Loading...
1/* SPDX-License-Identifier: GPL-2.0 */
2#ifndef _ASM_IA64_UACCESS_H
3#define _ASM_IA64_UACCESS_H
4
5/*
6 * This file defines various macros to transfer memory areas across
7 * the user/kernel boundary. This needs to be done carefully because
8 * this code is executed in kernel mode and uses user-specified
9 * addresses. Thus, we need to be careful not to let the user to
10 * trick us into accessing kernel memory that would normally be
11 * inaccessible. This code is also fairly performance sensitive,
12 * so we want to spend as little time doing safety checks as
13 * possible.
14 *
15 * To make matters a bit more interesting, these macros sometimes also
16 * called from within the kernel itself, in which case the address
17 * validity check must be skipped. The get_fs() macro tells us what
18 * to do: if get_fs()==USER_DS, checking is performed, if
19 * get_fs()==KERNEL_DS, checking is bypassed.
20 *
21 * Note that even if the memory area specified by the user is in a
22 * valid address range, it is still possible that we'll get a page
23 * fault while accessing it. This is handled by filling out an
24 * exception handler fixup entry for each instruction that has the
25 * potential to fault. When such a fault occurs, the page fault
26 * handler checks to see whether the faulting instruction has a fixup
27 * associated and, if so, sets r8 to -EFAULT and clears r9 to 0 and
28 * then resumes execution at the continuation point.
29 *
30 * Based on <asm-alpha/uaccess.h>.
31 *
32 * Copyright (C) 1998, 1999, 2001-2004 Hewlett-Packard Co
33 * David Mosberger-Tang <davidm@hpl.hp.com>
34 */
35
36#include <linux/compiler.h>
37#include <linux/page-flags.h>
38
39#include <asm/intrinsics.h>
40#include <linux/pgtable.h>
41#include <asm/io.h>
42#include <asm/extable.h>
43
44/*
45 * For historical reasons, the following macros are grossly misnamed:
46 */
47#define KERNEL_DS ((mm_segment_t) { ~0UL }) /* cf. access_ok() */
48#define USER_DS ((mm_segment_t) { TASK_SIZE-1 }) /* cf. access_ok() */
49
50#define get_fs() (current_thread_info()->addr_limit)
51#define set_fs(x) (current_thread_info()->addr_limit = (x))
52
53#define uaccess_kernel() (get_fs().seg == KERNEL_DS.seg)
54
55/*
56 * When accessing user memory, we need to make sure the entire area really is in
57 * user-level space. In order to do this efficiently, we make sure that the page at
58 * address TASK_SIZE is never valid. We also need to make sure that the address doesn't
59 * point inside the virtually mapped linear page table.
60 */
61static inline int __access_ok(const void __user *p, unsigned long size)
62{
63 unsigned long addr = (unsigned long)p;
64 unsigned long seg = get_fs().seg;
65 return likely(addr <= seg) &&
66 (seg == KERNEL_DS.seg || likely(REGION_OFFSET(addr) < RGN_MAP_LIMIT));
67}
68#define access_ok(addr, size) __access_ok((addr), (size))
69
70/*
71 * These are the main single-value transfer routines. They automatically
72 * use the right size if we just have the right pointer type.
