel space.
199  * @n:    Number of bytes to copy.
200  *
201  * Context: User context only.  This function may sleep.
202  *
203  * Copy data from kernel space to user space.  Caller must check
204  * the specified block with access_ok() before calling this function.
205  *
206  * Returns number of bytes that could not be copied.
207  * On success, this will be zero.
208  */
209 static inline unsigned long __must_check
210 __copy_to_user(void __user *to, const void *from, unsigned long n)
211 {
212 	if (__builtin_constant_p(n) && (n <= 256))
213 		return uaccess.copy_to_user_small(n, to, from);
214 	else
215 		return uaccess.copy_to_user(n, to, from);
216 }
217 
218 #define __copy_to_user_inatomic __copy_to_user
219 #define __copy_from_user_inatomic __copy_from_user
220 
221 /**
222  * copy_to_user: - Copy a block of data into user space.
223  * @to:   Destination address, in user space.
224  * @from: Source address, in kernel space.
225  * @n:    Number of bytes to copy.
226  *
227  * Context: User context only.  This function may sleep.
228  *
229  * Copy data from kernel space to user space.
230  *
231  * Returns number of bytes that could not be copied.
232  * On success, this will be zero.
233  */
234 static inline unsigned long __must_check
235 copy_to_user(void __user *to, const void *from, unsigned long n)
236 {
237 	might_fault();
238 	if (access_ok(VERIFY_WRITE, to, n))
239 		n = __copy_to_user(to, from, n);
240 	return n;
241 }
242 
243 /**
244  * __copy_from_user: - Copy a block of data from user space, with less checking.
245  * @to:   Destination address, in kernel space.
246  * @from: Source address, in user space.
247  * @n:    Number of bytes to copy.
248  *
249  * Context: User context only.  This function may sleep.
250  *
251  * Copy data from user space to kernel space.  Caller must check
252  * the specified block with access_ok() before calling this function.
253  *
254  * Returns number of bytes that could not be copied.
255  * On success, this will be zero.
256  *
257  * If some data could not be copied, this function will pad the copied
258  * data to the requested size using zero bytes.
259  */
260 static inline unsigned long __must_check
261 __copy_from_user(void *to, const void __user *from, unsigned long n)
262 {
263 	if (__builtin_constant_p(n) && (n <= 256))
264 		return uaccess.copy_from_user_small(n, from, to);
265 	else
266 		return uaccess.copy_from_user(n, from, to);
267 }
268 
269 extern void copy_from_user_overflow(void)
270 #ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
271 __compiletime_warning("copy_from_user() buffer size is not provably correct")
272 #endif
273 ;
274 
275 /**
276  * copy_from_user: - Copy a block of data from user space.
277  * @to:   Destination address, in kernel space.
278  * @from: Source address, in user space.
279  * @n:    Number of bytes to copy.
280  *
281  * Context: User context only.  This function may sleep.
282  *
283  * Copy data from user space to kernel space.
284  *
285  * Returns number of bytes that could not be copied.
286  * On success, this will be zero.
287  *
288  * If some data could not be copied, this function will pad the copied
289  * data to the requested size using zero bytes.
290  */
291 static inline unsigned long __must_check
292 copy_from_user(void *to, const void __user *from, unsigned long n)
293 {
294 	unsigned int sz = __compiletime_object_size(to);
295 
296 	might_fault();
297 	if (unlikely(sz != -1 && sz < n)) {
298 		copy_from_user_overflow();
299 		return n;
300 	}
301 	if (access_ok(VERIFY_READ, from, n))
302 		n = __copy_from_user(to, from, n);
303 	else
304 		memset(to, 0, n);
305 	return n;
306 }
307 
308 static inline unsigned long __must_check
309 __copy_in_user(void __user *to, const void __user *from, unsigned long n)
310 {
311 	return uaccess.copy_in_user(n, to, from);
312 }
313 
314 static inline unsigned long __must_check
315 copy_in_user(void __user *to, const void __user *from, unsigned long n)
316 {
317 	might_fault();
318 	if (__access_ok(from,n) && __access_ok(to,n))
319 		n = __copy_in_user(to, from, n);
320 	return n;
321 }
322 
323 /*
324  * Copy a null terminated string from userspace.
325  */
326 static inline long __must_check
327 strncpy_from_user(char *dst, const char __user *src, long count)
328 {
329         long res = -EFAULT;
330 	might_fault();
331         if (access_ok(VERIFY_READ, src, 1))
332 		res = uaccess.strncpy_from_user(count, src, dst);
333         return res;
334 }
335 
336 static inline unsigned long
337 strnlen_user(const char __user * src, unsigned long n)
338 {
339 	might_fault();
340 	return uaccess.strnlen_user(n, src);
341 }
342 
343 /**
344  * strlen_user: - Get the size of a string in user space.
345  * @str: The string to measure.
346  *
347  * Context: User context only.  This function may sleep.
348  *
349  * Get the size of a NUL-terminated string in user space.
350  *
351  * Returns the size of the string INCLUDING the terminating NUL.
352  * On exception, returns 0.
353  *
354  * If there is a limit on the length of a valid string, you may wish to
355  * consider using strnlen_user() instead.
356  */
357 #define strlen_user(str) strnlen_user(str, ~0UL)
358 
359 /*
360  * Zero Userspace
361  */
362 
363 static inline unsigned long __must_check
364 __clear_user(void __user *to, unsigned long n)
365 {
366 	return uaccess.clear_user(n, to);
367 }
368 
369 static inline unsigned long __must_check
370 clear_user(void __user *to, unsigned long n)
371 {
372 	might_fault();
373 	if (access_ok(VERIFY_WRITE, to, n))
374 		n = uaccess.clear_user(n, to);
375 	return n;
376 }
377 
378 #endif /* __S390_UACCESS_H */
379