2 * This file is subject to the terms and conditions of the GNU General Public
3 * License. See the file "COPYING" in the main directory of this archive
6 * Copyright (C) 1996, 1997, 1998, 1999, 2000, 03, 04 by Ralf Baechle
7 * Copyright (C) 1999, 2000 Silicon Graphics, Inc.
10 #define _ASM_UACCESS_H
12 #include <linux/config.h>
13 #include <linux/compiler.h>
14 #include <linux/errno.h>
15 #include <linux/thread_info.h>
16 #include <asm-generic/uaccess.h>
19 * The fs value determines whether argument validity checking should be
20 * performed or not. If get_fs() == USER_DS, checking is performed, with
21 * get_fs() == KERNEL_DS, checking is bypassed.
23 * For historical reasons, these macros are grossly misnamed.
27 #define __UA_LIMIT 0x80000000UL
29 #define __UA_ADDR ".word"
31 #define __UA_ADDU "addu"
35 #endif /* CONFIG_MIPS32 */
39 #define __UA_LIMIT (- TASK_SIZE)
41 #define __UA_ADDR ".dword"
43 #define __UA_ADDU "daddu"
47 #endif /* CONFIG_MIPS64 */
50 * USER_DS is a bitmask that has the bits set that may not be set in a valid
51 * userspace address. Note that we limit 32-bit userspace to 0x7fff8000 but
52 * the arithmetic we're doing only works if the limit is a power of two, so
53 * we use 0x80000000 here on 32-bit kernels. If a process passes an invalid
54 * address in this range it's the process's problem, not ours :-)
57 #define KERNEL_DS ((mm_segment_t) { 0UL })
58 #define USER_DS ((mm_segment_t) { __UA_LIMIT })
61 #define VERIFY_WRITE 1
63 #define get_ds() (KERNEL_DS)
64 #define get_fs() (current_thread_info()->addr_limit)
65 #define set_fs(x) (current_thread_info()->addr_limit = (x))
67 #define segment_eq(a,b) ((a).seg == (b).seg)
71 * Is a address valid? This does a straighforward calculation rather
75 * - "addr" doesn't have any high-bits set
76 * - AND "size" doesn't have any high-bits set
77 * - AND "addr+size" doesn't have any high-bits set
78 * - OR we are in kernel mode.
80 * __ua_size() is a trick to avoid runtime checking of positive constant
81 * sizes; for those we already know at compile time that the size is ok.
83 #define __ua_size(size) \
84 ((__builtin_constant_p(size) && (signed long) (size) > 0) ? 0 : (size))
87 * access_ok: - Checks if a user space pointer is valid
88 * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that
89 * %VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe
90 * to write to a block, it is always safe to read from it.
91 * @addr: User space pointer to start of block to check
92 * @size: Size of block to check
94 * Context: User context only. This function may sleep.
96 * Checks if a pointer to a block of memory in user space is valid.
98 * Returns true (nonzero) if the memory block may be valid, false (zero)
99 * if it is definitely invalid.
101 * Note that, depending on architecture, this function probably just
102 * checks that the pointer is in the user space range - after calling
103 * this function, memory access functions may still return -EFAULT.
106 #define __access_mask get_fs().seg
108 #define __access_ok(addr, size, mask) \
109 (((signed long)((mask) & ((addr) | ((addr) + (size)) | __ua_size(size)))) == 0)
111 #define access_ok(type, addr, size) \
112 likely(__access_ok((unsigned long)(addr), (size),__access_mask))
115 * verify_area: - Obsolete, use access_ok()
116 * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE
117 * @addr: User space pointer to start of block to check
118 * @size: Size of block to check
120 * Context: User context only. This function may sleep.
122 * This function has been replaced by access_ok().
124 * Checks if a pointer to a block of memory in user space is valid.
126 * Returns zero if the memory block may be valid, -EFAULT
127 * if it is definitely invalid.
129 * See access_ok() for more details.
131 static inline int verify_area(int type
, const void * addr
, unsigned long size
)
133 return access_ok(type
, addr
, size
) ? 0 : -EFAULT
;
137 * put_user: - Write a simple value into user space.
138 * @x: Value to copy to user space.
139 * @ptr: Destination address, in user space.
141 * Context: User context only. This function may sleep.
143 * This macro copies a single simple value from kernel space to user
144 * space. It supports simple types like char and int, but not larger
145 * data types like structures or arrays.