73 *
74 * Careful to not
75 * (a) re-use the arguments for side effects (sizeof/typeof is ok)
76 * (b) require any knowledge of processes at this stage
77 */
78#define put_user(x, ptr) __put_user_check((__typeof__(*(ptr))) (x), (ptr), sizeof(*(ptr)))
79#define get_user(x, ptr) __get_user_check((x), (ptr), sizeof(*(ptr)))
80
81/*
82 * The "__xxx" versions do not do address space checking, useful when
83 * doing multiple accesses to the same area (the programmer has to do the
84 * checks by hand with "access_ok()")
85 */
86#define __put_user(x, ptr) __put_user_nocheck((__typeof__(*(ptr))) (x), (ptr), sizeof(*(ptr)))
87#define __get_user(x, ptr) __get_user_nocheck((x), (ptr), sizeof(*(ptr)))
88
89#ifdef ASM_SUPPORTED
90 struct __large_struct { unsigned long buf[100]; };
91# define __m(x) (*(struct __large_struct __user *)(x))
92
93/* We need to declare the __ex_table section before we can use it in .xdata. */
94asm (".section \"__ex_table\", \"a\"\n\t.previous");
95
96# define __get_user_size(val, addr, n, err) \
97do { \
98 register long __gu_r8 asm ("r8") = 0; \
99 register long __gu_r9 asm ("r9"); \
100 asm ("\n[1:]\tld"#n" %0=%2%P2\t// %0 and %1 get overwritten by exception handler\n" \
101 "\t.xdata4 \"__ex_table\", 1b-., 1f-.+4\n" \
102 "[1:]" \
103 : "=r"(__gu_r9), "=r"(__gu_r8) : "m"(__m(addr)), "1"(__gu_r8)); \
104 (err) = __gu_r8; \
105 (val) = __gu_r9; \
106} while (0)
107
108/*
109 * The "__put_user_size()" macro tells gcc it reads from memory instead of writing it. This
110 * is because they do not write to any memory gcc knows about, so there are no aliasing
111 * issues.
112 */
113# define __put_user_size(val, addr, n, err) \
114do { \
115 register long __pu_r8 asm ("r8") = 0; \
116 asm volatile ("\n[1:]\tst"#n" %1=%r2%P1\t// %0 gets overwritten by exception handler\n" \
117 "\t.xdata4 \"__ex_table\", 1b-., 1f-.\n" \
118 "[1:]" \
119 : "=r"(__pu_r8) : "m"(__m(addr)), "rO"(val), "0"(__pu_r8)); \
120 (err) = __pu_r8; \
121} while (0)
122
123#else /* !ASM_SUPPORTED */
124# define RELOC_TYPE 2 /* ip-rel */
125# define __get_user_size(val, addr, n, err) \
126do { \
127 __ld_user("__ex_table", (unsigned long) addr, n, RELOC_TYPE); \
128 (err) = ia64_getreg(_IA64_REG_R8); \
129 (val) = ia64_getreg(_IA64_REG_R9); \
130} while (0)
131# define __put_user_size(val, addr, n, err) \
132do { \
133 __st_user("__ex_table", (unsigned long) addr, n, RELOC_TYPE, \
134 (__force unsigned long) (val)); \
135 (err) = ia64_getreg(_IA64_REG_R8); \
136} while (0)
137#endif /* !ASM_SUPPORTED */
138
139extern void __get_user_unknown (void);
140
141/*
142 * Evaluating arguments X, PTR, SIZE, and SEGMENT may involve subroutine-calls, which
143 * could clobber r8 and r9 (among others). Thus, be careful not to evaluate it while
144 * using r8/r9.
145 */
146#define __do_get_user(check, x, ptr, size) \
147({ \
148 const __typeof__(*(ptr)) __user *__gu_ptr = (ptr); \
149 __typeof__ (size) __gu_size = (size); \
150 long __gu_err = -EFAULT; \
151 unsigned long __gu_val = 0; \
152 if (!check || __access_ok(__gu_ptr, size)) \
153 switch (__gu_size) { \
154 case 1: __get_user_size(__gu_val, __gu_ptr, 1, __gu_err); break; \
155 case 2: __get_user_size(__gu_val, __gu_ptr, 2, __gu_err); break; \
156 case 4: __get_user_size(__gu_val, __gu_ptr, 4, __gu_err); break; \
157 case 8: __get_user_size(__gu_val, __gu_ptr, 8, __gu_err); break; \
158 default: __get_user_unknown(); break; \
159 } \
160 (x) = (__force __typeof__(*(__gu_ptr))) __gu_val; \
161 __gu_err; \
162})
163
164#define __get_user_nocheck(x, ptr, size) __do_get_user(0, x, ptr, size)
165#define __get_user_check(x, ptr, size) __do_get_user(1, x, ptr, size)
166
167extern void __put_user_unknown (void);
168
169/*
170 * Evaluating arguments X, PTR, SIZE, and SEGMENT may involve subroutine-calls, which
171 * could clobber r8 (among others). Thus, be careful not to evaluate them while using r8.
