2014-11-06 15:19:41 +08:00
|
|
|
/*
|
|
|
|
|
* User space memory access functions for Nios II
|
|
|
|
|
*
|
|
|
|
|
* Copyright (C) 2010-2011, Tobias Klauser <tklauser@distanz.ch>
|
|
|
|
|
* Copyright (C) 2009, Wind River Systems Inc
|
|
|
|
|
* Implemented by fredrik.markstrom@gmail.com and ivarholmqvist@gmail.com
|
|
|
|
|
*
|
|
|
|
|
* This file is subject to the terms and conditions of the GNU General Public
|
|
|
|
|
* License. See the file "COPYING" in the main directory of this archive
|
|
|
|
|
* for more details.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef _ASM_NIOS2_UACCESS_H
|
|
|
|
|
#define _ASM_NIOS2_UACCESS_H
|
|
|
|
|
|
|
|
|
|
#include <linux/string.h>
|
|
|
|
|
|
|
|
|
|
#include <asm/page.h>
|
|
|
|
|
|
2016-12-25 16:33:03 +08:00
|
|
|
#include <asm/extable.h>
|
2014-11-06 15:19:41 +08:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Segment stuff
|
|
|
|
|
*/
|
|
|
|
|
#define MAKE_MM_SEG(s) ((mm_segment_t) { (s) })
|
|
|
|
|
#define USER_DS MAKE_MM_SEG(0x80000000UL)
|
|
|
|
|
#define KERNEL_DS MAKE_MM_SEG(0)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#define get_fs() (current_thread_info()->addr_limit)
|
|
|
|
|
#define set_fs(seg) (current_thread_info()->addr_limit = (seg))
|
|
|
|
|
|
|
|
|
|
#define segment_eq(a, b) ((a).seg == (b).seg)
|
|
|
|
|
|
|
|
|
|
#define __access_ok(addr, len) \
|
|
|
|
|
(((signed long)(((long)get_fs().seg) & \
|
|
|
|
|
((long)(addr) | (((long)(addr)) + (len)) | (len)))) == 0)
|
|
|
|
|
|
Remove 'type' argument from access_ok() function
Nobody has actually used the type (VERIFY_READ vs VERIFY_WRITE) argument
of the user address range verification function since we got rid of the
old racy i386-only code to walk page tables by hand.
It existed because the original 80386 would not honor the write protect
bit when in kernel mode, so you had to do COW by hand before doing any
user access. But we haven't supported that in a long time, and these
days the 'type' argument is a purely historical artifact.
A discussion about extending 'user_access_begin()' to do the range
checking resulted this patch, because there is no way we're going to
move the old VERIFY_xyz interface to that model. And it's best done at
the end of the merge window when I've done most of my merges, so let's
just get this done once and for all.
This patch was mostly done with a sed-script, with manual fix-ups for
the cases that weren't of the trivial 'access_ok(VERIFY_xyz' form.
There were a couple of notable cases:
- csky still had the old "verify_area()" name as an alias.
- the iter_iov code had magical hardcoded knowledge of the actual
values of VERIFY_{READ,WRITE} (not that they mattered, since nothing
really used it)
- microblaze used the type argument for a debug printout
but other than those oddities this should be a total no-op patch.
I tried to fix up all architectures, did fairly extensive grepping for
access_ok() uses, and the changes are trivial, but I may have missed
something. Any missed conversion should be trivially fixable, though.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-01-04 10:57:57 +08:00
|
|
|
#define access_ok(addr, len) \
|
2014-11-06 15:19:41 +08:00
|
|
|
likely(__access_ok((unsigned long)(addr), (unsigned long)(len)))
|
|
|
|
|
|
|
|
|
|
# define __EX_TABLE_SECTION ".section __ex_table,\"a\"\n"
|
|
|
|
|
|
2017-05-08 17:14:14 +08:00
|
|
|
#define user_addr_max() (uaccess_kernel() ? ~0UL : TASK_SIZE)
|
|
|
|
|
|
2014-11-06 15:19:41 +08:00
|
|
|
/*
|
|
|
|
|
* Zero Userspace
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
static inline unsigned long __must_check __clear_user(void __user *to,
|
|
|
|
|
unsigned long n)
|
|
|
|
|
{
|
|
|
|
|
__asm__ __volatile__ (
|
|
|
|
|
"1: stb zero, 0(%1)\n"
|
|
|
|
|
" addi %0, %0, -1\n"
|
|
|
|
|
" addi %1, %1, 1\n"
|
|
|
|
|
" bne %0, zero, 1b\n"
|
|
|
|
|
"2:\n"
|
|
|
|
|
__EX_TABLE_SECTION
|
|
|
|
|
".word 1b, 2b\n"
|
|
|
|
|
".previous\n"
|
|
|
|
|
: "=r" (n), "=r" (to)
|
|
|
|
|
: "0" (n), "1" (to)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
return n;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline unsigned long __must_check clear_user(void __user *to,
|
|
|
|
|
unsigned long n)
|
|
|
|
|
{
|
Remove 'type' argument from access_ok() function
Nobody has actually used the type (VERIFY_READ vs VERIFY_WRITE) argument
of the user address range verification function since we got rid of the
old racy i386-only code to walk page tables by hand.
