[linux.git] / include / asm-xtensa / uaccess.h

/*
 * include/asm-xtensa/uaccess.h
 *
 * User space memory access functions
 *
 * These routines provide basic accessing functions to the user memory
 * space for the kernel. This header file provides fuctions such as:
 *
 * This file is subject to the terms and conditions of the GNU General Public
 * License.  See the file "COPYING" in the main directory of this archive
 * for more details.
 *
 * Copyright (C) 2001 - 2005 Tensilica Inc.
 */

#ifndef _XTENSA_UACCESS_H
#define _XTENSA_UACCESS_H

#include <linux/errno.h>

#define VERIFY_READ    0
#define VERIFY_WRITE   1

#ifdef __ASSEMBLY__

#define _ASMLANGUAGE
#include <asm/current.h>
#include <asm/asm-offsets.h>
#include <asm/processor.h>

/*
 * These assembly macros mirror the C macros that follow below.  They
 * should always have identical functionality.  See
 * arch/xtensa/kernel/sys.S for usage.
 */

#define KERNEL_DS	0
#define USER_DS		1

#define get_ds		(KERNEL_DS)

/*
 * get_fs reads current->thread.current_ds into a register.
 * On Entry:
 * 	<ad>	anything
 * 	<sp>	stack
 * On Exit:
 * 	<ad>	contains current->thread.current_ds
 */
	.macro	get_fs	ad, sp
	GET_CURRENT(\ad,\sp)
	l32i	\ad, \ad, THREAD_CURRENT_DS
	.endm

/*
 * set_fs sets current->thread.current_ds to some value.
 * On Entry:
 *	<at>	anything (temp register)
 *	<av>	value to write
 *	<sp>	stack
 * On Exit:
 *	<at>	destroyed (actually, current)
 *	<av>	preserved, value to write
 */
	.macro	set_fs	at, av, sp
	GET_CURRENT(\at,\sp)
	s32i	\av, \at, THREAD_CURRENT_DS
	.endm

/*
 * kernel_ok determines whether we should bypass addr/size checking.
 * See the equivalent C-macro version below for clarity.
 * On success, kernel_ok branches to a label indicated by parameter
 * <success>.  This implies that the macro falls through to the next
 * insruction on an error.
 *
 * Note that while this macro can be used independently, we designed
 * in for optimal use in the access_ok macro below (i.e., we fall
 * through on error).
 *
 * On Entry:
 * 	<at>		anything (temp register)
 * 	<success>	label to branch to on success; implies
 * 			fall-through macro on error
 * 	<sp>		stack pointer
 * On Exit:
 * 	<at>		destroyed (actually, current->thread.current_ds)
 */

#if ((KERNEL_DS != 0) || (USER_DS == 0))
# error Assembly macro kernel_ok fails
#endif
	.macro	kernel_ok  at, sp, success
	get_fs	\at, \sp
	beqz	\at, \success
	.endm

/*
 * user_ok determines whether the access to user-space memory is allowed.
 * See the equivalent C-macro version below for clarity.
 *
 * On error, user_ok branches to a label indicated by parameter
 * <error>.  This implies that the macro falls through to the next
 * instruction on success.
 *
 * Note that while this macro can be used independently, we designed
 * in for optimal use in the access_ok macro below (i.e., we fall
 * through on success).
 *
 * On Entry:
 * 	<aa>	register containing memory address
 * 	<as>	register containing memory size
 * 	<at>	temp register
 * 	<error>	label to branch to on error; implies fall-through
 * 		macro on success
 * On Exit:
 * 	<aa>	preserved
 * 	<as>	preserved
 * 	<at>	destroyed (actually, (TASK_SIZE + 1 - size))
 */
	.macro	user_ok	aa, as, at, error
	movi	\at, (TASK_SIZE+1)
	bgeu	\as, \at, \error
	sub	\at, \at, \as
	bgeu	\aa, \at, \error
	.endm

/*
 * access_ok determines whether a memory access is allowed.  See the
 * equivalent C-macro version below for clarity.
 *
 * On error, access_ok branches to a label indicated by parameter
 * <error>.  This implies that the macro falls through to the next
 * instruction on success.
 *
 * Note that we assume success is the common case, and we optimize the
 * branch fall-through case on success.
 *
 * On Entry:
 * 	<aa>	register containing memory address
 * 	<as>	register containing memory size
 * 	<at>	temp register
 * 	<sp>
 * 	<error>	label to branch to on error; implies fall-through
 * 		macro on success
 * On Exit:
 * 	<aa>	preserved
 * 	<as>	preserved
 * 	<at>	destroyed
 */
	.macro	access_ok  aa, as, at, sp, error
	kernel_ok  \at, \sp, .Laccess_ok_\@
	user_ok    \aa, \as, \at, \error
.Laccess_ok_\@:
	.endm

