[deliverable/linux.git] / arch / arm / include / asm / uaccess.h

/*
 *  arch/arm/include/asm/uaccess.h
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */
#ifndef _ASMARM_UACCESS_H
#define _ASMARM_UACCESS_H

/*
 * User space memory access functions
 */
#include <linux/string.h>
#include <linux/thread_info.h>
#include <asm/errno.h>
#include <asm/memory.h>
#include <asm/domain.h>
#include <asm/unified.h>
#include <asm/compiler.h>

#ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
#include <asm-generic/uaccess-unaligned.h>
#else
#define __get_user_unaligned __get_user
#define __put_user_unaligned __put_user
#endif

#define VERIFY_READ 0
#define VERIFY_WRITE 1

/*
 * The exception table consists of pairs of addresses: the first is the
 * address of an instruction that is allowed to fault, and the second is
 * the address at which the program should continue.  No registers are
 * modified, so it is entirely up to the continuation code to figure out
 * what to do.
 *
 * All the routines below use bits of fixup code that are out of line
 * with the main instruction path.  This means when everything is well,
 * we don't even have to jump over them.  Further, they do not intrude
 * on our cache or tlb entries.
 */

struct exception_table_entry
{
	unsigned long insn, fixup;
};

extern int fixup_exception(struct pt_regs *regs);

/*
 * These two functions allow hooking accesses to userspace to increase
 * system integrity by ensuring that the kernel can not inadvertantly
 * perform such accesses (eg, via list poison values) which could then
 * be exploited for priviledge escalation.
 */
static inline unsigned int uaccess_save_and_enable(void)
{
#ifdef CONFIG_CPU_SW_DOMAIN_PAN
	unsigned int old_domain = get_domain();

	/* Set the current domain access to permit user accesses */
	set_domain((old_domain & ~domain_mask(DOMAIN_USER)) |
		   domain_val(DOMAIN_USER, DOMAIN_CLIENT));

	return old_domain;
#else
	return 0;
#endif
}

static inline void uaccess_restore(unsigned int flags)
{
#ifdef CONFIG_CPU_SW_DOMAIN_PAN
	/* Restore the user access mask */
	set_domain(flags);
#endif
}

/*
 * These two are intentionally not defined anywhere - if the kernel
 * code generates any references to them, that's a bug.
 */
extern int __get_user_bad(void);
extern int __put_user_bad(void);

/*
 * Note that this is actually 0x1,0000,0000
 */
#define KERNEL_DS	0x00000000
#define get_ds()	(KERNEL_DS)

#ifdef CONFIG_MMU

#define USER_DS		TASK_SIZE
#define get_fs()	(current_thread_info()->addr_limit)

static inline void set_fs(mm_segment_t fs)
{
	current_thread_info()->addr_limit = fs;
	modify_domain(DOMAIN_KERNEL, fs ? DOMAIN_CLIENT : DOMAIN_MANAGER);
}

#define segment_eq(a, b)	((a) == (b))

/* We use 33-bit arithmetic here... */
#define __range_ok(addr, size) ({ \
	unsigned long flag, roksum; \
	__chk_user_ptr(addr);	\
	__asm__("adds %1, %2, %3; sbcccs %1, %1, %0; movcc %0, #0" \
		: "=&r" (flag), "=&r" (roksum) \
		: "r" (addr), "Ir" (size), "0" (current_thread_info()->addr_limit) \
		: "cc"); \
	flag; })

/*
 * Single-value transfer routines.  They automatically use the right
 * size if we just have the right pointer type.  Note that the functions
 * which read from user space (*get_*) need to take care not to leak
 * kernel data even if the calling code is buggy and fails to check
 * the return value.  This means zeroing out the destination variable
 * or buffer on error.  Normally this is done out of line by the
 * fixup code, but there are a few places where it intrudes on the
 * main code path.  When we only write to user space, there is no
 * problem.
 */
extern int __get_user_1(void *);
extern int __get_user_2(void *);
extern int __get_user_4(void *);
extern int __get_user_32t_8(void *);
extern int __get_user_8(void *);
extern int __get_user_64t_1(void *);
extern int __get_user_64t_2(void *);
extern int __get_user_64t_4(void *);

#define __GUP_CLOBBER_1	"lr", "cc"
#ifdef CONFIG_CPU_USE_DOMAINS
#define __GUP_CLOBBER_2	"ip", "lr", "cc"
#else
#define __GUP_CLOBBER_2 "lr", "cc"
#endif
#define __GUP_CLOBBER_4	"lr", "cc"
#define __GUP_CLOBBER_32t_8 "lr", "cc"
#define __GUP_CLOBBER_8	"lr", "cc"

#define __get_user_x(__r2, __p, __e, __l, __s)				\
	   __asm__ __volatile__ (					\
		__asmeq("%0", "r0") __asmeq("%1", "r2")			\
		__asmeq("%3", "r1")					\
		"bl	__get_user_" #__s				\
		: "=&r" (__e), "=r" (__r2)				\
		: "0" (__p), "r" (__l)					\
		: __GUP_CLOBBER_##__s)

/* narrowing a double-word get into a single 32bit word register: */
#ifdef __ARMEB__
#define __get_user_x_32t(__r2, __p, __e, __l, __s)			\
	__get_user_x(__r2, __p, __e, __l, 32t_8)
#else
#define __get_user_x_32t __get_user_x
#endif

/*
 * storing result into proper least significant word of 64bit target var,
 * different only for big endian case where 64 bit __r2 lsw is r3:
 */
#ifdef __ARMEB__
#define __get_user_x_64t(__r2, __p, __e, __l, __s)		        \
	   __asm__ __volatile__ (					\
		__asmeq("%0", "r0") __asmeq("%1", "r2")			\
		__asmeq("%3", "r1")					\
		"bl	__get_user_64t_" #__s				\
		: "=&r" (__e), "=r" (__r2)				\
		: "0" (__p), "r" (__l)					\
		: __GUP_CLOBBER_##__s)
#else
#define __get_user_x_64t __get_user_x
#endif


