xref: /openbmc/linux/arch/xtensa/include/asm/uaccess.h (revision 0da85d1e)
1 /*
2  * include/asm-xtensa/uaccess.h
3  *
4  * User space memory access functions
5  *
6  * These routines provide basic accessing functions to the user memory
7  * space for the kernel. This header file provides functions such as:
8  *
9  * This file is subject to the terms and conditions of the GNU General Public
10  * License.  See the file "COPYING" in the main directory of this archive
11  * for more details.
12  *
13  * Copyright (C) 2001 - 2005 Tensilica Inc.
14  */
15 
16 #ifndef _XTENSA_UACCESS_H
17 #define _XTENSA_UACCESS_H
18 
19 #include <linux/errno.h>
20 #ifndef __ASSEMBLY__
21 #include <linux/prefetch.h>
22 #endif
23 #include <asm/types.h>
24 
25 #define VERIFY_READ    0
26 #define VERIFY_WRITE   1
27 
28 #ifdef __ASSEMBLY__
29 
30 #include <asm/current.h>
31 #include <asm/asm-offsets.h>
32 #include <asm/processor.h>
33 
34 /*
35  * These assembly macros mirror the C macros that follow below.  They
36  * should always have identical functionality.  See
37  * arch/xtensa/kernel/sys.S for usage.
38  */
39 
40 #define KERNEL_DS	0
41 #define USER_DS		1
42 
43 #define get_ds		(KERNEL_DS)
44 
45 /*
46  * get_fs reads current->thread.current_ds into a register.
47  * On Entry:
48  * 	<ad>	anything
49  * 	<sp>	stack
50  * On Exit:
51  * 	<ad>	contains current->thread.current_ds
52  */
53 	.macro	get_fs	ad, sp
54 	GET_CURRENT(\ad,\sp)
55 #if THREAD_CURRENT_DS > 1020
56 	addi	\ad, \ad, TASK_THREAD
57 	l32i	\ad, \ad, THREAD_CURRENT_DS - TASK_THREAD
58 #else
59 	l32i	\ad, \ad, THREAD_CURRENT_DS
60 #endif
61 	.endm
62 
63 /*
64  * set_fs sets current->thread.current_ds to some value.
65  * On Entry:
66  *	<at>	anything (temp register)
67  *	<av>	value to write
68  *	<sp>	stack
69  * On Exit:
70  *	<at>	destroyed (actually, current)
71  *	<av>	preserved, value to write
72  */
73 	.macro	set_fs	at, av, sp
74 	GET_CURRENT(\at,\sp)
75 	s32i	\av, \at, THREAD_CURRENT_DS
76 	.endm
77 
78 /*
79  * kernel_ok determines whether we should bypass addr/size checking.
80  * See the equivalent C-macro version below for clarity.
81  * On success, kernel_ok branches to a label indicated by parameter
82  * <success>.  This implies that the macro falls through to the next
83  * insruction on an error.
84  *
85  * Note that while this macro can be used independently, we designed
86  * in for optimal use in the access_ok macro below (i.e., we fall
87  * through on error).
88  *
89  * On Entry:
90  * 	<at>		anything (temp register)
91  * 	<success>	label to branch to on success; implies
92  * 			fall-through macro on error
93  * 	<sp>		stack pointer
94  * On Exit:
95  * 	<at>		destroyed (actually, current->thread.current_ds)
96  */
97 
98 #if ((KERNEL_DS != 0) || (USER_DS == 0))
99 # error Assembly macro kernel_ok fails
100 #endif
101 	.macro	kernel_ok  at, sp, success
102 	get_fs	\at, \sp
103 	beqz	\at, \success
104 	.endm
105 
106 /*
107  * user_ok determines whether the access to user-space memory is allowed.
108  * See the equivalent C-macro version below for clarity.
109  *
110  * On error, user_ok branches to a label indicated by parameter
111  * <error>.  This implies that the macro falls through to the next
112  * instruction on success.
