378 lines
10 KiB
C
378 lines
10 KiB
C
/*
|
|
* include/asm-s390/uaccess.h
|
|
*
|
|
* S390 version
|
|
* Copyright (C) 1999,2000 IBM Deutschland Entwicklung GmbH, IBM Corporation
|
|
* Author(s): Hartmut Penner (hp@de.ibm.com),
|
|
* Martin Schwidefsky (schwidefsky@de.ibm.com)
|
|
*
|
|
* Derived from "include/asm-i386/uaccess.h"
|
|
*/
|
|
#ifndef __S390_UACCESS_H
|
|
#define __S390_UACCESS_H
|
|
|
|
/*
|
|
* User space memory access functions
|
|
*/
|
|
#include <linux/sched.h>
|
|
#include <linux/errno.h>
|
|
|
|
#define VERIFY_READ 0
|
|
#define VERIFY_WRITE 1
|
|
|
|
|
|
/*
|
|
* The fs value determines whether argument validity checking should be
|
|
* performed or not. If get_fs() == USER_DS, checking is performed, with
|
|
* get_fs() == KERNEL_DS, checking is bypassed.
|
|
*
|
|
* For historical reasons, these macros are grossly misnamed.
|
|
*/
|
|
|
|
#define MAKE_MM_SEG(a) ((mm_segment_t) { (a) })
|
|
|
|
|
|
#define KERNEL_DS MAKE_MM_SEG(0)
|
|
#define USER_DS MAKE_MM_SEG(1)
|
|
|
|
#define get_ds() (KERNEL_DS)
|
|
#define get_fs() (current->thread.mm_segment)
|
|
|
|
#define set_fs(x) \
|
|
({ \
|
|
unsigned long __pto; \
|
|
current->thread.mm_segment = (x); \
|
|
__pto = current->thread.mm_segment.ar4 ? \
|
|
S390_lowcore.user_asce : S390_lowcore.kernel_asce; \
|
|
__ctl_load(__pto, 7, 7); \
|
|
})
|
|
|
|
#define segment_eq(a,b) ((a).ar4 == (b).ar4)
|
|
|
|
|
|
static inline int __access_ok(const void __user *addr, unsigned long size)
|
|
{
|
|
return 1;
|
|
}
|
|
#define access_ok(type,addr,size) __access_ok(addr,size)
|
|
|
|
/*
|
|
* The exception table consists of pairs of addresses: the first is the
|
|
* address of an instruction that is allowed to fault, and the second is
|
|
* the address at which the program should continue. No registers are
|
|
* modified, so it is entirely up to the continuation code to figure out
|
|
* what to do.
|
|
*
|
|
* All the routines below use bits of fixup code that are out of line
|
|
* with the main instruction path. This means when everything is well,
|
|
* we don't even have to jump over them. Further, they do not intrude
|
|
* on our cache or tlb entries.
|
|
*/
|
|
|
|
struct exception_table_entry
|
|
{
|
|
unsigned long insn, fixup;
|
|
};
|
|
|
|
struct uaccess_ops {
|
|
size_t (*copy_from_user)(size_t, const void __user *, void *);
|
|
size_t (*copy_from_user_small)(size_t, const void __user *, void *);
|
|
size_t (*copy_to_user)(size_t, void __user *, const void *);
|
|
size_t (*copy_to_user_small)(size_t, void __user *, const void *);
|
|
size_t (*copy_in_user)(size_t, void __user *, const void __user *);
|
|
size_t (*clear_user)(size_t, void __user *);
|
|
size_t (*strnlen_user)(size_t, const char __user *);
|
|
size_t (*strncpy_from_user)(size_t, const char __user *, char *);
|
|
int (*futex_atomic_op)(int op, u32 __user *, int oparg, int *old);
|
|
int (*futex_atomic_cmpxchg)(u32 *, u32 __user *, u32 old, u32 new);
|
|
};
|
|
|
|
extern struct uaccess_ops uaccess;
|
|
extern struct uaccess_ops uaccess_std;
|
|
extern struct uaccess_ops uaccess_mvcos;
|
|
extern struct uaccess_ops uaccess_mvcos_switch;
|
|
extern struct uaccess_ops uaccess_pt;
|
|
|
|
extern int __handle_fault(unsigned long, unsigned long, int);
|
|
|
|
static inline int __put_user_fn(size_t size, void __user *ptr, void *x)
|
|
{
|
|
size = uaccess.copy_to_user_small(size, ptr, x);
|
|
return size ? -EFAULT : size;
|
|
}
|
|
|
|
static inline int __get_user_fn(size_t size, const void __user *ptr, void *x)
|
|
{
|
|
size = uaccess.copy_from_user_small(size, ptr, x);
|
|
return size ? -EFAULT : size;
|
|
}
|
|
|
|
/*
|
|
* These are the main single-value transfer routines. They automatically
|
|
* use the right size if we just have the right pointer type.
