]>
git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - arch/arm/include/asm/uaccess.h
2 * arch/arm/include/asm/uaccess.h
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
8 #ifndef _ASMARM_UACCESS_H
9 #define _ASMARM_UACCESS_H
12 * User space memory access functions
14 #include <linux/string.h>
15 #include <asm/memory.h>
16 #include <asm/domain.h>
17 #include <asm/unified.h>
18 #include <asm/compiler.h>
20 #ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
21 #include <asm-generic/uaccess-unaligned.h>
23 #define __get_user_unaligned __get_user
24 #define __put_user_unaligned __put_user
28 * The exception table consists of pairs of addresses: the first is the
29 * address of an instruction that is allowed to fault, and the second is
30 * the address at which the program should continue. No registers are
31 * modified, so it is entirely up to the continuation code to figure out
34 * All the routines below use bits of fixup code that are out of line
35 * with the main instruction path. This means when everything is well,
36 * we don't even have to jump over them. Further, they do not intrude
37 * on our cache or tlb entries.
40 struct exception_table_entry
42 unsigned long insn
, fixup
;
45 extern int fixup_exception(struct pt_regs
*regs
);
48 * These two functions allow hooking accesses to userspace to increase
49 * system integrity by ensuring that the kernel can not inadvertantly
50 * perform such accesses (eg, via list poison values) which could then
51 * be exploited for priviledge escalation.
53 static inline unsigned int uaccess_save_and_enable(void)
55 #ifdef CONFIG_CPU_SW_DOMAIN_PAN
56 unsigned int old_domain
= get_domain();
58 /* Set the current domain access to permit user accesses */
59 set_domain((old_domain
& ~domain_mask(DOMAIN_USER
)) |
60 domain_val(DOMAIN_USER
, DOMAIN_CLIENT
));
68 static inline void uaccess_restore(unsigned int flags
)
70 #ifdef CONFIG_CPU_SW_DOMAIN_PAN
71 /* Restore the user access mask */
77 * These two are intentionally not defined anywhere - if the kernel
78 * code generates any references to them, that's a bug.
80 extern int __get_user_bad(void);
81 extern int __put_user_bad(void);
84 * Note that this is actually 0x1,0000,0000
86 #define KERNEL_DS 0x00000000
87 #define get_ds() (KERNEL_DS)
91 #define USER_DS TASK_SIZE
92 #define get_fs() (current_thread_info()->addr_limit)
94 static inline void set_fs(mm_segment_t fs
)
96 current_thread_info()->addr_limit
= fs
;
97 modify_domain(DOMAIN_KERNEL
, fs
? DOMAIN_CLIENT
: DOMAIN_MANAGER
);
100 #define segment_eq(a, b) ((a) == (b))
102 /* We use 33-bit arithmetic here... */
103 #define __range_ok(addr, size) ({ \
104 unsigned long flag, roksum; \
105 __chk_user_ptr(addr); \
106 __asm__("adds %1, %2, %3; sbcccs %1, %1, %0; movcc %0, #0" \
107 : "=&r" (flag), "=&r" (roksum) \
108 : "r" (addr), "Ir" (size), "0" (current_thread_info()->addr_limit) \
113 * Single-value transfer routines. They automatically use the right
114 * size if we just have the right pointer type. Note that the functions
115 * which read from user space (*get_*) need to take care not to leak
116 * kernel data even if the calling code is buggy and fails to check
117 * the return value. This means zeroing out the destination variable
118 * or buffer on error. Normally this is done out of line by the
119 * fixup code, but there are a few places where it intrudes on the
120 * main code path. When we only write to user space, there is no
123 extern int __get_user_1(void *);
124 extern int __get_user_2(void *);
125 extern int __get_user_4(void *);
126 extern int __get_user_32t_8(void *);
127 extern int __get_user_8(void *);
128 extern int __get_user_64t_1(void *);
129 extern int __get_user_64t_2(void *);
130 extern int __get_user_64t_4(void *);
132 #define __GUP_CLOBBER_1 "lr", "cc"
133 #ifdef CONFIG_CPU_USE_DOMAINS
134 #define __GUP_CLOBBER_2 "ip", "lr", "cc"
