xref: /openbmc/linux/arch/xtensa/include/asm/uaccess.h (revision e23feb16)
1 /*
2  * include/asm-xtensa/uaccess.h
3  *
4  * User space memory access functions
5  *
6  * These routines provide basic accessing functions to the user memory
7  * space for the kernel. This header file provides functions such as:
8  *
9  * This file is subject to the terms and conditions of the GNU General Public
10  * License.  See the file "COPYING" in the main directory of this archive
11  * for more details.
12  *
13  * Copyright (C) 2001 - 2005 Tensilica Inc.
14  */
15 
16 #ifndef _XTENSA_UACCESS_H
17 #define _XTENSA_UACCESS_H
18 
19 #include <linux/errno.h>
20 #ifndef __ASSEMBLY__
21 #include <linux/prefetch.h>
22 #endif
23 #include <asm/types.h>
24 
25 #define VERIFY_READ    0
26 #define VERIFY_WRITE   1
27 
28 #ifdef __ASSEMBLY__
29 
30 #include <asm/current.h>
31 #include <asm/asm-offsets.h>
32 #include <asm/processor.h>
33 
34 /*
35  * These assembly macros mirror the C macros that follow below.  They
36  * should always have identical functionality.  See
37  * arch/xtensa/kernel/sys.S for usage.
38  */
39 
40 #define KERNEL_DS	0
41 #define USER_DS		1
42 
43 #define get_ds		(KERNEL_DS)
44 
45 /*
46  * get_fs reads current->thread.current_ds into a register.
47  * On Entry:
48  * 	<ad>	anything
49  * 	<sp>	stack
50  * On Exit:
51  * 	<ad>	contains current->thread.current_ds
52  */
53 	.macro	get_fs	ad, sp
54 	GET_CURRENT(\ad,\sp)
55 	l32i	\ad, \ad, THREAD_CURRENT_DS
56 	.endm
57 
58 /*
59  * set_fs sets current->thread.current_ds to some value.
60  * On Entry:
61  *	<at>	anything (temp register)
62  *	<av>	value to write
63  *	<sp>	stack
64  * On Exit:
65  *	<at>	destroyed (actually, current)
66  *	<av>	preserved, value to write
67  */
68 	.macro	set_fs	at, av, sp
69 	GET_CURRENT(\at,\sp)
70 	s32i	\av, \at, THREAD_CURRENT_DS
71 	.endm
72 
73 /*
74  * kernel_ok determines whether we should bypass addr/size checking.
75  * See the equivalent C-macro version below for clarity.
76  * On success, kernel_ok branches to a label indicated by parameter
77  * <success>.  This implies that the macro falls through to the next
78  * insruction on an error.
79  *
80  * Note that while this macro can be used independently, we designed
81  * in for optimal use in the access_ok macro below (i.e., we fall
82  * through on error).
83  *
84  * On Entry:
85  * 	<at>		anything (temp register)
86  * 	<success>	label to branch to on success; implies
87  * 			fall-through macro on error
88  * 	<sp>		stack pointer
89  * On Exit:
90  * 	<at>		destroyed (actually, current->thread.current_ds)
91  */
92 
93 #if ((KERNEL_DS != 0) || (USER_DS == 0))
94 # error Assembly macro kernel_ok fails
95 #endif
96 	.macro	kernel_ok  at, sp, success
97 	get_fs	\at, \sp
98 	beqz	\at, \success
99 	.endm
100 
101 /*
102  * user_ok determines whether the access to user-space memory is allowed.
103  * See the equivalent C-macro version below for clarity.
104  *
105  * On error, user_ok branches to a label indicated by parameter
106  * <error>.  This implies that the macro falls through to the next
107  * instruction on success.
108  *
109  * Note that while this macro can be used independently, we designed
110  * in for optimal use in the access_ok macro below (i.e., we fall
111  * through on success).
