1/* 2 * include/asm-s390/uaccess.h 3 * 4 * S390 version 5 * Copyright (C) 1999,2000 IBM Deutschland Entwicklung GmbH, IBM Corporation 6 * Author(s): Hartmut Penner (hp@de.ibm.com), 7 * Martin Schwidefsky (schwidefsky@de.ibm.com) 8 * 9 * Derived from "include/asm-i386/uaccess.h" 10 */ 11#ifndef __S390_UACCESS_H 12#define __S390_UACCESS_H 13 14/* 15 * User space memory access functions 16 */ 17#include <linux/sched.h> 18#include <linux/errno.h> 19 20#define VERIFY_READ 0 21#define VERIFY_WRITE 1 22 23 24/* 25 * The fs value determines whether argument validity checking should be 26 * performed or not. If get_fs() == USER_DS, checking is performed, with 27 * get_fs() == KERNEL_DS, checking is bypassed. 28 * 29 * For historical reasons, these macros are grossly misnamed. 30 */ 31 32#define MAKE_MM_SEG(a) ((mm_segment_t) { (a) }) 33 34 35#define KERNEL_DS MAKE_MM_SEG(0) 36#define USER_DS MAKE_MM_SEG(1) 37 38#define get_ds() (KERNEL_DS) 39#define get_fs() (current->thread.mm_segment) 40 41#define set_fs(x) \ 42({ \ 43 unsigned long __pto; \ 44 current->thread.mm_segment = (x); \ 45 __pto = current->thread.mm_segment.ar4 ? \ 46 S390_lowcore.user_asce : S390_lowcore.kernel_asce; \ 47 __ctl_load(__pto, 7, 7); \ 48}) 49 50#define segment_eq(a,b) ((a).ar4 == (b).ar4) 51 52 53static inline int __access_ok(const void __user *addr, unsigned long size) 54{ 55 return 1; 56} 57#define access_ok(type,addr,size) __access_ok(addr,size) 58 59/* 60 * The exception table consists of pairs of addresses: the first is the 61 * address of an instruction that is allowed to fault, and the second is 62 * the address at which the program should continue. No registers are 63 * modified, so it is entirely up to the continuation code to figure out 64 * what to do. 65 * 66 * All the routines below use bits of fixup code that are out of line 67 * with the main instruction path. This means when everything is well, 68 * we don't even have to jump over them. Further, they do not intrude 69 * on our cache or tlb entries. 70 */ 71 72struct exception_table_entry 73{ 74 unsigned long insn, fixup; 75}; 76 77struct uaccess_ops { 78 size_t (*copy_from_user)(size_t, const void __user *, void *); 79 size_t (*copy_from_user_small)(size_t, const void __user *, void *); 80 size_t (*copy_to_user)(size_t, void __user *, const void *); 81 size_t (*copy_to_user_small)(size_t, void __user *, const void *); 82 size_t (*copy_in_user)(size_t, void __user *, const void __user *); 83 size_t (*clear_user)(size_t, void __user *); 84 size_t (*strnlen_user)(size_t, const char __user *); 85 size_t (*strncpy_from_user)(size_t, const char __user *, char *); 86 int (*futex_atomic_op)(int op, int __user *, int oparg, int *old); 87 int (*futex_atomic_cmpxchg)(int __user *, int old, int new); 88}; 89 90extern struct uaccess_ops uaccess; 91extern struct uaccess_ops uaccess_std; 92extern struct uaccess_ops uaccess_mvcos; 93extern struct uaccess_ops uaccess_mvcos_switch; 94extern struct uaccess_ops uaccess_pt; 95 96extern int __handle_fault(unsigned long, unsigned long, int); 97 98static inline int __put_user_fn(size_t size, void __user *ptr, void *x) 99{ 100 size = uaccess.copy_to_user_small(size, ptr, x); 101 return size ? -EFAULT : size; 102} 103 104static inline int __get_user_fn(size_t size, const void __user *ptr, void *x) 105{ 106 size = uaccess.copy_from_user_small(size, ptr, x); 107 return size ? -EFAULT : size; 108} 109 110/* 111 * These are the main single-value transfer routines. They automatically 112 * use the right size if we just have the right pointer type. 113 */ 114#define __put_user(x, ptr) \ 115({ \ 116 __typeof__(*(ptr)) __x = (x); \ 117 int __pu_err = -EFAULT; \ 118 __chk_user_ptr(ptr); \ 119 switch (sizeof (*(ptr))) { \ 120 case 1: \ 121 case 2: \ 122 case 4: \ 123 case 8: \ 124 __pu_err = __put_user_fn(sizeof (*(ptr)), \ 125 ptr, &__x); \ 126 break; \ 127 default: \ 128 __put_user_bad(); \ 129 break; \ 130 } \ 131 __pu_err; \ 132}) 133 134#define put_user(x, ptr) \ 135({ \ 136 might_fault(); \ 137 __put_user(x, ptr); \ 138}) 139 140 141extern int __put_user_bad(void) __attribute__((noreturn)); 142 143#define __get_user(x, ptr) \ 144({ \ 145 int __gu_err = -EFAULT; \ 146 __chk_user_ptr(ptr); \ 147 switch (sizeof(*(ptr))) { \ 148 case 1: { \ 149 unsigned char __x; \ 150 __gu_err = __get_user_fn(sizeof (*(ptr)), \ 151 ptr, &__x); \ 152 (x) = *(__force __typeof__(*(ptr)) *) &__x; \ 153 break; \ 154 }; \ 155 case 2: { \ 156 unsigned short __x; \ 157 __gu_err = __get_user_fn(sizeof (*(ptr)), \ 158 ptr, &__x); \ 159 (x) = *(__force __typeof__(*(ptr)) *) &__x; \ 160 break; \ 161 }; \ 162 case 4: { \ 163 unsigned int __x; \ 164 __gu_err = __get_user_fn(sizeof (*(ptr)), \ 165 ptr, &__x); \ 166 (x) = *(__force __typeof__(*(ptr)) *) &__x; \ 167 break; \ 168 }; \ 169 case 8: { \ 170 unsigned long long __x; \ 171 __gu_err = __get_user_fn(sizeof (*(ptr)), \ 172 ptr, &__x); \ 173 (x) = *(__force __typeof__(*(ptr)) *) &__x; \ 174 break; \ 175 }; \ 176 default: \ 177 __get_user_bad(); \ 178 break; \ 179 } \ 180 __gu_err; \ 181}) 182 183#define get_user(x, ptr) \ 184({ \ 185 might_fault(); \ 186 __get_user(x, ptr); \ 187}) 188 189extern int __get_user_bad(void) __attribute__((noreturn)); 190 191#define __put_user_unaligned __put_user 192#define __get_user_unaligned __get_user 193 194/** 195 * __copy_to_user: - Copy a block of data into user space, with less checking. 196 * @to: Destination address, in user space. 197 * @from: Source address, in kernel space. 198 * @n: Number of bytes to copy. 199 * 200 * Context: User context only. This function may sleep. 201 * 202 * Copy data from kernel space to user space. Caller must check 203 * the specified block with access_ok() before calling this function. 204 * 205 * Returns number of bytes that could not be copied. 206 * On success, this will be zero. 207 */ 208static inline unsigned long __must_check 209__copy_to_user(void __user *to, const void *from, unsigned long n) 210{ 211 if (__builtin_constant_p(n) && (n <= 256)) 212 return uaccess.copy_to_user_small(n, to, from); 213 else 214 return uaccess.copy_to_user(n, to, from); 215} 216 217#define __copy_to_user_inatomic __copy_to_user 218#define __copy_from_user_inatomic __copy_from_user 219 220/** 221 * copy_to_user: - Copy a block of data into user space. 222 * @to: Destination address, in user space. 223 * @from: Source address, in kernel space. 224 * @n: Number of bytes to copy. 225 * 226 * Context: User context only. This function may sleep. 227 * 228 * Copy data from kernel space to user space. 229 * 230 * Returns number of bytes that could not be copied. 231 * On success, this will be zero. 232 */ 233static inline unsigned long __must_check 234copy_to_user(void __user *to, const void *from, unsigned long n) 235{ 236 might_fault(); 237 if (access_ok(VERIFY_WRITE, to, n)) 238 n = __copy_to_user(to, from, n); 239 return n; 240} 241 242/** 243 * __copy_from_user: - Copy a block of data from user space, with less checking. 244 * @to: Destination address, in kernel space. 245 * @from: Source address, in user space. 246 * @n: Number of bytes to copy. 247 * 248 * Context: User context only. This function may sleep. 249 * 250 * Copy data from user space to kernel space. Caller must check 251 * the specified block with access_ok() before calling this function. 