136 #define __GUP_CLOBBER_2 "lr", "cc"
138 #define __GUP_CLOBBER_4 "lr", "cc"
139 #define __GUP_CLOBBER_32t_8 "lr", "cc"
140 #define __GUP_CLOBBER_8 "lr", "cc"
142 #define __get_user_x(__r2, __p, __e, __l, __s) \
143 __asm__ __volatile__ ( \
144 __asmeq("%0", "r0") __asmeq("%1", "r2") \
145 __asmeq("%3", "r1") \
146 "bl __get_user_" #__s \
147 : "=&r" (__e), "=r" (__r2) \
148 : "0" (__p), "r" (__l) \
149 : __GUP_CLOBBER_##__s)
151 /* narrowing a double-word get into a single 32bit word register: */
153 #define __get_user_x_32t(__r2, __p, __e, __l, __s) \
154 __get_user_x(__r2, __p, __e, __l, 32t_8)
156 #define __get_user_x_32t __get_user_x
160 * storing result into proper least significant word of 64bit target var,
161 * different only for big endian case where 64 bit __r2 lsw is r3:
164 #define __get_user_x_64t(__r2, __p, __e, __l, __s) \
165 __asm__ __volatile__ ( \
166 __asmeq("%0", "r0") __asmeq("%1", "r2") \
167 __asmeq("%3", "r1") \
168 "bl __get_user_64t_" #__s \
169 : "=&r" (__e), "=r" (__r2) \
170 : "0" (__p), "r" (__l) \
171 : __GUP_CLOBBER_##__s)
173 #define __get_user_x_64t __get_user_x
177 #define __get_user_check(x, p) \
179 unsigned long __limit = current_thread_info()->addr_limit - 1; \
180 register const typeof(*(p)) __user *__p asm("r0") = (p);\
181 register typeof(x) __r2 asm("r2"); \
182 register unsigned long __l asm("r1") = __limit; \
183 register int __e asm("r0"); \
184 unsigned int __ua_flags = uaccess_save_and_enable(); \
185 switch (sizeof(*(__p))) { \
187 if (sizeof((x)) >= 8) \
188 __get_user_x_64t(__r2, __p, __e, __l, 1); \
190 __get_user_x(__r2, __p, __e, __l, 1); \
193 if (sizeof((x)) >= 8) \
194 __get_user_x_64t(__r2, __p, __e, __l, 2); \
196 __get_user_x(__r2, __p, __e, __l, 2); \
199 if (sizeof((x)) >= 8) \
200 __get_user_x_64t(__r2, __p, __e, __l, 4); \
202 __get_user_x(__r2, __p, __e, __l, 4); \
205 if (sizeof((x)) < 8) \
206 __get_user_x_32t(__r2, __p, __e, __l, 4); \
208 __get_user_x(__r2, __p, __e, __l, 8); \
210 default: __e = __get_user_bad(); break; \
212 uaccess_restore(__ua_flags); \
213 x = (typeof(*(p))) __r2; \
217 #define get_user(x, p) \
220 __get_user_check(x, p); \
223 extern int __put_user_1(void *, unsigned int);
224 extern int __put_user_2(void *, unsigned int);
225 extern int __put_user_4(void *, unsigned int);
226 extern int __put_user_8(void *, unsigned long long);
228 #define __put_user_check(__pu_val, __ptr, __err, __s) \
230 unsigned long __limit = current_thread_info()->addr_limit - 1; \
231 register typeof(__pu_val) __r2 asm("r2") = __pu_val; \
232 register const void __user *__p asm("r0") = __ptr; \
233 register unsigned long __l asm("r1") = __limit; \
234 register int __e asm("r0"); \
235 __asm__ __volatile__ ( \
236 __asmeq("%0", "r0") __asmeq("%2", "r2") \
237 __asmeq("%3", "r1") \
238 "bl __put_user_" #__s \
240 : "0" (__p), "r" (__r2), "r" (__l) \
241 : "ip", "lr", "cc"); \
245 #else /* CONFIG_MMU */
248 * uClinux has only one addr space, so has simplified address limits.
250 #define USER_DS KERNEL_DS
252 #define segment_eq(a, b) (1)
253 #define __addr_ok(addr) ((void)(addr), 1)
254 #define __range_ok(addr, size) ((void)(addr), 0)
255 #define get_fs() (KERNEL_DS)
257 static inline void set_fs(mm_segment_t fs
)
261 #define get_user(x, p) __get_user(x, p)
262 #define __put_user_check __put_user_nocheck
264 #endif /* CONFIG_MMU */
266 #define access_ok(type, addr, size) (__range_ok(addr, size) == 0)
268 #define user_addr_max() \
269 (uaccess_kernel() ? ~0UL : get_fs())
272 * The "__xxx" versions of the user access functions do not verify the
273 * address space - it must have been done previously with a separate
274 * "access_ok()" call.
276 * The "xxx_error" versions set the third argument to EFAULT if an
277 * error occurs, and leave it unchanged on success. Note that these
278 * versions are void (ie, don't return a value as such).
