1 /* 2 * include/asm-xtensa/uaccess.h 3 * 4 * User space memory access functions 5 * 6 * These routines provide basic accessing functions to the user memory 7 * space for the kernel. This header file provides functions such as: 8 * 9 * This file is subject to the terms and conditions of the GNU General Public 10 * License. See the file "COPYING" in the main directory of this archive 11 * for more details. 12 * 13 * Copyright (C) 2001 - 2005 Tensilica Inc. 14 */ 15 16 #ifndef _XTENSA_UACCESS_H 17 #define _XTENSA_UACCESS_H 18 19 #include <linux/errno.h> 20 #ifndef __ASSEMBLY__ 21 #include <linux/prefetch.h> 22 #endif 23 #include <asm/types.h> 24 25 #define VERIFY_READ 0 26 #define VERIFY_WRITE 1 27 28 #ifdef __ASSEMBLY__ 29 30 #include <asm/current.h> 31 #include <asm/asm-offsets.h> 32 #include <asm/processor.h> 33 34 /* 35 * These assembly macros mirror the C macros that follow below. They 36 * should always have identical functionality. See 37 * arch/xtensa/kernel/sys.S for usage. 38 */ 39 40 #define KERNEL_DS 0 41 #define USER_DS 1 42 43 #define get_ds (KERNEL_DS) 44 45 /* 46 * get_fs reads current->thread.current_ds into a register. 47 * On Entry: 48 * <ad> anything 49 * <sp> stack 50 * On Exit: 51 * <ad> contains current->thread.current_ds 52 */ 53 .macro get_fs ad, sp 54 GET_CURRENT(\ad,\sp) 55 #if THREAD_CURRENT_DS > 1020 56 addi \ad, \ad, TASK_THREAD 57 l32i \ad, \ad, THREAD_CURRENT_DS - TASK_THREAD 58 #else 59 l32i \ad, \ad, THREAD_CURRENT_DS 60 #endif 61 .endm 62 63 /* 64 * set_fs sets current->thread.current_ds to some value. 65 * On Entry: 66 * <at> anything (temp register) 67 * <av> value to write 68 * <sp> stack 69 * On Exit: 70 * <at> destroyed (actually, current) 71 * <av> preserved, value to write 72 */ 73 .macro set_fs at, av, sp 74 GET_CURRENT(\at,\sp) 75 s32i \av, \at, THREAD_CURRENT_DS 76 .endm 77 78 /* 79 * kernel_ok determines whether we should bypass addr/size checking. 80 * See the equivalent C-macro version below for clarity. 81 * On success, kernel_ok branches to a label indicated by parameter 82 * <success>. This implies that the macro falls through to the next 83 * insruction on an error. 84 * 85 * Note that while this macro can be used independently, we designed 86 * in for optimal use in the access_ok macro below (i.e., we fall 87 * through on error). 88 * 89 * On Entry: 90 * <at> anything (temp register) 91 * <success> label to branch to on success; implies 92 * fall-through macro on error 93 * <sp> stack pointer 94 * On Exit: 95 * <at> destroyed (actually, current->thread.current_ds) 96 */ 97 98 #if ((KERNEL_DS != 0) || (USER_DS == 0)) 99 # error Assembly macro kernel_ok fails 100 #endif 101 .macro kernel_ok at, sp, success 102 get_fs \at, \sp 103 beqz \at, \success 104 .endm 105 106 /* 107 * user_ok determines whether the access to user-space memory is allowed. 108 * See the equivalent C-macro version below for clarity. 109 * 110 * On error, user_ok branches to a label indicated by parameter 111 * <error>. This implies that the macro falls through to the next 112 * instruction on success. 113 * 114 * Note that while this macro can be used independently, we designed 115 * in for optimal use in the access_ok macro below (i.e., we fall 116 * through on success). 117 * 118 * On Entry: 119 * <aa> register containing memory address 120 * <as> register containing memory size 121 * <at> temp register 122 * <error> label to branch to on error; implies fall-through 123 * macro on success 124 * On Exit: 125 * <aa> preserved 126 * <as> preserved 127 * <at> destroyed (actually, (TASK_SIZE + 1 - size)) 128 */ 129 .macro user_ok aa, as, at, error 130 movi \at, __XTENSA_UL_CONST(TASK_SIZE) 131 bgeu \as, \at, \error 132 sub \at, \at, \as 133 bgeu \aa, \at, \error 134 .endm 135 136 /* 137 * access_ok determines whether a memory access is allowed. See the 138 * equivalent C-macro version below for clarity. 