It existed because the original 80386 would not honor the write protect
bit when in kernel mode, so you had to do COW by hand before doing any
user access. But we haven't supported that in a long time, and these
days the 'type' argument is a purely historical artifact.
A discussion about extending 'user_access_begin()' to do the range
checking resulted this patch, because there is no way we're going to
move the old VERIFY_xyz interface to that model. And it's best done at
the end of the merge window when I've done most of my merges, so let's
just get this done once and for all.
This patch was mostly done with a sed-script, with manual fix-ups for
the cases that weren't of the trivial 'access_ok(VERIFY_xyz' form.
There were a couple of notable cases:
- csky still had the old "verify_area()" name as an alias.
- the iter_iov code had magical hardcoded knowledge of the actual
values of VERIFY_{READ,WRITE} (not that they mattered, since nothing
really used it)
- microblaze used the type argument for a debug printout
but other than those oddities this should be a total no-op patch.
I tried to fix up all architectures, did fairly extensive grepping for
access_ok() uses, and the changes are trivial, but I may have missed
something. Any missed conversion should be trivially fixable, though.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-01-04 10:57:57 +08:00
|
|
|
if (!access_ok(to, n))
|
2014-11-06 15:19:41 +08:00
|
|
|
return n;
|
|
|
|
|
return __clear_user(to, n);
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-23 01:08:32 +08:00
|
|
|
extern unsigned long
|
|
|
|
|
raw_copy_from_user(void *to, const void __user *from, unsigned long n);
|
|
|
|
|
extern unsigned long
|
|
|
|
|
raw_copy_to_user(void __user *to, const void *from, unsigned long n);
|
|
|
|
|
#define INLINE_COPY_FROM_USER
|
|
|
|
|
#define INLINE_COPY_TO_USER
|
2014-11-06 15:19:41 +08:00
|
|
|
|
|
|
|
|
extern long strncpy_from_user(char *__to, const char __user *__from,
|
2017-05-08 17:14:14 +08:00
|
|
|
long __len);
|
|
|
|
|
extern __must_check long strlen_user(const char __user *str);
|
|
|
|
|
extern __must_check long strnlen_user(const char __user *s, long n);
|
2014-11-06 15:19:41 +08:00
|
|
|
|
|
|
|
|
/* Optimized macros */
|
|
|
|
|
#define __get_user_asm(val, insn, addr, err) \
|
|
|
|
|
{ \
|
2024-06-12 13:13:20 +08:00
|
|
|
unsigned long __gu_val; \
|
2014-11-06 15:19:41 +08:00
|
|
|
__asm__ __volatile__( \
|
|
|
|
|
" movi %0, %3\n" \
|
|
|
|
|
"1: " insn " %1, 0(%2)\n" \
|
|
|
|
|
" movi %0, 0\n" \
|
|
|
|
|
"2:\n" \
|
|
|
|
|
" .section __ex_table,\"a\"\n" \
|
|
|
|
|
" .word 1b, 2b\n" \
|
|
|
|
|
" .previous" \
|
2024-06-12 13:13:20 +08:00
|
|
|
: "=&r" (err), "=r" (__gu_val) \
|
2014-11-06 15:19:41 +08:00
|
|
|
: "r" (addr), "i" (-EFAULT)); \
|
2024-06-12 13:13:20 +08:00
|
|
|
val = (__force __typeof__(*(addr)))__gu_val; \
|
2014-11-06 15:19:41 +08:00
|
|
|
}
|
|
|
|
|
|
2024-06-12 13:13:20 +08:00
|
|
|
extern void __get_user_unknown(void);
