2 * User address space access functions.
3 * The non inlined parts of asm-i386/uaccess.h are here.
5 * Copyright 1997 Andi Kleen <ak@muc.de>
6 * Copyright 1997 Linus Torvalds
9 #include <linux/highmem.h>
10 #include <linux/blkdev.h>
11 #include <linux/module.h>
12 #include <linux/backing-dev.h>
13 #include <linux/interrupt.h>
14 #include <asm/uaccess.h>
17 #ifdef CONFIG_X86_INTEL_USERCOPY
19 * Alignment at which movsl is preferred for bulk memory copies.
21 struct movsl_mask movsl_mask __read_mostly
;
24 static inline int __movsl_is_ok(unsigned long a1
, unsigned long a2
, unsigned long n
)
26 #ifdef CONFIG_X86_INTEL_USERCOPY
27 if (n
>= 64 && ((a1
^ a2
) & movsl_mask
.mask
))
32 #define movsl_is_ok(a1, a2, n) \
33 __movsl_is_ok((unsigned long)(a1), (unsigned long)(a2), (n))
36 * Copy a null terminated string from userspace.
39 #define __do_strncpy_from_user(dst, src, count, res) \
41 int __d0, __d1, __d2; \
43 __asm__ __volatile__( \
48 " testb %%al,%%al\n" \
54 ".section .fixup,\"ax\"\n" \
59 : "=&d"(res), "=&c"(count), "=&a" (__d0), "=&S" (__d1), \
61 : "i"(-EFAULT), "0"(count), "1"(count), "3"(src), "4"(dst) \
66 * __strncpy_from_user: - Copy a NUL terminated string from userspace, with less checking.
67 * @dst: Destination address, in kernel space. This buffer must be at
68 * least @count bytes long.
69 * @src: Source address, in user space.
70 * @count: Maximum number of bytes to copy, including the trailing NUL.
72 * Copies a NUL-terminated string from userspace to kernel space.
73 * Caller must check the specified block with access_ok() before calling
76 * On success, returns the length of the string (not including the trailing
79 * If access to userspace fails, returns -EFAULT (some data may have been
82 * If @count is smaller than the length of the string, copies @count bytes
86 __strncpy_from_user(char *dst
, const char __user
*src
, long count
)
89 __do_strncpy_from_user(dst
, src
, count
, res
);
92 EXPORT_SYMBOL(__strncpy_from_user
);
95 * strncpy_from_user: - Copy a NUL terminated string from userspace.
96 * @dst: Destination address, in kernel space. This buffer must be at
97 * least @count bytes long.
98 * @src: Source address, in user space.
99 * @count: Maximum number of bytes to copy, including the trailing NUL.
101 * Copies a NUL-terminated string from userspace to kernel space.
103 * On success, returns the length of the string (not including the trailing
106 * If access to userspace fails, returns -EFAULT (some data may have been
109 * If @count is smaller than the length of the string, copies @count bytes
110 * and returns @count.
113 strncpy_from_user(char *dst
, const char __user
*src
, long count
)
116 if (access_ok(VERIFY_READ
, src
, 1))
117 __do_strncpy_from_user(dst
, src
, count
, res
);
120 EXPORT_SYMBOL(strncpy_from_user
);
126 #define __do_clear_user(addr,size) \
130 __asm__ __volatile__( \
135 ".section .fixup,\"ax\"\n" \
136 "3: lea 0(%2,%0,4),%0\n" \
139 _ASM_EXTABLE(0b,3b) \
140 _ASM_EXTABLE(1b,2b) \
141 : "=&c"(size), "=&D" (__d0) \
142 : "r"(size & 3), "0"(size / 4), "1"(addr), "a"(0)); \
146 * clear_user: - Zero a block of memory in user space.
147 * @to: Destination address, in user space.
148 * @n: Number of bytes to zero.
150 * Zero a block of memory in user space.
152 * Returns number of bytes that could not be cleared.
153 * On success, this will be zero.
156 clear_user(void __user
*to
, unsigned long n
)
159 if (access_ok(VERIFY_WRITE
, to
, n
))
160 __do_clear_user(to
, n
);
163 EXPORT_SYMBOL(clear_user
);
166 * __clear_user: - Zero a block of memory in user space, with less checking.
167 * @to: Destination address, in user space.
168 * @n: Number of bytes to zero.
