2 * This file is subject to the terms and conditions of the GNU General Public
3 * License. See the file "COPYING" in the main directory of this archive
6 * Copyright (C) 1996, 1997, 1998, 1999, 2000, 03, 04 by Ralf Baechle
7 * Copyright (C) 1999, 2000 Silicon Graphics, Inc.
10 #define _ASM_UACCESS_H
12 #include <linux/kernel.h>
13 #include <linux/errno.h>
14 #include <linux/thread_info.h>
15 #include <asm-generic/uaccess.h>
18 * The fs value determines whether argument validity checking should be
19 * performed or not. If get_fs() == USER_DS, checking is performed, with
20 * get_fs() == KERNEL_DS, checking is bypassed.
22 * For historical reasons, these macros are grossly misnamed.
26 #define __UA_LIMIT 0x80000000UL
28 #define __UA_ADDR ".word"
30 #define __UA_ADDU "addu"
34 #endif /* CONFIG_32BIT */
38 #define __UA_LIMIT (- TASK_SIZE)
40 #define __UA_ADDR ".dword"
42 #define __UA_ADDU "daddu"
46 #endif /* CONFIG_64BIT */
49 * USER_DS is a bitmask that has the bits set that may not be set in a valid
50 * userspace address. Note that we limit 32-bit userspace to 0x7fff8000 but
51 * the arithmetic we're doing only works if the limit is a power of two, so
52 * we use 0x80000000 here on 32-bit kernels. If a process passes an invalid
53 * address in this range it's the process's problem, not ours :-)
56 #define KERNEL_DS ((mm_segment_t) { 0UL })
57 #define USER_DS ((mm_segment_t) { __UA_LIMIT })
60 #define VERIFY_WRITE 1
62 #define get_ds() (KERNEL_DS)
63 #define get_fs() (current_thread_info()->addr_limit)
64 #define set_fs(x) (current_thread_info()->addr_limit = (x))
66 #define segment_eq(a,b) ((a).seg == (b).seg)
70 * Is a address valid? This does a straighforward calculation rather
74 * - "addr" doesn't have any high-bits set
75 * - AND "size" doesn't have any high-bits set
76 * - AND "addr+size" doesn't have any high-bits set
77 * - OR we are in kernel mode.
79 * __ua_size() is a trick to avoid runtime checking of positive constant
80 * sizes; for those we already know at compile time that the size is ok.
82 #define __ua_size(size) \
83 ((__builtin_constant_p(size) && (signed long) (size) > 0) ? 0 : (size))
86 * access_ok: - Checks if a user space pointer is valid
87 * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that
88 * %VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe
89 * to write to a block, it is always safe to read from it.
90 * @addr: User space pointer to start of block to check
91 * @size: Size of block to check
93 * Context: User context only. This function may sleep.
95 * Checks if a pointer to a block of memory in user space is valid.
97 * Returns true (nonzero) if the memory block may be valid, false (zero)
98 * if it is definitely invalid.
100 * Note that, depending on architecture, this function probably just
101 * checks that the pointer is in the user space range - after calling
102 * this function, memory access functions may still return -EFAULT.
105 #define __access_mask get_fs().seg
107 #define __access_ok(addr, size, mask) \
109 const volatile void __user *__up = addr; \
110 unsigned long __addr = (unsigned long) __up; \
111 unsigned long __size = size; \
112 unsigned long __mask = mask; \
113 unsigned long __ok; \
115 __ok = (signed long)(__mask & (__addr | (__addr + __size) | \
116 __ua_size(__size))); \
120 #define access_ok(type, addr, size) \
121 likely(__access_ok((addr), (size), __access_mask))
124 * put_user: - Write a simple value into user space.
125 * @x: Value to copy to user space.
126 * @ptr: Destination address, in user space.
128 * Context: User context only. This function may sleep.
130 * This macro copies a single simple value from kernel space to user
131 * space. It supports simple types like char and int, but not larger
132 * data types like structures or arrays.
134 * @ptr must have pointer-to-simple-variable type, and @x must be assignable
135 * to the result of dereferencing @ptr.
137 * Returns zero on success, or -EFAULT on error.
139 #define put_user(x,ptr) \
140 __put_user_check((x),(ptr),sizeof(*(ptr)))
143 * get_user: - Get a simple variable from user space.
144 * @x: Variable to store result.
145 * @ptr: Source address, in user space.
147 * Context: User context only. This function may sleep.