/*
 * verify_area determines whether a memory access is allowed.  It's
 * mostly an unnecessary wrapper for access_ok, but we provide it as a
 * duplicate of the verify_area() C inline function below.  See the
 * equivalent C version below for clarity.
 *
 * On error, verify_area branches to a label indicated by parameter
 * <error>.  This implies that the macro falls through to the next
 * instruction on success.
 *
 * Note that we assume success is the common case, and we optimize the
 * branch fall-through case on success.
 *
 * On Entry:
 * 	<aa>	register containing memory address
 * 	<as>	register containing memory size
 * 	<at>	temp register
 * 	<error>	label to branch to on error; implies fall-through
 * 		macro on success
 * On Exit:
 * 	<aa>	preserved
 * 	<as>	preserved
 * 	<at>	destroyed
 */
	.macro	verify_area	aa, as, at, sp, error
	access_ok  \at, \aa, \as, \sp, \error
	.endm


#else /* __ASSEMBLY__ not defined */

#include <linux/sched.h>
#include <asm/types.h>

/*
 * The fs value determines whether argument validity checking should
 * be performed or not.  If get_fs() == USER_DS, checking is
 * performed, with get_fs() == KERNEL_DS, checking is bypassed.
 *
 * For historical reasons (Data Segment Register?), these macros are
 * grossly misnamed.
 */

#define KERNEL_DS	((mm_segment_t) { 0 })
#define USER_DS		((mm_segment_t) { 1 })

#define get_ds()	(KERNEL_DS)
#define get_fs()	(current->thread.current_ds)
#define set_fs(val)	(current->thread.current_ds = (val))

#define segment_eq(a,b)	((a).seg == (b).seg)

#define __kernel_ok (segment_eq(get_fs(), KERNEL_DS))
#define __user_ok(addr,size) (((size) <= TASK_SIZE)&&((addr) <= TASK_SIZE-(size)))
#define __access_ok(addr,size) (__kernel_ok || __user_ok((addr),(size)))
#define access_ok(type,addr,size) __access_ok((unsigned long)(addr),(size))

static inline int verify_area(int type, const void * addr, unsigned long size)
{
	return access_ok(type,addr,size) ? 0 : -EFAULT;
}

/*
 * These are the main single-value transfer routines.  They
 * automatically use the right size if we just have the right pointer
 * type.
 *
 * This gets kind of ugly. We want to return _two_ values in
 * "get_user()" and yet we don't want to do any pointers, because that
 * is too much of a performance impact. Thus we have a few rather ugly
 * macros here, and hide all the uglyness from the user.
 *
 * Careful to not
 * (a) re-use the arguments for side effects (sizeof is ok)
 * (b) require any knowledge of processes at this stage
 */
#define put_user(x,ptr)	__put_user_check((x),(ptr),sizeof(*(ptr)))
#define get_user(x,ptr) __get_user_check((x),(ptr),sizeof(*(ptr)))

/*
 * The "__xxx" versions of the user access functions are versions that
 * do not verify the address space, that must have been done previously
 * with a separate "access_ok()" call (this is used when we do multiple
 * accesses to the same area of user memory).
 */
#define __put_user(x,ptr) __put_user_nocheck((x),(ptr),sizeof(*(ptr)))
#define __get_user(x,ptr) __get_user_nocheck((x),(ptr),sizeof(*(ptr)))


extern long __put_user_bad(void);

#define __put_user_nocheck(x,ptr,size)			\
({							\
	long __pu_err;					\
	__put_user_size((x),(ptr),(size),__pu_err);	\
	__pu_err;					\
})

#define __put_user_check(x,ptr,size)				\
({								\
	long __pu_err = -EFAULT;				\
	__typeof__(*(ptr)) *__pu_addr = (ptr);			\
	if (access_ok(VERIFY_WRITE,__pu_addr,size))		\
		__put_user_size((x),__pu_addr,(size),__pu_err);	\
	__pu_err;						\
})

#define __put_user_size(x,ptr,size,retval)			\
do {								\
	retval = 0;						\
	switch (size) {						\
        case 1: __put_user_asm(x,ptr,retval,1,"s8i");  break;	\
        case 2: __put_user_asm(x,ptr,retval,2,"s16i"); break;   \
        case 4: __put_user_asm(x,ptr,retval,4,"s32i"); break;   \
        case 8: {						\
		     __typeof__(*ptr) __v64 = x;		\
		     retval = __copy_to_user(ptr,&__v64,8);	\
		     break;					\
	        }						\
	default: __put_user_bad();				\
	}							\
} while (0)