170 * Zero a block of memory in user space. Caller must check
171 * the specified block with access_ok() before calling this function.
173 * Returns number of bytes that could not be cleared.
174 * On success, this will be zero.
177 __clear_user(void __user
*to
, unsigned long n
)
179 __do_clear_user(to
, n
);
182 EXPORT_SYMBOL(__clear_user
);
185 * strnlen_user: - Get the size of a string in user space.
186 * @s: The string to measure.
187 * @n: The maximum valid length
189 * Get the size of a NUL-terminated string in user space.
191 * Returns the size of the string INCLUDING the terminating NUL.
192 * On exception, returns 0.
193 * If the string is too long, returns a value greater than @n.
195 long strnlen_user(const char __user
*s
, long n
)
197 unsigned long mask
= -__addr_ok(s
);
198 unsigned long res
, tmp
;
202 __asm__
__volatile__(
211 ".section .fixup,\"ax\"\n"
212 "2: xorl %%eax,%%eax\n"
217 ".section __ex_table,\"a\"\n"
221 :"=&r" (n
), "=&D" (s
), "=&a" (res
), "=&c" (tmp
)
222 :"0" (n
), "1" (s
), "2" (0), "3" (mask
)
226 EXPORT_SYMBOL(strnlen_user
);
228 #ifdef CONFIG_X86_INTEL_USERCOPY
230 __copy_user_intel(void __user
*to
, const void *from
, unsigned long size
)
233 __asm__
__volatile__(
235 "1: movl 32(%4), %%eax\n"
238 "2: movl 64(%4), %%eax\n"
240 "3: movl 0(%4), %%eax\n"
241 "4: movl 4(%4), %%edx\n"
242 "5: movl %%eax, 0(%3)\n"
243 "6: movl %%edx, 4(%3)\n"
244 "7: movl 8(%4), %%eax\n"
245 "8: movl 12(%4),%%edx\n"
246 "9: movl %%eax, 8(%3)\n"
247 "10: movl %%edx, 12(%3)\n"
248 "11: movl 16(%4), %%eax\n"
249 "12: movl 20(%4), %%edx\n"
250 "13: movl %%eax, 16(%3)\n"
251 "14: movl %%edx, 20(%3)\n"
252 "15: movl 24(%4), %%eax\n"
253 "16: movl 28(%4), %%edx\n"
254 "17: movl %%eax, 24(%3)\n"
255 "18: movl %%edx, 28(%3)\n"
256 "19: movl 32(%4), %%eax\n"
257 "20: movl 36(%4), %%edx\n"
258 "21: movl %%eax, 32(%3)\n"
259 "22: movl %%edx, 36(%3)\n"
260 "23: movl 40(%4), %%eax\n"
261 "24: movl 44(%4), %%edx\n"
262 "25: movl %%eax, 40(%3)\n"
263 "26: movl %%edx, 44(%3)\n"
264 "27: movl 48(%4), %%eax\n"
265 "28: movl 52(%4), %%edx\n"
266 "29: movl %%eax, 48(%3)\n"
267 "30: movl %%edx, 52(%3)\n"
268 "31: movl 56(%4), %%eax\n"
269 "32: movl 60(%4), %%edx\n"
270 "33: movl %%eax, 56(%3)\n"
271 "34: movl %%edx, 60(%3)\n"
277 "35: movl %0, %%eax\n"
282 "36: movl %%eax, %0\n"
285 ".section .fixup,\"ax\"\n"
286 "101: lea 0(%%eax,%0,4),%0\n"
289 ".section __ex_table,\"a\"\n"
330 : "=&c"(size
), "=&D" (d0
), "=&S" (d1
)
331 : "1"(to
), "2"(from
), "0"(size
)
332 : "eax", "edx", "memory");
337 __copy_user_zeroing_intel(void *to
, const void __user
*from
, unsigned long size
)
340 __asm__
__volatile__(
342 "0: movl 32(%4), %%eax\n"
345 "1: movl 64(%4), %%eax\n"
347 "2: movl 0(%4), %%eax\n"
348 "21: movl 4(%4), %%edx\n"
349 " movl %%eax, 0(%3)\n"
350 " movl %%edx, 4(%3)\n"