|
|
|
|
|
|
|
|
|
|
#define __get_user_8(val, ptr, err) do { \
|
|
|
|
|
u64 __val = 0; \
|
2014-11-06 15:19:41 +08:00
|
|
|
err = 0; \
|
2024-06-12 13:13:20 +08:00
|
|
|
if (raw_copy_from_user(&(__val), ptr, sizeof(val))) { \
|
2014-11-06 15:19:41 +08:00
|
|
|
err = -EFAULT; \
|
2024-06-12 13:13:20 +08:00
|
|
|
} else { \
|
|
|
|
|
val = (typeof(val))(typeof((val) - (val)))__val; \
|
2014-11-06 15:19:41 +08:00
|
|
|
} \
|
|
|
|
|
} while (0)
|
|
|
|
|
|
|
|
|
|
#define __get_user_common(val, size, ptr, err) \
|
|
|
|
|
do { \
|
|
|
|
|
switch (size) { \
|
|
|
|
|
case 1: \
|
|
|
|
|
__get_user_asm(val, "ldbu", ptr, err); \
|
|
|
|
|
break; \
|
|
|
|
|
case 2: \
|
|
|
|
|
__get_user_asm(val, "ldhu", ptr, err); \
|
|
|
|
|
break; \
|
|
|
|
|
case 4: \
|
|
|
|
|
__get_user_asm(val, "ldw", ptr, err); \
|
|
|
|
|
break; \
|
2024-06-12 13:13:20 +08:00
|
|
|
case 8: \
|
|
|
|
|
__get_user_8(val, ptr, err); \
|
|
|
|
|
break; \
|
2014-11-06 15:19:41 +08:00
|
|
|
default: \
|
2024-06-12 13:13:20 +08:00
|
|
|
__get_user_unknown(); \
|
2014-11-06 15:19:41 +08:00
|
|
|
break; \
|
|
|
|
|
} \
|
|
|
|
|
} while (0)
|
|
|
|
|
|
|
|
|
|
#define __get_user(x, ptr) \
|
|
|
|
|
({ \
|
|
|
|
|
long __gu_err = -EFAULT; \
|
|
|
|
|
const __typeof__(*(ptr)) __user *__gu_ptr = (ptr); \
|
2024-06-12 13:13:20 +08:00
|
|
|
__get_user_common(x, sizeof(*(ptr)), __gu_ptr, __gu_err); \
|
2014-11-06 15:19:41 +08:00
|
|
|
__gu_err; \
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
#define get_user(x, ptr) \
|
|
|
|
|
({ \
|
|
|
|
|
long __gu_err = -EFAULT; \
|
|
|
|
|
const __typeof__(*(ptr)) __user *__gu_ptr = (ptr); \
|
Remove 'type' argument from access_ok() function
Nobody has actually used the type (VERIFY_READ vs VERIFY_WRITE) argument
of the user address range verification function since we got rid of the
old racy i386-only code to walk page tables by hand.
It existed because the original 80386 would not honor the write protect
bit when in kernel mode, so you had to do COW by hand before doing any
user access. But we haven't supported that in a long time, and these
days the 'type' argument is a purely historical artifact.
A discussion about extending 'user_access_begin()' to do the range
checking resulted this patch, because there is no way we're going to
move the old VERIFY_xyz interface to that model. And it's best done at
the end of the merge window when I've done most of my merges, so let's
just get this done once and for all.
This patch was mostly done with a sed-script, with manual fix-ups for
the cases that weren't of the trivial 'access_ok(VERIFY_xyz' form.
There were a couple of notable cases:
- csky still had the old "verify_area()" name as an alias.
- the iter_iov code had magical hardcoded knowledge of the actual
values of VERIFY_{READ,WRITE} (not that they mattered, since nothing
really used it)
- microblaze used the type argument for a debug printout
but other than those oddities this should be a total no-op patch.