280 #define __get_user(x, ptr) \
283 __get_user_err((x), (ptr), __gu_err); \
287 #define __get_user_error(x, ptr, err) \
289 __get_user_err((x), (ptr), err); \
293 #define __get_user_err(x, ptr, err) \
295 unsigned long __gu_addr = (unsigned long)(ptr); \
296 unsigned long __gu_val; \
297 unsigned int __ua_flags; \
298 __chk_user_ptr(ptr); \
300 __ua_flags = uaccess_save_and_enable(); \
301 switch (sizeof(*(ptr))) { \
302 case 1: __get_user_asm_byte(__gu_val, __gu_addr, err); break; \
303 case 2: __get_user_asm_half(__gu_val, __gu_addr, err); break; \
304 case 4: __get_user_asm_word(__gu_val, __gu_addr, err); break; \
305 default: (__gu_val) = __get_user_bad(); \
307 uaccess_restore(__ua_flags); \
308 (x) = (__typeof__(*(ptr)))__gu_val; \
311 #define __get_user_asm(x, addr, err, instr) \
312 __asm__ __volatile__( \
313 "1: " TUSER(instr) " %1, [%2], #0\n" \
315 " .pushsection .text.fixup,\"ax\"\n" \
321 " .pushsection __ex_table,\"a\"\n" \
325 : "+r" (err), "=&r" (x) \
326 : "r" (addr), "i" (-EFAULT) \
329 #define __get_user_asm_byte(x, addr, err) \
330 __get_user_asm(x, addr, err, ldrb)
333 #define __get_user_asm_half(x, __gu_addr, err) \
335 unsigned long __b1, __b2; \
336 __get_user_asm_byte(__b1, __gu_addr, err); \
337 __get_user_asm_byte(__b2, __gu_addr + 1, err); \
338 (x) = __b1 | (__b2 << 8); \
341 #define __get_user_asm_half(x, __gu_addr, err) \
343 unsigned long __b1, __b2; \
344 __get_user_asm_byte(__b1, __gu_addr, err); \
345 __get_user_asm_byte(__b2, __gu_addr + 1, err); \
346 (x) = (__b1 << 8) | __b2; \
350 #define __get_user_asm_word(x, addr, err) \
351 __get_user_asm(x, addr, err, ldr)
354 #define __put_user_switch(x, ptr, __err, __fn) \
356 const __typeof__(*(ptr)) __user *__pu_ptr = (ptr); \
357 __typeof__(*(ptr)) __pu_val = (x); \
358 unsigned int __ua_flags; \
360 __ua_flags = uaccess_save_and_enable(); \
361 switch (sizeof(*(ptr))) { \
362 case 1: __fn(__pu_val, __pu_ptr, __err, 1); break; \
363 case 2: __fn(__pu_val, __pu_ptr, __err, 2); break; \
364 case 4: __fn(__pu_val, __pu_ptr, __err, 4); break; \
365 case 8: __fn(__pu_val, __pu_ptr, __err, 8); break; \
366 default: __err = __put_user_bad(); break; \
368 uaccess_restore(__ua_flags); \
371 #define put_user(x, ptr) \
374 __put_user_switch((x), (ptr), __pu_err, __put_user_check); \
378 #define __put_user(x, ptr) \
381 __put_user_switch((x), (ptr), __pu_err, __put_user_nocheck); \
385 #define __put_user_error(x, ptr, err) \
387 __put_user_switch((x), (ptr), (err), __put_user_nocheck); \
391 #define __put_user_nocheck(x, __pu_ptr, __err, __size) \
393 unsigned long __pu_addr = (unsigned long)__pu_ptr; \
394 __put_user_nocheck_##__size(x, __pu_addr, __err); \
397 #define __put_user_nocheck_1 __put_user_asm_byte
398 #define __put_user_nocheck_2 __put_user_asm_half
399 #define __put_user_nocheck_4 __put_user_asm_word
400 #define __put_user_nocheck_8 __put_user_asm_dword
402 #define __put_user_asm(x, __pu_addr, err, instr) \
403 __asm__ __volatile__( \
404 "1: " TUSER(instr) " %1, [%2], #0\n" \
406 " .pushsection .text.fixup,\"ax\"\n" \
411 " .pushsection __ex_table,\"a\"\n" \
416 : "r" (x), "r" (__pu_addr), "i" (-EFAULT) \
419 #define __put_user_asm_byte(x, __pu_addr, err) \
420 __put_user_asm(x, __pu_addr, err, strb)
423 #define __put_user_asm_half(x, __pu_addr, err) \
425 unsigned long __temp = (__force unsigned long)(x); \
426 __put_user_asm_byte(__temp, __pu_addr, err); \
427 __put_user_asm_byte(__temp >> 8, __pu_addr + 1, err); \
430 #define __put_user_asm_half(x, __pu_addr, err) \
432 unsigned long __temp = (__force unsigned long)(x); \
433 __put_user_asm_byte(__temp >> 8, __pu_addr, err); \
434 __put_user_asm_byte(__temp, __pu_addr + 1, err); \
438 #define __put_user_asm_word(x, __pu_addr, err) \
439 __put_user_asm(x, __pu_addr, err, str)
442 #define __reg_oper0 "%R2"
