2020-02-03 09:25:40 +00:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0 */
|
2009-03-27 13:25:23 +00:00
|
|
|
/*
|
2009-05-26 14:30:23 +00:00
|
|
|
* Copyright (C) 2008-2009 Michal Simek <monstr@monstr.eu>
|
|
|
|
* Copyright (C) 2008-2009 PetaLogix
|
2009-03-27 13:25:23 +00:00
|
|
|
* Copyright (C) 2006 Atmark Techno, Inc.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef _ASM_MICROBLAZE_UACCESS_H
|
|
|
|
#define _ASM_MICROBLAZE_UACCESS_H
|
|
|
|
|
|
|
|
#include <linux/kernel.h>
|
|
|
|
|
|
|
|
#include <asm/mmu.h>
|
|
|
|
#include <asm/page.h>
|
2020-06-09 04:32:38 +00:00
|
|
|
#include <linux/pgtable.h>
|
2016-12-25 19:34:44 +00:00
|
|
|
#include <asm/extable.h>
|
2009-03-27 13:25:23 +00:00
|
|
|
#include <linux/string.h>
|
|
|
|
|
2010-03-05 14:34:12 +00:00
|
|
|
/*
|
|
|
|
* On Microblaze the fs value is actually the top of the corresponding
|
|
|
|
* address space.
|
|
|
|
*
|
|
|
|
* The fs value determines whether argument validity checking should be
|
|
|
|
* performed or not. If get_fs() == USER_DS, checking is performed, with
|
|
|
|
* get_fs() == KERNEL_DS, checking is bypassed.
|
|
|
|
*
|
|
|
|
* For historical reasons, these macros are grossly misnamed.
|
|
|
|
*
|
|
|
|
* For non-MMU arch like Microblaze, KERNEL_DS and USER_DS is equal.
|
|
|
|
*/
|
|
|
|
# define MAKE_MM_SEG(s) ((mm_segment_t) { (s) })
|
|
|
|
|
|
|
|
# ifndef CONFIG_MMU
|
|
|
|
# define KERNEL_DS MAKE_MM_SEG(0)
|
|
|
|
# define USER_DS KERNEL_DS
|
|
|
|
# else
|
|
|
|
# define KERNEL_DS MAKE_MM_SEG(0xFFFFFFFF)
|
|
|
|
# define USER_DS MAKE_MM_SEG(TASK_SIZE - 1)
|
|
|
|
# endif
|
|
|
|
|
|
|
|
# define get_fs() (current_thread_info()->addr_limit)
|
|
|
|
# define set_fs(val) (current_thread_info()->addr_limit = (val))
|
|
|
|
|
|
|
|
# define segment_eq(a, b) ((a).seg == (b).seg)
|
|
|
|
|
2009-05-26 14:30:23 +00:00
|
|
|
#ifndef CONFIG_MMU
|
|
|
|
|
2010-03-05 14:49:53 +00:00
|
|
|
/* Check against bounds of physical memory */
|
|
|
|
static inline int ___range_ok(unsigned long addr, unsigned long size)
|
|
|
|
{
|
|
|
|
return ((addr < memory_start) ||
|
2011-12-19 12:46:35 +00:00
|
|
|
((addr + size - 1) > (memory_start + memory_size - 1)));
|
2010-03-05 14:49:53 +00:00
|
|
|
}
|
2009-03-27 13:25:23 +00:00
|
|
|
|
|
|
|
#define __range_ok(addr, size) \
|
|
|
|
___range_ok((unsigned long)(addr), (unsigned long)(size))
|
|
|
|
|
Remove 'type' argument from access_ok() function
Nobody has actually used the type (VERIFY_READ vs VERIFY_WRITE) argument
of the user address range verification function since we got rid of the
old racy i386-only code to walk page tables by hand.
It existed because the original 80386 would not honor the write protect
bit when in kernel mode, so you had to do COW by hand before doing any
user access. But we haven't supported that in a long time, and these
days the 'type' argument is a purely historical artifact.
