2 * This file is subject to the terms and conditions of the GNU General Public
3 * License. See the file "COPYING" in the main directory of this archive
6 * Copyright (C) 1996, 1997, 1998, 1999, 2000, 03, 04 by Ralf Baechle
7 * Copyright (C) 1999, 2000 Silicon Graphics, Inc.
10 #define _ASM_UACCESS_H
12 #include <linux/kernel.h>
13 #include <linux/errno.h>
14 #include <linux/thread_info.h>
15 #include <asm-generic/uaccess.h>
18 * The fs value determines whether argument validity checking should be
19 * performed or not. If get_fs() == USER_DS, checking is performed, with
20 * get_fs() == KERNEL_DS, checking is bypassed.
22 * For historical reasons, these macros are grossly misnamed.
26 #define __UA_LIMIT 0x80000000UL
28 #define __UA_ADDR ".word"
30 #define __UA_ADDU "addu"
34 #endif /* CONFIG_32BIT */
38 #define __UA_LIMIT (- TASK_SIZE)
40 #define __UA_ADDR ".dword"
42 #define __UA_ADDU "daddu"
46 #endif /* CONFIG_64BIT */
49 * USER_DS is a bitmask that has the bits set that may not be set in a valid
50 * userspace address. Note that we limit 32-bit userspace to 0x7fff8000 but
51 * the arithmetic we're doing only works if the limit is a power of two, so
52 * we use 0x80000000 here on 32-bit kernels. If a process passes an invalid
53 * address in this range it's the process's problem, not ours :-)
56 #define KERNEL_DS ((mm_segment_t) { 0UL })
57 #define USER_DS ((mm_segment_t) { __UA_LIMIT })
60 #define VERIFY_WRITE 1
62 #define get_ds() (KERNEL_DS)
63 #define get_fs() (current_thread_info()->addr_limit)
64 #define set_fs(x) (current_thread_info()->addr_limit = (x))
66 #define segment_eq(a, b) ((a).seg == (b).seg)
70 * Is a address valid? This does a straighforward calculation rather
74 * - "addr" doesn't have any high-bits set
75 * - AND "size" doesn't have any high-bits set
76 * - AND "addr+size" doesn't have any high-bits set
77 * - OR we are in kernel mode.
79 * __ua_size() is a trick to avoid runtime checking of positive constant
80 * sizes; for those we already know at compile time that the size is ok.
82 #define __ua_size(size) \
83 ((__builtin_constant_p(size) && (signed long) (size) > 0) ? 0 : (size))
86 * access_ok: - Checks if a user space pointer is valid
87 * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that
88 * %VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe
89 * to write to a block, it is always safe to read from it.
90 * @addr: User space pointer to start of block to check
91 * @size: Size of block to check
93 * Context: User context only. This function may sleep.
95 * Checks if a pointer to a block of memory in user space is valid.
97 * Returns true (nonzero) if the memory block may be valid, false (zero)
98 * if it is definitely invalid.
100 * Note that, depending on architecture, this function probably just
101 * checks that the pointer is in the user space range - after calling
102 * this function, memory access functions may still return -EFAULT.
105 #define __access_mask get_fs().seg
107 #define __access_ok(addr, size, mask) \
108 (((signed long)((mask) & ((addr) | ((addr) + (size)) | __ua_size(size)))) == 0)
110 #define access_ok(type, addr, size) \
111 likely(__access_ok((unsigned long)(addr), (size), __access_mask))
114 * put_user: - Write a simple value into user space.
115 * @x: Value to copy to user space.
116 * @ptr: Destination address, in user space.
118 * Context: User context only. This function may sleep.
120 * This macro copies a single simple value from kernel space to user
121 * space. It supports simple types like char and int, but not larger
122 * data types like structures or arrays.
124 * @ptr must have pointer-to-simple-variable type, and @x must be assignable
125 * to the result of dereferencing @ptr.
127 * Returns zero on success, or -EFAULT on error.
129 #define put_user(x,ptr) \
130 __put_user_check((x), (ptr), sizeof(*(ptr)))
133 * get_user: - Get a simple variable from user space.
134 * @x: Variable to store result.
135 * @ptr: Source address, in user space.
137 * Context: User context only. This function may sleep.
139 * This macro copies a single simple variable from user space to kernel
140 * space. It supports simple types like char and int, but not larger
141 * data types like structures or arrays.
143 * @ptr must have pointer-to-simple-variable type, and the result of
144 * dereferencing @ptr must be assignable to @x without a cast.