#define __get_user_check(x, p)						\
	({								\
		unsigned long __limit = current_thread_info()->addr_limit - 1; \
		register const typeof(*(p)) __user *__p asm("r0") = (p);\
		register typeof(x) __r2 asm("r2");			\
		register unsigned long __l asm("r1") = __limit;		\
		register int __e asm("r0");				\
		unsigned int __ua_flags = uaccess_save_and_enable();	\
		switch (sizeof(*(__p))) {				\
		case 1:							\
			if (sizeof((x)) >= 8)				\
				__get_user_x_64t(__r2, __p, __e, __l, 1); \
			else						\
				__get_user_x(__r2, __p, __e, __l, 1);	\
			break;						\
		case 2:							\
			if (sizeof((x)) >= 8)				\
				__get_user_x_64t(__r2, __p, __e, __l, 2); \
			else						\
				__get_user_x(__r2, __p, __e, __l, 2);	\
			break;						\
		case 4:							\
			if (sizeof((x)) >= 8)				\
				__get_user_x_64t(__r2, __p, __e, __l, 4); \
			else						\
				__get_user_x(__r2, __p, __e, __l, 4);	\
			break;						\
		case 8:							\
			if (sizeof((x)) < 8)				\
				__get_user_x_32t(__r2, __p, __e, __l, 4); \
			else						\
				__get_user_x(__r2, __p, __e, __l, 8);	\
			break;						\
		default: __e = __get_user_bad(); break;			\
		}							\
		uaccess_restore(__ua_flags);				\
		x = (typeof(*(p))) __r2;				\
		__e;							\
	})

#define get_user(x, p)							\
	({								\
		might_fault();						\
		__get_user_check(x, p);					\
	 })

extern int __put_user_1(void *, unsigned int);
extern int __put_user_2(void *, unsigned int);
extern int __put_user_4(void *, unsigned int);
extern int __put_user_8(void *, unsigned long long);

#define __put_user_check(__pu_val, __ptr, __err, __s)			\
	({								\
		unsigned long __limit = current_thread_info()->addr_limit - 1; \
		register typeof(__pu_val) __r2 asm("r2") = __pu_val;	\
		register const void __user *__p asm("r0") = __ptr;	\
		register unsigned long __l asm("r1") = __limit;		\
		register int __e asm("r0");				\
		__asm__ __volatile__ (					\
			__asmeq("%0", "r0") __asmeq("%2", "r2")		\
			__asmeq("%3", "r1")				\
			"bl	__put_user_" #__s			\
			: "=&r" (__e)					\
			: "0" (__p), "r" (__r2), "r" (__l)		\
			: "ip", "lr", "cc");				\
		__err = __e;						\
	})

#else /* CONFIG_MMU */

/*
 * uClinux has only one addr space, so has simplified address limits.
 */
#define USER_DS			KERNEL_DS

#define segment_eq(a, b)		(1)
#define __addr_ok(addr)		((void)(addr), 1)
#define __range_ok(addr, size)	((void)(addr), 0)
#define get_fs()		(KERNEL_DS)

static inline void set_fs(mm_segment_t fs)
{
}

#define get_user(x, p)	__get_user(x, p)
#define __put_user_check __put_user_nocheck

#endif /* CONFIG_MMU */

#define access_ok(type, addr, size)	(__range_ok(addr, size) == 0)

#define user_addr_max() \
	(segment_eq(get_fs(), KERNEL_DS) ? ~0UL : get_fs())

/*
 * The "__xxx" versions of the user access functions do not verify the
 * address space - it must have been done previously with a separate
 * "access_ok()" call.
 *
 * The "xxx_error" versions set the third argument to EFAULT if an
 * error occurs, and leave it unchanged on success.  Note that these
 * versions are void (ie, don't return a value as such).
 */
#define __get_user(x, ptr)						\
({									\
	long __gu_err = 0;						\
	__get_user_err((x), (ptr), __gu_err);				\
	__gu_err;							\
})

#define __get_user_error(x, ptr, err)					\
({									\
	__get_user_err((x), (ptr), err);				\
	(void) 0;							\
})

#define __get_user_err(x, ptr, err)					\
do {									\
	unsigned long __gu_addr = (unsigned long)(ptr);			\
	unsigned long __gu_val;						\
	unsigned int __ua_flags;					\
	__chk_user_ptr(ptr);						\
	might_fault();							\
	__ua_flags = uaccess_save_and_enable();				\
	switch (sizeof(*(ptr))) {					\
	case 1:	__get_user_asm_byte(__gu_val, __gu_addr, err);	break;	\
	case 2:	__get_user_asm_half(__gu_val, __gu_addr, err);	break;	\
	case 4:	__get_user_asm_word(__gu_val, __gu_addr, err);	break;	\
	default: (__gu_val) = __get_user_bad();				\
	}								\
	uaccess_restore(__ua_flags);					\
	(x) = (__typeof__(*(ptr)))__gu_val;				\
} while (0)

#define __get_user_asm(x, addr, err, instr)			\
	__asm__ __volatile__(					\
	"1:	" TUSER(instr) " %1, [%2], #0\n"		\
	"2:\n"							\
	"	.pushsection .text.fixup,\"ax\"\n"		\
	"	.align	2\n"					\
	"3:	mov	%0, %3\n"				\
	"	mov	%1, #0\n"				\
	"	b	2b\n"					\
	"	.popsection\n"					\
	"	.pushsection __ex_table,\"a\"\n"		\
	"	.align	3\n"					\
	"	.long	1b, 3b\n"				\
	"	.popsection"					\
	: "+r" (err), "=&r" (x)					\
	: "r" (addr), "i" (-EFAULT)				\
	: "cc")

#define __get_user_asm_byte(x, addr, err)			\
	__get_user_asm(x, addr, err, ldrb)