351 "3: movl 8(%4), %%eax\n"
352 "31: movl 12(%4),%%edx\n"
353 " movl %%eax, 8(%3)\n"
354 " movl %%edx, 12(%3)\n"
355 "4: movl 16(%4), %%eax\n"
356 "41: movl 20(%4), %%edx\n"
357 " movl %%eax, 16(%3)\n"
358 " movl %%edx, 20(%3)\n"
359 "10: movl 24(%4), %%eax\n"
360 "51: movl 28(%4), %%edx\n"
361 " movl %%eax, 24(%3)\n"
362 " movl %%edx, 28(%3)\n"
363 "11: movl 32(%4), %%eax\n"
364 "61: movl 36(%4), %%edx\n"
365 " movl %%eax, 32(%3)\n"
366 " movl %%edx, 36(%3)\n"
367 "12: movl 40(%4), %%eax\n"
368 "71: movl 44(%4), %%edx\n"
369 " movl %%eax, 40(%3)\n"
370 " movl %%edx, 44(%3)\n"
371 "13: movl 48(%4), %%eax\n"
372 "81: movl 52(%4), %%edx\n"
373 " movl %%eax, 48(%3)\n"
374 " movl %%edx, 52(%3)\n"
375 "14: movl 56(%4), %%eax\n"
376 "91: movl 60(%4), %%edx\n"
377 " movl %%eax, 56(%3)\n"
378 " movl %%edx, 60(%3)\n"
384 "5: movl %0, %%eax\n"
392 ".section .fixup,\"ax\"\n"
393 "9: lea 0(%%eax,%0,4),%0\n"
396 " xorl %%eax,%%eax\n"
402 ".section __ex_table,\"a\"\n"
425 : "=&c"(size
), "=&D" (d0
), "=&S" (d1
)
426 : "1"(to
), "2"(from
), "0"(size
)
427 : "eax", "edx", "memory");
432 * Non Temporal Hint version of __copy_user_zeroing_intel. It is cache aware.
433 * hyoshiok@miraclelinux.com
436 static unsigned long __copy_user_zeroing_intel_nocache(void *to
,
437 const void __user
*from
, unsigned long size
)
441 __asm__
__volatile__(
443 "0: movl 32(%4), %%eax\n"
446 "1: movl 64(%4), %%eax\n"
448 "2: movl 0(%4), %%eax\n"
449 "21: movl 4(%4), %%edx\n"
450 " movnti %%eax, 0(%3)\n"
451 " movnti %%edx, 4(%3)\n"
452 "3: movl 8(%4), %%eax\n"
453 "31: movl 12(%4),%%edx\n"
454 " movnti %%eax, 8(%3)\n"
455 " movnti %%edx, 12(%3)\n"
456 "4: movl 16(%4), %%eax\n"
457 "41: movl 20(%4), %%edx\n"
458 " movnti %%eax, 16(%3)\n"
459 " movnti %%edx, 20(%3)\n"
460 "10: movl 24(%4), %%eax\n"
461 "51: movl 28(%4), %%edx\n"
462 " movnti %%eax, 24(%3)\n"
463 " movnti %%edx, 28(%3)\n"
464 "11: movl 32(%4), %%eax\n"
465 "61: movl 36(%4), %%edx\n"
466 " movnti %%eax, 32(%3)\n"
467 " movnti %%edx, 36(%3)\n"
468 "12: movl 40(%4), %%eax\n"
469 "71: movl 44(%4), %%edx\n"
470 " movnti %%eax, 40(%3)\n"
471 " movnti %%edx, 44(%3)\n"
472 "13: movl 48(%4), %%eax\n"
473 "81: movl 52(%4), %%edx\n"
474 " movnti %%eax, 48(%3)\n"
475 " movnti %%edx, 52(%3)\n"
476 "14: movl 56(%4), %%eax\n"
477 "91: movl 60(%4), %%edx\n"
478 " movnti %%eax, 56(%3)\n"
479 " movnti %%edx, 60(%3)\n"
486 "5: movl %0, %%eax\n"
494 ".section .fixup,\"ax\"\n"
495 "9: lea 0(%%eax,%0,4),%0\n"
498 " xorl %%eax,%%eax\n"
504 ".section __ex_table,\"a\"\n"
527 : "=&c"(size
), "=&D" (d0
), "=&S" (d1
)
528 : "1"(to
), "2"(from
), "0"(size
)
529 : "eax", "edx", "memory");
533 static unsigned long __copy_user_intel_nocache(void *to
,
534 const void __user
*from
, unsigned long size
)
538 __asm__
__volatile__(
540 "0: movl 32(%4), %%eax\n"