112  *
113  * On Entry:
114  * 	<aa>	register containing memory address
115  * 	<as>	register containing memory size
116  * 	<at>	temp register
117  * 	<error>	label to branch to on error; implies fall-through
118  * 		macro on success
119  * On Exit:
120  * 	<aa>	preserved
121  * 	<as>	preserved
122  * 	<at>	destroyed (actually, (TASK_SIZE + 1 - size))
123  */
124 	.macro	user_ok	aa, as, at, error
125 	movi	\at, __XTENSA_UL_CONST(TASK_SIZE)
126 	bgeu	\as, \at, \error
127 	sub	\at, \at, \as
128 	bgeu	\aa, \at, \error
129 	.endm
130 
131 /*
132  * access_ok determines whether a memory access is allowed.  See the
133  * equivalent C-macro version below for clarity.
134  *
135  * On error, access_ok branches to a label indicated by parameter
136  * <error>.  This implies that the macro falls through to the next
137  * instruction on success.
138  *
139  * Note that we assume success is the common case, and we optimize the
140  * branch fall-through case on success.
141  *
142  * On Entry:
143  * 	<aa>	register containing memory address
144  * 	<as>	register containing memory size
145  * 	<at>	temp register
146  * 	<sp>
147  * 	<error>	label to branch to on error; implies fall-through
148  * 		macro on success
149  * On Exit:
150  * 	<aa>	preserved
151  * 	<as>	preserved
152  * 	<at>	destroyed
153  */
154 	.macro	access_ok  aa, as, at, sp, error
155 	kernel_ok  \at, \sp, .Laccess_ok_\@
156 	user_ok    \aa, \as, \at, \error
157 .Laccess_ok_\@:
158 	.endm
159 
160 #else /* __ASSEMBLY__ not defined */
161 
162 #include <linux/sched.h>
163 
164 /*
165  * The fs value determines whether argument validity checking should
166  * be performed or not.  If get_fs() == USER_DS, checking is
167  * performed, with get_fs() == KERNEL_DS, checking is bypassed.
168  *
169  * For historical reasons (Data Segment Register?), these macros are
170  * grossly misnamed.
171  */
172 
173 #define KERNEL_DS	((mm_segment_t) { 0 })
174 #define USER_DS		((mm_segment_t) { 1 })
175 
176 #define get_ds()	(KERNEL_DS)
177 #define get_fs()	(current->thread.current_ds)
178 #define set_fs(val)	(current->thread.current_ds = (val))
179 
180 #define segment_eq(a,b)	((a).seg == (b).seg)
181 
182 #define __kernel_ok (segment_eq(get_fs(), KERNEL_DS))
183 #define __user_ok(addr,size) \
184 		(((size) <= TASK_SIZE)&&((addr) <= TASK_SIZE-(size)))
185 #define __access_ok(addr,size) (__kernel_ok || __user_ok((addr),(size)))
186 #define access_ok(type,addr,size) __access_ok((unsigned long)(addr),(size))
187 
188 /*
189  * These are the main single-value transfer routines.  They
190  * automatically use the right size if we just have the right pointer
191  * type.
192  *
193  * This gets kind of ugly. We want to return _two_ values in
194  * "get_user()" and yet we don't want to do any pointers, because that
195  * is too much of a performance impact. Thus we have a few rather ugly
196  * macros here, and hide all the uglyness from the user.
197  *
198  * Careful to not
199  * (a) re-use the arguments for side effects (sizeof is ok)
200  * (b) require any knowledge of processes at this stage
201  */
202 #define put_user(x,ptr)	__put_user_check((x),(ptr),sizeof(*(ptr)))
203 #define get_user(x,ptr) __get_user_check((x),(ptr),sizeof(*(ptr)))
204 
205 /*
206  * The "__xxx" versions of the user access functions are versions that
207  * do not verify the address space, that must have been done previously
208  * with a separate "access_ok()" call (this is used when we do multiple
209  * accesses to the same area of user memory).