139 * 140 * On error, access_ok branches to a label indicated by parameter 141 * <error>. This implies that the macro falls through to the next 142 * instruction on success. 143 * 144 * Note that we assume success is the common case, and we optimize the 145 * branch fall-through case on success. 146 * 147 * On Entry: 148 * <aa> register containing memory address 149 * <as> register containing memory size 150 * <at> temp register 151 * <sp> 152 * <error> label to branch to on error; implies fall-through 153 * macro on success 154 * On Exit: 155 * <aa> preserved 156 * <as> preserved 157 * <at> destroyed 158 */ 159 .macro access_ok aa, as, at, sp, error 160 kernel_ok \at, \sp, .Laccess_ok_\@ 161 user_ok \aa, \as, \at, \error 162 .Laccess_ok_\@: 163 .endm 164 165 #else /* __ASSEMBLY__ not defined */ 166 167 #include <linux/sched.h> 168 169 /* 170 * The fs value determines whether argument validity checking should 171 * be performed or not. If get_fs() == USER_DS, checking is 172 * performed, with get_fs() == KERNEL_DS, checking is bypassed. 173 * 174 * For historical reasons (Data Segment Register?), these macros are 175 * grossly misnamed. 176 */ 177 178 #define KERNEL_DS ((mm_segment_t) { 0 }) 179 #define USER_DS ((mm_segment_t) { 1 }) 180 181 #define get_ds() (KERNEL_DS) 182 #define get_fs() (current->thread.current_ds) 183 #define set_fs(val) (current->thread.current_ds = (val)) 184 185 #define segment_eq(a, b) ((a).seg == (b).seg) 186 187 #define __kernel_ok (segment_eq(get_fs(), KERNEL_DS)) 188 #define __user_ok(addr, size) \ 189 (((size) <= TASK_SIZE)&&((addr) <= TASK_SIZE-(size))) 190 #define __access_ok(addr, size) (__kernel_ok || __user_ok((addr), (size))) 191 #define access_ok(type, addr, size) __access_ok((unsigned long)(addr), (size)) 192 193 /* 194 * These are the main single-value transfer routines. They 195 * automatically use the right size if we just have the right pointer 196 * type. 197 * 198 * This gets kind of ugly. We want to return _two_ values in 199 * "get_user()" and yet we don't want to do any pointers, because that 200 * is too much of a performance impact. Thus we have a few rather ugly 201 * macros here, and hide all the uglyness from the user. 202 * 203 * Careful to not 204 * (a) re-use the arguments for side effects (sizeof is ok) 205 * (b) require any knowledge of processes at this stage 206 */ 207 #define put_user(x, ptr) __put_user_check((x), (ptr), sizeof(*(ptr))) 208 #define get_user(x, ptr) __get_user_check((x), (ptr), sizeof(*(ptr))) 209 210 /* 211 * The "__xxx" versions of the user access functions are versions that 212 * do not verify the address space, that must have been done previously 213 * with a separate "access_ok()" call (this is used when we do multiple 214 * accesses to the same area of user memory). 215 */ 216 #define __put_user(x, ptr) __put_user_nocheck((x), (ptr), sizeof(*(ptr))) 217 #define __get_user(x, ptr) __get_user_nocheck((x), (ptr), sizeof(*(ptr))) 218 219 220 extern long __put_user_bad(void); 221 222 #define __put_user_nocheck(x, ptr, size) \ 223 ({ \ 224 long __pu_err; \ 225 __put_user_size((x), (ptr), (size), __pu_err); \ 226 __pu_err; \ 227 }) 228 229 #define __put_user_check(x, ptr, size) \ 230 ({ \ 231 long __pu_err = -EFAULT; \ 232 __typeof__(*(ptr)) *__pu_addr = (ptr); \ 233 if (access_ok(VERIFY_WRITE, __pu_addr, size)) \ 234 __put_user_size((x), __pu_addr, (size), __pu_err); \ 235 __pu_err; \ 236 }) 237 238 #define __put_user_size(x, ptr, size, retval) \ 239 do { \ 240 int __cb; \ 241 retval = 0; \ 242 switch (size) { \ 243 case 1: __put_user_asm(x, ptr, retval, 1, "s8i", __cb); break; \ 244 case 2: __put_user_asm(x, ptr, retval, 2, "s16i", __cb); break; \ 245 case 4: __put_user_asm(x, ptr, retval, 4, "s32i", __cb); break; \ 246 case 8: { \ 247 __typeof__(*ptr) __v64 = x; \ 248 retval = __copy_to_user(ptr, &__v64, 8); \ 249 break; \ 250 } \ 251 default: __put_user_bad(); \ 252 } \ 253 } while (0) 254 255 256 /* 257 * Consider a case of a user single load/store would cause both an 258 * unaligned exception and an MMU-related exception (unaligned 259 * exceptions happen first): 260 * 261 * User code passes a bad variable ptr to a system call. 262 * Kernel tries to access the variable. 