A discussion about extending 'user_access_begin()' to do the range
checking resulted this patch, because there is no way we're going to
move the old VERIFY_xyz interface to that model. And it's best done at
the end of the merge window when I've done most of my merges, so let's
just get this done once and for all.
This patch was mostly done with a sed-script, with manual fix-ups for
the cases that weren't of the trivial 'access_ok(VERIFY_xyz' form.
There were a couple of notable cases:
- csky still had the old "verify_area()" name as an alias.
- the iter_iov code had magical hardcoded knowledge of the actual
values of VERIFY_{READ,WRITE} (not that they mattered, since nothing
really used it)
- microblaze used the type argument for a debug printout
but other than those oddities this should be a total no-op patch.
I tried to fix up all architectures, did fairly extensive grepping for
access_ok() uses, and the changes are trivial, but I may have missed
something. Any missed conversion should be trivially fixable, though.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-01-04 02:57:57 +00:00
|
|
|
#define access_ok(addr, size) (__range_ok((addr), (size)) == 0)
|
2010-03-05 15:50:01 +00:00
|
|
|
|
|
|
|
#else
|
|
|
|
|
Remove 'type' argument from access_ok() function
Nobody has actually used the type (VERIFY_READ vs VERIFY_WRITE) argument
of the user address range verification function since we got rid of the
old racy i386-only code to walk page tables by hand.
It existed because the original 80386 would not honor the write protect
bit when in kernel mode, so you had to do COW by hand before doing any
user access. But we haven't supported that in a long time, and these
days the 'type' argument is a purely historical artifact.
A discussion about extending 'user_access_begin()' to do the range
checking resulted this patch, because there is no way we're going to
move the old VERIFY_xyz interface to that model. And it's best done at
the end of the merge window when I've done most of my merges, so let's
just get this done once and for all.
This patch was mostly done with a sed-script, with manual fix-ups for
the cases that weren't of the trivial 'access_ok(VERIFY_xyz' form.
There were a couple of notable cases:
- csky still had the old "verify_area()" name as an alias.
- the iter_iov code had magical hardcoded knowledge of the actual
values of VERIFY_{READ,WRITE} (not that they mattered, since nothing
really used it)
- microblaze used the type argument for a debug printout
but other than those oddities this should be a total no-op patch.
I tried to fix up all architectures, did fairly extensive grepping for
access_ok() uses, and the changes are trivial, but I may have missed
something. Any missed conversion should be trivially fixable, though.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-01-04 02:57:57 +00:00
|
|
|
static inline int access_ok(const void __user *addr, unsigned long size)
|
2013-03-28 15:42:44 +00:00
|
|
|
{
|
|
|
|
if (!size)
|
|
|
|
goto ok;
|
|
|
|
|
|
|
|
if ((get_fs().seg < ((unsigned long)addr)) ||
|
|
|
|
(get_fs().seg < ((unsigned long)addr + size - 1))) {
|
Remove 'type' argument from access_ok() function
Nobody has actually used the type (VERIFY_READ vs VERIFY_WRITE) argument
of the user address range verification function since we got rid of the
old racy i386-only code to walk page tables by hand.
It existed because the original 80386 would not honor the write protect
bit when in kernel mode, so you had to do COW by hand before doing any
user access. But we haven't supported that in a long time, and these
days the 'type' argument is a purely historical artifact.
A discussion about extending 'user_access_begin()' to do the range
checking resulted this patch, because there is no way we're going to
move the old VERIFY_xyz interface to that model. And it's best done at
the end of the merge window when I've done most of my merges, so let's
just get this done once and for all.
This patch was mostly done with a sed-script, with manual fix-ups for
the cases that weren't of the trivial 'access_ok(VERIFY_xyz' form.
There were a couple of notable cases:
- csky still had the old "verify_area()" name as an alias.
- the iter_iov code had magical hardcoded knowledge of the actual
values of VERIFY_{READ,WRITE} (not that they mattered, since nothing
really used it)
- microblaze used the type argument for a debug printout
but other than those oddities this should be a total no-op patch.