210  */
211 #define __put_user(x,ptr) __put_user_nocheck((x),(ptr),sizeof(*(ptr)))
212 #define __get_user(x,ptr) __get_user_nocheck((x),(ptr),sizeof(*(ptr)))
213 
214 
215 extern long __put_user_bad(void);
216 
217 #define __put_user_nocheck(x,ptr,size)			\
218 ({							\
219 	long __pu_err;					\
220 	__put_user_size((x),(ptr),(size),__pu_err);	\
221 	__pu_err;					\
222 })
223 
224 #define __put_user_check(x,ptr,size)				\
225 ({								\
226 	long __pu_err = -EFAULT;				\
227 	__typeof__(*(ptr)) *__pu_addr = (ptr);			\
228 	if (access_ok(VERIFY_WRITE,__pu_addr,size))		\
229 		__put_user_size((x),__pu_addr,(size),__pu_err);	\
230 	__pu_err;						\
231 })
232 
233 #define __put_user_size(x,ptr,size,retval)				\
234 do {									\
235 	int __cb;							\
236 	retval = 0;							\
237 	switch (size) {							\
238 	case 1: __put_user_asm(x,ptr,retval,1,"s8i",__cb);  break;	\
239 	case 2: __put_user_asm(x,ptr,retval,2,"s16i",__cb); break;	\
240 	case 4: __put_user_asm(x,ptr,retval,4,"s32i",__cb); break;	\
241 	case 8: {							\
242 		     __typeof__(*ptr) __v64 = x;			\
243 		     retval = __copy_to_user(ptr,&__v64,8);		\
244 		     break;						\
245 	        }							\
246 	default: __put_user_bad();					\
247 	}								\
248 } while (0)
249 
250 
251 /*
252  * Consider a case of a user single load/store would cause both an
253  * unaligned exception and an MMU-related exception (unaligned
254  * exceptions happen first):
255  *
256  * User code passes a bad variable ptr to a system call.
257  * Kernel tries to access the variable.
258  * Unaligned exception occurs.
259  * Unaligned exception handler tries to make aligned accesses.
260  * Double exception occurs for MMU-related cause (e.g., page not mapped).
261  * do_page_fault() thinks the fault address belongs to the kernel, not the
262  * user, and panics.
263  *
264  * The kernel currently prohibits user unaligned accesses.  We use the
265  * __check_align_* macros to check for unaligned addresses before
266  * accessing user space so we don't crash the kernel.  Both
267  * __put_user_asm and __get_user_asm use these alignment macros, so
268  * macro-specific labels such as 0f, 1f, %0, %2, and %3 must stay in
269  * sync.
270  */
271 
272 #define __check_align_1  ""
273 
274 #define __check_align_2				\
275 	"   _bbci.l %3,  0, 1f		\n"	\
276 	"   movi    %0, %4		\n"	\
277 	"   _j      2f			\n"
278 
279 #define __check_align_4				\
280 	"   _bbsi.l %3,  0, 0f		\n"	\
281 	"   _bbci.l %3,  1, 1f		\n"	\
282 	"0: movi    %0, %4		\n"	\
283 	"   _j      2f			\n"
284 
285 
286 /*
287  * We don't tell gcc that we are accessing memory, but this is OK
288  * because we do not write to any memory gcc knows about, so there
289  * are no aliasing issues.
290  *
291  * WARNING: If you modify this macro at all, verify that the
292  * __check_align_* macros still work.