#ifndef __ARMEB__
#define __get_user_asm_half(x, __gu_addr, err)			\
({								\
	unsigned long __b1, __b2;				\
	__get_user_asm_byte(__b1, __gu_addr, err);		\
	__get_user_asm_byte(__b2, __gu_addr + 1, err);		\
	(x) = __b1 | (__b2 << 8);				\
})
#else
#define __get_user_asm_half(x, __gu_addr, err)			\
({								\
	unsigned long __b1, __b2;				\
	__get_user_asm_byte(__b1, __gu_addr, err);		\
	__get_user_asm_byte(__b2, __gu_addr + 1, err);		\
	(x) = (__b1 << 8) | __b2;				\
})
#endif

#define __get_user_asm_word(x, addr, err)			\
	__get_user_asm(x, addr, err, ldr)


#define __put_user_switch(x, ptr, __err, __fn)				\
	do {								\
		const __typeof__(*(ptr)) __user *__pu_ptr = (ptr);	\
		__typeof__(*(ptr)) __pu_val = (x);			\
		unsigned int __ua_flags;				\
		might_fault();						\
		__ua_flags = uaccess_save_and_enable();			\
		switch (sizeof(*(ptr))) {				\
		case 1: __fn(__pu_val, __pu_ptr, __err, 1); break;	\
		case 2:	__fn(__pu_val, __pu_ptr, __err, 2); break;	\
		case 4:	__fn(__pu_val, __pu_ptr, __err, 4); break;	\
		case 8:	__fn(__pu_val, __pu_ptr, __err, 8); break;	\
		default: __err = __put_user_bad(); break;		\
		}							\
		uaccess_restore(__ua_flags);				\
	} while (0)

#define put_user(x, ptr)						\
({									\
	int __pu_err = 0;						\
	__put_user_switch((x), (ptr), __pu_err, __put_user_check);	\
	__pu_err;							\
})

#define __put_user(x, ptr)						\
({									\
	long __pu_err = 0;						\
	__put_user_switch((x), (ptr), __pu_err, __put_user_nocheck);	\
	__pu_err;							\
})

#define __put_user_error(x, ptr, err)					\
({									\
	__put_user_switch((x), (ptr), (err), __put_user_nocheck);	\
	(void) 0;							\
})

#define __put_user_nocheck(x, __pu_ptr, __err, __size)			\
	do {								\
		unsigned long __pu_addr = (unsigned long)__pu_ptr;	\
		__put_user_nocheck_##__size(x, __pu_addr, __err);	\
	} while (0)

#define __put_user_nocheck_1 __put_user_asm_byte
#define __put_user_nocheck_2 __put_user_asm_half
#define __put_user_nocheck_4 __put_user_asm_word
#define __put_user_nocheck_8 __put_user_asm_dword

#define __put_user_asm(x, __pu_addr, err, instr)		\
	__asm__ __volatile__(					\
	"1:	" TUSER(instr) " %1, [%2], #0\n"		\
	"2:\n"							\
	"	.pushsection .text.fixup,\"ax\"\n"		\
	"	.align	2\n"					\
	"3:	mov	%0, %3\n"				\
	"	b	2b\n"					\
	"	.popsection\n"					\
	"	.pushsection __ex_table,\"a\"\n"		\
	"	.align	3\n"					\
	"	.long	1b, 3b\n"				\
	"	.popsection"					\
	: "+r" (err)						\
	: "r" (x), "r" (__pu_addr), "i" (-EFAULT)		\
	: "cc")

#define __put_user_asm_byte(x, __pu_addr, err)			\
	__put_user_asm(x, __pu_addr, err, strb)

#ifndef __ARMEB__
#define __put_user_asm_half(x, __pu_addr, err)			\
({								\
	unsigned long __temp = (__force unsigned long)(x);	\
	__put_user_asm_byte(__temp, __pu_addr, err);		\
	__put_user_asm_byte(__temp >> 8, __pu_addr + 1, err);	\
})
#else
#define __put_user_asm_half(x, __pu_addr, err)			\
({								\
	unsigned long __temp = (__force unsigned long)(x);	\
	__put_user_asm_byte(__temp >> 8, __pu_addr, err);	\
	__put_user_asm_byte(__temp, __pu_addr + 1, err);	\
})
#endif

#define __put_user_asm_word(x, __pu_addr, err)			\
	__put_user_asm(x, __pu_addr, err, str)

#ifndef __ARMEB__
#define	__reg_oper0	"%R2"
#define	__reg_oper1	"%Q2"
#else
#define	__reg_oper0	"%Q2"
#define	__reg_oper1	"%R2"
#endif

#define __put_user_asm_dword(x, __pu_addr, err)			\
	__asm__ __volatile__(					\
 ARM(	"1:	" TUSER(str) "	" __reg_oper1 ", [%1], #4\n"	) \
 ARM(	"2:	" TUSER(str) "	" __reg_oper0 ", [%1]\n"	) \
 THUMB(	"1:	" TUSER(str) "	" __reg_oper1 ", [%1]\n"	) \
 THUMB(	"2:	" TUSER(str) "	" __reg_oper0 ", [%1, #4]\n"	) \
	"3:\n"							\
	"	.pushsection .text.fixup,\"ax\"\n"		\
	"	.align	2\n"					\
	"4:	mov	%0, %3\n"				\
	"	b	3b\n"					\
	"	.popsection\n"					\
	"	.pushsection __ex_table,\"a\"\n"		\
	"	.align	3\n"					\
	"	.long	1b, 4b\n"				\
	"	.long	2b, 4b\n"				\
	"	.popsection"					\
	: "+r" (err), "+r" (__pu_addr)				\
	: "r" (x), "i" (-EFAULT)				\
	: "cc")