146 * Returns zero on success, or -EFAULT on error.
147 * On error, the variable @x is set to zero.
149 #define get_user(x,ptr) \
150 __get_user_check((x), (ptr), sizeof(*(ptr)))
153 * __put_user: - Write a simple value into user space, with less checking.
154 * @x: Value to copy to user space.
155 * @ptr: Destination address, in user space.
157 * Context: User context only. This function may sleep.
159 * This macro copies a single simple value from kernel space to user
160 * space. It supports simple types like char and int, but not larger
161 * data types like structures or arrays.
163 * @ptr must have pointer-to-simple-variable type, and @x must be assignable
164 * to the result of dereferencing @ptr.
166 * Caller must check the pointer with access_ok() before calling this
169 * Returns zero on success, or -EFAULT on error.
171 #define __put_user(x,ptr) \
172 __put_user_nocheck((x), (ptr), sizeof(*(ptr)))
175 * __get_user: - Get a simple variable from user space, with less checking.
176 * @x: Variable to store result.
177 * @ptr: Source address, in user space.
179 * Context: User context only. This function may sleep.
181 * This macro copies a single simple variable from user space to kernel
182 * space. It supports simple types like char and int, but not larger
183 * data types like structures or arrays.
185 * @ptr must have pointer-to-simple-variable type, and the result of
186 * dereferencing @ptr must be assignable to @x without a cast.
188 * Caller must check the pointer with access_ok() before calling this
191 * Returns zero on success, or -EFAULT on error.
192 * On error, the variable @x is set to zero.
194 #define __get_user(x,ptr) \
195 __get_user_nocheck((x), (ptr), sizeof(*(ptr)))
197 struct __large_struct { unsigned long buf[100]; };
198 #define __m(x) (*(struct __large_struct __user *)(x))
201 * Yuck. We need two variants, one for 64bit operation and one
202 * for 32 bit mode and old iron.
205 #define __GET_USER_DW(val, ptr) __get_user_asm_ll32(val, ptr)
208 #define __GET_USER_DW(val, ptr) __get_user_asm(val, "ld", ptr)
211 extern void __get_user_unknown(void);
213 #define __get_user_common(val, size, ptr) \
216 case 1: __get_user_asm(val, "lb", ptr); break; \
217 case 2: __get_user_asm(val, "lh", ptr); break; \
218 case 4: __get_user_asm(val, "lw", ptr); break; \
219 case 8: __GET_USER_DW(val, ptr); break; \
220 default: __get_user_unknown(); break; \
224 #define __get_user_nocheck(x, ptr, size) \
228 __get_user_common((x), size, ptr); \
232 #define __get_user_check(x, ptr, size) \
234 long __gu_err = -EFAULT; \
235 const __typeof__(*(ptr)) __user * __gu_ptr = (ptr); \
237 if (likely(access_ok(VERIFY_READ, __gu_ptr, size))) \
238 __get_user_common((x), size, __gu_ptr); \
243 #define __get_user_asm(val, insn, addr) \
247 __asm__ __volatile__( \
248 "1: " insn " %1, %3 \n" \
250 " .section .fixup,\"ax\" \n" \
254 " .section __ex_table,\"a\" \n" \
255 " "__UA_ADDR "\t1b, 3b \n" \
257 : "=r" (__gu_err), "=r" (__gu_tmp) \
258 : "0" (0), "o" (__m(addr)), "i" (-EFAULT)); \
260 (val) = (__typeof__(*(addr))) __gu_tmp; \
264 * Get a long long 64 using 32 bit registers.
266 #define __get_user_asm_ll32(val, addr) \
269 unsigned long long l; \
270 __typeof__(*(addr)) t; \
273 __asm__ __volatile__( \
274 "1: lw %1, (%3) \n" \
275 "2: lw %D1, 4(%3) \n" \
276 "3: .section .fixup,\"ax\" \n" \
282 " .section __ex_table,\"a\" \n" \
283 " " __UA_ADDR " 1b, 4b \n" \
284 " " __UA_ADDR " 2b, 4b \n" \
286 : "=r" (__gu_err), "=&r" (__gu_tmp.l) \
287 : "0" (0), "r" (addr), "i" (-EFAULT)); \
289 (val) = __gu_tmp.t; \
293 * Yuck. We need two variants, one for 64bit operation and one
294 * for 32 bit mode and old iron.