/*
 * Consider a case of a user single load/store would cause both an
 * unaligned exception and an MMU-related exception (unaligned
 * exceptions happen first):
 *
 * User code passes a bad variable ptr to a system call.
 * Kernel tries to access the variable.
 * Unaligned exception occurs.
 * Unaligned exception handler tries to make aligned accesses.
 * Double exception occurs for MMU-related cause (e.g., page not mapped).
 * do_page_fault() thinks the fault address belongs to the kernel, not the
 * user, and panics.
 *
 * The kernel currently prohibits user unaligned accesses.  We use the
 * __check_align_* macros to check for unaligned addresses before
 * accessing user space so we don't crash the kernel.  Both
 * __put_user_asm and __get_user_asm use these alignment macros, so
 * macro-specific labels such as 0f, 1f, %0, %2, and %3 must stay in
 * sync.
 */

#define __check_align_1  ""

#define __check_align_2				\
	"   _bbci.l %2,  0, 1f		\n"	\
	"   movi    %0, %3		\n"	\
	"   _j      2f			\n"

#define __check_align_4				\
	"   _bbsi.l %2,  0, 0f		\n"	\
	"   _bbci.l %2,  1, 1f		\n"	\
	"0: movi    %0, %3		\n"	\
	"   _j      2f			\n"


/*
 * We don't tell gcc that we are accessing memory, but this is OK
 * because we do not write to any memory gcc knows about, so there
 * are no aliasing issues.
 *
 * WARNING: If you modify this macro at all, verify that the
 * __check_align_* macros still work.
 */
#define __put_user_asm(x, addr, err, align, insn) \
   __asm__ __volatile__(			\
	__check_align_##align			\
	"1: "insn"  %1, %2, 0		\n"	\
	"2:				\n"	\
	"   .section  .fixup,\"ax\"	\n"	\
	"   .align 4			\n"	\
	"4:				\n"	\
	"   .long  2b			\n"	\
	"5:				\n"	\
	"   l32r   %2, 4b		\n"	\
        "   movi   %0, %3		\n"	\
        "   jx     %2			\n"	\
	"   .previous			\n"	\
	"   .section  __ex_table,\"a\"	\n"	\
	"   .long	1b, 5b		\n"	\
	"   .previous"				\
	:"=r" (err)				\
	:"r" ((int)(x)), "r" (addr), "i" (-EFAULT), "0" (err))

#define __get_user_nocheck(x,ptr,size)				\
({								\
	long __gu_err, __gu_val;				\
	__get_user_size(__gu_val,(ptr),(size),__gu_err);	\
	(x) = (__typeof__(*(ptr)))__gu_val;			\
	__gu_err;						\
})

#define __get_user_check(x,ptr,size)					\
({									\
	long __gu_err = -EFAULT, __gu_val = 0;				\
	const __typeof__(*(ptr)) *__gu_addr = (ptr);			\
	if (access_ok(VERIFY_READ,__gu_addr,size))			\
		__get_user_size(__gu_val,__gu_addr,(size),__gu_err);	\
	(x) = (__typeof__(*(ptr)))__gu_val;				\
	__gu_err;							\
})

extern long __get_user_bad(void);

#define __get_user_size(x,ptr,size,retval)				\
do {									\
	retval = 0;							\
        switch (size) {							\
          case 1: __get_user_asm(x,ptr,retval,1,"l8ui");  break;	\
          case 2: __get_user_asm(x,ptr,retval,2,"l16ui"); break;	\
          case 4: __get_user_asm(x,ptr,retval,4,"l32i");  break;	\
          case 8: retval = __copy_from_user(&x,ptr,8);    break;	\
          default: (x) = __get_user_bad();				\
        }								\
} while (0)


/*
 * WARNING: If you modify this macro at all, verify that the
 * __check_align_* macros still work.
 */
#define __get_user_asm(x, addr, err, align, insn) \
   __asm__ __volatile__(			\
	__check_align_##align			\
	"1: "insn"  %1, %2, 0		\n"	\
	"2:				\n"	\
	"   .section  .fixup,\"ax\"	\n"	\
	"   .align 4			\n"	\
	"4:				\n"	\
	"   .long  2b			\n"	\
	"5:				\n"	\
	"   l32r   %2, 4b		\n"	\
	"   movi   %1, 0		\n"	\
        "   movi   %0, %3		\n"	\
        "   jx     %2			\n"	\
	"   .previous			\n"	\
	"   .section  __ex_table,\"a\"	\n"	\
	"   .long	1b, 5b		\n"	\
	"   .previous"				\
	:"=r" (err), "=r" (x)			\
	:"r" (addr), "i" (-EFAULT), "0" (err))