147 * @ptr must have pointer-to-simple-variable type, and @x must be assignable
148 * to the result of dereferencing @ptr.
150 * Returns zero on success, or -EFAULT on error.
152 #define put_user(x,ptr) \
153 __put_user_check((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr)))
156 * get_user: - Get a simple variable from user space.
157 * @x: Variable to store result.
158 * @ptr: Source address, in user space.
160 * Context: User context only. This function may sleep.
162 * This macro copies a single simple variable from user space to kernel
163 * space. It supports simple types like char and int, but not larger
164 * data types like structures or arrays.
166 * @ptr must have pointer-to-simple-variable type, and the result of
167 * dereferencing @ptr must be assignable to @x without a cast.
169 * Returns zero on success, or -EFAULT on error.
170 * On error, the variable @x is set to zero.
172 #define get_user(x,ptr) \
173 __get_user_check((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr)))
176 * __put_user: - Write a simple value into user space, with less checking.
177 * @x: Value to copy to user space.
178 * @ptr: Destination address, in user space.
180 * Context: User context only. This function may sleep.
182 * This macro copies a single simple value from kernel space to user
183 * space. It supports simple types like char and int, but not larger
184 * data types like structures or arrays.
186 * @ptr must have pointer-to-simple-variable type, and @x must be assignable
187 * to the result of dereferencing @ptr.
189 * Caller must check the pointer with access_ok() before calling this
192 * Returns zero on success, or -EFAULT on error.
194 #define __put_user(x,ptr) \
195 __put_user_nocheck((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr)))
198 * __get_user: - Get a simple variable from user space, with less checking.
199 * @x: Variable to store result.
200 * @ptr: Source address, in user space.
202 * Context: User context only. This function may sleep.
204 * This macro copies a single simple variable from user space to kernel
205 * space. It supports simple types like char and int, but not larger
206 * data types like structures or arrays.
208 * @ptr must have pointer-to-simple-variable type, and the result of
209 * dereferencing @ptr must be assignable to @x without a cast.
211 * Caller must check the pointer with access_ok() before calling this
214 * Returns zero on success, or -EFAULT on error.
215 * On error, the variable @x is set to zero.
217 #define __get_user(x,ptr) \
218 __get_user_nocheck((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr)))
220 struct __large_struct
{ unsigned long buf
[100]; };
221 #define __m(x) (*(struct __large_struct *)(x))
224 * Yuck. We need two variants, one for 64bit operation and one
225 * for 32 bit mode and old iron.
228 #define __GET_USER_DW __get_user_asm("ld")
230 #define __GET_USER_DW __get_user_asm_ll32
233 #define __get_user_nocheck(x,ptr,size) \
236 __typeof(*(ptr)) __gu_val; \
239 __asm__("":"=r" (__gu_val)); \
240 __gu_addr = (long) (ptr); \
241 __asm__("":"=r" (__gu_err)); \
243 case 1: __get_user_asm("lb"); break; \
244 case 2: __get_user_asm("lh"); break; \
245 case 4: __get_user_asm("lw"); break; \
246 case 8: __GET_USER_DW; break; \
247 default: __get_user_unknown(); break; \
248 } x = (__typeof__(*(ptr))) __gu_val; __gu_err; \
251 #define __get_user_check(x,ptr,size) \
254 __typeof__(*(ptr)) __gu_val; \
257 __asm__("":"=r" (__gu_val)); \
258 __gu_addr = (long) (ptr); \
259 __asm__("":"=r" (__gu_err)); \
260 if (access_ok(VERIFY_READ,__gu_addr,size)) { \
262 case 1: __get_user_asm("lb"); break; \
263 case 2: __get_user_asm("lh"); break; \
264 case 4: __get_user_asm("lw"); break; \
265 case 8: __GET_USER_DW; break; \
266 default: __get_user_unknown(); break; \
268 } x = (__typeof__(*(ptr))) __gu_val; __gu_err; \
271 #define __get_user_asm(insn) \
273 __asm__ __volatile__( \
274 "1:\t" insn "\t%1,%2\n\t" \
277 ".section\t.fixup,\"ax\"\n" \
278 "3:\tli\t%0,%3\n\t" \
282 ".section\t__ex_table,\"a\"\n\t" \
283 __UA_ADDR "\t1b,3b\n\t" \
285 :"=r" (__gu_err), "=r" (__gu_val) \
286 :"o" (__m(__gu_addr)), "i" (-EFAULT)); \
290 * Get a long long 64 using 32 bit registers.