297 #define __PUT_USER_DW(ptr) __put_user_asm_ll32(ptr)
300 #define __PUT_USER_DW(ptr) __put_user_asm("sd", ptr)
303 #define __put_user_nocheck(x, ptr, size) \
305 __typeof__(*(ptr)) __pu_val; \
310 case 1: __put_user_asm("sb", ptr); break; \
311 case 2: __put_user_asm("sh", ptr); break; \
312 case 4: __put_user_asm("sw", ptr); break; \
313 case 8: __PUT_USER_DW(ptr); break; \
314 default: __put_user_unknown(); break; \
319 #define __put_user_check(x, ptr, size) \
321 __typeof__(*(ptr)) __user *__pu_addr = (ptr); \
322 __typeof__(*(ptr)) __pu_val = (x); \
323 long __pu_err = -EFAULT; \
325 if (likely(access_ok(VERIFY_WRITE, __pu_addr, size))) { \
327 case 1: __put_user_asm("sb", __pu_addr); break; \
328 case 2: __put_user_asm("sh", __pu_addr); break; \
329 case 4: __put_user_asm("sw", __pu_addr); break; \
330 case 8: __PUT_USER_DW(__pu_addr); break; \
331 default: __put_user_unknown(); break; \
337 #define __put_user_asm(insn, ptr) \
339 __asm__ __volatile__( \
340 "1: " insn " %z2, %3 # __put_user_asm\n" \
342 " .section .fixup,\"ax\" \n" \
346 " .section __ex_table,\"a\" \n" \
347 " " __UA_ADDR " 1b, 3b \n" \
350 : "0" (0), "Jr" (__pu_val), "o" (__m(ptr)), \
354 #define __put_user_asm_ll32(ptr) \
356 __asm__ __volatile__( \
357 "1: sw %2, (%3) # __put_user_asm_ll32 \n" \
358 "2: sw %D2, 4(%3) \n" \
360 " .section .fixup,\"ax\" \n" \
364 " .section __ex_table,\"a\" \n" \
365 " " __UA_ADDR " 1b, 4b \n" \
366 " " __UA_ADDR " 2b, 4b \n" \
369 : "0" (0), "r" (__pu_val), "r" (ptr), \
373 extern void __put_user_unknown(void);
376 * We're generating jump to subroutines which will be outside the range of
380 #define __MODULE_JAL(destination) \
382 __UA_LA "\t$1, " #destination "\n\t" \
386 #define __MODULE_JAL(destination) \
387 "jal\t" #destination "\n\t"
390 extern size_t __copy_user(void *__to, const void *__from, size_t __n);
392 #define __invoke_copy_to_user(to, from, n) \
394 register void __user *__cu_to_r __asm__("$4"); \
395 register const void *__cu_from_r __asm__("$5"); \
396 register long __cu_len_r __asm__("$6"); \
399 __cu_from_r = (from); \
401 __asm__ __volatile__( \
402 __MODULE_JAL(__copy_user) \
403 : "+r" (__cu_to_r), "+r" (__cu_from_r), "+r" (__cu_len_r) \
405 : "$8", "$9", "$10", "$11", "$12", "$15", "$24", "$31", \
411 * __copy_to_user: - Copy a block of data into user space, with less checking.
412 * @to: Destination address, in user space.
413 * @from: Source address, in kernel space.
414 * @n: Number of bytes to copy.
416 * Context: User context only. This function may sleep.
418 * Copy data from kernel space to user space. Caller must check
419 * the specified block with access_ok() before calling this function.
421 * Returns number of bytes that could not be copied.
422 * On success, this will be zero.
424 #define __copy_to_user(to, from, n) \
426 void __user *__cu_to; \
427 const void *__cu_from; \
432 __cu_from = (from); \
434 __cu_len = __invoke_copy_to_user(__cu_to, __cu_from, __cu_len); \
438 extern size_t __copy_user_inatomic(void *__to, const void *__from, size_t __n);
440 #define __copy_to_user_inatomic(to, from, n) \
442 void __user *__cu_to; \
443 const void *__cu_from; \
447 __cu_from = (from); \
449 __cu_len = __invoke_copy_to_user(__cu_to, __cu_from, __cu_len); \
453 #define __copy_from_user_inatomic(to, from, n) \
456 const void __user *__cu_from; \
460 __cu_from = (from); \
462 __cu_len = __invoke_copy_from_user_inatomic(__cu_to, __cu_from, \
468 * copy_to_user: - Copy a block of data into user space.