/*
 * Copy to/from user space
 */

/*
 * We use a generic, arbitrary-sized copy subroutine.  The Xtensa
 * architecture would cause heavy code bloat if we tried to inline
 * these functions and provide __constant_copy_* equivalents like the
 * i386 versions.  __xtensa_copy_user is quite efficient.  See the
 * .fixup section of __xtensa_copy_user for a discussion on the
 * X_zeroing equivalents for Xtensa.
 */

extern unsigned __xtensa_copy_user(void *to, const void *from, unsigned n);
#define __copy_user(to,from,size) __xtensa_copy_user(to,from,size)


static inline unsigned long
__generic_copy_from_user_nocheck(void *to, const void *from, unsigned long n)
{
	return __copy_user(to,from,n);
}

static inline unsigned long
__generic_copy_to_user_nocheck(void *to, const void *from, unsigned long n)
{
	return __copy_user(to,from,n);
}

static inline unsigned long
__generic_copy_to_user(void *to, const void *from, unsigned long n)
{
	prefetch(from);
	if (access_ok(VERIFY_WRITE, to, n))
		return __copy_user(to,from,n);
	return n;
}

static inline unsigned long
__generic_copy_from_user(void *to, const void *from, unsigned long n)
{
	prefetchw(to);
	if (access_ok(VERIFY_READ, from, n))
		return __copy_user(to,from,n);
	else
		memset(to, 0, n);
	return n;
}

#define copy_to_user(to,from,n) __generic_copy_to_user((to),(from),(n))
#define copy_from_user(to,from,n) __generic_copy_from_user((to),(from),(n))
#define __copy_to_user(to,from,n) __generic_copy_to_user_nocheck((to),(from),(n))
#define __copy_from_user(to,from,n) __generic_copy_from_user_nocheck((to),(from),(n))
#define __copy_to_user_inatomic __copy_to_user
#define __copy_from_user_inatomic __copy_from_user


/*
 * We need to return the number of bytes not cleared.  Our memset()
 * returns zero if a problem occurs while accessing user-space memory.
 * In that event, return no memory cleared.  Otherwise, zero for
 * success.
 */

static inline unsigned long
__xtensa_clear_user(void *addr, unsigned long size)
{
	if ( ! memset(addr, 0, size) )
		return size;
	return 0;
}

static inline unsigned long
clear_user(void *addr, unsigned long size)
{
	if (access_ok(VERIFY_WRITE, addr, size))
		return __xtensa_clear_user(addr, size);
	return size ? -EFAULT : 0;
}

#define __clear_user  __xtensa_clear_user


extern long __strncpy_user(char *, const char *, long);
#define __strncpy_from_user __strncpy_user

static inline long
strncpy_from_user(char *dst, const char *src, long count)
{
	if (access_ok(VERIFY_READ, src, 1))
		return __strncpy_from_user(dst, src, count);
	return -EFAULT;
}


#define strlen_user(str) strnlen_user((str), TASK_SIZE - 1)

/*
 * Return the size of a string (including the ending 0!)
 */
extern long __strnlen_user(const char *, long);

static inline long strnlen_user(const char *str, long len)
{
	unsigned long top = __kernel_ok ? ~0UL : TASK_SIZE - 1;

	if ((unsigned long)str > top)
		return 0;
	return __strnlen_user(str, len);
}


struct exception_table_entry
{
	unsigned long insn, fixup;
};

/* Returns 0 if exception not found and fixup.unit otherwise.  */

extern unsigned long search_exception_table(unsigned long addr);
extern void sort_exception_table(void);

/* Returns the new pc */
#define fixup_exception(map_reg, fixup_unit, pc)                \
({                                                              \
	fixup_unit;                                             \
})