263 * Unaligned exception occurs. 264 * Unaligned exception handler tries to make aligned accesses. 265 * Double exception occurs for MMU-related cause (e.g., page not mapped). 266 * do_page_fault() thinks the fault address belongs to the kernel, not the 267 * user, and panics. 268 * 269 * The kernel currently prohibits user unaligned accesses. We use the 270 * __check_align_* macros to check for unaligned addresses before 271 * accessing user space so we don't crash the kernel. Both 272 * __put_user_asm and __get_user_asm use these alignment macros, so 273 * macro-specific labels such as 0f, 1f, %0, %2, and %3 must stay in 274 * sync. 275 */ 276 277 #define __check_align_1 "" 278 279 #define __check_align_2 \ 280 " _bbci.l %3, 0, 1f \n" \ 281 " movi %0, %4 \n" \ 282 " _j 2f \n" 283 284 #define __check_align_4 \ 285 " _bbsi.l %3, 0, 0f \n" \ 286 " _bbci.l %3, 1, 1f \n" \ 287 "0: movi %0, %4 \n" \ 288 " _j 2f \n" 289 290 291 /* 292 * We don't tell gcc that we are accessing memory, but this is OK 293 * because we do not write to any memory gcc knows about, so there 294 * are no aliasing issues. 295 * 296 * WARNING: If you modify this macro at all, verify that the 297 * __check_align_* macros still work. 298 */ 299 #define __put_user_asm(x, addr, err, align, insn, cb) \ 300 __asm__ __volatile__( \ 301 __check_align_##align \ 302 "1: "insn" %2, %3, 0 \n" \ 303 "2: \n" \ 304 " .section .fixup,\"ax\" \n" \ 305 " .align 4 \n" \ 306 "4: \n" \ 307 " .long 2b \n" \ 308 "5: \n" \ 309 " l32r %1, 4b \n" \ 310 " movi %0, %4 \n" \ 311 " jx %1 \n" \ 312 " .previous \n" \ 313 " .section __ex_table,\"a\" \n" \ 314 " .long 1b, 5b \n" \ 315 " .previous" \ 316 :"=r" (err), "=r" (cb) \ 317 :"r" ((int)(x)), "r" (addr), "i" (-EFAULT), "0" (err)) 318 319 #define __get_user_nocheck(x, ptr, size) \ 320 ({ \ 321 long __gu_err, __gu_val; \ 322 __get_user_size(__gu_val, (ptr), (size), __gu_err); \ 323 (x) = (__force __typeof__(*(ptr)))__gu_val; \ 324 __gu_err; \ 325 }) 326 327 #define __get_user_check(x, ptr, size) \ 328 ({ \ 329 long __gu_err = -EFAULT, __gu_val = 0; \ 330 const __typeof__(*(ptr)) *__gu_addr = (ptr); \ 331 if (access_ok(VERIFY_READ, __gu_addr, size)) \ 332 __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \ 333 (x) = (__force __typeof__(*(ptr)))__gu_val; \ 334 __gu_err; \ 335 }) 336 337 extern long __get_user_bad(void); 338 339 #define __get_user_size(x, ptr, size, retval) \ 340 do { \ 341 int __cb; \ 342 retval = 0; \ 343 switch (size) { \ 344 case 1: __get_user_asm(x, ptr, retval, 1, "l8ui", __cb); break;\ 345 case 2: __get_user_asm(x, ptr, retval, 2, "l16ui", __cb); break;\ 346 case 4: __get_user_asm(x, ptr, retval, 4, "l32i", __cb); break;\ 347 case 8: retval = __copy_from_user(&x, ptr, 8); break; \ 348 default: (x) = __get_user_bad(); \ 349 } \ 350 } while (0) 351 352 353 /* 354 * WARNING: If you modify this macro at all, verify that the 355 * __check_align_* macros still work. 356 */ 357 #define __get_user_asm(x, addr, err, align, insn, cb) \ 358 __asm__ __volatile__( \ 359 __check_align_##align \ 360 "1: "insn" %2, %3, 0 \n" \ 361 "2: \n" \ 362 " .section .fixup,\"ax\" \n" \ 363 " .align 4 \n" \ 364 "4: \n" \ 365 " .long 2b \n" \ 366 "5: \n" \ 367 " l32r %1, 4b \n" \ 368 " movi %2, 0 \n" \ 369 " movi %0, %4 \n" \ 370 " jx %1 \n" \ 371 " .previous \n" \ 372 " .section __ex_table,\"a\" \n" \ 373 " .long 1b, 5b \n" \ 374 " .previous" \ 375 :"=r" (err), "=r" (cb), "=r" (x) \ 376 :"r" (addr), "i" (-EFAULT), "0" (err)) 377 378 379 /* 380 * Copy to/from user space 381 */ 382 383 /* 384 * We use a generic, arbitrary-sized copy subroutine. The Xtensa 385 * architecture would cause heavy code bloat if we tried to inline 386 * these functions and provide __constant_copy_* equivalents like the 387 * i386 versions. __xtensa_copy_user is quite efficient. See the 388 * .fixup section of __xtensa_copy_user for a discussion on the 389 * X_zeroing equivalents for Xtensa. 