113  *
114  * Note that while this macro can be used independently, we designed
115  * in for optimal use in the access_ok macro below (i.e., we fall
116  * through on success).
117  *
118  * On Entry:
119  * 	<aa>	register containing memory address
120  * 	<as>	register containing memory size
121  * 	<at>	temp register
122  * 	<error>	label to branch to on error; implies fall-through
123  * 		macro on success
124  * On Exit:
125  * 	<aa>	preserved
126  * 	<as>	preserved
127  * 	<at>	destroyed (actually, (TASK_SIZE + 1 - size))
128  */
129 	.macro	user_ok	aa, as, at, error
130 	movi	\at, __XTENSA_UL_CONST(TASK_SIZE)
131 	bgeu	\as, \at, \error
132 	sub	\at, \at, \as
133 	bgeu	\aa, \at, \error
134 	.endm
135 
136 /*
137  * access_ok determines whether a memory access is allowed.  See the
138  * equivalent C-macro version below for clarity.
139  *
140  * On error, access_ok branches to a label indicated by parameter
141  * <error>.  This implies that the macro falls through to the next
142  * instruction on success.
143  *
144  * Note that we assume success is the common case, and we optimize the
145  * branch fall-through case on success.
146  *
147  * On Entry:
148  * 	<aa>	register containing memory address
149  * 	<as>	register containing memory size
150  * 	<at>	temp register
151  * 	<sp>
152  * 	<error>	label to branch to on error; implies fall-through
153  * 		macro on success
154  * On Exit:
155  * 	<aa>	preserved
156  * 	<as>	preserved
157  * 	<at>	destroyed
158  */
159 	.macro	access_ok  aa, as, at, sp, error
160 	kernel_ok  \at, \sp, .Laccess_ok_\@
161 	user_ok    \aa, \as, \at, \error
162 .Laccess_ok_\@:
163 	.endm
164 
165 #else /* __ASSEMBLY__ not defined */
166 
167 #include <linux/sched.h>
168 
169 /*
170  * The fs value determines whether argument validity checking should
171  * be performed or not.  If get_fs() == USER_DS, checking is
172  * performed, with get_fs() == KERNEL_DS, checking is bypassed.
173  *
174  * For historical reasons (Data Segment Register?), these macros are
175  * grossly misnamed.
176  */
177 
178 #define KERNEL_DS	((mm_segment_t) { 0 })
179 #define USER_DS		((mm_segment_t) { 1 })
180 
181 #define get_ds()	(KERNEL_DS)
182 #define get_fs()	(current->thread.current_ds)
183 #define set_fs(val)	(current->thread.current_ds = (val))
184 
185 #define segment_eq(a, b)	((a).seg == (b).seg)
186 
187 #define __kernel_ok (segment_eq(get_fs(), KERNEL_DS))
188 #define __user_ok(addr, size) \
189 		(((size) <= TASK_SIZE)&&((addr) <= TASK_SIZE-(size)))
190 #define __access_ok(addr, size) (__kernel_ok || __user_ok((addr), (size)))
191 #define access_ok(type, addr, size) __access_ok((unsigned long)(addr), (size))
192 
193 /*
194  * These are the main single-value transfer routines.  They
195  * automatically use the right size if we just have the right pointer
196  * type.
197  *
198  * This gets kind of ugly. We want to return _two_ values in
199  * "get_user()" and yet we don't want to do any pointers, because that
200  * is too much of a performance impact. Thus we have a few rather ugly
201  * macros here, and hide all the uglyness from the user.
202  *
203  * Careful to not
204  * (a) re-use the arguments for side effects (sizeof is ok)
205  * (b) require any knowledge of processes at this stage
206  */
207 #define put_user(x, ptr)	__put_user_check((x), (ptr), sizeof(*(ptr)))
208 #define get_user(x, ptr) __get_user_check((x), (ptr), sizeof(*(ptr)))
209 
210 /*
211  * The "__xxx" versions of the user access functions are versions that
212  * do not verify the address space, that must have been done previously
213  * with a separate "access_ok()" call (this is used when we do multiple
214  * accesses to the same area of user memory).