#endif	/* __ASSEMBLY__ */
#endif	/* _XTENSA_UACCESS_H */
Commit	Line	Data
9a8fd558 CZ	1	/*
	2	* include/asm-xtensa/uaccess.h
	3	*
	4	* User space memory access functions
	5	*
	6	* These routines provide basic accessing functions to the user memory
	7	* space for the kernel. This header file provides fuctions such as:
	8	*
	9	* This file is subject to the terms and conditions of the GNU General Public
	10	* License. See the file "COPYING" in the main directory of this archive
	11	* for more details.
	12	*
	13	* Copyright (C) 2001 - 2005 Tensilica Inc.
	14	*/
	15
	16	#ifndef _XTENSA_UACCESS_H
	17	#define _XTENSA_UACCESS_H
	18
	19	#include <linux/errno.h>
	20
	21	#define VERIFY_READ 0
	22	#define VERIFY_WRITE 1
	23
	24	#ifdef __ASSEMBLY__
	25
	26	#define _ASMLANGUAGE
	27	#include <asm/current.h>
0013a854	28	#include <asm/asm-offsets.h>
9a8fd558 CZ	29	#include <asm/processor.h>
	30
	31	/*
	32	* These assembly macros mirror the C macros that follow below. They
	33	* should always have identical functionality. See
	34	* arch/xtensa/kernel/sys.S for usage.
	35	*/
	36
	37	#define KERNEL_DS 0
	38	#define USER_DS 1
	39
	40	#define get_ds (KERNEL_DS)
	41
	42	/*
	43	* get_fs reads current->thread.current_ds into a register.
	44	* On Entry:
	45	* <ad> anything
	46	* <sp> stack
	47	* On Exit:
	48	* <ad> contains current->thread.current_ds
	49	*/
	50	.macro get_fs ad, sp
	51	GET_CURRENT(\ad,\sp)
	52	l32i \ad, \ad, THREAD_CURRENT_DS
	53	.endm
	54
	55	/*
	56	* set_fs sets current->thread.current_ds to some value.
	57	* On Entry:
	58	* <at> anything (temp register)
	59	* <av> value to write
	60	* <sp> stack
	61	* On Exit:
	62	* <at> destroyed (actually, current)
	63	* <av> preserved, value to write
	64	*/
	65	.macro set_fs at, av, sp
	66	GET_CURRENT(\at,\sp)
	67	s32i \av, \at, THREAD_CURRENT_DS
	68	.endm
	69
	70	/*
	71	* kernel_ok determines whether we should bypass addr/size checking.
	72	* See the equivalent C-macro version below for clarity.
	73	* On success, kernel_ok branches to a label indicated by parameter
	74	* <success>. This implies that the macro falls through to the next
	75	* insruction on an error.
	76	*
	77	* Note that while this macro can be used independently, we designed
	78	* in for optimal use in the access_ok macro below (i.e., we fall
	79	* through on error).
	80	*
	81	* On Entry:
	82	* <at> anything (temp register)
	83	* <success> label to branch to on success; implies
	84	* fall-through macro on error
	85	* <sp> stack pointer
	86	* On Exit:
	87	* <at> destroyed (actually, current->thread.current_ds)
	88	*/
	89
	90	#if ((KERNEL_DS != 0) \|\| (USER_DS == 0))
	91	# error Assembly macro kernel_ok fails
	92	#endif
93	.macro kernel_ok at, sp, success
94	get_fs \at, \sp
95	beqz \at, \success
96	.endm
97
98	/*
99	* user_ok determines whether the access to user-space memory is allowed.
100	* See the equivalent C-macro version below for clarity.
101	*
102	* On error, user_ok branches to a label indicated by parameter
103	* <error>. This implies that the macro falls through to the next
104	* instruction on success.
105	*
106	* Note that while this macro can be used independently, we designed
107	* in for optimal use in the access_ok macro below (i.e., we fall
108	* through on success).
109	*
110	* On Entry:
111	* <aa> register containing memory address
112	* <as> register containing memory size
113	* <at> temp register
114	* <error> label to branch to on error; implies fall-through
115	* macro on success
116	* On Exit:
117	* <aa> preserved
118	* <as> preserved
119	* <at> destroyed (actually, (TASK_SIZE + 1 - size))
120	*/
121	.macro user_ok aa, as, at, error
122	movi \at, (TASK_SIZE+1)
123	bgeu \as, \at, \error
124	sub \at, \at, \as
125	bgeu \aa, \at, \error
126	.endm
127
128	/*
129	* access_ok determines whether a memory access is allowed. See the
130	* equivalent C-macro version below for clarity.
131	*
132	* On error, access_ok branches to a label indicated by parameter
133	* <error>. This implies that the macro falls through to the next