390 */ 391 392 extern unsigned __xtensa_copy_user(void *to, const void *from, unsigned n); 393 #define __copy_user(to, from, size) __xtensa_copy_user(to, from, size) 394 395 396 static inline unsigned long 397 __generic_copy_from_user_nocheck(void *to, const void *from, unsigned long n) 398 { 399 return __copy_user(to, from, n); 400 } 401 402 static inline unsigned long 403 __generic_copy_to_user_nocheck(void *to, const void *from, unsigned long n) 404 { 405 return __copy_user(to, from, n); 406 } 407 408 static inline unsigned long 409 __generic_copy_to_user(void *to, const void *from, unsigned long n) 410 { 411 prefetch(from); 412 if (access_ok(VERIFY_WRITE, to, n)) 413 return __copy_user(to, from, n); 414 return n; 415 } 416 417 static inline unsigned long 418 __generic_copy_from_user(void *to, const void *from, unsigned long n) 419 { 420 prefetchw(to); 421 if (access_ok(VERIFY_READ, from, n)) 422 return __copy_user(to, from, n); 423 else 424 memset(to, 0, n); 425 return n; 426 } 427 428 #define copy_to_user(to, from, n) __generic_copy_to_user((to), (from), (n)) 429 #define copy_from_user(to, from, n) __generic_copy_from_user((to), (from), (n)) 430 #define __copy_to_user(to, from, n) \ 431 __generic_copy_to_user_nocheck((to), (from), (n)) 432 #define __copy_from_user(to, from, n) \ 433 __generic_copy_from_user_nocheck((to), (from), (n)) 434 #define __copy_to_user_inatomic __copy_to_user 435 #define __copy_from_user_inatomic __copy_from_user 436 437 438 /* 439 * We need to return the number of bytes not cleared. Our memset() 440 * returns zero if a problem occurs while accessing user-space memory. 441 * In that event, return no memory cleared. Otherwise, zero for 442 * success. 443 */ 444 445 static inline unsigned long 446 __xtensa_clear_user(void *addr, unsigned long size) 447 { 448 if ( ! memset(addr, 0, size) ) 449 return size; 450 return 0; 451 } 452 453 static inline unsigned long 454 clear_user(void *addr, unsigned long size) 455 { 456 if (access_ok(VERIFY_WRITE, addr, size)) 457 return __xtensa_clear_user(addr, size); 458 return size ? -EFAULT : 0; 459 } 460 461 #define __clear_user __xtensa_clear_user 462 463 464 extern long __strncpy_user(char *, const char *, long); 465 #define __strncpy_from_user __strncpy_user 466 467 static inline long 468 strncpy_from_user(char *dst, const char *src, long count) 469 { 470 if (access_ok(VERIFY_READ, src, 1)) 471 return __strncpy_from_user(dst, src, count); 472 return -EFAULT; 473 } 474 475 476 #define strlen_user(str) strnlen_user((str), TASK_SIZE - 1) 477 478 /* 479 * Return the size of a string (including the ending 0!) 480 */ 481 extern long __strnlen_user(const char *, long); 482 483 static inline long strnlen_user(const char *str, long len) 484 { 485 unsigned long top = __kernel_ok ? ~0UL : TASK_SIZE - 1; 486 487 if ((unsigned long)str > top) 488 return 0; 489 return __strnlen_user(str, len); 490 } 491 492 493 struct exception_table_entry 494 { 495 unsigned long insn, fixup; 496 }; 497 498 /* Returns 0 if exception not found and fixup.unit otherwise. */ 499 500 extern unsigned long search_exception_table(unsigned long addr); 501 extern void sort_exception_table(void); 502 503 /* Returns the new pc */ 504 #define fixup_exception(map_reg, fixup_unit, pc) \ 505 ({ \ 506 fixup_unit; \ 507 }) 508 509 #endif /* __ASSEMBLY__ */ 510 #endif /* _XTENSA_UACCESS_H */ 511