I tried to fix up all architectures, did fairly extensive grepping for
access_ok() uses, and the changes are trivial, but I may have missed
something. Any missed conversion should be trivially fixable, though.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-01-04 02:57:57 +00:00
|
|
|
pr_devel("ACCESS fail at 0x%08x (size 0x%x), seg 0x%08x\n",
|
|
|
|
(__force u32)addr, (u32)size,
|
2013-03-28 15:42:44 +00:00
|
|
|
(u32)get_fs().seg);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
ok:
|
Remove 'type' argument from access_ok() function
Nobody has actually used the type (VERIFY_READ vs VERIFY_WRITE) argument
of the user address range verification function since we got rid of the
old racy i386-only code to walk page tables by hand.
It existed because the original 80386 would not honor the write protect
bit when in kernel mode, so you had to do COW by hand before doing any
user access. But we haven't supported that in a long time, and these
days the 'type' argument is a purely historical artifact.
A discussion about extending 'user_access_begin()' to do the range
checking resulted this patch, because there is no way we're going to
move the old VERIFY_xyz interface to that model. And it's best done at
the end of the merge window when I've done most of my merges, so let's
just get this done once and for all.
This patch was mostly done with a sed-script, with manual fix-ups for
the cases that weren't of the trivial 'access_ok(VERIFY_xyz' form.
There were a couple of notable cases:
- csky still had the old "verify_area()" name as an alias.
- the iter_iov code had magical hardcoded knowledge of the actual
values of VERIFY_{READ,WRITE} (not that they mattered, since nothing
really used it)
- microblaze used the type argument for a debug printout
but other than those oddities this should be a total no-op patch.
I tried to fix up all architectures, did fairly extensive grepping for
access_ok() uses, and the changes are trivial, but I may have missed
something. Any missed conversion should be trivially fixable, though.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-01-04 02:57:57 +00:00
|
|
|
pr_devel("ACCESS OK at 0x%08x (size 0x%x), seg 0x%08x\n",
|
|
|
|
(__force u32)addr, (u32)size,
|
2013-03-28 15:42:44 +00:00
|
|
|
(u32)get_fs().seg);
|
|
|
|
return 1;
|
|
|
|
}
|
2010-03-05 15:50:01 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef CONFIG_MMU
|
|
|
|
# define __FIXUP_SECTION ".section .fixup,\"ax\"\n"
|
|
|
|
# define __EX_TABLE_SECTION ".section __ex_table,\"a\"\n"
|
|
|
|
#else
|
|
|
|
# define __FIXUP_SECTION ".section .discard,\"ax\"\n"
|
2012-12-21 09:53:40 +00:00
|
|
|
# define __EX_TABLE_SECTION ".section .discard,\"ax\"\n"
|
2010-03-05 15:50:01 +00:00
|
|
|
#endif
|
|
|
|
|
2010-03-22 17:39:20 +00:00
|
|
|
extern unsigned long __copy_tofrom_user(void __user *to,
|
|
|
|
const void __user *from, unsigned long size);
|
|
|
|
|
2010-03-22 15:02:59 +00:00
|
|
|
/* Return: number of not copied bytes, i.e. 0 if OK or non-zero if fail. */
|
|
|
|
static inline unsigned long __must_check __clear_user(void __user *to,
|
|
|
|
unsigned long n)
|
|
|
|
{
|
|
|
|
/* normal memset with two words to __ex_table */
|
|
|
|
__asm__ __volatile__ ( \
|
2011-02-10 18:12:13 +00:00
|
|
|
"1: sb r0, %1, r0;" \
|
2010-03-22 15:02:59 +00:00
|
|
|
" addik %0, %0, -1;" \
|
|
|
|
" bneid %0, 1b;" \
|
2011-02-10 18:12:13 +00:00
|
|
|
" addik %1, %1, 1;" \
|
2010-03-22 15:02:59 +00:00
|
|
|
"2: " \
|
|
|
|
__EX_TABLE_SECTION \
|
|
|
|
".word 1b,2b;" \
|
|
|
|
".previous;" \
|
2011-02-10 18:12:13 +00:00
|
|
|
: "=r"(n), "=r"(to) \
|
|
|
|
: "0"(n), "1"(to)
|
2010-03-22 15:02:59 +00:00
|
|
|
);
|
|
|
|
return n;
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline unsigned long __must_check clear_user(void __user *to,
|
|
|
|
unsigned long n)
|
|
|
|
{
|
2013-05-26 14:30:56 +00:00
|
|
|
might_fault();
|
Remove 'type' argument from access_ok() function
Nobody has actually used the type (VERIFY_READ vs VERIFY_WRITE) argument
of the user address range verification function since we got rid of the
old racy i386-only code to walk page tables by hand.