149 * This macro copies a single simple variable from user space to kernel
150 * space. It supports simple types like char and int, but not larger
151 * data types like structures or arrays.
153 * @ptr must have pointer-to-simple-variable type, and the result of
154 * dereferencing @ptr must be assignable to @x without a cast.
156 * Returns zero on success, or -EFAULT on error.
157 * On error, the variable @x is set to zero.
159 #define get_user(x,ptr) \
160 __get_user_check((x),(ptr),sizeof(*(ptr)))
163 * __put_user: - Write a simple value into user space, with less checking.
164 * @x: Value to copy to user space.
165 * @ptr: Destination address, in user space.
167 * Context: User context only. This function may sleep.
169 * This macro copies a single simple value from kernel space to user
170 * space. It supports simple types like char and int, but not larger
171 * data types like structures or arrays.
173 * @ptr must have pointer-to-simple-variable type, and @x must be assignable
174 * to the result of dereferencing @ptr.
176 * Caller must check the pointer with access_ok() before calling this
179 * Returns zero on success, or -EFAULT on error.
181 #define __put_user(x,ptr) \
182 __put_user_nocheck((x),(ptr),sizeof(*(ptr)))
185 * __get_user: - Get a simple variable from user space, with less checking.
186 * @x: Variable to store result.
187 * @ptr: Source address, in user space.
189 * Context: User context only. This function may sleep.
191 * This macro copies a single simple variable from user space to kernel
192 * space. It supports simple types like char and int, but not larger
193 * data types like structures or arrays.
195 * @ptr must have pointer-to-simple-variable type, and the result of
196 * dereferencing @ptr must be assignable to @x without a cast.
198 * Caller must check the pointer with access_ok() before calling this
201 * Returns zero on success, or -EFAULT on error.
202 * On error, the variable @x is set to zero.
204 #define __get_user(x,ptr) \
205 __get_user_nocheck((x),(ptr),sizeof(*(ptr)))
207 struct __large_struct
{ unsigned long buf
[100]; };
208 #define __m(x) (*(struct __large_struct __user *)(x))
211 * Yuck. We need two variants, one for 64bit operation and one
212 * for 32 bit mode and old iron.
215 #define __GET_USER_DW(val, ptr) __get_user_asm_ll32(val, ptr)
218 #define __GET_USER_DW(val, ptr) __get_user_asm(val, "ld", ptr)
221 extern void __get_user_unknown(void);
223 #define __get_user_common(val, size, ptr) \
226 case 1: __get_user_asm(val, "lb", ptr); break; \
227 case 2: __get_user_asm(val, "lh", ptr); break; \
228 case 4: __get_user_asm(val, "lw", ptr); break; \
229 case 8: __GET_USER_DW(val, ptr); break; \
230 default: __get_user_unknown(); break; \
234 #define __get_user_nocheck(x,ptr,size) \
238 __get_user_common((x), size, ptr); \
242 #define __get_user_check(x,ptr,size) \
244 int __gu_err = -EFAULT; \
245 const __typeof__(*(ptr)) __user * __gu_ptr = (ptr); \
247 if (likely(access_ok(VERIFY_READ, __gu_ptr, size))) \
248 __get_user_common((x), size, __gu_ptr); \
253 #define __get_user_asm(val, insn, addr) \
257 __asm__ __volatile__( \
258 "1: " insn " %1, %3 \n" \
260 " .section .fixup,\"ax\" \n" \
264 " .section __ex_table,\"a\" \n" \
265 " "__UA_ADDR "\t1b, 3b \n" \
267 : "=r" (__gu_err), "=r" (__gu_tmp) \
268 : "0" (0), "o" (__m(addr)), "i" (-EFAULT)); \
270 (val) = (__typeof__(*(addr))) __gu_tmp; \
274 * Get a long long 64 using 32 bit registers.
276 #define __get_user_asm_ll32(val, addr) \
279 unsigned long long l; \
280 __typeof__(*(addr)) t; \
283 __asm__ __volatile__( \
284 "1: lw %1, (%3) \n" \
285 "2: lw %D1, 4(%3) \n" \
286 "3: .section .fixup,\"ax\" \n" \
292 " .section __ex_table,\"a\" \n" \
293 " " __UA_ADDR " 1b, 4b \n" \
294 " " __UA_ADDR " 2b, 4b \n" \
296 : "=r" (__gu_err), "=&r" (__gu_tmp.l) \
297 : "0" (0), "r" (addr), "i" (-EFAULT)); \
299 (val) = __gu_tmp.t; \
303 * Yuck. We need two variants, one for 64bit operation and one
304 * for 32 bit mode and old iron.