172 */
173#define __do_put_user(check, x, ptr, size) \
174({ \
175 __typeof__ (x) __pu_x = (x); \
176 __typeof__ (*(ptr)) __user *__pu_ptr = (ptr); \
177 __typeof__ (size) __pu_size = (size); \
178 long __pu_err = -EFAULT; \
179 \
180 if (!check || __access_ok(__pu_ptr, __pu_size)) \
181 switch (__pu_size) { \
182 case 1: __put_user_size(__pu_x, __pu_ptr, 1, __pu_err); break; \
183 case 2: __put_user_size(__pu_x, __pu_ptr, 2, __pu_err); break; \
184 case 4: __put_user_size(__pu_x, __pu_ptr, 4, __pu_err); break; \
185 case 8: __put_user_size(__pu_x, __pu_ptr, 8, __pu_err); break; \
186 default: __put_user_unknown(); break; \
187 } \
188 __pu_err; \
189})
190
191#define __put_user_nocheck(x, ptr, size) __do_put_user(0, x, ptr, size)
192#define __put_user_check(x, ptr, size) __do_put_user(1, x, ptr, size)
193
194/*
195 * Complex access routines
196 */
197extern unsigned long __must_check __copy_user (void __user *to, const void __user *from,
198 unsigned long count);
199
200static inline unsigned long
201raw_copy_to_user(void __user *to, const void *from, unsigned long count)
202{
203 return __copy_user(to, (__force void __user *) from, count);
204}
205
206static inline unsigned long
207raw_copy_from_user(void *to, const void __user *from, unsigned long count)
208{
209 return __copy_user((__force void __user *) to, from, count);
210}
211
212#define INLINE_COPY_FROM_USER
213#define INLINE_COPY_TO_USER
214
215extern unsigned long __do_clear_user (void __user *, unsigned long);
216
217#define __clear_user(to, n) __do_clear_user(to, n)
218
219#define clear_user(to, n) \
220({ \
221 unsigned long __cu_len = (n); \
222 if (__access_ok(to, __cu_len)) \
223 __cu_len = __do_clear_user(to, __cu_len); \
224 __cu_len; \
225})
226
227
228/*
229 * Returns: -EFAULT if exception before terminator, N if the entire buffer filled, else
230 * strlen.
231 */
232extern long __must_check __strncpy_from_user (char *to, const char __user *from, long to_len);
233
234#define strncpy_from_user(to, from, n) \
235({ \
236 const char __user * __sfu_from = (from); \
237 long __sfu_ret = -EFAULT; \
238 if (__access_ok(__sfu_from, 0)) \
239 __sfu_ret = __strncpy_from_user((to), __sfu_from, (n)); \
240 __sfu_ret; \
241})
242
243/*
244 * Returns: 0 if exception before NUL or reaching the supplied limit
245 * (N), a value greater than N if the limit would be exceeded, else
246 * strlen.