543 "1: movl 64(%4), %%eax\n"
545 "2: movl 0(%4), %%eax\n"
546 "21: movl 4(%4), %%edx\n"
547 " movnti %%eax, 0(%3)\n"
548 " movnti %%edx, 4(%3)\n"
549 "3: movl 8(%4), %%eax\n"
550 "31: movl 12(%4),%%edx\n"
551 " movnti %%eax, 8(%3)\n"
552 " movnti %%edx, 12(%3)\n"
553 "4: movl 16(%4), %%eax\n"
554 "41: movl 20(%4), %%edx\n"
555 " movnti %%eax, 16(%3)\n"
556 " movnti %%edx, 20(%3)\n"
557 "10: movl 24(%4), %%eax\n"
558 "51: movl 28(%4), %%edx\n"
559 " movnti %%eax, 24(%3)\n"
560 " movnti %%edx, 28(%3)\n"
561 "11: movl 32(%4), %%eax\n"
562 "61: movl 36(%4), %%edx\n"
563 " movnti %%eax, 32(%3)\n"
564 " movnti %%edx, 36(%3)\n"
565 "12: movl 40(%4), %%eax\n"
566 "71: movl 44(%4), %%edx\n"
567 " movnti %%eax, 40(%3)\n"
568 " movnti %%edx, 44(%3)\n"
569 "13: movl 48(%4), %%eax\n"
570 "81: movl 52(%4), %%edx\n"
571 " movnti %%eax, 48(%3)\n"
572 " movnti %%edx, 52(%3)\n"
573 "14: movl 56(%4), %%eax\n"
574 "91: movl 60(%4), %%edx\n"
575 " movnti %%eax, 56(%3)\n"
576 " movnti %%edx, 60(%3)\n"
583 "5: movl %0, %%eax\n"
591 ".section .fixup,\"ax\"\n"
592 "9: lea 0(%%eax,%0,4),%0\n"
595 ".section __ex_table,\"a\"\n"
618 : "=&c"(size
), "=&D" (d0
), "=&S" (d1
)
619 : "1"(to
), "2"(from
), "0"(size
)
620 : "eax", "edx", "memory");
627 * Leave these declared but undefined. They should not be any references to
630 unsigned long __copy_user_zeroing_intel(void *to
, const void __user
*from
,
632 unsigned long __copy_user_intel(void __user
*to
, const void *from
,
634 unsigned long __copy_user_zeroing_intel_nocache(void *to
,
635 const void __user
*from
, unsigned long size
);
636 #endif /* CONFIG_X86_INTEL_USERCOPY */
638 /* Generic arbitrary sized copy. */
639 #define __copy_user(to, from, size) \
641 int __d0, __d1, __d2; \
642 __asm__ __volatile__( \
658 ".section .fixup,\"ax\"\n" \
661 "3: lea 0(%3,%0,4),%0\n" \
664 ".section __ex_table,\"a\"\n" \
670 : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2) \
671 : "3"(size), "0"(size), "1"(to), "2"(from) \
675 #define __copy_user_zeroing(to, from, size) \
677 int __d0, __d1, __d2; \
678 __asm__ __volatile__( \
694 ".section .fixup,\"ax\"\n" \
697 "3: lea 0(%3,%0,4),%0\n" \
700 " xorl %%eax,%%eax\n" \
706 ".section __ex_table,\"a\"\n" \
712 : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2) \
713 : "3"(size), "0"(size), "1"(to), "2"(from) \
717 unsigned long __copy_to_user_ll(void __user
*to
, const void *from
,
720 #ifndef CONFIG_X86_WP_WORKS_OK
721 if (unlikely(boot_cpu_data
.wp_works_ok
== 0) &&
722 ((unsigned long)to
) < TASK_SIZE
) {
724 * When we are in an atomic section (see
725 * mm/filemap.c:file_read_actor), return the full
726 * length to take the slow path.
732 * CPU does not honor the WP bit when writing
733 * from supervisory mode, and due to preemption or SMP,
734 * the page tables can change at any time.