It existed because the original 80386 would not honor the write protect
bit when in kernel mode, so you had to do COW by hand before doing any
user access. But we haven't supported that in a long time, and these
days the 'type' argument is a purely historical artifact.
A discussion about extending 'user_access_begin()' to do the range
checking resulted this patch, because there is no way we're going to
move the old VERIFY_xyz interface to that model. And it's best done at
the end of the merge window when I've done most of my merges, so let's
just get this done once and for all.
This patch was mostly done with a sed-script, with manual fix-ups for
the cases that weren't of the trivial 'access_ok(VERIFY_xyz' form.
There were a couple of notable cases:
- csky still had the old "verify_area()" name as an alias.
- the iter_iov code had magical hardcoded knowledge of the actual
values of VERIFY_{READ,WRITE} (not that they mattered, since nothing
really used it)
- microblaze used the type argument for a debug printout
but other than those oddities this should be a total no-op patch.
I tried to fix up all architectures, did fairly extensive grepping for
access_ok() uses, and the changes are trivial, but I may have missed
something. Any missed conversion should be trivially fixable, though.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-01-04 02:57:57 +00:00
|
|
|
if (unlikely(!access_ok(to, n)))
|
2010-03-22 15:02:59 +00:00
|
|
|
return n;
|
|
|
|
|
|
|
|
return __clear_user(to, n);
|
|
|
|
}
|
|
|
|
|
2010-03-22 17:23:45 +00:00
|
|
|
/* put_user and get_user macros */
|
2010-03-08 09:52:24 +00:00
|
|
|
extern long __user_bad(void);
|
|
|
|
|
|
|
|
#define __get_user_asm(insn, __gu_ptr, __gu_val, __gu_err) \
|
|
|
|
({ \
|
|
|
|
__asm__ __volatile__ ( \
|
|
|
|
"1:" insn " %1, %2, r0;" \
|
|
|
|
" addk %0, r0, r0;" \
|
|
|
|
"2: " \
|
|
|
|
__FIXUP_SECTION \
|
|
|
|
"3: brid 2b;" \
|
|
|
|
" addik %0, r0, %3;" \
|
|
|
|
".previous;" \
|
|
|
|
__EX_TABLE_SECTION \
|
|
|
|
".word 1b,3b;" \
|
|
|
|
".previous;" \
|
|
|
|
: "=&r"(__gu_err), "=r"(__gu_val) \
|
|
|
|
: "r"(__gu_ptr), "i"(-EFAULT) \
|
|
|
|
); \
|
|
|
|
})
|
|
|
|
|
|
|
|
/**
|
|
|
|
* get_user: - Get a simple variable from user space.
|
|
|
|
* @x: Variable to store result.
|
|
|
|
* @ptr: Source address, in user space.
|
|
|
|
*
|
2015-05-11 15:52:08 +00:00
|
|
|
* Context: User context only. This function may sleep if pagefaults are
|
|
|
|
* enabled.
|
2010-03-08 09:52:24 +00:00
|
|
|
*
|
|
|
|
* This macro copies a single simple variable from user space to kernel
|
|
|
|
* space. It supports simple types like char and int, but not larger
|
|
|
|
* data types like structures or arrays.