134	* instruction on success.
135	*
136	* Note that we assume success is the common case, and we optimize the
137	* branch fall-through case on success.
138	*
139	* On Entry:
140	* <aa> register containing memory address
141	* <as> register containing memory size
142	* <at> temp register
143	* <sp>
144	* <error> label to branch to on error; implies fall-through
145	* macro on success
146	* On Exit:
147	* <aa> preserved
148	* <as> preserved
149	* <at> destroyed
150	*/
151	.macro access_ok aa, as, at, sp, error
152	kernel_ok \at, \sp, .Laccess_ok_\@
153	user_ok \aa, \as, \at, \error
154	.Laccess_ok_\@:
155	.endm
156
157	/*
158	* verify_area determines whether a memory access is allowed. It's
159	* mostly an unnecessary wrapper for access_ok, but we provide it as a
160	* duplicate of the verify_area() C inline function below. See the
161	* equivalent C version below for clarity.
162	*
163	* On error, verify_area branches to a label indicated by parameter
164	* <error>. This implies that the macro falls through to the next
165	* instruction on success.
166	*
167	* Note that we assume success is the common case, and we optimize the
168	* branch fall-through case on success.
169	*
170	* On Entry:
171	* <aa> register containing memory address
172	* <as> register containing memory size
173	* <at> temp register
174	* <error> label to branch to on error; implies fall-through
175	* macro on success
176	* On Exit:
177	* <aa> preserved
178	* <as> preserved
179	* <at> destroyed
180	*/
181	.macro verify_area aa, as, at, sp, error
182	access_ok \at, \aa, \as, \sp, \error
183	.endm
184
185
186	#else /* __ASSEMBLY__ not defined */
187
188	#include <linux/sched.h>
189	#include <asm/types.h>
190
191	/*
192	* The fs value determines whether argument validity checking should
193	* be performed or not. If get_fs() == USER_DS, checking is
194	* performed, with get_fs() == KERNEL_DS, checking is bypassed.
195	*
196	* For historical reasons (Data Segment Register?), these macros are
197	* grossly misnamed.
198	*/
199
200	#define KERNEL_DS ((mm_segment_t) { 0 })
201	#define USER_DS ((mm_segment_t) { 1 })
202
203	#define get_ds() (KERNEL_DS)
204	#define get_fs() (current->thread.current_ds)
205	#define set_fs(val) (current->thread.current_ds = (val))
206
207	#define segment_eq(a,b) ((a).seg == (b).seg)
208
209	#define __kernel_ok (segment_eq(get_fs(), KERNEL_DS))
210	#define __user_ok(addr,size) (((size) <= TASK_SIZE)&&((addr) <= TASK_SIZE-(size)))
211	#define __access_ok(addr,size) (__kernel_ok \|\| __user_ok((addr),(size)))
212	#define access_ok(type,addr,size) __access_ok((unsigned long)(addr),(size))
213
d99cf715	214	static inline int verify_area(int type, const void * addr, unsigned long size)
9a8fd558 CZ	215	{
	216	return access_ok(type,addr,size) ? 0 : -EFAULT;
	217	}
	218
	219	/*
	220	* These are the main single-value transfer routines. They
	221	* automatically use the right size if we just have the right pointer
	222	* type.
	223	*
	224	* This gets kind of ugly. We want to return _two_ values in
	225	* "get_user()" and yet we don't want to do any pointers, because that
	226	* is too much of a performance impact. Thus we have a few rather ugly
	227	* macros here, and hide all the uglyness from the user.
	228	*
	229	* Careful to not
	230	* (a) re-use the arguments for side effects (sizeof is ok)
	231	* (b) require any knowledge of processes at this stage
	232	*/
	233	#define put_user(x,ptr) __put_user_check((x),(ptr),sizeof(*(ptr)))
	234	#define get_user(x,ptr) __get_user_check((x),(ptr),sizeof(*(ptr)))
	235
	236	/*
	237	* The "__xxx" versions of the user access functions are versions that
	238	* do not verify the address space, that must have been done previously
	239	* with a separate "access_ok()" call (this is used when we do multiple
	240	* accesses to the same area of user memory).
	241	*/
	242	#define __put_user(x,ptr) __put_user_nocheck((x),(ptr),sizeof(*(ptr)))
	243	#define __get_user(x,ptr) __get_user_nocheck((x),(ptr),sizeof(*(ptr)))
	244
	245