#ifdef CONFIG_MMU
extern unsigned long __must_check
arm_copy_from_user(void *to, const void __user *from, unsigned long n);

static inline unsigned long __must_check
__copy_from_user(void *to, const void __user *from, unsigned long n)
{
	unsigned int __ua_flags;

	check_object_size(to, n, false);
	__ua_flags = uaccess_save_and_enable();
	n = arm_copy_from_user(to, from, n);
	uaccess_restore(__ua_flags);
	return n;
}

extern unsigned long __must_check
arm_copy_to_user(void __user *to, const void *from, unsigned long n);
extern unsigned long __must_check
__copy_to_user_std(void __user *to, const void *from, unsigned long n);

static inline unsigned long __must_check
__copy_to_user(void __user *to, const void *from, unsigned long n)
{
#ifndef CONFIG_UACCESS_WITH_MEMCPY
	unsigned int __ua_flags;

	check_object_size(from, n, true);
	__ua_flags = uaccess_save_and_enable();
	n = arm_copy_to_user(to, from, n);
	uaccess_restore(__ua_flags);
	return n;
#else
	check_object_size(from, n, true);
	return arm_copy_to_user(to, from, n);
#endif
}

extern unsigned long __must_check
arm_clear_user(void __user *addr, unsigned long n);
extern unsigned long __must_check
__clear_user_std(void __user *addr, unsigned long n);

static inline unsigned long __must_check
__clear_user(void __user *addr, unsigned long n)
{
	unsigned int __ua_flags = uaccess_save_and_enable();
	n = arm_clear_user(addr, n);
	uaccess_restore(__ua_flags);
	return n;
}

#else
#define __copy_from_user(to, from, n)	(memcpy(to, (void __force *)from, n), 0)
#define __copy_to_user(to, from, n)	(memcpy((void __force *)to, from, n), 0)
#define __clear_user(addr, n)		(memset((void __force *)addr, 0, n), 0)
#endif

static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
{
	if (access_ok(VERIFY_READ, from, n))
		n = __copy_from_user(to, from, n);
	else /* security hole - plug it */
		memset(to, 0, n);
	return n;
}

static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
{
	if (access_ok(VERIFY_WRITE, to, n))
		n = __copy_to_user(to, from, n);
	return n;
}

#define __copy_to_user_inatomic __copy_to_user
#define __copy_from_user_inatomic __copy_from_user

static inline unsigned long __must_check clear_user(void __user *to, unsigned long n)
{
	if (access_ok(VERIFY_WRITE, to, n))
		n = __clear_user(to, n);
	return n;
}

/* These are from lib/ code, and use __get_user() and friends */
extern long strncpy_from_user(char *dest, const char __user *src, long count);

extern __must_check long strlen_user(const char __user *str);
extern __must_check long strnlen_user(const char __user *str, long n);