252 * 253 * Returns number of bytes that could not be copied. 254 * On success, this will be zero. 255 * 256 * If some data could not be copied, this function will pad the copied 257 * data to the requested size using zero bytes. 258 */ 259static inline unsigned long __must_check 260__copy_from_user(void *to, const void __user *from, unsigned long n) 261{ 262 if (__builtin_constant_p(n) && (n <= 256)) 263 return uaccess.copy_from_user_small(n, from, to); 264 else 265 return uaccess.copy_from_user(n, from, to); 266} 267 268extern void copy_from_user_overflow(void) 269#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS 270__compiletime_warning("copy_from_user() buffer size is not provably correct") 271#endif 272; 273 274/** 275 * copy_from_user: - Copy a block of data from user space. 276 * @to: Destination address, in kernel space. 277 * @from: Source address, in user space. 278 * @n: Number of bytes to copy. 279 * 280 * Context: User context only. This function may sleep. 281 * 282 * Copy data from user space to kernel space. 283 * 284 * Returns number of bytes that could not be copied. 285 * On success, this will be zero. 286 * 287 * If some data could not be copied, this function will pad the copied 288 * data to the requested size using zero bytes. 289 */ 290static inline unsigned long __must_check 291copy_from_user(void *to, const void __user *from, unsigned long n) 292{ 293 unsigned int sz = __compiletime_object_size(to); 294 295 might_fault(); 296 if (unlikely(sz != -1 && sz < n)) { 297 copy_from_user_overflow(); 298 return n; 299 } 300 if (access_ok(VERIFY_READ, from, n)) 301 n = __copy_from_user(to, from, n); 302 else 303 memset(to, 0, n); 304 return n; 305} 306 307static inline unsigned long __must_check 308__copy_in_user(void __user *to, const void __user *from, unsigned long n) 309{ 310 return uaccess.copy_in_user(n, to, from); 311} 312 313static inline unsigned long __must_check 314copy_in_user(void __user *to, const void __user *from, unsigned long n) 315{ 316 might_fault(); 317 if (__access_ok(from,n) && __access_ok(to,n)) 318 n = __copy_in_user(to, from, n); 319 return n; 320} 321 322/* 323 * Copy a null terminated string from userspace. 324 */ 325static inline long __must_check 326strncpy_from_user(char *dst, const char __user *src, long count) 327{ 328 long res = -EFAULT; 329 might_fault(); 330 if (access_ok(VERIFY_READ, src, 1)) 331 res = uaccess.strncpy_from_user(count, src, dst); 332 return res; 333} 334 335static inline unsigned long 336strnlen_user(const char __user * src, unsigned long n) 337{ 338 might_fault(); 339 return uaccess.strnlen_user(n, src); 340} 341 342/** 343 * strlen_user: - Get the size of a string in user space. 344 * @str: The string to measure. 345 * 346 * Context: User context only. This function may sleep. 347 * 348 * Get the size of a NUL-terminated string in user space. 349 * 350 * Returns the size of the string INCLUDING the terminating NUL. 351 * On exception, returns 0. 352 * 353 * If there is a limit on the length of a valid string, you may wish to 354 * consider using strnlen_user() instead. 355 */ 356#define strlen_user(str) strnlen_user(str, ~0UL) 357 358/* 359 * Zero Userspace 360 */ 361 362static inline unsigned long __must_check 363__clear_user(void __user *to, unsigned long n) 364{ 365 return uaccess.clear_user(n, to); 366} 367 368static inline unsigned long __must_check 369clear_user(void __user *to, unsigned long n) 370{ 371 might_fault(); 372 if (access_ok(VERIFY_WRITE, to, n)) 373 n = uaccess.clear_user(n, to); 374 return n; 375} 376 377#endif /* __S390_UACCESS_H */ 378