443 #define __reg_oper1 "%Q2"
445 #define __reg_oper0 "%Q2"
446 #define __reg_oper1 "%R2"
449 #define __put_user_asm_dword(x, __pu_addr, err) \
450 __asm__ __volatile__( \
451 ARM( "1: " TUSER(str) " " __reg_oper1 ", [%1], #4\n" ) \
452 ARM( "2: " TUSER(str) " " __reg_oper0 ", [%1]\n" ) \
453 THUMB( "1: " TUSER(str) " " __reg_oper1 ", [%1]\n" ) \
454 THUMB( "2: " TUSER(str) " " __reg_oper0 ", [%1, #4]\n" ) \
456 " .pushsection .text.fixup,\"ax\"\n" \
461 " .pushsection __ex_table,\"a\"\n" \
466 : "+r" (err), "+r" (__pu_addr) \
467 : "r" (x), "i" (-EFAULT) \
472 extern unsigned long __must_check
473 arm_copy_from_user(void *to
, const void __user
*from
, unsigned long n
);
475 static inline unsigned long __must_check
476 __arch_copy_from_user(void *to
, const void __user
*from
, unsigned long n
)
478 unsigned int __ua_flags
;
480 __ua_flags
= uaccess_save_and_enable();
481 n
= arm_copy_from_user(to
, from
, n
);
482 uaccess_restore(__ua_flags
);
486 extern unsigned long __must_check
487 arm_copy_to_user(void __user
*to
, const void *from
, unsigned long n
);
488 extern unsigned long __must_check
489 __copy_to_user_std(void __user
*to
, const void *from
, unsigned long n
);
491 static inline unsigned long __must_check
492 __arch_copy_to_user(void __user
*to
, const void *from
, unsigned long n
)
494 #ifndef CONFIG_UACCESS_WITH_MEMCPY
495 unsigned int __ua_flags
;
496 __ua_flags
= uaccess_save_and_enable();
497 n
= arm_copy_to_user(to
, from
, n
);
498 uaccess_restore(__ua_flags
);
501 return arm_copy_to_user(to
, from
, n
);
505 extern unsigned long __must_check
506 arm_clear_user(void __user
*addr
, unsigned long n
);
507 extern unsigned long __must_check
508 __clear_user_std(void __user
*addr
, unsigned long n
);
510 static inline unsigned long __must_check
511 __clear_user(void __user
*addr
, unsigned long n
)
513 unsigned int __ua_flags
= uaccess_save_and_enable();
514 n
= arm_clear_user(addr
, n
);
515 uaccess_restore(__ua_flags
);
520 #define __arch_copy_from_user(to, from, n) \
521 (memcpy(to, (void __force *)from, n), 0)
522 #define __arch_copy_to_user(to, from, n) \
523 (memcpy((void __force *)to, from, n), 0)
524 #define __clear_user(addr, n) (memset((void __force *)addr, 0, n), 0)
527 static inline unsigned long __must_check
528 __copy_from_user(void *to
, const void __user
*from
, unsigned long n
)
530 check_object_size(to
, n
, false);
531 return __arch_copy_from_user(to
, from
, n
);
534 static inline unsigned long __must_check
535 copy_from_user(void *to
, const void __user
*from
, unsigned long n
)
537 unsigned long res
= n
;
539 check_object_size(to
, n
, false);
541 if (likely(access_ok(VERIFY_READ
, from
, n
)))
542 res
= __arch_copy_from_user(to
, from
, n
);
544 memset(to
+ (n
- res
), 0, res
);
548 static inline unsigned long __must_check
549 __copy_to_user(void __user
*to
, const void *from
, unsigned long n
)
551 check_object_size(from
, n
, true);
553 return __arch_copy_to_user(to
, from
, n
);
556 static inline unsigned long __must_check
557 copy_to_user(void __user
*to
, const void *from
, unsigned long n
)
559 check_object_size(from
, n
, true);
561 if (access_ok(VERIFY_WRITE
, to
, n
))
562 n
= __arch_copy_to_user(to
, from
, n
);
566 #define __copy_to_user_inatomic __copy_to_user
567 #define __copy_from_user_inatomic __copy_from_user
569 static inline unsigned long __must_check
clear_user(void __user
*to
, unsigned long n
)
571 if (access_ok(VERIFY_WRITE
, to
, n
))
572 n
= __clear_user(to
, n
);
576 /* These are from lib/ code, and use __get_user() and friends */
577 extern long strncpy_from_user(char *dest
, const char __user
*src
, long count
);
579 extern __must_check
long strlen_user(const char __user
*str
);
580 extern __must_check
long strnlen_user(const char __user
*str
, long n
);
582 #endif /* _ASMARM_UACCESS_H */