#endif /* _ASMARM_UACCESS_H */
Commit	Line	Data
1da177e4	1	/*
4baa9922	2	* arch/arm/include/asm/uaccess.h
1da177e4 LT	3	*
	4	* This program is free software; you can redistribute it and/or modify
	5	* it under the terms of the GNU General Public License version 2 as
	6	* published by the Free Software Foundation.
	7	*/
	8	#ifndef _ASMARM_UACCESS_H
	9	#define _ASMARM_UACCESS_H
	10
	11	/*
	12	* User space memory access functions
	13	*/
87c52578 RK	14	#include <linux/string.h>
87c52578 RK	15	#include <linux/thread_info.h>
1da177e4 LT	16	#include <asm/errno.h>
	17	#include <asm/memory.h>
	18	#include <asm/domain.h>
8b592783	19	#include <asm/unified.h>
9f97da78	20	#include <asm/compiler.h>
1da177e4	21
afdd3bba	22	#ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
c89efa73 NP	23	#include <asm-generic/uaccess-unaligned.h>
	24	#else
	25	#define __get_user_unaligned __get_user
	26	#define __put_user_unaligned __put_user
	27	#endif
	28
1da177e4 LT	29	#define VERIFY_READ 0
	30	#define VERIFY_WRITE 1
	31
	32	/*
	33	* The exception table consists of pairs of addresses: the first is the
	34	* address of an instruction that is allowed to fault, and the second is
	35	* the address at which the program should continue. No registers are
	36	* modified, so it is entirely up to the continuation code to figure out
	37	* what to do.
	38	*
	39	* All the routines below use bits of fixup code that are out of line
	40	* with the main instruction path. This means when everything is well,
	41	* we don't even have to jump over them. Further, they do not intrude
	42	* on our cache or tlb entries.
	43	*/
	44
	45	struct exception_table_entry
	46	{
	47	unsigned long insn, fixup;
	48	};
	49
	50	extern int fixup_exception(struct pt_regs *regs);
	51
3fba7e23 RK	52	/*
	53	* These two functions allow hooking accesses to userspace to increase
	54	* system integrity by ensuring that the kernel can not inadvertantly
	55	* perform such accesses (eg, via list poison values) which could then
	56	* be exploited for priviledge escalation.
	57	*/
	58	static inline unsigned int uaccess_save_and_enable(void)
	59	{
a5e090ac RK	60	#ifdef CONFIG_CPU_SW_DOMAIN_PAN
	61	unsigned int old_domain = get_domain();
	62
	63	/* Set the current domain access to permit user accesses */
	64	set_domain((old_domain & ~domain_mask(DOMAIN_USER)) \|
	65	domain_val(DOMAIN_USER, DOMAIN_CLIENT));
	66
	67	return old_domain;
	68	#else
3fba7e23	69	return 0;
a5e090ac	70	#endif
3fba7e23 RK	71	}
	72
	73	static inline void uaccess_restore(unsigned int flags)
	74	{
a5e090ac RK	75	#ifdef CONFIG_CPU_SW_DOMAIN_PAN
	76	/* Restore the user access mask */
	77	set_domain(flags);
	78	#endif
3fba7e23 RK	79	}
3fba7e23 RK	80
9641c7cc RK	81	/*
	82	* These two are intentionally not defined anywhere - if the kernel
	83	* code generates any references to them, that's a bug.
	84	*/
	85	extern int __get_user_bad(void);
	86	extern int __put_user_bad(void);
	87
1da177e4 LT	88	/*
	89	* Note that this is actually 0x1,0000,0000
	90	*/
	91	#define KERNEL_DS 0x00000000
1da177e4	92	#define get_ds() (KERNEL_DS)
9641c7cc RK	93
	94	#ifdef CONFIG_MMU
	95
	96	#define USER_DS TASK_SIZE
1da177e4 LT	97	#define get_fs() (current_thread_info()->addr_limit)
1da177e4 LT	98
9641c7cc	99	static inline void set_fs(mm_segment_t fs)
1da177e4 LT	100	{
	101	current_thread_info()->addr_limit = fs;
	102	modify_domain(DOMAIN_KERNEL, fs ? DOMAIN_CLIENT : DOMAIN_MANAGER);
	103	}
	104
295bb01e	105	#define segment_eq(a, b) ((a) == (b))
1da177e4	106
1da177e4	107	/* We use 33-bit arithmetic here... */
295bb01e	108	#define __range_ok(addr, size) ({ \
16cf5b39	109	unsigned long flag, roksum; \
1da177e4 LT	110	__chk_user_ptr(addr); \
1da177e4 LT	111	__asm__("adds %1, %2, %3; sbcccs %1, %1, %0; movcc %0, #0" \
16cf5b39	112	: "=&r" (flag), "=&r" (roksum) \
1da177e4 LT	113	: "r" (addr), "Ir" (size), "0" (current_thread_info()->addr_limit) \
	114	: "cc"); \
	115	flag; })
	116
1da177e4 LT	117	/*
	118	* Single-value transfer routines. They automatically use the right
	119	* size if we just have the right pointer type. Note that the functions
	120	* which read from user space (get_) need to take care not to leak
	121	* kernel data even if the calling code is buggy and fails to check
	122	* the return value. This means zeroing out the destination variable
	123	* or buffer on error. Normally this is done out of line by the
	124	* fixup code, but there are a few places where it intrudes on the
	125	* main code path. When we only write to user space, there is no
	126	* problem.
1da177e4	127	*/
1da177e4 LT	128	extern int __get_user_1(void *);
	129	extern int __get_user_2(void *);
	130	extern int __get_user_4(void *);
d9981380	131	extern int __get_user_32t_8(void *);
e38361d0	132	extern int __get_user_8(void *);
d9981380 VK	133	extern int __get_user_64t_1(void *);
	134	extern int __get_user_64t_2(void *);
	135	extern int __get_user_64t_4(void *);
1da177e4	136
8404663f RK	137	#define __GUP_CLOBBER_1 "lr", "cc"
	138	#ifdef CONFIG_CPU_USE_DOMAINS
	139	#define __GUP_CLOBBER_2 "ip", "lr", "cc"
	140	#else
	141	#define __GUP_CLOBBER_2 "lr", "cc"
	142	#endif