I tried to fix up all architectures, did fairly extensive grepping for
access_ok() uses, and the changes are trivial, but I may have missed
something. Any missed conversion should be trivially fixable, though.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-01-04 10:57:57 +08:00
|
|
|
if (access_ok( __gu_ptr, sizeof(*__gu_ptr))) \
|
2024-06-12 13:13:20 +08:00
|
|
|
__get_user_common(x, sizeof(*__gu_ptr), \
|
2014-11-06 15:19:41 +08:00
|
|
|
__gu_ptr, __gu_err); \
|
|
|
|
|
__gu_err; \
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
#define __put_user_asm(val, insn, ptr, err) \
|
|
|
|
|
{ \
|
|
|
|
|
__asm__ __volatile__( \
|
|
|
|
|
" movi %0, %3\n" \
|
|
|
|
|
"1: " insn " %1, 0(%2)\n" \
|
|
|
|
|
" movi %0, 0\n" \
|
|
|
|
|
"2:\n" \
|
|
|
|
|
" .section __ex_table,\"a\"\n" \
|
|
|
|
|
" .word 1b, 2b\n" \
|
|
|
|
|
" .previous\n" \
|
|
|
|
|
: "=&r" (err) \
|
|
|
|
|
: "r" (val), "r" (ptr), "i" (-EFAULT)); \
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#define put_user(x, ptr) \
|
|
|
|
|
({ \
|
|
|
|
|
long __pu_err = -EFAULT; \
|
|
|
|
|
__typeof__(*(ptr)) __user *__pu_ptr = (ptr); \
|
|
|
|
|
__typeof__(*(ptr)) __pu_val = (__typeof(*ptr))(x); \
|
Remove 'type' argument from access_ok() function
Nobody has actually used the type (VERIFY_READ vs VERIFY_WRITE) argument
of the user address range verification function since we got rid of the
old racy i386-only code to walk page tables by hand.
It existed because the original 80386 would not honor the write protect
bit when in kernel mode, so you had to do COW by hand before doing any
user access. But we haven't supported that in a long time, and these
days the 'type' argument is a purely historical artifact.
A discussion about extending 'user_access_begin()' to do the range
checking resulted this patch, because there is no way we're going to
move the old VERIFY_xyz interface to that model. And it's best done at
the end of the merge window when I've done most of my merges, so let's
just get this done once and for all.
This patch was mostly done with a sed-script, with manual fix-ups for
the cases that weren't of the trivial 'access_ok(VERIFY_xyz' form.
There were a couple of notable cases:
- csky still had the old "verify_area()" name as an alias.
- the iter_iov code had magical hardcoded knowledge of the actual
values of VERIFY_{READ,WRITE} (not that they mattered, since nothing
really used it)
- microblaze used the type argument for a debug printout
but other than those oddities this should be a total no-op patch.
I tried to fix up all architectures, did fairly extensive grepping for
access_ok() uses, and the changes are trivial, but I may have missed
something. Any missed conversion should be trivially fixable, though.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-01-04 10:57:57 +08:00
|
|
|
if (access_ok(__pu_ptr, sizeof(*__pu_ptr))) { \
|
2014-11-06 15:19:41 +08:00
|
|
|
switch (sizeof(*__pu_ptr)) { \
|
|
|
|
|
case 1: \
|
|
|
|
|
__put_user_asm(__pu_val, "stb", __pu_ptr, __pu_err); \
|
|
|
|
|
break; \
|
|
|
|
|
case 2: \
|
|
|
|
|
__put_user_asm(__pu_val, "sth", __pu_ptr, __pu_err); \
|
|
|
|
|
break; \
|
|
|
|
|
case 4: \
|
|
|
|
|
__put_user_asm(__pu_val, "stw", __pu_ptr, __pu_err); \
|
|
|
|
|
break; \
|
|
|
|
|
default: \
|
|
|
|
|
/* XXX: This looks wrong... */ \
|
|
|
|
|
__pu_err = 0; \
|
|
|
|
|
if (copy_to_user(__pu_ptr, &(__pu_val), \
|
|
|
|
|
sizeof(*__pu_ptr))) \
|
|
|
|
|
__pu_err = -EFAULT; \
|
|
|
|
|
break; \
|
|
|
|
|
} \
|
|
|
|
|
} \
|
|
|
|
|
__pu_err; \
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
#define __put_user(x, ptr) put_user(x, ptr)
|
|
|
|
|
|
|
|
|
|
#endif /* _ASM_NIOS2_UACCESS_H */
|