293  */
294 #define __put_user_asm(x, addr, err, align, insn, cb)	\
295 __asm__ __volatile__(					\
296 	__check_align_##align				\
297 	"1: "insn"  %2, %3, 0		\n"		\
298 	"2:				\n"		\
299 	"   .section  .fixup,\"ax\"	\n"		\
300 	"   .align 4			\n"		\
301 	"4:				\n"		\
302 	"   .long  2b			\n"		\
303 	"5:				\n"		\
304 	"   l32r   %1, 4b		\n"		\
305 	"   movi   %0, %4		\n"		\
306 	"   jx     %1			\n"		\
307 	"   .previous			\n"		\
308 	"   .section  __ex_table,\"a\"	\n"		\
309 	"   .long	1b, 5b		\n"		\
310 	"   .previous"					\
311 	:"=r" (err), "=r" (cb)				\
312 	:"r" ((int)(x)), "r" (addr), "i" (-EFAULT), "0" (err))
313 
314 #define __get_user_nocheck(x,ptr,size)				\
315 ({								\
316 	long __gu_err, __gu_val;				\
317 	__get_user_size(__gu_val,(ptr),(size),__gu_err);	\
318 	(x) = (__typeof__(*(ptr)))__gu_val;			\
319 	__gu_err;						\
320 })
321 
322 #define __get_user_check(x,ptr,size)					\
323 ({									\
324 	long __gu_err = -EFAULT, __gu_val = 0;				\
325 	const __typeof__(*(ptr)) *__gu_addr = (ptr);			\
326 	if (access_ok(VERIFY_READ,__gu_addr,size))			\
327 		__get_user_size(__gu_val,__gu_addr,(size),__gu_err);	\
328 	(x) = (__typeof__(*(ptr)))__gu_val;				\
329 	__gu_err;							\
330 })
331 
332 extern long __get_user_bad(void);
333 
334 #define __get_user_size(x,ptr,size,retval)				\
335 do {									\
336 	int __cb;							\
337 	retval = 0;							\
338 	switch (size) {							\
339 	case 1: __get_user_asm(x,ptr,retval,1,"l8ui",__cb);  break;	\
340 	case 2: __get_user_asm(x,ptr,retval,2,"l16ui",__cb); break;	\
341 	case 4: __get_user_asm(x,ptr,retval,4,"l32i",__cb);  break;	\
342 	case 8: retval = __copy_from_user(&x,ptr,8);    break;	\
343 	default: (x) = __get_user_bad();				\
344 	}								\
345 } while (0)
346 
347 
348 /*
349  * WARNING: If you modify this macro at all, verify that the
350  * __check_align_* macros still work.
351  */
352 #define __get_user_asm(x, addr, err, align, insn, cb) \
353 __asm__ __volatile__(			\
354 	__check_align_##align			\
355 	"1: "insn"  %2, %3, 0		\n"	\
356 	"2:				\n"	\
357 	"   .section  .fixup,\"ax\"	\n"	\
358 	"   .align 4			\n"	\
359 	"4:				\n"	\
360 	"   .long  2b			\n"	\
361 	"5:				\n"	\
362 	"   l32r   %1, 4b		\n"	\
363 	"   movi   %2, 0		\n"	\
364 	"   movi   %0, %4		\n"	\
365 	"   jx     %1			\n"	\
366 	"   .previous			\n"	\
367 	"   .section  __ex_table,\"a\"	\n"	\
368 	"   .long	1b, 5b		\n"	\
369 	"   .previous"				\
370 	:"=r" (err), "=r" (cb), "=r" (x)	\
371 	:"r" (addr), "i" (-EFAULT), "0" (err))
372 
373 
374 /*
375  * Copy to/from user space
376  */
377 
378 /*
379  * We use a generic, arbitrary-sized copy subroutine.  The Xtensa
380  * architecture would cause heavy code bloat if we tried to inline
381  * these functions and provide __constant_copy_* equivalents like the
382  * i386 versions.  __xtensa_copy_user is quite efficient.  See the
383  * .fixup section of __xtensa_copy_user for a discussion on the
384  * X_zeroing equivalents for Xtensa.