	143	#define __GUP_CLOBBER_4 "lr", "cc"
d9981380	144	#define __GUP_CLOBBER_32t_8 "lr", "cc"
e38361d0	145	#define __GUP_CLOBBER_8 "lr", "cc"
8404663f	146
295bb01e	147	#define __get_user_x(__r2, __p, __e, __l, __s) \
1da177e4 LT	148	__asm__ __volatile__ ( \
1da177e4 LT	149	__asmeq("%0", "r0") __asmeq("%1", "r2") \
8404663f	150	__asmeq("%3", "r1") \
1da177e4 LT	151	"bl __get_user_" #__s \
1da177e4 LT	152	: "=&r" (__e), "=r" (__r2) \
8404663f RK	153	: "0" (__p), "r" (__l) \
8404663f RK	154	: __GUP_CLOBBER_##__s)
1da177e4	155
e38361d0 DT	156	/* narrowing a double-word get into a single 32bit word register: */
e38361d0 DT	157	#ifdef __ARMEB__
295bb01e	158	#define __get_user_x_32t(__r2, __p, __e, __l, __s) \
d9981380	159	__get_user_x(__r2, __p, __e, __l, 32t_8)
e38361d0	160	#else
d9981380	161	#define __get_user_x_32t __get_user_x
e38361d0 DT	162	#endif
e38361d0 DT	163
d9981380 VK	164	/*
	165	* storing result into proper least significant word of 64bit target var,
	166	* different only for big endian case where 64 bit __r2 lsw is r3:
	167	*/
	168	#ifdef __ARMEB__
	169	#define __get_user_x_64t(__r2, __p, __e, __l, __s) \
	170	__asm__ __volatile__ ( \
	171	__asmeq("%0", "r0") __asmeq("%1", "r2") \
	172	__asmeq("%3", "r1") \
	173	"bl __get_user_64t_" #__s \
	174	: "=&r" (__e), "=r" (__r2) \
	175	: "0" (__p), "r" (__l) \
	176	: __GUP_CLOBBER_##__s)
	177	#else
	178	#define __get_user_x_64t __get_user_x
	179	#endif
	180
	181
295bb01e	182	#define __get_user_check(x, p) \
1da177e4	183	({ \
8404663f	184	unsigned long __limit = current_thread_info()->addr_limit - 1; \
c5a69d57	185	register const typeof((p)) __user __p asm("r0") = (p);\
e38361d0	186	register typeof(x) __r2 asm("r2"); \
8404663f	187	register unsigned long __l asm("r1") = __limit; \
1da177e4	188	register int __e asm("r0"); \
3fba7e23	189	unsigned int __ua_flags = uaccess_save_and_enable(); \
1da177e4 LT	190	switch (sizeof(*(__p))) { \
1da177e4 LT	191	case 1: \
d9981380 VK	192	if (sizeof((x)) >= 8) \
	193	__get_user_x_64t(__r2, __p, __e, __l, 1); \
	194	else \
	195	__get_user_x(__r2, __p, __e, __l, 1); \
8404663f	196	break; \
1da177e4	197	case 2: \
d9981380 VK	198	if (sizeof((x)) >= 8) \
	199	__get_user_x_64t(__r2, __p, __e, __l, 2); \
	200	else \
	201	__get_user_x(__r2, __p, __e, __l, 2); \
1da177e4 LT	202	break; \
1da177e4 LT	203	case 4: \
d9981380 VK	204	if (sizeof((x)) >= 8) \
	205	__get_user_x_64t(__r2, __p, __e, __l, 4); \
	206	else \
	207	__get_user_x(__r2, __p, __e, __l, 4); \
1da177e4	208	break; \
e38361d0 DT	209	case 8: \
e38361d0 DT	210	if (sizeof((x)) < 8) \
d9981380	211	__get_user_x_32t(__r2, __p, __e, __l, 4); \
e38361d0 DT	212	else \
	213	__get_user_x(__r2, __p, __e, __l, 8); \
	214	break; \
1da177e4 LT	215	default: __e = __get_user_bad(); break; \
1da177e4 LT	216	} \
3fba7e23	217	uaccess_restore(__ua_flags); \
d2c5b690	218	x = (typeof(*(p))) __r2; \
1da177e4 LT	219	__e; \
	220	})
	221
295bb01e	222	#define get_user(x, p) \
ad72907a WD	223	({ \
ad72907a WD	224	might_fault(); \
295bb01e	225	__get_user_check(x, p); \
ad72907a WD	226	})
ad72907a WD	227
9641c7cc RK	228	extern int __put_user_1(void *, unsigned int);
	229	extern int __put_user_2(void *, unsigned int);
	230	extern int __put_user_4(void *, unsigned int);
	231	extern int __put_user_8(void *, unsigned long long);
	232
9f73bd8b	233	#define __put_user_check(__pu_val, __ptr, __err, __s) \
9641c7cc	234	({ \
8404663f	235	unsigned long __limit = current_thread_info()->addr_limit - 1; \
9f73bd8b RK	236	register typeof(__pu_val) __r2 asm("r2") = __pu_val; \
9f73bd8b RK	237	register const void __user *__p asm("r0") = __ptr; \
8404663f	238	register unsigned long __l asm("r1") = __limit; \
9641c7cc	239	register int __e asm("r0"); \
9f73bd8b RK	240	__asm__ __volatile__ ( \
	241	__asmeq("%0", "r0") __asmeq("%2", "r2") \
	242	__asmeq("%3", "r1") \
	243	"bl __put_user_" #__s \
	244	: "=&r" (__e) \
	245	: "0" (__p), "r" (__r2), "r" (__l) \
	246	: "ip", "lr", "cc"); \
	247	__err = __e; \
9641c7cc RK	248	})
	249
	250	#else /* CONFIG_MMU */
	251
	252	/*
	253	* uClinux has only one addr space, so has simplified address limits.
	254	*/
	255	#define USER_DS KERNEL_DS
	256
295bb01e MT	257	#define segment_eq(a, b) (1)
	258	#define __addr_ok(addr) ((void)(addr), 1)
	259	#define __range_ok(addr, size) ((void)(addr), 0)
9641c7cc RK	260	#define get_fs() (KERNEL_DS)
	261
	262	static inline void set_fs(mm_segment_t fs)
	263	{
	264	}
	265
295bb01e	266	#define get_user(x, p) __get_user(x, p)
9f73bd8b	267	#define __put_user_check __put_user_nocheck
9641c7cc RK	268
	269	#endif /* CONFIG_MMU */
	270
295bb01e	271	#define access_ok(type, addr, size) (__range_ok(addr, size) == 0)
9641c7cc	272
8c56cc8b	273	#define user_addr_max() \
83de911c	274	(segment_eq(get_fs(), KERNEL_DS) ? ~0UL : get_fs())
8c56cc8b	275
9641c7cc RK	276	/*
	277	* The "__xxx" versions of the user access functions do not verify the
	278	* address space - it must have been done previously with a separate
	279	* "access_ok()" call.
	280	*
	281	* The "xxx_error" versions set the third argument to EFAULT if an
	282	* error occurs, and leave it unchanged on success. Note that these
