Avoid beyond bounds copy while caching ACL
[zen-stable.git] / arch / openrisc / include / asm / uaccess.h
blobc310e45b538ed21e3973373b97a1352503d9d298
1 /*
2 * OpenRISC Linux
4 * Linux architectural port borrowing liberally from similar works of
5 * others. All original copyrights apply as per the original source
6 * declaration.
8 * OpenRISC implementation:
9 * Copyright (C) 2003 Matjaz Breskvar <phoenix@bsemi.com>
10 * Copyright (C) 2010-2011 Jonas Bonn <jonas@southpole.se>
11 * et al.
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
19 #ifndef __ASM_OPENRISC_UACCESS_H
20 #define __ASM_OPENRISC_UACCESS_H
23 * User space memory access functions
25 #include <linux/errno.h>
26 #include <linux/thread_info.h>
27 #include <linux/prefetch.h>
28 #include <linux/string.h>
29 #include <linux/thread_info.h>
30 #include <asm/page.h>
32 #define VERIFY_READ 0
33 #define VERIFY_WRITE 1
36 * The fs value determines whether argument validity checking should be
37 * performed or not. If get_fs() == USER_DS, checking is performed, with
38 * get_fs() == KERNEL_DS, checking is bypassed.
40 * For historical reasons, these macros are grossly misnamed.
43 /* addr_limit is the maximum accessible address for the task. we misuse
44 * the KERNEL_DS and USER_DS values to both assign and compare the
45 * addr_limit values through the equally misnamed get/set_fs macros.
46 * (see above)
49 #define KERNEL_DS (~0UL)
50 #define get_ds() (KERNEL_DS)
52 #define USER_DS (TASK_SIZE)
53 #define get_fs() (current_thread_info()->addr_limit)
54 #define set_fs(x) (current_thread_info()->addr_limit = (x))
56 #define segment_eq(a, b) ((a) == (b))
58 /* Ensure that the range from addr to addr+size is all within the process'
59 * address space
61 #define __range_ok(addr, size) (size <= get_fs() && addr <= (get_fs()-size))
63 /* Ensure that addr is below task's addr_limit */
64 #define __addr_ok(addr) ((unsigned long) addr < get_fs())
66 #define access_ok(type, addr, size) \
67 __range_ok((unsigned long)addr, (unsigned long)size)
70 * The exception table consists of pairs of addresses: the first is the
71 * address of an instruction that is allowed to fault, and the second is
72 * the address at which the program should continue. No registers are
73 * modified, so it is entirely up to the continuation code to figure out
74 * what to do.
76 * All the routines below use bits of fixup code that are out of line
77 * with the main instruction path. This means when everything is well,
78 * we don't even have to jump over them. Further, they do not intrude
79 * on our cache or tlb entries.
82 struct exception_table_entry {
83 unsigned long insn, fixup;
86 /* Returns 0 if exception not found and fixup otherwise. */
87 extern unsigned long search_exception_table(unsigned long);
88 extern void sort_exception_table(void);
91 * These are the main single-value transfer routines. They automatically
92 * use the right size if we just have the right pointer type.
94 * This gets kind of ugly. We want to return _two_ values in "get_user()"
95 * and yet we don't want to do any pointers, because that is too much
96 * of a performance impact. Thus we have a few rather ugly macros here,
97 * and hide all the uglyness from the user.
99 * The "__xxx" versions of the user access functions are versions that
100 * do not verify the address space, that must have been done previously
101 * with a separate "access_ok()" call (this is used when we do multiple
102 * accesses to the same area of user memory).
104 * As we use the same address space for kernel and user data on the
105 * PowerPC, we can just do these as direct assignments. (Of course, the
106 * exception handling means that it's no longer "just"...)