385  */
386 
387 extern unsigned __xtensa_copy_user(void *to, const void *from, unsigned n);
388 #define __copy_user(to,from,size) __xtensa_copy_user(to,from,size)
389 
390 
391 static inline unsigned long
392 __generic_copy_from_user_nocheck(void *to, const void *from, unsigned long n)
393 {
394 	return __copy_user(to,from,n);
395 }
396 
397 static inline unsigned long
398 __generic_copy_to_user_nocheck(void *to, const void *from, unsigned long n)
399 {
400 	return __copy_user(to,from,n);
401 }
402 
403 static inline unsigned long
404 __generic_copy_to_user(void *to, const void *from, unsigned long n)
405 {
406 	prefetch(from);
407 	if (access_ok(VERIFY_WRITE, to, n))
408 		return __copy_user(to,from,n);
409 	return n;
410 }
411 
412 static inline unsigned long
413 __generic_copy_from_user(void *to, const void *from, unsigned long n)
414 {
415 	prefetchw(to);
416 	if (access_ok(VERIFY_READ, from, n))
417 		return __copy_user(to,from,n);
418 	else
419 		memset(to, 0, n);
420 	return n;
421 }
422 
423 #define copy_to_user(to,from,n) __generic_copy_to_user((to),(from),(n))
424 #define copy_from_user(to,from,n) __generic_copy_from_user((to),(from),(n))
425 #define __copy_to_user(to,from,n) \
426 	__generic_copy_to_user_nocheck((to),(from),(n))
427 #define __copy_from_user(to,from,n) \
428 	__generic_copy_from_user_nocheck((to),(from),(n))
429 #define __copy_to_user_inatomic __copy_to_user
430 #define __copy_from_user_inatomic __copy_from_user
431 
432 
433 /*
434  * We need to return the number of bytes not cleared.  Our memset()
435  * returns zero if a problem occurs while accessing user-space memory.
436  * In that event, return no memory cleared.  Otherwise, zero for
437  * success.
438  */
439 
440 static inline unsigned long
441 __xtensa_clear_user(void *addr, unsigned long size)
442 {
443 	if ( ! memset(addr, 0, size) )
444 		return size;
445 	return 0;
446 }
447 
448 static inline unsigned long
449 clear_user(void *addr, unsigned long size)
450 {
451 	if (access_ok(VERIFY_WRITE, addr, size))
452 		return __xtensa_clear_user(addr, size);
453 	return size ? -EFAULT : 0;
454 }
455 
456 #define __clear_user  __xtensa_clear_user
457 
458 
459 extern long __strncpy_user(char *, const char *, long);
460 #define __strncpy_from_user __strncpy_user
461 
462 static inline long
463 strncpy_from_user(char *dst, const char *src, long count)
464 {
465 	if (access_ok(VERIFY_READ, src, 1))
466 		return __strncpy_from_user(dst, src, count);
467 	return -EFAULT;
468 }
469 
470 
471 #define strlen_user(str) strnlen_user((str), TASK_SIZE - 1)
472 
473 /*
474  * Return the size of a string (including the ending 0!)
475  */
476 extern long __strnlen_user(const char *, long);
477 
478 static inline long strnlen_user(const char *str, long len)
479 {
480 	unsigned long top = __kernel_ok ? ~0UL : TASK_SIZE - 1;
481 
482 	if ((unsigned long)str > top)
483 		return 0;
484 	return __strnlen_user(str, len);
485 }
486 
487 
488 struct exception_table_entry
489 {
490 	unsigned long insn, fixup;
491 };
492 
493 /* Returns 0 if exception not found and fixup.unit otherwise.  */
494 
495 extern unsigned long search_exception_table(unsigned long addr);
496 extern void sort_exception_table(void);
497 
498 /* Returns the new pc */
499 #define fixup_exception(map_reg, fixup_unit, pc)                \
500 ({                                                              \
501 	fixup_unit;                                             \
502 })
503 
504 #endif	/* __ASSEMBLY__ */
505 #endif	/* _XTENSA_UACCESS_H */
506