469 * @to: Destination address, in user space.
470 * @from: Source address, in kernel space.
471 * @n: Number of bytes to copy.
473 * Context: User context only. This function may sleep.
475 * Copy data from kernel space to user space.
477 * Returns number of bytes that could not be copied.
478 * On success, this will be zero.
480 #define copy_to_user(to, from, n) \
482 void __user *__cu_to; \
483 const void *__cu_from; \
488 __cu_from = (from); \
490 if (access_ok(VERIFY_WRITE, __cu_to, __cu_len)) \
491 __cu_len = __invoke_copy_to_user(__cu_to, __cu_from, \
496 #define __invoke_copy_from_user(to, from, n) \
498 register void *__cu_to_r __asm__("$4"); \
499 register const void __user *__cu_from_r __asm__("$5"); \
500 register long __cu_len_r __asm__("$6"); \
503 __cu_from_r = (from); \
505 __asm__ __volatile__( \
506 ".set\tnoreorder\n\t" \
507 __MODULE_JAL(__copy_user) \
509 __UA_ADDU "\t$1, %1, %2\n\t" \
512 : "+r" (__cu_to_r), "+r" (__cu_from_r), "+r" (__cu_len_r) \
514 : "$8", "$9", "$10", "$11", "$12", "$15", "$24", "$31", \
519 #define __invoke_copy_from_user_inatomic(to, from, n) \
521 register void *__cu_to_r __asm__("$4"); \
522 register const void __user *__cu_from_r __asm__("$5"); \
523 register long __cu_len_r __asm__("$6"); \
526 __cu_from_r = (from); \
528 __asm__ __volatile__( \
529 ".set\tnoreorder\n\t" \
530 __MODULE_JAL(__copy_user_inatomic) \
532 __UA_ADDU "\t$1, %1, %2\n\t" \
535 : "+r" (__cu_to_r), "+r" (__cu_from_r), "+r" (__cu_len_r) \
537 : "$8", "$9", "$10", "$11", "$12", "$15", "$24", "$31", \
543 * __copy_from_user: - Copy a block of data from user space, with less checking.
544 * @to: Destination address, in kernel space.
545 * @from: Source address, in user space.
546 * @n: Number of bytes to copy.
548 * Context: User context only. This function may sleep.
550 * Copy data from user space to kernel space. Caller must check
551 * the specified block with access_ok() before calling this function.
553 * Returns number of bytes that could not be copied.
554 * On success, this will be zero.
556 * If some data could not be copied, this function will pad the copied
557 * data to the requested size using zero bytes.
559 #define __copy_from_user(to, from, n) \
562 const void __user *__cu_from; \
567 __cu_from = (from); \
569 __cu_len = __invoke_copy_from_user(__cu_to, __cu_from, \
575 * copy_from_user: - Copy a block of data from user space.
576 * @to: Destination address, in kernel space.
577 * @from: Source address, in user space.
578 * @n: Number of bytes to copy.
580 * Context: User context only. This function may sleep.
582 * Copy data from user space to kernel space.
584 * Returns number of bytes that could not be copied.
585 * On success, this will be zero.
587 * If some data could not be copied, this function will pad the copied
588 * data to the requested size using zero bytes.
590 #define copy_from_user(to, from, n) \
593 const void __user *__cu_from; \
598 __cu_from = (from); \
600 if (access_ok(VERIFY_READ, __cu_from, __cu_len)) \
601 __cu_len = __invoke_copy_from_user(__cu_to, __cu_from, \
606 #define __copy_in_user(to, from, n) __copy_from_user(to, from, n)
608 #define copy_in_user(to, from, n) \
610 void __user *__cu_to; \
611 const void __user *__cu_from; \
616 __cu_from = (from); \
618 if (likely(access_ok(VERIFY_READ, __cu_from, __cu_len) && \
619 access_ok(VERIFY_WRITE, __cu_to, __cu_len))) \
620 __cu_len = __invoke_copy_from_user(__cu_to, __cu_from, \
626 * __clear_user: - Zero a block of memory in user space, with less checking.
627 * @to: Destination address, in user space.
628 * @n: Number of bytes to zero.
630 * Zero a block of memory in user space. Caller must check
631 * the specified block with access_ok() before calling this function.
633 * Returns number of bytes that could not be cleared.
634 * On success, this will be zero.