292 #define __get_user_asm_ll32 \
294 __asm__ __volatile__( \
296 "2:\tlw\t%D1,%3\n\t" \
298 "3:\t.section\t.fixup,\"ax\"\n" \
299 "4:\tli\t%0,%4\n\t" \
304 ".section\t__ex_table,\"a\"\n\t" \
305 __UA_ADDR "\t1b,4b\n\t" \
306 __UA_ADDR "\t2b,4b\n\t" \
308 :"=r" (__gu_err), "=&r" (__gu_val) \
309 :"o" (__m(__gu_addr)), "o" (__m(__gu_addr + 4)), \
313 extern void __get_user_unknown(void);
316 * Yuck. We need two variants, one for 64bit operation and one
317 * for 32 bit mode and old iron.
320 #define __PUT_USER_DW __put_user_asm("sd")
322 #define __PUT_USER_DW __put_user_asm_ll32
325 #define __put_user_nocheck(x,ptr,size) \
328 __typeof__(*(ptr)) __pu_val; \
332 __pu_addr = (long) (ptr); \
333 __asm__("":"=r" (__pu_err)); \
335 case 1: __put_user_asm("sb"); break; \
336 case 2: __put_user_asm("sh"); break; \
337 case 4: __put_user_asm("sw"); break; \
338 case 8: __PUT_USER_DW; break; \
339 default: __put_user_unknown(); break; \
344 #define __put_user_check(x,ptr,size) \
347 __typeof__(*(ptr)) __pu_val; \
351 __pu_addr = (long) (ptr); \
352 __asm__("":"=r" (__pu_err)); \
353 if (access_ok(VERIFY_WRITE, __pu_addr, size)) { \
355 case 1: __put_user_asm("sb"); break; \
356 case 2: __put_user_asm("sh"); break; \
357 case 4: __put_user_asm("sw"); break; \
358 case 8: __PUT_USER_DW; break; \
359 default: __put_user_unknown(); break; \
365 #define __put_user_asm(insn) \
367 __asm__ __volatile__( \
368 "1:\t" insn "\t%z1, %2\t\t\t# __put_user_asm\n\t" \
371 ".section\t.fixup,\"ax\"\n" \
372 "3:\tli\t%0,%3\n\t" \
375 ".section\t__ex_table,\"a\"\n\t" \
376 __UA_ADDR "\t1b,3b\n\t" \
379 :"Jr" (__pu_val), "o" (__m(__pu_addr)), "i" (-EFAULT)); \
382 #define __put_user_asm_ll32 \
384 __asm__ __volatile__( \
385 "1:\tsw\t%1, %2\t\t\t# __put_user_asm_ll32\n\t" \
386 "2:\tsw\t%D1, %3\n" \
389 ".section\t.fixup,\"ax\"\n" \
390 "4:\tli\t%0,%4\n\t" \
393 ".section\t__ex_table,\"a\"\n\t" \
394 __UA_ADDR "\t1b,4b\n\t" \
395 __UA_ADDR "\t2b,4b\n\t" \
398 :"r" (__pu_val), "o" (__m(__pu_addr)), \
399 "o" (__m(__pu_addr + 4)), "i" (-EFAULT)); \
402 extern void __put_user_unknown(void);
405 * We're generating jump to subroutines which will be outside the range of
409 #define __MODULE_JAL(destination) \
411 __UA_LA "\t$1, " #destination "\n\t" \
415 #define __MODULE_JAL(destination) \
416 "jal\t" #destination "\n\t"
419 extern size_t __copy_user(void *__to
, const void *__from
, size_t __n
);
421 #define __invoke_copy_to_user(to,from,n) \
423 register void *__cu_to_r __asm__ ("$4"); \
424 register const void *__cu_from_r __asm__ ("$5"); \
425 register long __cu_len_r __asm__ ("$6"); \
428 __cu_from_r = (from); \
430 __asm__ __volatile__( \
431 __MODULE_JAL(__copy_user) \
432 : "+r" (__cu_to_r), "+r" (__cu_from_r), "+r" (__cu_len_r) \
434 : "$8", "$9", "$10", "$11", "$12", "$15", "$24", "$31", \
440 * __copy_to_user: - Copy a block of data into user space, with less checking.
441 * @to: Destination address, in user space.
442 * @from: Source address, in kernel space.
443 * @n: Number of bytes to copy.