215  */
216 #define __put_user(x, ptr) __put_user_nocheck((x), (ptr), sizeof(*(ptr)))
217 #define __get_user(x, ptr) __get_user_nocheck((x), (ptr), sizeof(*(ptr)))
218 
219 
220 extern long __put_user_bad(void);
221 
222 #define __put_user_nocheck(x, ptr, size)		\
223 ({							\
224 	long __pu_err;					\
225 	__put_user_size((x), (ptr), (size), __pu_err);	\
226 	__pu_err;					\
227 })
228 
229 #define __put_user_check(x, ptr, size)					\
230 ({									\
231 	long __pu_err = -EFAULT;					\
232 	__typeof__(*(ptr)) *__pu_addr = (ptr);				\
233 	if (access_ok(VERIFY_WRITE, __pu_addr, size))			\
234 		__put_user_size((x), __pu_addr, (size), __pu_err);	\
235 	__pu_err;							\
236 })
237 
238 #define __put_user_size(x, ptr, size, retval)				\
239 do {									\
240 	int __cb;							\
241 	retval = 0;							\
242 	switch (size) {							\
243 	case 1: __put_user_asm(x, ptr, retval, 1, "s8i", __cb);  break;	\
244 	case 2: __put_user_asm(x, ptr, retval, 2, "s16i", __cb); break;	\
245 	case 4: __put_user_asm(x, ptr, retval, 4, "s32i", __cb); break;	\
246 	case 8: {							\
247 		     __typeof__(*ptr) __v64 = x;			\
248 		     retval = __copy_to_user(ptr, &__v64, 8);		\
249 		     break;						\
250 	        }							\
251 	default: __put_user_bad();					\
252 	}								\
253 } while (0)
254 
255 
256 /*
257  * Consider a case of a user single load/store would cause both an
258  * unaligned exception and an MMU-related exception (unaligned
259  * exceptions happen first):
260  *
261  * User code passes a bad variable ptr to a system call.
262  * Kernel tries to access the variable.
263  * Unaligned exception occurs.
264  * Unaligned exception handler tries to make aligned accesses.
265  * Double exception occurs for MMU-related cause (e.g., page not mapped).
266  * do_page_fault() thinks the fault address belongs to the kernel, not the
267  * user, and panics.
268  *
269  * The kernel currently prohibits user unaligned accesses.  We use the
270  * __check_align_* macros to check for unaligned addresses before
271  * accessing user space so we don't crash the kernel.  Both
272  * __put_user_asm and __get_user_asm use these alignment macros, so
273  * macro-specific labels such as 0f, 1f, %0, %2, and %3 must stay in
274  * sync.
275  */
276 
277 #define __check_align_1  ""
278 
279 #define __check_align_2				\
280 	"   _bbci.l %3,  0, 1f		\n"	\
281 	"   movi    %0, %4		\n"	\
282 	"   _j      2f			\n"
283 
284 #define __check_align_4				\
285 	"   _bbsi.l %3,  0, 0f		\n"	\
286 	"   _bbci.l %3,  1, 1f		\n"	\
287 	"0: movi    %0, %4		\n"	\
288 	"   _j      2f			\n"
289 
290 
291 /*
292  * We don't tell gcc that we are accessing memory, but this is OK
293  * because we do not write to any memory gcc knows about, so there
294  * are no aliasing issues.
295  *
296  * WARNING: If you modify this macro at all, verify that the
297  * __check_align_* macros still work.