307 #define __PUT_USER_DW(ptr) __put_user_asm_ll32(ptr)
310 #define __PUT_USER_DW(ptr) __put_user_asm("sd", ptr)
313 #define __put_user_nocheck(x,ptr,size) \
315 __typeof__(*(ptr)) __pu_val; \
320 case 1: __put_user_asm("sb", ptr); break; \
321 case 2: __put_user_asm("sh", ptr); break; \
322 case 4: __put_user_asm("sw", ptr); break; \
323 case 8: __PUT_USER_DW(ptr); break; \
324 default: __put_user_unknown(); break; \
329 #define __put_user_check(x,ptr,size) \
331 __typeof__(*(ptr)) __user *__pu_addr = (ptr); \
332 __typeof__(*(ptr)) __pu_val = (x); \
333 int __pu_err = -EFAULT; \
335 if (likely(access_ok(VERIFY_WRITE, __pu_addr, size))) { \
337 case 1: __put_user_asm("sb", __pu_addr); break; \
338 case 2: __put_user_asm("sh", __pu_addr); break; \
339 case 4: __put_user_asm("sw", __pu_addr); break; \
340 case 8: __PUT_USER_DW(__pu_addr); break; \
341 default: __put_user_unknown(); break; \
347 #define __put_user_asm(insn, ptr) \
349 __asm__ __volatile__( \
350 "1: " insn " %z2, %3 # __put_user_asm\n" \
352 " .section .fixup,\"ax\" \n" \
356 " .section __ex_table,\"a\" \n" \
357 " " __UA_ADDR " 1b, 3b \n" \
360 : "0" (0), "Jr" (__pu_val), "o" (__m(ptr)), \
364 #define __put_user_asm_ll32(ptr) \
366 __asm__ __volatile__( \
367 "1: sw %2, (%3) # __put_user_asm_ll32 \n" \
368 "2: sw %D2, 4(%3) \n" \
370 " .section .fixup,\"ax\" \n" \
374 " .section __ex_table,\"a\" \n" \
375 " " __UA_ADDR " 1b, 4b \n" \
376 " " __UA_ADDR " 2b, 4b \n" \
379 : "0" (0), "r" (__pu_val), "r" (ptr), \
383 extern void __put_user_unknown(void);
386 * We're generating jump to subroutines which will be outside the range of
390 #define __MODULE_JAL(destination) \
392 __UA_LA "\t$1, " #destination "\n\t" \
396 #define __MODULE_JAL(destination) \
397 "jal\t" #destination "\n\t"
400 extern size_t __copy_user(void *__to
, const void *__from
, size_t __n
);
402 #define __invoke_copy_to_user(to,from,n) \
404 register void __user *__cu_to_r __asm__ ("$4"); \
405 register const void *__cu_from_r __asm__ ("$5"); \
406 register long __cu_len_r __asm__ ("$6"); \
409 __cu_from_r = (from); \
411 __asm__ __volatile__( \
412 __MODULE_JAL(__copy_user) \
413 : "+r" (__cu_to_r), "+r" (__cu_from_r), "+r" (__cu_len_r) \
415 : "$8", "$9", "$10", "$11", "$12", "$15", "$24", "$31", \
421 * __copy_to_user: - Copy a block of data into user space, with less checking.
422 * @to: Destination address, in user space.
423 * @from: Source address, in kernel space.
424 * @n: Number of bytes to copy.
426 * Context: User context only. This function may sleep.
428 * Copy data from kernel space to user space. Caller must check
429 * the specified block with access_ok() before calling this function.
431 * Returns number of bytes that could not be copied.
432 * On success, this will be zero.
434 #define __copy_to_user(to,from,n) \
436 void __user *__cu_to; \
437 const void *__cu_from; \
442 __cu_from = (from); \
444 __cu_len = __invoke_copy_to_user(__cu_to, __cu_from, __cu_len); \
448 extern size_t __copy_user_inatomic(void *__to
, const void *__from
, size_t __n
);
450 #define __copy_to_user_inatomic(to,from,n) \
452 void __user *__cu_to; \
453 const void *__cu_from; \
457 __cu_from = (from); \
459 __cu_len = __invoke_copy_to_user(__cu_to, __cu_from, __cu_len); \
463 #define __copy_from_user_inatomic(to,from,n) \
466 const void __user *__cu_from; \
470 __cu_from = (from); \
472 __cu_len = __invoke_copy_from_user_inatomic(__cu_to, __cu_from, \
478 * copy_to_user: - Copy a block of data into user space.