|
|
|
|
*
|
|
|
|
* @ptr must have pointer-to-simple-variable type, and the result of
|
|
|
|
* dereferencing @ptr must be assignable to @x without a cast.
|
|
|
|
*
|
|
|
|
* Returns zero on success, or -EFAULT on error.
|
|
|
|
* On error, the variable @x is set to zero.
|
|
|
|
*/
|
2019-09-17 01:39:44 +00:00
|
|
|
#define get_user(x, ptr) ({ \
|
|
|
|
const typeof(*(ptr)) __user *__gu_ptr = (ptr); \
|
|
|
|
access_ok(__gu_ptr, sizeof(*__gu_ptr)) ? \
|
|
|
|
__get_user(x, __gu_ptr) : -EFAULT; \
|
2010-05-06 21:38:33 +00:00
|
|
|
})
|
2009-05-01 13:36:13 +00:00
|
|
|
|
2010-03-08 09:52:24 +00:00
|
|
|
#define __get_user(x, ptr) \
|
|
|
|
({ \
|
2016-09-09 23:23:33 +00:00
|
|
|
unsigned long __gu_val = 0; \
|
2010-03-08 09:52:24 +00:00
|
|
|
long __gu_err; \
|
|
|
|
switch (sizeof(*(ptr))) { \
|
|
|
|
case 1: \
|
|
|
|
__get_user_asm("lbu", (ptr), __gu_val, __gu_err); \
|
|
|
|
break; \
|
|
|
|
case 2: \
|
|
|
|
__get_user_asm("lhu", (ptr), __gu_val, __gu_err); \
|
|
|
|
break; \
|
|
|
|
case 4: \
|
|
|
|
__get_user_asm("lw", (ptr), __gu_val, __gu_err); \
|
|
|
|
break; \
|
2019-09-17 01:39:44 +00:00
|
|
|
case 8: \
|
|
|
|
__gu_err = __copy_from_user(&__gu_val, ptr, 8); \
|
|
|
|
if (__gu_err) \
|
|
|
|
__gu_err = -EFAULT; \
|
|
|
|
break; \
|
2010-03-08 09:52:24 +00:00
|
|
|
default: \
|
|
|
|
/* __gu_val = 0; __gu_err = -EINVAL;*/ __gu_err = __user_bad();\
|
|
|
|
} \
|
2015-01-06 15:44:02 +00:00
|
|
|
x = (__force __typeof__(*(ptr))) __gu_val; \
|
2010-03-08 09:52:24 +00:00
|
|
|
__gu_err; \
|
2009-05-26 14:30:23 +00:00
|
|
|
})
|
2009-03-27 13:25:23 +00:00
|
|
|
|
2010-03-08 09:52:24 +00:00
|
|
|
|
2010-03-22 15:22:41 +00:00
|
|
|
#define __put_user_asm(insn, __gu_ptr, __gu_val, __gu_err) \
|
|
|
|
({ \
|
|
|
|
__asm__ __volatile__ ( \
|
|
|
|
"1:" insn " %1, %2, r0;" \
|
|
|
|
" addk %0, r0, r0;" \
|
|
|
|
"2: " \
|
|
|
|
__FIXUP_SECTION \
|
|
|
|
"3: brid 2b;" \
|
|
|
|
" addik %0, r0, %3;" \
|
|
|
|
".previous;" \
|
|
|
|
__EX_TABLE_SECTION \
|
|
|
|
".word 1b,3b;" \
|
|
|
|
".previous;" \
|
|
|
|
: "=&r"(__gu_err) \
|
|
|
|
: "r"(__gu_val), "r"(__gu_ptr), "i"(-EFAULT) \
|
|
|
|
); \
|
|
|
|
})
|
2009-03-27 13:25:23 +00:00
|
|
|
|
2010-03-22 15:22:41 +00:00
|
|
|
#define __put_user_asm_8(__gu_ptr, __gu_val, __gu_err) \
|
2009-05-26 14:30:23 +00:00
|
|
|
({ \
|
2010-03-22 15:22:41 +00:00
|
|
|
__asm__ __volatile__ (" lwi %0, %1, 0;" \
|
|
|
|
"1: swi %0, %2, 0;" \
|
|
|
|
" lwi %0, %1, 4;" \
|
|
|
|
"2: swi %0, %2, 4;" \
|
|
|
|
" addk %0, r0, r0;" \
|
|
|
|
"3: " \
|
|
|
|
__FIXUP_SECTION \
|
|
|
|
"4: brid 3b;" \
|
|
|
|
" addik %0, r0, %3;" \
|
|
|
|
".previous;" \
|
|
|
|
__EX_TABLE_SECTION \
|
|
|
|
".word 1b,4b,2b,4b;" \
|
|
|