108 #define get_user(x, ptr) \
109 __get_user_check((x), (ptr), sizeof(*(ptr)))
110 #define put_user(x, ptr) \
111 __put_user_check((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
113 #define __get_user(x, ptr) \
114 __get_user_nocheck((x), (ptr), sizeof(*(ptr)))
115 #define __put_user(x, ptr) \
116 __put_user_nocheck((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)))
118 extern long __put_user_bad(void);
120 #define __put_user_nocheck(x, ptr, size) \
121 ({ \
122 long __pu_err; \
123 __put_user_size((x), (ptr), (size), __pu_err); \
124 __pu_err; \
127 #define __put_user_check(x, ptr, size) \
128 ({ \
129 long __pu_err = -EFAULT; \
130 __typeof__(*(ptr)) *__pu_addr = (ptr); \
131 if (access_ok(VERIFY_WRITE, __pu_addr, size)) \
132 __put_user_size((x), __pu_addr, (size), __pu_err); \
133 __pu_err; \
136 #define __put_user_size(x, ptr, size, retval) \
137 do { \
138 retval = 0; \
139 switch (size) { \
140 case 1: __put_user_asm(x, ptr, retval, "l.sb"); break; \
141 case 2: __put_user_asm(x, ptr, retval, "l.sh"); break; \
142 case 4: __put_user_asm(x, ptr, retval, "l.sw"); break; \
143 case 8: __put_user_asm2(x, ptr, retval); break; \
144 default: __put_user_bad(); \
146 } while (0)
148 struct __large_struct {
149 unsigned long buf[100];
151 #define __m(x) (*(struct __large_struct *)(x))
154 * We don't tell gcc that we are accessing memory, but this is OK
155 * because we do not write to any memory gcc knows about, so there
156 * are no aliasing issues.
158 #define __put_user_asm(x, addr, err, op) \
159 __asm__ __volatile__( \
160 "1: "op" 0(%2),%1\n" \
161 "2:\n" \
162 ".section .fixup,\"ax\"\n" \
163 "3: l.addi %0,r0,%3\n" \
164 " l.j 2b\n" \
165 " l.nop\n" \
166 ".previous\n" \
167 ".section __ex_table,\"a\"\n" \
168 " .align 2\n" \
169 " .long 1b,3b\n" \
170 ".previous" \
171 : "=r"(err) \
172 : "r"(x), "r"(addr), "i"(-EFAULT), "0"(err))
174 #define __put_user_asm2(x, addr, err) \
175 __asm__ __volatile__( \
176 "1: l.sw 0(%2),%1\n" \
177 "2: l.sw 4(%2),%H1\n" \
178 "3:\n" \
179 ".section .fixup,\"ax\"\n" \
180 "4: l.addi %0,r0,%3\n" \
181 " l.j 3b\n" \
182 " l.nop\n" \
183 ".previous\n" \
184 ".section __ex_table,\"a\"\n" \
185 " .align 2\n" \
186 " .long 1b,4b\n" \
187 " .long 2b,4b\n" \
188 ".previous" \
189 : "=r"(err) \
190 : "r"(x), "r"(addr), "i"(-EFAULT), "0"(err))
192 #define __get_user_nocheck(x, ptr, size) \
193 ({ \
194 long __gu_err, __gu_val; \
195 __get_user_size(__gu_val, (ptr), (size), __gu_err); \
196 (x) = (__typeof__(*(ptr)))__gu_val; \
197 __gu_err; \
200 #define __get_user_check(x, ptr, size) \
201 ({ \
202 long __gu_err = -EFAULT, __gu_val = 0; \
203 const __typeof__(*(ptr)) * __gu_addr = (ptr); \
204 if (access_ok(VERIFY_READ, __gu_addr, size)) \
205 __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \
206 (x) = (__typeof__(*(ptr)))__gu_val; \
207 __gu_err; \
210 extern long __get_user_bad(void);
212 #define __get_user_size(x, ptr, size, retval) \
213 do { \
214 retval = 0; \
215 switch (size) { \
216 case 1: __get_user_asm(x, ptr, retval, "l.lbz"); break; \
217 case 2: __get_user_asm(x, ptr, retval, "l.lhz"); break; \
218 case 4: __get_user_asm(x, ptr, retval, "l.lwz"); break; \
219 case 8: __get_user_asm2(x, ptr, retval); \
220 default: (x) = __get_user_bad(); \
222 } while (0)
224 #define __get_user_asm(x, addr, err, op) \
225 __asm__ __volatile__( \
226 "1: "op" %1,0(%2)\n" \
227 "2:\n" \
228 ".section .fixup,\"ax\"\n" \