247 */
248extern unsigned long __strnlen_user (const char __user *, long);
249
250#define strnlen_user(str, len) \
251({ \
252 const char __user *__su_str = (str); \
253 unsigned long __su_ret = 0; \
254 if (__access_ok(__su_str, 0)) \
255 __su_ret = __strnlen_user(__su_str, len); \
256 __su_ret; \
257})
258
259#define ARCH_HAS_TRANSLATE_MEM_PTR 1
260static __inline__ void *
261xlate_dev_mem_ptr(phys_addr_t p)
262{
263 struct page *page;
264 void *ptr;
265
266 page = pfn_to_page(p >> PAGE_SHIFT);
267 if (PageUncached(page))
268 ptr = (void *)p + __IA64_UNCACHED_OFFSET;
269 else
270 ptr = __va(p);
271
272 return ptr;
273}
274
275/*
276 * Convert a virtual cached kernel memory pointer to an uncached pointer
277 */
278static __inline__ void *
279xlate_dev_kmem_ptr(void *p)
280{
281 struct page *page;
282 void *ptr;
283
284 page = virt_to_page((unsigned long)p);
285 if (PageUncached(page))
286 ptr = (void *)__pa(p) + __IA64_UNCACHED_OFFSET;
287 else
288 ptr = p;
289
290 return ptr;
291}
292
293#endif /* _ASM_IA64_UACCESS_H */
1/* SPDX-License-Identifier: GPL-2.0 */
2#ifndef _ASM_IA64_UACCESS_H
3#define _ASM_IA64_UACCESS_H
4
5/*
6 * This file defines various macros to transfer memory areas across
7 * the user/kernel boundary. This needs to be done carefully because
8 * this code is executed in kernel mode and uses user-specified
9 * addresses. Thus, we need to be careful not to let the user to
10 * trick us into accessing kernel memory that would normally be
11 * inaccessible. This code is also fairly performance sensitive,
12 * so we want to spend as little time doing safety checks as
13 * possible.
14 *
15 * To make matters a bit more interesting, these macros sometimes also
16 * called from within the kernel itself, in which case the address
17 * validity check must be skipped. The get_fs() macro tells us what
18 * to do: if get_fs()==USER_DS, checking is performed, if
19 * get_fs()==KERNEL_DS, checking is bypassed.
20 *
21 * Note that even if the memory area specified by the user is in a
22 * valid address range, it is still possible that we'll get a page
23 * fault while accessing it. This is handled by filling out an
24 * exception handler fixup entry for each instruction that has the
25 * potential to fault. When such a fault occurs, the page fault
26 * handler checks to see whether the faulting instruction has a fixup
27 * associated and, if so, sets r8 to -EFAULT and clears r9 to 0 and
28 * then resumes execution at the continuation point.
29 *
30 * Based on <asm-alpha/uaccess.h>.
31 *
32 * Copyright (C) 1998, 1999, 2001-2004 Hewlett-Packard Co
33 * David Mosberger-Tang <davidm@hpl.hp.com>
34 */
35
36#include <linux/compiler.h>
37#include <linux/page-flags.h>
38
39#include <asm/intrinsics.h>
40#include <linux/pgtable.h>
41#include <asm/io.h>
42#include <asm/extable.h>
43
44/*
45 * When accessing user memory, we need to make sure the entire area really is
46 * in user-level space. We also need to make sure that the address doesn't
47 * point inside the virtually mapped linear page table.
48 */
49static inline int __access_ok(const void __user *p, unsigned long size)
50{
51 unsigned long limit = TASK_SIZE;
52 unsigned long addr = (unsigned long)p;
53
54 return likely((size <= limit) && (addr <= (limit - size)) &&
55 likely(REGION_OFFSET(addr) < RGN_MAP_LIMIT));
56}
57#define __access_ok __access_ok
58#include <asm-generic/access_ok.h>
59
60/*
61 * These are the main single-value transfer routines. They automatically
62 * use the right size if we just have the right pointer type.