|
".previous;" \
|
|
|
|
: "=&r"(__gu_err) \
|
|
|
|
: "r"(&__gu_val), "r"(__gu_ptr), "i"(-EFAULT) \
|
|
|
|
); \
|
2009-05-26 14:30:23 +00:00
|
|
|
})
|
2009-03-27 13:25:23 +00:00
|
|
|
|
2010-03-22 17:23:45 +00:00
|
|
|
/**
|
|
|
|
* put_user: - Write a simple value into user space.
|
|
|
|
* @x: Value to copy to user space.
|
|
|
|
* @ptr: Destination address, in user space.
|
|
|
|
*
|
2015-05-11 15:52:08 +00:00
|
|
|
* Context: User context only. This function may sleep if pagefaults are
|
|
|
|
* enabled.
|
2010-03-22 17:23:45 +00:00
|
|
|
*
|
|
|
|
* This macro copies a single simple value from kernel space to user
|
|
|
|
* space. It supports simple types like char and int, but not larger
|
|
|
|
* data types like structures or arrays.
|
|
|
|
*
|
|
|
|
* @ptr must have pointer-to-simple-variable type, and @x must be assignable
|
|
|
|
* to the result of dereferencing @ptr.
|
|
|
|
*
|
|
|
|
* Returns zero on success, or -EFAULT on error.
|
|
|
|
*/
|
2010-05-06 21:38:33 +00:00
|
|
|
#define put_user(x, ptr) \
|
|
|
|
__put_user_check((x), (ptr), sizeof(*(ptr)))
|
|
|
|
|
|
|
|
#define __put_user_check(x, ptr, size) \
|
|
|
|
({ \
|
2015-01-06 15:45:03 +00:00
|
|
|
typeof(*(ptr)) volatile __pu_val = x; \
|
2010-05-06 21:38:33 +00:00
|
|
|
typeof(*(ptr)) __user *__pu_addr = (ptr); \
|
|
|
|
int __pu_err = 0; \
|
|
|
|
\
|
Remove 'type' argument from access_ok() function
Nobody has actually used the type (VERIFY_READ vs VERIFY_WRITE) argument
of the user address range verification function since we got rid of the
old racy i386-only code to walk page tables by hand.
It existed because the original 80386 would not honor the write protect
bit when in kernel mode, so you had to do COW by hand before doing any
user access. But we haven't supported that in a long time, and these
days the 'type' argument is a purely historical artifact.
A discussion about extending 'user_access_begin()' to do the range
checking resulted this patch, because there is no way we're going to
move the old VERIFY_xyz interface to that model. And it's best done at
the end of the merge window when I've done most of my merges, so let's
just get this done once and for all.
This patch was mostly done with a sed-script, with manual fix-ups for
the cases that weren't of the trivial 'access_ok(VERIFY_xyz' form.
There were a couple of notable cases:
- csky still had the old "verify_area()" name as an alias.
- the iter_iov code had magical hardcoded knowledge of the actual
values of VERIFY_{READ,WRITE} (not that they mattered, since nothing
really used it)
- microblaze used the type argument for a debug printout
but other than those oddities this should be a total no-op patch.