|
|
*/
|
|
#define __put_user(x, ptr) \
|
|
({ \
|
|
__typeof__(*(ptr)) __x = (x); \
|
|
int __pu_err = -EFAULT; \
|
|
__chk_user_ptr(ptr); \
|
|
switch (sizeof (*(ptr))) { \
|
|
case 1: \
|
|
case 2: \
|
|
case 4: \
|
|
case 8: \
|
|
__pu_err = __put_user_fn(sizeof (*(ptr)), \
|
|
ptr, &__x); \
|
|
break; \
|
|
default: \
|
|
__put_user_bad(); \
|
|
break; \
|
|
} \
|
|
__pu_err; \
|
|
})
|
|
|
|
#define put_user(x, ptr) \
|
|
({ \
|
|
might_fault(); \
|
|
__put_user(x, ptr); \
|
|
})
|
|
|
|
|
|
extern int __put_user_bad(void) __attribute__((noreturn));
|
|
|
|
#define __get_user(x, ptr) \
|
|
({ \
|
|
int __gu_err = -EFAULT; \
|
|
__chk_user_ptr(ptr); \
|
|
switch (sizeof(*(ptr))) { \
|
|
case 1: { \
|
|
unsigned char __x; \
|
|
__gu_err = __get_user_fn(sizeof (*(ptr)), \
|
|
ptr, &__x); \
|
|
(x) = *(__force __typeof__(*(ptr)) *) &__x; \
|
|
break; \
|
|
}; \
|
|
case 2: { \
|
|
unsigned short __x; \
|
|
__gu_err = __get_user_fn(sizeof (*(ptr)), \
|
|
ptr, &__x); \
|
|
(x) = *(__force __typeof__(*(ptr)) *) &__x; \
|
|
break; \
|
|
}; \
|
|
case 4: { \
|
|
unsigned int __x; \
|
|
__gu_err = __get_user_fn(sizeof (*(ptr)), \
|
|
ptr, &__x); \
|
|
(x) = *(__force __typeof__(*(ptr)) *) &__x; \
|
|
break; \
|
|
}; \
|
|
case 8: { \
|
|
unsigned long long __x; \
|
|
__gu_err = __get_user_fn(sizeof (*(ptr)), \
|
|
ptr, &__x); \
|
|
(x) = *(__force __typeof__(*(ptr)) *) &__x; \
|
|
break; \
|
|
}; \
|
|
default: \
|
|
__get_user_bad(); \
|
|
break; \
|
|
} \
|
|
__gu_err; \
|
|
})
|
|
|
|
#define get_user(x, ptr) \
|
|
({ \
|
|
might_fault(); \
|
|
__get_user(x, ptr); \
|
|
})
|
|
|
|
extern int __get_user_bad(void) __attribute__((noreturn));
|
|
|
|
#define __put_user_unaligned __put_user
|
|
#define __get_user_unaligned __get_user
|
|
|
|
/**
|
|
* __copy_to_user: - Copy a block of data into user space, with less checking.
|
|
* @to: Destination address, in user space.
|
|
* @from: Source address, in kernel space.
|
|
* @n: Number of bytes to copy.
|
|
*
|
|
* Context: User context only. This function may sleep.
|
|
*
|
|
* Copy data from kernel space to user space. Caller must check
|
|
* the specified block with access_ok() before calling this function.
|
|
*
|
|
* Returns number of bytes that could not be copied.
|
|
* On success, this will be zero.
|
|
*/
|
|
static inline unsigned long __must_check
|
|
__copy_to_user(void __user *to, const void *from, unsigned long n)
|
|
{
|
|
if (__builtin_constant_p(n) && (n <= 256))
|
|
return uaccess.copy_to_user_small(n, to, from);
|
|
else
|
|
return uaccess.copy_to_user(n, to, from);
|
|
}
|
|
|
|
#define __copy_to_user_inatomic __copy_to_user
|
|
#define __copy_from_user_inatomic __copy_from_user
|
|
|
|
/**
|
|
* copy_to_user: - Copy a block of data into user space.
|
|
* @to: Destination address, in user space.
|
|
* @from: Source address, in kernel space.
|
|
* @n: Number of bytes to copy.
|
|
*
|
|
* Context: User context only. This function may sleep.
|
|
*
|
|
* Copy data from kernel space to user space.
|
|
*
|
|
* Returns number of bytes that could not be copied.
|
|
* On success, this will be zero.
|
|
*/
|
|
static inline unsigned long __must_check
|
|
copy_to_user(void __user *to, const void *from, unsigned long n)
|
|
{
|
|
might_fault();
|
|
if (access_ok(VERIFY_WRITE, to, n))
|
|
n = __copy_to_user(to, from, n);
|
|
return n;
|
|
}
|
|
|
|
/**
|
|
* __copy_from_user: - Copy a block of data from user space, with less checking.