298  */
299 #define __put_user_asm(x, addr, err, align, insn, cb)	\
300 __asm__ __volatile__(					\
301 	__check_align_##align				\
302 	"1: "insn"  %2, %3, 0		\n"		\
303 	"2:				\n"		\
304 	"   .section  .fixup,\"ax\"	\n"		\
305 	"   .align 4			\n"		\
306 	"4:				\n"		\
307 	"   .long  2b			\n"		\
308 	"5:				\n"		\
309 	"   l32r   %1, 4b		\n"		\
310 	"   movi   %0, %4		\n"		\
311 	"   jx     %1			\n"		\
312 	"   .previous			\n"		\
313 	"   .section  __ex_table,\"a\"	\n"		\
314 	"   .long	1b, 5b		\n"		\
315 	"   .previous"					\
316 	:"=r" (err), "=r" (cb)				\
317 	:"r" ((int)(x)), "r" (addr), "i" (-EFAULT), "0" (err))
318 
319 #define __get_user_nocheck(x, ptr, size)			\
320 ({								\
321 	long __gu_err, __gu_val;				\
322 	__get_user_size(__gu_val, (ptr), (size), __gu_err);	\
323 	(x) = (__force __typeof__(*(ptr)))__gu_val;		\
324 	__gu_err;						\
325 })
326 
327 #define __get_user_check(x, ptr, size)					\
328 ({									\
329 	long __gu_err = -EFAULT, __gu_val = 0;				\
330 	const __typeof__(*(ptr)) *__gu_addr = (ptr);			\
331 	if (access_ok(VERIFY_READ, __gu_addr, size))			\
332 		__get_user_size(__gu_val, __gu_addr, (size), __gu_err);	\
333 	(x) = (__force __typeof__(*(ptr)))__gu_val;			\
334 	__gu_err;							\
335 })
336 
337 extern long __get_user_bad(void);
338 
339 #define __get_user_size(x, ptr, size, retval)				\
340 do {									\
341 	int __cb;							\
342 	retval = 0;							\
343 	switch (size) {							\
344 	case 1: __get_user_asm(x, ptr, retval, 1, "l8ui", __cb);  break;\
345 	case 2: __get_user_asm(x, ptr, retval, 2, "l16ui", __cb); break;\
346 	case 4: __get_user_asm(x, ptr, retval, 4, "l32i", __cb);  break;\
347 	case 8: retval = __copy_from_user(&x, ptr, 8);    break;	\
348 	default: (x) = __get_user_bad();				\
349 	}								\
350 } while (0)
351 
352 
353 /*
354  * WARNING: If you modify this macro at all, verify that the
355  * __check_align_* macros still work.
356  */
357 #define __get_user_asm(x, addr, err, align, insn, cb) \
358 __asm__ __volatile__(			\
359 	__check_align_##align			\
360 	"1: "insn"  %2, %3, 0		\n"	\
361 	"2:				\n"	\
362 	"   .section  .fixup,\"ax\"	\n"	\
363 	"   .align 4			\n"	\
364 	"4:				\n"	\
365 	"   .long  2b			\n"	\
366 	"5:				\n"	\
367 	"   l32r   %1, 4b		\n"	\
368 	"   movi   %2, 0		\n"	\
369 	"   movi   %0, %4		\n"	\
370 	"   jx     %1			\n"	\
371 	"   .previous			\n"	\
372 	"   .section  __ex_table,\"a\"	\n"	\
373 	"   .long	1b, 5b		\n"	\
374 	"   .previous"				\
375 	:"=r" (err), "=r" (cb), "=r" (x)	\
376 	:"r" (addr), "i" (-EFAULT), "0" (err))
377 
378 
379 /*
380  * Copy to/from user space
381  */
382 
383 /*
384  * We use a generic, arbitrary-sized copy subroutine.  The Xtensa
385  * architecture would cause heavy code bloat if we tried to inline
386  * these functions and provide __constant_copy_* equivalents like the
387  * i386 versions.  __xtensa_copy_user is quite efficient.  See the
388  * .fixup section of __xtensa_copy_user for a discussion on the
389  * X_zeroing equivalents for Xtensa.