I tried to fix up all architectures, did fairly extensive grepping for
access_ok() uses, and the changes are trivial, but I may have missed
something. Any missed conversion should be trivially fixable, though.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-01-04 02:57:57 +00:00
|
|
|
if (access_ok(__pu_addr, size)) { \
|
2010-05-06 21:38:33 +00:00
|
|
|
switch (size) { \
|
|
|
|
case 1: \
|
|
|
|
__put_user_asm("sb", __pu_addr, __pu_val, \
|
|
|
|
__pu_err); \
|
|
|
|
break; \
|
|
|
|
case 2: \
|
|
|
|
__put_user_asm("sh", __pu_addr, __pu_val, \
|
|
|
|
__pu_err); \
|
|
|
|
break; \
|
|
|
|
case 4: \
|
|
|
|
__put_user_asm("sw", __pu_addr, __pu_val, \
|
|
|
|
__pu_err); \
|
|
|
|
break; \
|
|
|
|
case 8: \
|
|
|
|
__put_user_asm_8(__pu_addr, __pu_val, __pu_err);\
|
|
|
|
break; \
|
|
|
|
default: \
|
|
|
|
__pu_err = __user_bad(); \
|
|
|
|
break; \
|
|
|
|
} \
|
|
|
|
} else { \
|
|
|
|
__pu_err = -EFAULT; \
|
|
|
|
} \
|
|
|
|
__pu_err; \
|
|
|
|
})
|
2010-03-22 17:23:45 +00:00
|
|
|
|
2010-03-22 15:22:41 +00:00
|
|
|
#define __put_user(x, ptr) \
|
|
|
|
({ \
|
|
|
|
__typeof__(*(ptr)) volatile __gu_val = (x); \
|
|
|
|
long __gu_err = 0; \
|
|
|
|
switch (sizeof(__gu_val)) { \
|
|
|
|
case 1: \
|
|
|
|
__put_user_asm("sb", (ptr), __gu_val, __gu_err); \
|
|
|
|
break; \
|
|
|
|
case 2: \
|
|
|
|
__put_user_asm("sh", (ptr), __gu_val, __gu_err); \
|
|
|
|
break; \
|
|
|
|
case 4: \
|
|
|
|
__put_user_asm("sw", (ptr), __gu_val, __gu_err); \
|
|
|
|
break; \
|
|
|
|
case 8: \
|
|
|
|
__put_user_asm_8((ptr), __gu_val, __gu_err); \
|
|
|
|
break; \
|
|
|
|
default: \
|
|
|
|
/*__gu_err = -EINVAL;*/ __gu_err = __user_bad(); \
|
|
|
|
} \
|
|
|
|
__gu_err; \
|
|
|
|
})
|
2009-03-27 13:25:23 +00:00
|
|
|
|
2017-03-21 16:10:12 +00:00
|
|
|
static inline unsigned long
|
|
|
|
raw_copy_from_user(void *to, const void __user *from, unsigned long n)
|
2010-03-22 14:56:32 +00:00
|
|
|
{
|
2017-03-21 16:10:12 +00:00
|
|
|
return __copy_tofrom_user((__force void __user *)to, from, n);
|
2010-03-22 14:56:32 +00:00
|
|
|
}
|
|
|
|
|
2017-03-21 16:10:12 +00:00
|
|
|
static inline unsigned long
|
|
|
|
raw_copy_to_user(void __user *to, const void *from, unsigned long n)
|
2010-03-22 14:52:53 +00:00
|
|
|
{
|
2017-03-21 16:10:12 +00:00
|
|
|
return __copy_tofrom_user(to, (__force const void __user *)from, n);
|
2010-03-22 17:49:45 +00:00
|
|
|
}
|
2017-03-21 16:10:12 +00:00
|
|
|
#define INLINE_COPY_FROM_USER
|
|
|
|
#define INLINE_COPY_TO_USER
|
2010-03-22 17:49:45 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Copy a null terminated string from userspace.
|
|
|
|
*/
|
|
|
|
extern int __strncpy_user(char *to, const char __user *from, int len);
|
|
|
|
|
|
|
|
static inline long
|
|
|
|
strncpy_from_user(char *dst, const char __user *src, long count)
|
|
|
|
{
|
Remove 'type' argument from access_ok() function
Nobody has actually used the type (VERIFY_READ vs VERIFY_WRITE) argument
of the user address range verification function since we got rid of the
old racy i386-only code to walk page tables by hand.