63 *
64 * Careful to not
65 * (a) re-use the arguments for side effects (sizeof/typeof is ok)
66 * (b) require any knowledge of processes at this stage
67 */
68#define put_user(x, ptr) __put_user_check((__typeof__(*(ptr))) (x), (ptr), sizeof(*(ptr)))
69#define get_user(x, ptr) __get_user_check((x), (ptr), sizeof(*(ptr)))
70
71/*
72 * The "__xxx" versions do not do address space checking, useful when
73 * doing multiple accesses to the same area (the programmer has to do the
74 * checks by hand with "access_ok()")
75 */
76#define __put_user(x, ptr) __put_user_nocheck((__typeof__(*(ptr))) (x), (ptr), sizeof(*(ptr)))
77#define __get_user(x, ptr) __get_user_nocheck((x), (ptr), sizeof(*(ptr)))
78
79#ifdef ASM_SUPPORTED
80 struct __large_struct { unsigned long buf[100]; };
81# define __m(x) (*(struct __large_struct __user *)(x))
82
83/* We need to declare the __ex_table section before we can use it in .xdata. */
84asm (".section \"__ex_table\", \"a\"\n\t.previous");
85
86# define __get_user_size(val, addr, n, err) \
87do { \
88 register long __gu_r8 asm ("r8") = 0; \
89 register long __gu_r9 asm ("r9"); \
90 asm ("\n[1:]\tld"#n" %0=%2%P2\t// %0 and %1 get overwritten by exception handler\n" \
91 "\t.xdata4 \"__ex_table\", 1b-., 1f-.+4\n" \
92 "[1:]" \
93 : "=r"(__gu_r9), "=r"(__gu_r8) : "m"(__m(addr)), "1"(__gu_r8)); \
94 (err) = __gu_r8; \
95 (val) = __gu_r9; \
96} while (0)
97
98/*
99 * The "__put_user_size()" macro tells gcc it reads from memory instead of writing it. This
100 * is because they do not write to any memory gcc knows about, so there are no aliasing
101 * issues.
102 */
103# define __put_user_size(val, addr, n, err) \
104do { \
105 register long __pu_r8 asm ("r8") = 0; \
106 asm volatile ("\n[1:]\tst"#n" %1=%r2%P1\t// %0 gets overwritten by exception handler\n" \
107 "\t.xdata4 \"__ex_table\", 1b-., 1f-.\n" \
108 "[1:]" \
109 : "=r"(__pu_r8) : "m"(__m(addr)), "rO"(val), "0"(__pu_r8)); \
110 (err) = __pu_r8; \
111} while (0)
112
113#else /* !ASM_SUPPORTED */
114# define RELOC_TYPE 2 /* ip-rel */
115# define __get_user_size(val, addr, n, err) \
116do { \
117 __ld_user("__ex_table", (unsigned long) addr, n, RELOC_TYPE); \
118 (err) = ia64_getreg(_IA64_REG_R8); \
119 (val) = ia64_getreg(_IA64_REG_R9); \
120} while (0)
121# define __put_user_size(val, addr, n, err) \
122do { \
123 __st_user("__ex_table", (unsigned long) addr, n, RELOC_TYPE, \
124 (__force unsigned long) (val)); \
125 (err) = ia64_getreg(_IA64_REG_R8); \
126} while (0)
127#endif /* !ASM_SUPPORTED */
128
129extern void __get_user_unknown (void);
130
131/*
132 * Evaluating arguments X, PTR, SIZE, and SEGMENT may involve subroutine-calls, which
133 * could clobber r8 and r9 (among others). Thus, be careful not to evaluate it while
134 * using r8/r9.
135 */
136#define __do_get_user(check, x, ptr, size) \
137({ \
138 const __typeof__(*(ptr)) __user *__gu_ptr = (ptr); \
139 __typeof__ (size) __gu_size = (size); \
140 long __gu_err = -EFAULT; \
141 unsigned long __gu_val = 0; \
142 if (!check || __access_ok(__gu_ptr, size)) \
143 switch (__gu_size) { \
144 case 1: __get_user_size(__gu_val, __gu_ptr, 1, __gu_err); break; \
145 case 2: __get_user_size(__gu_val, __gu_ptr, 2, __gu_err); break; \
146 case 4: __get_user_size(__gu_val, __gu_ptr, 4, __gu_err); break; \
147 case 8: __get_user_size(__gu_val, __gu_ptr, 8, __gu_err); break; \
148 default: __get_user_unknown(); break; \
149 } \
150 (x) = (__force __typeof__(*(__gu_ptr))) __gu_val; \
151 __gu_err; \
152})
153
154#define __get_user_nocheck(x, ptr, size) __do_get_user(0, x, ptr, size)
155#define __get_user_check(x, ptr, size) __do_get_user(1, x, ptr, size)
156
157extern void __put_user_unknown (void);
158
159/*
160 * Evaluating arguments X, PTR, SIZE, and SEGMENT may involve subroutine-calls, which
161 * could clobber r8 (among others). Thus, be careful not to evaluate them while using r8.