390  */
391 
392 extern unsigned __xtensa_copy_user(void *to, const void *from, unsigned n);
393 #define __copy_user(to, from, size) __xtensa_copy_user(to, from, size)
394 
395 
396 static inline unsigned long
397 __generic_copy_from_user_nocheck(void *to, const void *from, unsigned long n)
398 {
399 	return __copy_user(to, from, n);
400 }
401 
402 static inline unsigned long
403 __generic_copy_to_user_nocheck(void *to, const void *from, unsigned long n)
404 {
405 	return __copy_user(to, from, n);
406 }
407 
408 static inline unsigned long
409 __generic_copy_to_user(void *to, const void *from, unsigned long n)
410 {
411 	prefetch(from);
412 	if (access_ok(VERIFY_WRITE, to, n))
413 		return __copy_user(to, from, n);
414 	return n;
415 }
416 
417 static inline unsigned long
418 __generic_copy_from_user(void *to, const void *from, unsigned long n)
419 {
420 	prefetchw(to);
421 	if (access_ok(VERIFY_READ, from, n))
422 		return __copy_user(to, from, n);
423 	else
424 		memset(to, 0, n);
425 	return n;
426 }
427 
428 #define copy_to_user(to, from, n) __generic_copy_to_user((to), (from), (n))
429 #define copy_from_user(to, from, n) __generic_copy_from_user((to), (from), (n))
430 #define __copy_to_user(to, from, n) \
431 	__generic_copy_to_user_nocheck((to), (from), (n))
432 #define __copy_from_user(to, from, n) \
433 	__generic_copy_from_user_nocheck((to), (from), (n))
434 #define __copy_to_user_inatomic __copy_to_user
435 #define __copy_from_user_inatomic __copy_from_user
436 
437 
438 /*
439  * We need to return the number of bytes not cleared.  Our memset()
440  * returns zero if a problem occurs while accessing user-space memory.
441  * In that event, return no memory cleared.  Otherwise, zero for
442  * success.
443  */
444 
445 static inline unsigned long
446 __xtensa_clear_user(void *addr, unsigned long size)
447 {
448 	if ( ! memset(addr, 0, size) )
449 		return size;
450 	return 0;
451 }
452 
453 static inline unsigned long
454 clear_user(void *addr, unsigned long size)
455 {
456 	if (access_ok(VERIFY_WRITE, addr, size))
457 		return __xtensa_clear_user(addr, size);
458 	return size ? -EFAULT : 0;
459 }
460 
461 #define __clear_user  __xtensa_clear_user
462 
463 
464 extern long __strncpy_user(char *, const char *, long);
465 #define __strncpy_from_user __strncpy_user
466 
467 static inline long
468 strncpy_from_user(char *dst, const char *src, long count)
469 {
470 	if (access_ok(VERIFY_READ, src, 1))
471 		return __strncpy_from_user(dst, src, count);
472 	return -EFAULT;
473 }
474 
475 
476 #define strlen_user(str) strnlen_user((str), TASK_SIZE - 1)
477 
478 /*
479  * Return the size of a string (including the ending 0!)
480  */
481 extern long __strnlen_user(const char *, long);
482 
483 static inline long strnlen_user(const char *str, long len)
484 {
485 	unsigned long top = __kernel_ok ? ~0UL : TASK_SIZE - 1;
486 
487 	if ((unsigned long)str > top)
488 		return 0;
489 	return __strnlen_user(str, len);
490 }
491 
492 
493 struct exception_table_entry
494 {
495 	unsigned long insn, fixup;
496 };
497 
498 /* Returns 0 if exception not found and fixup.unit otherwise.  */
499 
500 extern unsigned long search_exception_table(unsigned long addr);
501 extern void sort_exception_table(void);
502 
503 /* Returns the new pc */
504 #define fixup_exception(map_reg, fixup_unit, pc)                \
505 ({                                                              \
506 	fixup_unit;                                             \
507 })
508 
509 #endif	/* __ASSEMBLY__ */
510 #endif	/* _XTENSA_UACCESS_H */
511