	283	* versions are void (ie, don't return a value as such).
	284	*/
295bb01e	285	#define __get_user(x, ptr) \
1da177e4 LT	286	({ \
1da177e4 LT	287	long __gu_err = 0; \
295bb01e	288	__get_user_err((x), (ptr), __gu_err); \
1da177e4 LT	289	__gu_err; \
	290	})
	291
295bb01e	292	#define __get_user_error(x, ptr, err) \
1da177e4	293	({ \
295bb01e	294	__get_user_err((x), (ptr), err); \
1da177e4 LT	295	(void) 0; \
	296	})
	297
295bb01e	298	#define __get_user_err(x, ptr, err) \
1da177e4 LT	299	do { \
	300	unsigned long __gu_addr = (unsigned long)(ptr); \
	301	unsigned long __gu_val; \
3fba7e23	302	unsigned int __ua_flags; \
1da177e4	303	__chk_user_ptr(ptr); \
ad72907a	304	might_fault(); \
3fba7e23	305	__ua_flags = uaccess_save_and_enable(); \
1da177e4	306	switch (sizeof(*(ptr))) { \
295bb01e MT	307	case 1: __get_user_asm_byte(__gu_val, __gu_addr, err); break; \
	308	case 2: __get_user_asm_half(__gu_val, __gu_addr, err); break; \
	309	case 4: __get_user_asm_word(__gu_val, __gu_addr, err); break; \
1da177e4 LT	310	default: (__gu_val) = __get_user_bad(); \
1da177e4 LT	311	} \
3fba7e23	312	uaccess_restore(__ua_flags); \
1da177e4 LT	313	(x) = (__typeof__(*(ptr)))__gu_val; \
	314	} while (0)
	315
b64d1f66	316	#define __get_user_asm(x, addr, err, instr) \
1da177e4	317	__asm__ __volatile__( \
b64d1f66	318	"1: " TUSER(instr) " %1, [%2], #0\n" \
1da177e4	319	"2:\n" \
c4a84ae3	320	" .pushsection .text.fixup,\"ax\"\n" \
1da177e4 LT	321	" .align 2\n" \
	322	"3: mov %0, %3\n" \
	323	" mov %1, #0\n" \
	324	" b 2b\n" \
4260415f RK	325	" .popsection\n" \
4260415f RK	326	" .pushsection __ex_table,\"a\"\n" \
1da177e4 LT	327	" .align 3\n" \
1da177e4 LT	328	" .long 1b, 3b\n" \
4260415f	329	" .popsection" \
1da177e4 LT	330	: "+r" (err), "=&r" (x) \
	331	: "r" (addr), "i" (-EFAULT) \
	332	: "cc")
	333
b64d1f66 RK	334	#define __get_user_asm_byte(x, addr, err) \
	335	__get_user_asm(x, addr, err, ldrb)
	336
1da177e4	337	#ifndef __ARMEB__
295bb01e	338	#define __get_user_asm_half(x, __gu_addr, err) \
1da177e4 LT	339	({ \
	340	unsigned long __b1, __b2; \
	341	__get_user_asm_byte(__b1, __gu_addr, err); \
	342	__get_user_asm_byte(__b2, __gu_addr + 1, err); \
	343	(x) = __b1 \| (__b2 << 8); \
	344	})
	345	#else
295bb01e	346	#define __get_user_asm_half(x, __gu_addr, err) \
1da177e4 LT	347	({ \
	348	unsigned long __b1, __b2; \
	349	__get_user_asm_byte(__b1, __gu_addr, err); \
	350	__get_user_asm_byte(__b2, __gu_addr + 1, err); \
	351	(x) = (__b1 << 8) \| __b2; \
	352	})
	353	#endif
	354
295bb01e	355	#define __get_user_asm_word(x, addr, err) \
b64d1f66	356	__get_user_asm(x, addr, err, ldr)
1da177e4	357
9f73bd8b RK	358
	359	#define __put_user_switch(x, ptr, __err, __fn) \
	360	do { \
	361	const __typeof__((ptr)) __user __pu_ptr = (ptr); \
	362	__typeof__(*(ptr)) __pu_val = (x); \
	363	unsigned int __ua_flags; \
	364	might_fault(); \
	365	__ua_flags = uaccess_save_and_enable(); \
	366	switch (sizeof(*(ptr))) { \
	367	case 1: __fn(__pu_val, __pu_ptr, __err, 1); break; \
	368	case 2: __fn(__pu_val, __pu_ptr, __err, 2); break; \
	369	case 4: __fn(__pu_val, __pu_ptr, __err, 4); break; \
	370	case 8: __fn(__pu_val, __pu_ptr, __err, 8); break; \
	371	default: __err = __put_user_bad(); break; \
	372	} \
	373	uaccess_restore(__ua_flags); \
	374	} while (0)
	375
	376	#define put_user(x, ptr) \
	377	({ \
	378	int __pu_err = 0; \
	379	__put_user_switch((x), (ptr), __pu_err, __put_user_check); \
	380	__pu_err; \
	381	})
	382
295bb01e	383	#define __put_user(x, ptr) \
1da177e4 LT	384	({ \
1da177e4 LT	385	long __pu_err = 0; \
9f73bd8b	386	__put_user_switch((x), (ptr), __pu_err, __put_user_nocheck); \
1da177e4 LT	387	__pu_err; \
	388	})
	389
295bb01e	390	#define __put_user_error(x, ptr, err) \
1da177e4	391	({ \
9f73bd8b	392	__put_user_switch((x), (ptr), (err), __put_user_nocheck); \
1da177e4 LT	393	(void) 0; \
	394	})
	395
9f73bd8b RK	396	#define __put_user_nocheck(x, __pu_ptr, __err, __size) \
	397	do { \
	398	unsigned long __pu_addr = (unsigned long)__pu_ptr; \
	399	__put_user_nocheck_##__size(x, __pu_addr, __err); \
	400	} while (0)
	401
	402	#define __put_user_nocheck_1 __put_user_asm_byte
	403	#define __put_user_nocheck_2 __put_user_asm_half
	404	#define __put_user_nocheck_4 __put_user_asm_word
	405	#define __put_user_nocheck_8 __put_user_asm_dword
1da177e4	406
b64d1f66	407	#define __put_user_asm(x, __pu_addr, err, instr) \
1da177e4	408	__asm__ __volatile__( \
b64d1f66	409	"1: " TUSER(instr) " %1, [%2], #0\n" \
1da177e4	410	"2:\n" \
c4a84ae3	411	" .pushsection .text.fixup,\"ax\"\n" \
1da177e4 LT	412	" .align 2\n" \
	413	"3: mov %0, %3\n" \
	414	" b 2b\n" \
4260415f RK	415	" .popsection\n" \
4260415f RK	416	" .pushsection __ex_table,\"a\"\n" \
1da177e4 LT	417	" .align 3\n" \
1da177e4 LT	418	" .long 1b, 3b\n" \
4260415f	419	" .popsection" \
1da177e4 LT	420	: "+r" (err) \
	421	: "r" (x), "r" (__pu_addr), "i" (-EFAULT) \
	422	: "cc")
	423
b64d1f66 RK	424	#define __put_user_asm_byte(x, __pu_addr, err) \
	425	__put_user_asm(x, __pu_addr, err, strb)
	426
1da177e4	427	#ifndef __ARMEB__
295bb01e	428	#define __put_user_asm_half(x, __pu_addr, err) \
1da177e4	429	({ \