229 "3: l.addi %0,r0,%3\n" \
230 " l.addi %1,r0,0\n" \
231 " l.j 2b\n" \
232 " l.nop\n" \
233 ".previous\n" \
234 ".section __ex_table,\"a\"\n" \
235 " .align 2\n" \
236 " .long 1b,3b\n" \
237 ".previous" \
238 : "=r"(err), "=r"(x) \
239 : "r"(addr), "i"(-EFAULT), "0"(err))
241 #define __get_user_asm2(x, addr, err) \
242 __asm__ __volatile__( \
243 "1: l.lwz %1,0(%2)\n" \
244 "2: l.lwz %H1,4(%2)\n" \
245 "3:\n" \
246 ".section .fixup,\"ax\"\n" \
247 "4: l.addi %0,r0,%3\n" \
248 " l.addi %1,r0,0\n" \
249 " l.addi %H1,r0,0\n" \
250 " l.j 3b\n" \
251 " l.nop\n" \
252 ".previous\n" \
253 ".section __ex_table,\"a\"\n" \
254 " .align 2\n" \
255 " .long 1b,4b\n" \
256 " .long 2b,4b\n" \
257 ".previous" \
258 : "=r"(err), "=&r"(x) \
259 : "r"(addr), "i"(-EFAULT), "0"(err))
261 /* more complex routines */
263 extern unsigned long __must_check
264 __copy_tofrom_user(void *to, const void *from, unsigned long size);
266 #define __copy_from_user(to, from, size) \
267 __copy_tofrom_user(to, from, size)
268 #define __copy_to_user(to, from, size) \
269 __copy_tofrom_user(to, from, size)
271 #define __copy_to_user_inatomic __copy_to_user
272 #define __copy_from_user_inatomic __copy_from_user
274 static inline unsigned long
275 copy_from_user(void *to, const void *from, unsigned long n)
277 unsigned long over;
279 if (access_ok(VERIFY_READ, from, n))
280 return __copy_tofrom_user(to, from, n);
281 if ((unsigned long)from < TASK_SIZE) {
282 over = (unsigned long)from + n - TASK_SIZE;
283 return __copy_tofrom_user(to, from, n - over) + over;
285 return n;
288 static inline unsigned long
289 copy_to_user(void *to, const void *from, unsigned long n)
291 unsigned long over;
293 if (access_ok(VERIFY_WRITE, to, n))
294 return __copy_tofrom_user(to, from, n);
295 if ((unsigned long)to < TASK_SIZE) {
296 over = (unsigned long)to + n - TASK_SIZE;
297 return __copy_tofrom_user(to, from, n - over) + over;
299 return n;
302 extern unsigned long __clear_user(void *addr, unsigned long size);
304 static inline __must_check unsigned long
305 clear_user(void *addr, unsigned long size)
308 if (access_ok(VERIFY_WRITE, addr, size))
309 return __clear_user(addr, size);
310 if ((unsigned long)addr < TASK_SIZE) {
311 unsigned long over = (unsigned long)addr + size - TASK_SIZE;
312 return __clear_user(addr, size - over) + over;
314 return size;
317 extern int __strncpy_from_user(char *dst, const char *src, long count);
319 static inline long strncpy_from_user(char *dst, const char *src, long count)
321 if (access_ok(VERIFY_READ, src, 1))
322 return __strncpy_from_user(dst, src, count);
323 return -EFAULT;
327 * Return the size of a string (including the ending 0)
329 * Return 0 for error
332 extern int __strnlen_user(const char *str, long len, unsigned long top);
335 * Returns the length of the string at str (including the null byte),
336 * or 0 if we hit a page we can't access,
337 * or something > len if we didn't find a null byte.
339 * The `top' parameter to __strnlen_user is to make sure that
340 * we can never overflow from the user area into kernel space.
342 static inline long strnlen_user(const char __user *str, long len)
344 unsigned long top = (unsigned long)get_fs();
345 unsigned long res = 0;
347 if (__addr_ok(str))
348 res = __strnlen_user(str, len, top);
350 return res;
353 #define strlen_user(str) strnlen_user(str, TASK_SIZE-1)
355 #endif /* __ASM_OPENRISC_UACCESS_H */