479 * @to: Destination address, in user space.
480 * @from: Source address, in kernel space.
481 * @n: Number of bytes to copy.
483 * Context: User context only. This function may sleep.
485 * Copy data from kernel space to user space.
487 * Returns number of bytes that could not be copied.
488 * On success, this will be zero.
490 #define copy_to_user(to,from,n) \
492 void __user *__cu_to; \
493 const void *__cu_from; \
498 __cu_from = (from); \
500 if (access_ok(VERIFY_WRITE, __cu_to, __cu_len)) \
501 __cu_len = __invoke_copy_to_user(__cu_to, __cu_from, \
506 #define __invoke_copy_from_user(to,from,n) \
508 register void *__cu_to_r __asm__ ("$4"); \
509 register const void __user *__cu_from_r __asm__ ("$5"); \
510 register long __cu_len_r __asm__ ("$6"); \
513 __cu_from_r = (from); \
515 __asm__ __volatile__( \
516 ".set\tnoreorder\n\t" \
517 __MODULE_JAL(__copy_user) \
519 __UA_ADDU "\t$1, %1, %2\n\t" \
522 : "+r" (__cu_to_r), "+r" (__cu_from_r), "+r" (__cu_len_r) \
524 : "$8", "$9", "$10", "$11", "$12", "$15", "$24", "$31", \
529 #define __invoke_copy_from_user_inatomic(to,from,n) \
531 register void *__cu_to_r __asm__ ("$4"); \
532 register const void __user *__cu_from_r __asm__ ("$5"); \
533 register long __cu_len_r __asm__ ("$6"); \
536 __cu_from_r = (from); \
538 __asm__ __volatile__( \
539 ".set\tnoreorder\n\t" \
540 __MODULE_JAL(__copy_user_inatomic) \
542 __UA_ADDU "\t$1, %1, %2\n\t" \
545 : "+r" (__cu_to_r), "+r" (__cu_from_r), "+r" (__cu_len_r) \
547 : "$8", "$9", "$10", "$11", "$12", "$15", "$24", "$31", \
553 * __copy_from_user: - Copy a block of data from user space, with less checking.
554 * @to: Destination address, in kernel space.
555 * @from: Source address, in user space.
556 * @n: Number of bytes to copy.
558 * Context: User context only. This function may sleep.
560 * Copy data from user space to kernel space. Caller must check
561 * the specified block with access_ok() before calling this function.
563 * Returns number of bytes that could not be copied.
564 * On success, this will be zero.
566 * If some data could not be copied, this function will pad the copied
567 * data to the requested size using zero bytes.
569 #define __copy_from_user(to,from,n) \
572 const void __user *__cu_from; \
577 __cu_from = (from); \
579 __cu_len = __invoke_copy_from_user(__cu_to, __cu_from, \
585 * copy_from_user: - Copy a block of data from user space.
586 * @to: Destination address, in kernel space.
587 * @from: Source address, in user space.
588 * @n: Number of bytes to copy.
590 * Context: User context only. This function may sleep.
592 * Copy data from user space to kernel space.
594 * Returns number of bytes that could not be copied.
595 * On success, this will be zero.
597 * If some data could not be copied, this function will pad the copied
598 * data to the requested size using zero bytes.
600 #define copy_from_user(to,from,n) \
603 const void __user *__cu_from; \
608 __cu_from = (from); \
610 if (access_ok(VERIFY_READ, __cu_from, __cu_len)) \
611 __cu_len = __invoke_copy_from_user(__cu_to, __cu_from, \
616 #define __copy_in_user(to, from, n) __copy_from_user(to, from, n)
618 #define copy_in_user(to,from,n) \
620 void __user *__cu_to; \
621 const void __user *__cu_from; \
626 __cu_from = (from); \
628 if (likely(access_ok(VERIFY_READ, __cu_from, __cu_len) && \
629 access_ok(VERIFY_WRITE, __cu_to, __cu_len))) \
630 __cu_len = __invoke_copy_from_user(__cu_to, __cu_from, \
636 * __clear_user: - Zero a block of memory in user space, with less checking.
637 * @to: Destination address, in user space.
638 * @n: Number of bytes to zero.
640 * Zero a block of memory in user space. Caller must check
641 * the specified block with access_ok() before calling this function.
643 * Returns number of bytes that could not be cleared.
644 * On success, this will be zero.