e8b94dea	430	unsigned long __temp = (__force unsigned long)(x); \
1da177e4 LT	431	__put_user_asm_byte(__temp, __pu_addr, err); \
	432	__put_user_asm_byte(__temp >> 8, __pu_addr + 1, err); \
	433	})
	434	#else
295bb01e	435	#define __put_user_asm_half(x, __pu_addr, err) \
1da177e4	436	({ \
e8b94dea	437	unsigned long __temp = (__force unsigned long)(x); \
1da177e4 LT	438	__put_user_asm_byte(__temp >> 8, __pu_addr, err); \
	439	__put_user_asm_byte(__temp, __pu_addr + 1, err); \
	440	})
	441	#endif
	442
295bb01e	443	#define __put_user_asm_word(x, __pu_addr, err) \
b64d1f66	444	__put_user_asm(x, __pu_addr, err, str)
1da177e4 LT	445
	446	#ifndef __ARMEB__
	447	#define __reg_oper0 "%R2"
	448	#define __reg_oper1 "%Q2"
	449	#else
	450	#define __reg_oper0 "%Q2"
	451	#define __reg_oper1 "%R2"
	452	#endif
	453
295bb01e	454	#define __put_user_asm_dword(x, __pu_addr, err) \
1da177e4	455	__asm__ __volatile__( \
4e7682d0 CM	456	ARM( "1: " TUSER(str) " " __reg_oper1 ", [%1], #4\n" ) \
	457	ARM( "2: " TUSER(str) " " __reg_oper0 ", [%1]\n" ) \
	458	THUMB( "1: " TUSER(str) " " __reg_oper1 ", [%1]\n" ) \
	459	THUMB( "2: " TUSER(str) " " __reg_oper0 ", [%1, #4]\n" ) \
1da177e4	460	"3:\n" \
c4a84ae3	461	" .pushsection .text.fixup,\"ax\"\n" \
1da177e4 LT	462	" .align 2\n" \
	463	"4: mov %0, %3\n" \
	464	" b 3b\n" \
4260415f RK	465	" .popsection\n" \
4260415f RK	466	" .pushsection __ex_table,\"a\"\n" \
1da177e4 LT	467	" .align 3\n" \
	468	" .long 1b, 4b\n" \
	469	" .long 2b, 4b\n" \
4260415f	470	" .popsection" \
1da177e4 LT	471	: "+r" (err), "+r" (__pu_addr) \
	472	: "r" (x), "i" (-EFAULT) \
	473	: "cc")
	474
02fcb974	475
9641c7cc	476	#ifdef CONFIG_MMU
3fba7e23 RK	477	extern unsigned long __must_check
	478	arm_copy_from_user(void to, const void __user from, unsigned long n);
	479
	480	static inline unsigned long __must_check
	481	__copy_from_user(void to, const void __user from, unsigned long n)
	482	{
dfd45b61 KC	483	unsigned int __ua_flags;
	484
	485	check_object_size(to, n, false);
	486	__ua_flags = uaccess_save_and_enable();
3fba7e23 RK	487	n = arm_copy_from_user(to, from, n);
	488	uaccess_restore(__ua_flags);
	489	return n;
	490	}
	491
	492	extern unsigned long __must_check
	493	arm_copy_to_user(void __user to, const void from, unsigned long n);
	494	extern unsigned long __must_check
	495	__copy_to_user_std(void __user to, const void from, unsigned long n);
	496
	497	static inline unsigned long __must_check
	498	__copy_to_user(void __user to, const void from, unsigned long n)
	499	{
c014953d	500	#ifndef CONFIG_UACCESS_WITH_MEMCPY
dfd45b61 KC	501	unsigned int __ua_flags;
	502
	503	check_object_size(from, n, true);
	504	__ua_flags = uaccess_save_and_enable();
3fba7e23 RK	505	n = arm_copy_to_user(to, from, n);
	506	uaccess_restore(__ua_flags);
	507	return n;
c014953d	508	#else
dfd45b61	509	check_object_size(from, n, true);
c014953d RK	510	return arm_copy_to_user(to, from, n);
c014953d RK	511	#endif
3fba7e23 RK	512	}
	513
	514	extern unsigned long __must_check
	515	arm_clear_user(void __user *addr, unsigned long n);
	516	extern unsigned long __must_check
	517	__clear_user_std(void __user *addr, unsigned long n);
	518
	519	static inline unsigned long __must_check
	520	__clear_user(void __user *addr, unsigned long n)
	521	{
	522	unsigned int __ua_flags = uaccess_save_and_enable();
	523	n = arm_clear_user(addr, n);
	524	uaccess_restore(__ua_flags);
	525	return n;
	526	}
	527
9641c7cc	528	#else
295bb01e MT	529	#define __copy_from_user(to, from, n) (memcpy(to, (void __force *)from, n), 0)
	530	#define __copy_to_user(to, from, n) (memcpy((void __force *)to, from, n), 0)
	531	#define __clear_user(addr, n) (memset((void __force *)addr, 0, n), 0)
9641c7cc RK	532	#endif
9641c7cc RK	533
99573298	534	static inline unsigned long __must_check copy_from_user(void to, const void __user from, unsigned long n)
1da177e4 LT	535	{
1da177e4 LT	536	if (access_ok(VERIFY_READ, from, n))
02fcb974	537	n = __copy_from_user(to, from, n);
1da177e4	538	else /* security hole - plug it */
59f0cb0f	539	memset(to, 0, n);
1da177e4 LT	540	return n;
	541	}
	542
99573298	543	static inline unsigned long __must_check copy_to_user(void __user to, const void from, unsigned long n)
1da177e4 LT	544	{
1da177e4 LT	545	if (access_ok(VERIFY_WRITE, to, n))
02fcb974	546	n = __copy_to_user(to, from, n);
1da177e4 LT	547	return n;
	548	}
	549
1da177e4 LT	550	#define __copy_to_user_inatomic __copy_to_user
	551	#define __copy_from_user_inatomic __copy_from_user
	552
99573298	553	static inline unsigned long __must_check clear_user(void __user *to, unsigned long n)
1da177e4 LT	554	{
1da177e4 LT	555	if (access_ok(VERIFY_WRITE, to, n))
02fcb974	556	n = __clear_user(to, n);
1da177e4 LT	557	return n;
	558	}
	559
3fba7e23	560	/* These are from lib/ code, and use __get_user() and friends */
8c56cc8b	561	extern long strncpy_from_user(char dest, const char __user src, long count);
1da177e4	562
8c56cc8b WD	563	extern __must_check long strlen_user(const char __user *str);
8c56cc8b WD	564	extern __must_check long strnlen_user(const char __user *str, long n);
1da177e4 LT	565
1da177e4 LT	566	#endif /* _ASMARM_UACCESS_H */