	246	extern long __put_user_bad(void);
	247
	248	#define __put_user_nocheck(x,ptr,size) \
	249	({ \
	250	long __pu_err; \
	251	__put_user_size((x),(ptr),(size),__pu_err); \
	252	__pu_err; \
	253	})
	254
	255	#define __put_user_check(x,ptr,size) \
	256	({ \
	257	long __pu_err = -EFAULT; \
	258	__typeof__((ptr)) __pu_addr = (ptr); \
	259	if (access_ok(VERIFY_WRITE,__pu_addr,size)) \
	260	__put_user_size((x),__pu_addr,(size),__pu_err); \
	261	__pu_err; \
	262	})
	263
	264	#define __put_user_size(x,ptr,size,retval) \
	265	do { \
	266	retval = 0; \
	267	switch (size) { \
	268	case 1: __put_user_asm(x,ptr,retval,1,"s8i"); break; \
	269	case 2: __put_user_asm(x,ptr,retval,2,"s16i"); break; \
	270	case 4: __put_user_asm(x,ptr,retval,4,"s32i"); break; \
	271	case 8: { \
	272	__typeof__(*ptr) __v64 = x; \
	273	retval = __copy_to_user(ptr,&__v64,8); \
	274	break; \
	275	} \
	276	default: __put_user_bad(); \
	277	} \
	278	} while (0)
279
280
281	/*
282	* Consider a case of a user single load/store would cause both an
283	* unaligned exception and an MMU-related exception (unaligned
284	* exceptions happen first):
285	*
286	* User code passes a bad variable ptr to a system call.
287	* Kernel tries to access the variable.
288	* Unaligned exception occurs.
289	* Unaligned exception handler tries to make aligned accesses.
290	* Double exception occurs for MMU-related cause (e.g., page not mapped).
291	* do_page_fault() thinks the fault address belongs to the kernel, not the
292	* user, and panics.
293	*
294	* The kernel currently prohibits user unaligned accesses. We use the
295	* __check_align_* macros to check for unaligned addresses before
296	* accessing user space so we don't crash the kernel. Both
297	* __put_user_asm and __get_user_asm use these alignment macros, so
298	* macro-specific labels such as 0f, 1f, %0, %2, and %3 must stay in
299	* sync.
300	*/
301
302	#define __check_align_1 ""
303
304	#define __check_align_2 \
305	" _bbci.l %2, 0, 1f \n" \
306	" movi %0, %3 \n" \
307	" _j 2f \n"
308
309	#define __check_align_4 \
310	" _bbsi.l %2, 0, 0f \n" \
311	" _bbci.l %2, 1, 1f \n" \
312	"0: movi %0, %3 \n" \
313	" _j 2f \n"
314
315
316	/*
317	* We don't tell gcc that we are accessing memory, but this is OK
318	* because we do not write to any memory gcc knows about, so there
319	* are no aliasing issues.
320	*
321	* WARNING: If you modify this macro at all, verify that the
322	* __check_align_* macros still work.
323	*/
324	#define __put_user_asm(x, addr, err, align, insn) \
325	__asm__ __volatile__( \
326	__check_align_##align \
327	"1: "insn" %1, %2, 0 \n" \
328	"2: \n" \
329	" .section .fixup,\"ax\" \n" \
330	" .align 4 \n" \
331	"4: \n" \
332	" .long 2b \n" \
333	"5: \n" \
334	" l32r %2, 4b \n" \
335	" movi %0, %3 \n" \
336	" jx %2 \n" \
337	" .previous \n" \
338	" .section __ex_table,\"a\" \n" \
339	" .long 1b, 5b \n" \
340	" .previous" \
341	:"=r" (err) \
342	:"r" ((int)(x)), "r" (addr), "i" (-EFAULT), "0" (err))
343
344	#define __get_user_nocheck(x,ptr,size) \
345	({ \
346	long __gu_err, __gu_val; \
347	__get_user_size(__gu_val,(ptr),(size),__gu_err); \
348	(x) = (__typeof__(*(ptr)))__gu_val; \
349	__gu_err; \
350	})
351
352	#define __get_user_check(x,ptr,size) \
353	({ \
354	long __gu_err = -EFAULT, __gu_val = 0; \
355	const __typeof__((ptr)) __gu_addr = (ptr); \
356	if (access_ok(VERIFY_READ,__gu_addr,size)) \
357	__get_user_size(__gu_val,__gu_addr,(size),__gu_err); \
358	(x) = (__typeof__(*(ptr)))__gu_val; \
359	__gu_err; \
360	})
361
362	extern long __get_user_bad(void);
363
364	#define __get_user_size(x,ptr,size,retval) \
365	do { \
366	retval = 0; \
367	switch (size) { \
368	case 1: __get_user_asm(x,ptr,retval,1,"l8ui"); break; \
369	case 2: __get_user_asm(x,ptr,retval,2,"l16ui"); break; \
370	case 4: __get_user_asm(x,ptr,retval,4,"l32i"); break; \
371	case 8: retval = __copy_from_user(&x,ptr,8); break; \
372	default: (x) = __get_user_bad(); \
373	} \
374	} while (0)
375
376
377	/*
378	* WARNING: If you modify this macro at all, verify that the