It existed because the original 80386 would not honor the write protect
bit when in kernel mode, so you had to do COW by hand before doing any
user access. But we haven't supported that in a long time, and these
days the 'type' argument is a purely historical artifact.
A discussion about extending 'user_access_begin()' to do the range
checking resulted this patch, because there is no way we're going to
move the old VERIFY_xyz interface to that model. And it's best done at
the end of the merge window when I've done most of my merges, so let's
just get this done once and for all.
This patch was mostly done with a sed-script, with manual fix-ups for
the cases that weren't of the trivial 'access_ok(VERIFY_xyz' form.
There were a couple of notable cases:
- csky still had the old "verify_area()" name as an alias.
- the iter_iov code had magical hardcoded knowledge of the actual
values of VERIFY_{READ,WRITE} (not that they mattered, since nothing
really used it)
- microblaze used the type argument for a debug printout
but other than those oddities this should be a total no-op patch.
I tried to fix up all architectures, did fairly extensive grepping for
access_ok() uses, and the changes are trivial, but I may have missed
something. Any missed conversion should be trivially fixable, though.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-01-04 02:57:57 +00:00
|
|
|
if (!access_ok(src, 1))
|
2010-03-22 17:49:45 +00:00
|
|
|
return -EFAULT;
|
2017-04-07 21:54:24 +00:00
|
|
|
return __strncpy_user(dst, src, count);
|
2010-03-22 17:49:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Return the size of a string (including the ending 0)
|
|
|
|
*
|
|
|
|
* Return 0 on exception, a value greater than N if too long
|
|
|
|
*/
|
|
|
|
extern int __strnlen_user(const char __user *sstr, int len);
|
|
|
|
|
|
|
|
static inline long strnlen_user(const char __user *src, long n)
|
|
|
|
{
|
Remove 'type' argument from access_ok() function
Nobody has actually used the type (VERIFY_READ vs VERIFY_WRITE) argument
of the user address range verification function since we got rid of the
old racy i386-only code to walk page tables by hand.
It existed because the original 80386 would not honor the write protect
bit when in kernel mode, so you had to do COW by hand before doing any
user access. But we haven't supported that in a long time, and these
days the 'type' argument is a purely historical artifact.
A discussion about extending 'user_access_begin()' to do the range
checking resulted this patch, because there is no way we're going to
move the old VERIFY_xyz interface to that model. And it's best done at
the end of the merge window when I've done most of my merges, so let's
just get this done once and for all.
This patch was mostly done with a sed-script, with manual fix-ups for
the cases that weren't of the trivial 'access_ok(VERIFY_xyz' form.
There were a couple of notable cases:
- csky still had the old "verify_area()" name as an alias.
- the iter_iov code had magical hardcoded knowledge of the actual
values of VERIFY_{READ,WRITE} (not that they mattered, since nothing
really used it)
- microblaze used the type argument for a debug printout
but other than those oddities this should be a total no-op patch.
I tried to fix up all architectures, did fairly extensive grepping for
access_ok() uses, and the changes are trivial, but I may have missed
something. Any missed conversion should be trivially fixable, though.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-01-04 02:57:57 +00:00
|
|
|
if (!access_ok(src, 1))
|
2010-03-22 17:49:45 +00:00
|
|
|
return 0;
|
|
|
|
return __strnlen_user(src, n);
|
2010-03-22 14:52:53 +00:00
|
|
|
}
|
|
|
|
|
2009-03-27 13:25:23 +00:00
|
|
|
#endif /* _ASM_MICROBLAZE_UACCESS_H */
|