735 * Do it manually. Manfred <manfred@colorfullife.com>
738 unsigned long offset
= ((unsigned long)to
)%PAGE_SIZE
;
739 unsigned long len
= PAGE_SIZE
- offset
;
748 down_read(¤t
->mm
->mmap_sem
);
749 retval
= get_user_pages(current
, current
->mm
,
750 (unsigned long)to
, 1, 1, 0, &pg
, NULL
);
752 if (retval
== -ENOMEM
&& is_global_init(current
)) {
753 up_read(¤t
->mm
->mmap_sem
);
754 congestion_wait(BLK_RW_ASYNC
, HZ
/50);
759 up_read(¤t
->mm
->mmap_sem
);
763 maddr
= kmap_atomic(pg
, KM_USER0
);
764 memcpy(maddr
+ offset
, from
, len
);
765 kunmap_atomic(maddr
, KM_USER0
);
766 set_page_dirty_lock(pg
);
768 up_read(¤t
->mm
->mmap_sem
);
777 if (movsl_is_ok(to
, from
, n
))
778 __copy_user(to
, from
, n
);
780 n
= __copy_user_intel(to
, from
, n
);
783 EXPORT_SYMBOL(__copy_to_user_ll
);
785 unsigned long __copy_from_user_ll(void *to
, const void __user
*from
,
788 if (movsl_is_ok(to
, from
, n
))
789 __copy_user_zeroing(to
, from
, n
);
791 n
= __copy_user_zeroing_intel(to
, from
, n
);
794 EXPORT_SYMBOL(__copy_from_user_ll
);
796 unsigned long __copy_from_user_ll_nozero(void *to
, const void __user
*from
,
799 if (movsl_is_ok(to
, from
, n
))
800 __copy_user(to
, from
, n
);
802 n
= __copy_user_intel((void __user
*)to
,
803 (const void *)from
, n
);
806 EXPORT_SYMBOL(__copy_from_user_ll_nozero
);
808 unsigned long __copy_from_user_ll_nocache(void *to
, const void __user
*from
,
811 #ifdef CONFIG_X86_INTEL_USERCOPY
812 if (n
> 64 && cpu_has_xmm2
)
813 n
= __copy_user_zeroing_intel_nocache(to
, from
, n
);
815 __copy_user_zeroing(to
, from
, n
);
817 __copy_user_zeroing(to
, from
, n
);
821 EXPORT_SYMBOL(__copy_from_user_ll_nocache
);
823 unsigned long __copy_from_user_ll_nocache_nozero(void *to
, const void __user
*from
,
826 #ifdef CONFIG_X86_INTEL_USERCOPY
827 if (n
> 64 && cpu_has_xmm2
)
828 n
= __copy_user_intel_nocache(to
, from
, n
);
830 __copy_user(to
, from
, n
);
832 __copy_user(to
, from
, n
);
836 EXPORT_SYMBOL(__copy_from_user_ll_nocache_nozero
);
839 * copy_to_user: - Copy a block of data into user space.
840 * @to: Destination address, in user space.
841 * @from: Source address, in kernel space.
842 * @n: Number of bytes to copy.
844 * Context: User context only. This function may sleep.
846 * Copy data from kernel space to user space.
848 * Returns number of bytes that could not be copied.
849 * On success, this will be zero.
852 copy_to_user(void __user
*to
, const void *from
, unsigned long n
)
854 if (access_ok(VERIFY_WRITE
, to
, n
))
855 n
= __copy_to_user(to
, from
, n
);
858 EXPORT_SYMBOL(copy_to_user
);
861 * copy_from_user: - Copy a block of data from user space.
862 * @to: Destination address, in kernel space.
863 * @from: Source address, in user space.
864 * @n: Number of bytes to copy.
866 * Context: User context only. This function may sleep.
868 * Copy data from user space to kernel space.
870 * Returns number of bytes that could not be copied.
871 * On success, this will be zero.
873 * If some data could not be copied, this function will pad the copied
874 * data to the requested size using zero bytes.
877 _copy_from_user(void *to
, const void __user
*from
, unsigned long n
)
879 if (access_ok(VERIFY_READ
, from
, n
))
880 n
= __copy_from_user(to
, from
, n
);
885 EXPORT_SYMBOL(_copy_from_user
);
887 void copy_from_user_overflow(void)
889 WARN(1, "Buffer overflow detected!\n");
891 EXPORT_SYMBOL(copy_from_user_overflow
);