|
|
* @to: Destination address, in kernel space.
|
|
* @from: Source address, in user space.
|
|
* @n: Number of bytes to copy.
|
|
*
|
|
* Context: User context only. This function may sleep.
|
|
*
|
|
* Copy data from user space to kernel space. Caller must check
|
|
* the specified block with access_ok() before calling this function.
|
|
*
|
|
* Returns number of bytes that could not be copied.
|
|
* On success, this will be zero.
|
|
*
|
|
* If some data could not be copied, this function will pad the copied
|
|
* data to the requested size using zero bytes.
|
|
*/
|
|
static inline unsigned long __must_check
|
|
__copy_from_user(void *to, const void __user *from, unsigned long n)
|
|
{
|
|
if (__builtin_constant_p(n) && (n <= 256))
|
|
return uaccess.copy_from_user_small(n, from, to);
|
|
else
|
|
return uaccess.copy_from_user(n, from, to);
|
|
}
|
|
|
|
extern void copy_from_user_overflow(void)
|
|
#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
|
|
__compiletime_warning("copy_from_user() buffer size is not provably correct")
|
|
#endif
|
|
;
|
|
|
|
/**
|
|
* copy_from_user: - Copy a block of data from user space.
|
|
* @to: Destination address, in kernel space.
|
|
* @from: Source address, in user space.
|
|
* @n: Number of bytes to copy.
|
|
*
|
|
* Context: User context only. This function may sleep.
|
|
*
|
|
* Copy data from user space to kernel space.
|
|
*
|
|
* Returns number of bytes that could not be copied.
|
|
* On success, this will be zero.
|
|
*
|
|
* If some data could not be copied, this function will pad the copied
|
|
* data to the requested size using zero bytes.
|
|
*/
|
|
static inline unsigned long __must_check
|
|
copy_from_user(void *to, const void __user *from, unsigned long n)
|
|
{
|
|
unsigned int sz = __compiletime_object_size(to);
|
|
|
|
might_fault();
|
|
if (unlikely(sz != -1 && sz < n)) {
|
|
copy_from_user_overflow();
|
|
return n;
|
|
}
|
|
if (access_ok(VERIFY_READ, from, n))
|
|
n = __copy_from_user(to, from, n);
|
|
else
|
|
memset(to, 0, n);
|
|
return n;
|
|
}
|
|
|
|
static inline unsigned long __must_check
|
|
__copy_in_user(void __user *to, const void __user *from, unsigned long n)
|
|
{
|
|
return uaccess.copy_in_user(n, to, from);
|
|
}
|
|
|
|
static inline unsigned long __must_check
|
|
copy_in_user(void __user *to, const void __user *from, unsigned long n)
|
|
{
|
|
might_fault();
|
|
if (__access_ok(from,n) && __access_ok(to,n))
|
|
n = __copy_in_user(to, from, n);
|
|
return n;
|
|
}
|
|
|
|
/*
|
|
* Copy a null terminated string from userspace.
|
|
*/
|
|
static inline long __must_check
|
|
strncpy_from_user(char *dst, const char __user *src, long count)
|
|
{
|
|
long res = -EFAULT;
|
|
might_fault();
|
|
if (access_ok(VERIFY_READ, src, 1))
|
|
res = uaccess.strncpy_from_user(count, src, dst);
|
|
return res;
|
|
}
|
|
|
|
static inline unsigned long
|
|
strnlen_user(const char __user * src, unsigned long n)
|
|
{
|
|
might_fault();
|
|
return uaccess.strnlen_user(n, src);
|
|
}
|
|
|
|
/**
|
|
* strlen_user: - Get the size of a string in user space.
|
|
* @str: The string to measure.
|
|
*
|
|
* Context: User context only. This function may sleep.
|
|
*
|
|
* Get the size of a NUL-terminated string in user space.
|
|
*
|
|
* Returns the size of the string INCLUDING the terminating NUL.
|
|
* On exception, returns 0.
|
|
*
|
|
* If there is a limit on the length of a valid string, you may wish to
|
|
* consider using strnlen_user() instead.
|
|
*/
|
|
#define strlen_user(str) strnlen_user(str, ~0UL)
|
|
|
|
/*
|
|
* Zero Userspace
|
|
*/
|
|
|
|
static inline unsigned long __must_check
|
|
__clear_user(void __user *to, unsigned long n)
|
|
{
|
|
return uaccess.clear_user(n, to);
|
|
}
|
|
|
|
static inline unsigned long __must_check
|
|
clear_user(void __user *to, unsigned long n)
|
|
{
|
|
might_fault();
|
|
if (access_ok(VERIFY_WRITE, to, n))
|
|
n = uaccess.clear_user(n, to);
|
|
return n;
|
|
}
|
|
|
|
#endif /* __S390_UACCESS_H */
|