162 */
163#define __do_put_user(check, x, ptr, size) \
164({ \
165 __typeof__ (x) __pu_x = (x); \
166 __typeof__ (*(ptr)) __user *__pu_ptr = (ptr); \
167 __typeof__ (size) __pu_size = (size); \
168 long __pu_err = -EFAULT; \
169 \
170 if (!check || __access_ok(__pu_ptr, __pu_size)) \
171 switch (__pu_size) { \
172 case 1: __put_user_size(__pu_x, __pu_ptr, 1, __pu_err); break; \
173 case 2: __put_user_size(__pu_x, __pu_ptr, 2, __pu_err); break; \
174 case 4: __put_user_size(__pu_x, __pu_ptr, 4, __pu_err); break; \
175 case 8: __put_user_size(__pu_x, __pu_ptr, 8, __pu_err); break; \
176 default: __put_user_unknown(); break; \
177 } \
178 __pu_err; \
179})
180
181#define __put_user_nocheck(x, ptr, size) __do_put_user(0, x, ptr, size)
182#define __put_user_check(x, ptr, size) __do_put_user(1, x, ptr, size)
183
184/*
185 * Complex access routines
186 */
187extern unsigned long __must_check __copy_user (void __user *to, const void __user *from,
188 unsigned long count);
189
190static inline unsigned long
191raw_copy_to_user(void __user *to, const void *from, unsigned long count)
192{
193 return __copy_user(to, (__force void __user *) from, count);
194}
195
196static inline unsigned long
197raw_copy_from_user(void *to, const void __user *from, unsigned long count)
198{
199 return __copy_user((__force void __user *) to, from, count);
200}
201
202#define INLINE_COPY_FROM_USER
203#define INLINE_COPY_TO_USER
204
205extern unsigned long __do_clear_user (void __user *, unsigned long);
206
207#define __clear_user(to, n) __do_clear_user(to, n)
208
209#define clear_user(to, n) \
210({ \
211 unsigned long __cu_len = (n); \
212 if (__access_ok(to, __cu_len)) \
213 __cu_len = __do_clear_user(to, __cu_len); \
214 __cu_len; \
215})
216
217
218/*
219 * Returns: -EFAULT if exception before terminator, N if the entire buffer filled, else
220 * strlen.
221 */
222extern long __must_check __strncpy_from_user (char *to, const char __user *from, long to_len);
223
224#define strncpy_from_user(to, from, n) \
225({ \
226 const char __user * __sfu_from = (from); \
227 long __sfu_ret = -EFAULT; \
228 if (__access_ok(__sfu_from, 0)) \
229 __sfu_ret = __strncpy_from_user((to), __sfu_from, (n)); \
230 __sfu_ret; \
231})
232
233/*
234 * Returns: 0 if exception before NUL or reaching the supplied limit
235 * (N), a value greater than N if the limit would be exceeded, else
236 * strlen.
237 */
238extern unsigned long __strnlen_user (const char __user *, long);
239
240#define strnlen_user(str, len) \
241({ \
242 const char __user *__su_str = (str); \
243 unsigned long __su_ret = 0; \
244 if (__access_ok(__su_str, 0)) \
245 __su_ret = __strnlen_user(__su_str, len); \
246 __su_ret; \
247})
248
249#define ARCH_HAS_TRANSLATE_MEM_PTR 1
250static __inline__ void *
251xlate_dev_mem_ptr(phys_addr_t p)
252{
253 struct page *page;
254 void *ptr;
255
256 page = pfn_to_page(p >> PAGE_SHIFT);
257 if (PageUncached(page))
258 ptr = (void *)p + __IA64_UNCACHED_OFFSET;
259 else
260 ptr = __va(p);
261
262 return ptr;
263}
264
265#endif /* _ASM_IA64_UACCESS_H */