636 static inline __kernel_size_t
637 __clear_user(void __user *addr, __kernel_size_t size)
642 __asm__ __volatile__(
646 __MODULE_JAL(__bzero)
649 : "r" (addr), "r" (size)
650 : "$4", "$5", "$6", __UA_t0, __UA_t1, "$31");
655 #define clear_user(addr,n) \
657 void __user * __cl_addr = (addr); \
658 unsigned long __cl_size = (n); \
659 if (__cl_size && access_ok(VERIFY_WRITE, \
660 ((unsigned long)(__cl_addr)), __cl_size)) \
661 __cl_size = __clear_user(__cl_addr, __cl_size); \
666 * __strncpy_from_user: - Copy a NUL terminated string from userspace, with less checking.
667 * @dst: Destination address, in kernel space. This buffer must be at
668 * least @count bytes long.
669 * @src: Source address, in user space.
670 * @count: Maximum number of bytes to copy, including the trailing NUL.
672 * Copies a NUL-terminated string from userspace to kernel space.
673 * Caller must check the specified block with access_ok() before calling
676 * On success, returns the length of the string (not including the trailing
679 * If access to userspace fails, returns -EFAULT (some data may have been
682 * If @count is smaller than the length of the string, copies @count bytes
683 * and returns @count.
686 __strncpy_from_user(char *__to, const char __user *__from, long __len)
691 __asm__ __volatile__(
695 __MODULE_JAL(__strncpy_from_user_nocheck_asm)
698 : "r" (__to), "r" (__from), "r" (__len)
699 : "$2", "$3", "$4", "$5", "$6", __UA_t0, "$31", "memory");
705 * strncpy_from_user: - Copy a NUL terminated string from userspace.
706 * @dst: Destination address, in kernel space. This buffer must be at
707 * least @count bytes long.
708 * @src: Source address, in user space.
709 * @count: Maximum number of bytes to copy, including the trailing NUL.
711 * Copies a NUL-terminated string from userspace to kernel space.
713 * On success, returns the length of the string (not including the trailing
716 * If access to userspace fails, returns -EFAULT (some data may have been
719 * If @count is smaller than the length of the string, copies @count bytes
720 * and returns @count.
723 strncpy_from_user(char *__to, const char __user *__from, long __len)
728 __asm__ __volatile__(
732 __MODULE_JAL(__strncpy_from_user_asm)
735 : "r" (__to), "r" (__from), "r" (__len)
736 : "$2", "$3", "$4", "$5", "$6", __UA_t0, "$31", "memory");
741 /* Returns: 0 if bad, string length+1 (memory size) of string if ok */
742 static inline long __strlen_user(const char __user *s)
747 __asm__ __volatile__(
749 __MODULE_JAL(__strlen_user_nocheck_asm)
753 : "$2", "$4", __UA_t0, "$31");
759 * strlen_user: - Get the size of a string in user space.
760 * @str: The string to measure.
762 * Context: User context only. This function may sleep.
764 * Get the size of a NUL-terminated string in user space.
766 * Returns the size of the string INCLUDING the terminating NUL.
767 * On exception, returns 0.
769 * If there is a limit on the length of a valid string, you may wish to
770 * consider using strnlen_user() instead.
772 static inline long strlen_user(const char __user *s)
777 __asm__ __volatile__(
779 __MODULE_JAL(__strlen_user_asm)
783 : "$2", "$4", __UA_t0, "$31");
788 /* Returns: 0 if bad, string length+1 (memory size) of string if ok */
789 static inline long __strnlen_user(const char __user *s, long n)
794 __asm__ __volatile__(
797 __MODULE_JAL(__strnlen_user_nocheck_asm)
801 : "$2", "$4", "$5", __UA_t0, "$31");
807 * strlen_user: - Get the size of a string in user space.
808 * @str: The string to measure.
810 * Context: User context only. This function may sleep.
812 * Get the size of a NUL-terminated string in user space.
814 * Returns the size of the string INCLUDING the terminating NUL.
815 * On exception, returns 0.
817 * If there is a limit on the length of a valid string, you may wish to
818 * consider using strnlen_user() instead.
820 static inline long strnlen_user(const char __user *s, long n)
825 __asm__ __volatile__(
828 __MODULE_JAL(__strnlen_user_asm)
832 : "$2", "$4", "$5", __UA_t0, "$31");
837 struct exception_table_entry
840 unsigned long nextinsn;
843 extern int fixup_exception(struct pt_regs *regs);
845 #endif /* _ASM_UACCESS_H */