445 * Context: User context only. This function may sleep.
447 * Copy data from kernel space to user space. Caller must check
448 * the specified block with access_ok() before calling this function.
450 * Returns number of bytes that could not be copied.
451 * On success, this will be zero.
453 #define __copy_to_user(to,from,n) \
456 const void *__cu_from; \
461 __cu_from = (from); \
463 __cu_len = __invoke_copy_to_user(__cu_to, __cu_from, __cu_len); \
467 #define __copy_to_user_inatomic __copy_to_user
468 #define __copy_from_user_inatomic __copy_from_user
471 * copy_to_user: - Copy a block of data into user space.
472 * @to: Destination address, in user space.
473 * @from: Source address, in kernel space.
474 * @n: Number of bytes to copy.
476 * Context: User context only. This function may sleep.
478 * Copy data from kernel space to user space.
480 * Returns number of bytes that could not be copied.
481 * On success, this will be zero.
483 #define copy_to_user(to,from,n) \
486 const void *__cu_from; \
491 __cu_from = (from); \
493 if (access_ok(VERIFY_WRITE, __cu_to, __cu_len)) \
494 __cu_len = __invoke_copy_to_user(__cu_to, __cu_from, \
499 #define __invoke_copy_from_user(to,from,n) \
501 register void *__cu_to_r __asm__ ("$4"); \
502 register const void *__cu_from_r __asm__ ("$5"); \
503 register long __cu_len_r __asm__ ("$6"); \
506 __cu_from_r = (from); \
508 __asm__ __volatile__( \
509 ".set\tnoreorder\n\t" \
510 __MODULE_JAL(__copy_user) \
512 __UA_ADDU "\t$1, %1, %2\n\t" \
514 ".set\treorder\n\t" \
515 "move\t%0, $6" /* XXX */ \
516 : "+r" (__cu_to_r), "+r" (__cu_from_r), "+r" (__cu_len_r) \
518 : "$8", "$9", "$10", "$11", "$12", "$15", "$24", "$31", \
524 * __copy_from_user: - Copy a block of data from user space, with less checking. * @to: Destination address, in kernel space.
525 * @from: Source address, in user space.
526 * @n: Number of bytes to copy.
528 * Context: User context only. This function may sleep.
530 * Copy data from user space to kernel space. Caller must check
531 * the specified block with access_ok() before calling this function.
533 * Returns number of bytes that could not be copied.
534 * On success, this will be zero.
536 * If some data could not be copied, this function will pad the copied
537 * data to the requested size using zero bytes.
539 #define __copy_from_user(to,from,n) \
542 const void *__cu_from; \
547 __cu_from = (from); \
549 __cu_len = __invoke_copy_from_user(__cu_to, __cu_from, \
555 * copy_from_user: - Copy a block of data from user space.
556 * @to: Destination address, in kernel space.
557 * @from: Source address, in user space.
558 * @n: Number of bytes to copy.
560 * Context: User context only. This function may sleep.
562 * Copy data from user space to kernel space.
564 * Returns number of bytes that could not be copied.
565 * On success, this will be zero.
567 * If some data could not be copied, this function will pad the copied
568 * data to the requested size using zero bytes.
570 #define copy_from_user(to,from,n) \
573 const void *__cu_from; \
578 __cu_from = (from); \
580 if (access_ok(VERIFY_READ, __cu_from, __cu_len)) \
581 __cu_len = __invoke_copy_from_user(__cu_to, __cu_from, \
586 #define __copy_in_user(to, from, n) __copy_from_user(to, from, n)
588 #define copy_in_user(to,from,n) \
591 const void *__cu_from; \
596 __cu_from = (from); \
598 if (likely(access_ok(VERIFY_READ, __cu_from, __cu_len) && \
599 access_ok(VERIFY_WRITE, __cu_to, __cu_len))) \
600 __cu_len = __invoke_copy_from_user(__cu_to, __cu_from, \
606 * __clear_user: - Zero a block of memory in user space, with less checking.
607 * @to: Destination address, in user space.
608 * @n: Number of bytes to zero.
610 * Zero a block of memory in user space. Caller must check
611 * the specified block with access_ok() before calling this function.
613 * Returns number of bytes that could not be cleared.
614 * On success, this will be zero.