646 static inline __kernel_size_t
647 __clear_user(void __user
*addr
, __kernel_size_t size
)
652 __asm__
__volatile__(
656 __MODULE_JAL(__bzero
)
659 : "r" (addr
), "r" (size
)
660 : "$4", "$5", "$6", __UA_t0
, __UA_t1
, "$31");
665 static inline unsigned long
666 clear_user(void __user
*to
, unsigned long n
)
668 if (!access_ok(VERIFY_WRITE
, to
, n
))
671 return __clear_user(to
, n
);
675 * __strncpy_from_user: - Copy a NUL terminated string from userspace, with less checking.
676 * @dst: Destination address, in kernel space. This buffer must be at
677 * least @count bytes long.
678 * @src: Source address, in user space.
679 * @count: Maximum number of bytes to copy, including the trailing NUL.
681 * Copies a NUL-terminated string from userspace to kernel space.
682 * Caller must check the specified block with access_ok() before calling
685 * On success, returns the length of the string (not including the trailing
688 * If access to userspace fails, returns -EFAULT (some data may have been
691 * If @count is smaller than the length of the string, copies @count bytes
692 * and returns @count.
695 __strncpy_from_user(char *__to
, const char __user
*__from
, long __len
)
700 __asm__
__volatile__(
704 __MODULE_JAL(__strncpy_from_user_nocheck_asm
)
707 : "r" (__to
), "r" (__from
), "r" (__len
)
708 : "$2", "$3", "$4", "$5", "$6", __UA_t0
, "$31", "memory");
714 * strncpy_from_user: - Copy a NUL terminated string from userspace.
715 * @dst: Destination address, in kernel space. This buffer must be at
716 * least @count bytes long.
717 * @src: Source address, in user space.
718 * @count: Maximum number of bytes to copy, including the trailing NUL.
720 * Copies a NUL-terminated string from userspace to kernel space.
722 * On success, returns the length of the string (not including the trailing
725 * If access to userspace fails, returns -EFAULT (some data may have been
728 * If @count is smaller than the length of the string, copies @count bytes
729 * and returns @count.
732 strncpy_from_user(char *__to
, const char __user
*__from
, long __len
)
737 __asm__
__volatile__(
741 __MODULE_JAL(__strncpy_from_user_asm
)
744 : "r" (__to
), "r" (__from
), "r" (__len
)
745 : "$2", "$3", "$4", "$5", "$6", __UA_t0
, "$31", "memory");
750 /* Returns: 0 if bad, string length+1 (memory size) of string if ok */
751 static inline long __strlen_user(const char __user
*s
)
756 __asm__
__volatile__(
758 __MODULE_JAL(__strlen_user_nocheck_asm
)
762 : "$2", "$4", __UA_t0
, "$31");
768 * strlen_user: - Get the size of a string in user space.
769 * @str: The string to measure.
771 * Context: User context only. This function may sleep.
773 * Get the size of a NUL-terminated string in user space.
775 * Returns the size of the string INCLUDING the terminating NUL.
776 * On exception, returns 0.
778 * If there is a limit on the length of a valid string, you may wish to
779 * consider using strnlen_user() instead.
781 static inline long strlen_user(const char __user
*s
)
786 __asm__
__volatile__(
788 __MODULE_JAL(__strlen_user_asm
)
792 : "$2", "$4", __UA_t0
, "$31");
797 /* Returns: 0 if bad, string length+1 (memory size) of string if ok */
798 static inline long __strnlen_user(const char __user
*s
, long n
)
803 __asm__
__volatile__(
806 __MODULE_JAL(__strnlen_user_nocheck_asm
)
810 : "$2", "$4", "$5", __UA_t0
, "$31");
816 * strlen_user: - Get the size of a string in user space.
817 * @str: The string to measure.
819 * Context: User context only. This function may sleep.
821 * Get the size of a NUL-terminated string in user space.
823 * Returns the size of the string INCLUDING the terminating NUL.
824 * On exception, returns 0.
826 * If there is a limit on the length of a valid string, you may wish to
827 * consider using strnlen_user() instead.
829 static inline long strnlen_user(const char __user
*s
, long n
)
834 __asm__
__volatile__(
837 __MODULE_JAL(__strnlen_user_asm
)
841 : "$2", "$4", "$5", __UA_t0
, "$31");
846 struct exception_table_entry
849 unsigned long nextinsn
;
852 extern int fixup_exception(struct pt_regs
*regs
);
854 #endif /* _ASM_UACCESS_H */