616 static inline __kernel_size_t
617 __clear_user(void *addr
, __kernel_size_t size
)
622 __asm__
__volatile__(
626 __MODULE_JAL(__bzero
)
629 : "r" (addr
), "r" (size
)
630 : "$4", "$5", "$6", __UA_t0
, __UA_t1
, "$31");
635 #define clear_user(addr,n) \
637 void * __cl_addr = (addr); \
638 unsigned long __cl_size = (n); \
639 if (__cl_size && access_ok(VERIFY_WRITE, \
640 ((unsigned long)(__cl_addr)), __cl_size)) \
641 __cl_size = __clear_user(__cl_addr, __cl_size); \
646 * __strncpy_from_user: - Copy a NUL terminated string from userspace, with less checking.
647 * @dst: Destination address, in kernel space. This buffer must be at
648 * least @count bytes long.
649 * @src: Source address, in user space.
650 * @count: Maximum number of bytes to copy, including the trailing NUL.
652 * Copies a NUL-terminated string from userspace to kernel space.
653 * Caller must check the specified block with access_ok() before calling
656 * On success, returns the length of the string (not including the trailing
659 * If access to userspace fails, returns -EFAULT (some data may have been
662 * If @count is smaller than the length of the string, copies @count bytes
663 * and returns @count.
666 __strncpy_from_user(char *__to
, const char *__from
, long __len
)
671 __asm__
__volatile__(
675 __MODULE_JAL(__strncpy_from_user_nocheck_asm
)
678 : "r" (__to
), "r" (__from
), "r" (__len
)
679 : "$2", "$3", "$4", "$5", "$6", __UA_t0
, "$31", "memory");
685 * strncpy_from_user: - Copy a NUL terminated string from userspace.
686 * @dst: Destination address, in kernel space. This buffer must be at
687 * least @count bytes long.
688 * @src: Source address, in user space.
689 * @count: Maximum number of bytes to copy, including the trailing NUL.
691 * Copies a NUL-terminated string from userspace to kernel space.
693 * On success, returns the length of the string (not including the trailing
696 * If access to userspace fails, returns -EFAULT (some data may have been
699 * If @count is smaller than the length of the string, copies @count bytes
700 * and returns @count.
703 strncpy_from_user(char *__to
, const char *__from
, long __len
)
708 __asm__
__volatile__(
712 __MODULE_JAL(__strncpy_from_user_asm
)
715 : "r" (__to
), "r" (__from
), "r" (__len
)
716 : "$2", "$3", "$4", "$5", "$6", __UA_t0
, "$31", "memory");
721 /* Returns: 0 if bad, string length+1 (memory size) of string if ok */
722 static inline long __strlen_user(const char *s
)
727 __asm__
__volatile__(
729 __MODULE_JAL(__strlen_user_nocheck_asm
)
733 : "$2", "$4", __UA_t0
, "$31");
739 * strlen_user: - Get the size of a string in user space.
740 * @str: The string to measure.
742 * Context: User context only. This function may sleep.
744 * Get the size of a NUL-terminated string in user space.
746 * Returns the size of the string INCLUDING the terminating NUL.
747 * On exception, returns 0.
749 * If there is a limit on the length of a valid string, you may wish to
750 * consider using strnlen_user() instead.
752 static inline long strlen_user(const char *s
)
757 __asm__
__volatile__(
759 __MODULE_JAL(__strlen_user_asm
)
763 : "$2", "$4", __UA_t0
, "$31");
768 /* Returns: 0 if bad, string length+1 (memory size) of string if ok */
769 static inline long __strnlen_user(const char *s
, long n
)
774 __asm__
__volatile__(
777 __MODULE_JAL(__strnlen_user_nocheck_asm
)
781 : "$2", "$4", "$5", __UA_t0
, "$31");
787 * strlen_user: - Get the size of a string in user space.
788 * @str: The string to measure.
790 * Context: User context only. This function may sleep.
792 * Get the size of a NUL-terminated string in user space.
794 * Returns the size of the string INCLUDING the terminating NUL.
795 * On exception, returns 0.
797 * If there is a limit on the length of a valid string, you may wish to
798 * consider using strnlen_user() instead.
800 static inline long strnlen_user(const char *s
, long n
)
805 __asm__
__volatile__(
808 __MODULE_JAL(__strnlen_user_asm
)
812 : "$2", "$4", "$5", __UA_t0
, "$31");
817 struct exception_table_entry
820 unsigned long nextinsn
;
823 extern int fixup_exception(struct pt_regs
*regs
);
825 #endif /* _ASM_UACCESS_H */