379	* __check_align_* macros still work.
380	*/
381	#define __get_user_asm(x, addr, err, align, insn) \
382	__asm__ __volatile__( \
383	__check_align_##align \
384	"1: "insn" %1, %2, 0 \n" \
385	"2: \n" \
386	" .section .fixup,\"ax\" \n" \
387	" .align 4 \n" \
388	"4: \n" \
389	" .long 2b \n" \
390	"5: \n" \
391	" l32r %2, 4b \n" \
392	" movi %1, 0 \n" \
393	" movi %0, %3 \n" \
394	" jx %2 \n" \
395	" .previous \n" \
396	" .section __ex_table,\"a\" \n" \
397	" .long 1b, 5b \n" \
398	" .previous" \
399	:"=r" (err), "=r" (x) \
400	:"r" (addr), "i" (-EFAULT), "0" (err))
401
402
403	/*
404	* Copy to/from user space
405	*/
406
407	/*
408	* We use a generic, arbitrary-sized copy subroutine. The Xtensa
409	* architecture would cause heavy code bloat if we tried to inline
410	* these functions and provide __constant_copy_* equivalents like the
411	* i386 versions. __xtensa_copy_user is quite efficient. See the
412	* .fixup section of __xtensa_copy_user for a discussion on the
413	* X_zeroing equivalents for Xtensa.
414	*/
415
416	extern unsigned __xtensa_copy_user(void to, const void from, unsigned n);
417	#define __copy_user(to,from,size) __xtensa_copy_user(to,from,size)
418
419
420	static inline unsigned long
421	__generic_copy_from_user_nocheck(void to, const void from, unsigned long n)
422	{
423	return __copy_user(to,from,n);
424	}
425
426	static inline unsigned long
427	__generic_copy_to_user_nocheck(void to, const void from, unsigned long n)
428	{
429	return __copy_user(to,from,n);
430	}
431
432	static inline unsigned long
433	__generic_copy_to_user(void to, const void from, unsigned long n)
434	{
435	prefetch(from);
436	if (access_ok(VERIFY_WRITE, to, n))
437	return __copy_user(to,from,n);
438	return n;
439	}
440
441	static inline unsigned long
442	__generic_copy_from_user(void to, const void from, unsigned long n)
443	{
444	prefetchw(to);
445	if (access_ok(VERIFY_READ, from, n))
446	return __copy_user(to,from,n);
447	else
448	memset(to, 0, n);
449	return n;
450	}
451
452	#define copy_to_user(to,from,n) __generic_copy_to_user((to),(from),(n))
453	#define copy_from_user(to,from,n) __generic_copy_from_user((to),(from),(n))
454	#define __copy_to_user(to,from,n) __generic_copy_to_user_nocheck((to),(from),(n))
455	#define __copy_from_user(to,from,n) __generic_copy_from_user_nocheck((to),(from),(n))
456	#define __copy_to_user_inatomic __copy_to_user
457	#define __copy_from_user_inatomic __copy_from_user
458
459
460	/*
461	* We need to return the number of bytes not cleared. Our memset()
462	* returns zero if a problem occurs while accessing user-space memory.
463	* In that event, return no memory cleared. Otherwise, zero for
464	* success.
465	*/
466
d99cf715	467	static inline unsigned long
9a8fd558 CZ	468	__xtensa_clear_user(void *addr, unsigned long size)
	469	{
	470	if ( ! memset(addr, 0, size) )
	471	return size;
	472	return 0;
	473	}
	474
d99cf715	475	static inline unsigned long
9a8fd558 CZ	476	clear_user(void *addr, unsigned long size)
	477	{
	478	if (access_ok(VERIFY_WRITE, addr, size))
	479	return __xtensa_clear_user(addr, size);
	480	return size ? -EFAULT : 0;
	481	}
	482
	483	#define __clear_user __xtensa_clear_user
	484
	485
	486	extern long __strncpy_user(char , const char , long);
	487	#define __strncpy_from_user __strncpy_user
	488
d99cf715	489	static inline long
9a8fd558 CZ	490	strncpy_from_user(char dst, const char src, long count)
	491	{
	492	if (access_ok(VERIFY_READ, src, 1))
	493	return __strncpy_from_user(dst, src, count);
	494	return -EFAULT;
	495	}
	496
	497
	498	#define strlen_user(str) strnlen_user((str), TASK_SIZE - 1)
	499
	500	/*
	501	* Return the size of a string (including the ending 0!)
	502	*/
	503	extern long __strnlen_user(const char *, long);
	504
d99cf715	505	static inline long strnlen_user(const char *str, long len)
9a8fd558 CZ	506	{
	507	unsigned long top = __kernel_ok ? ~0UL : TASK_SIZE - 1;
	508
	509	if ((unsigned long)str > top)
	510	return 0;
	511	return __strnlen_user(str, len);
	512	}
	513
	514
	515	struct exception_table_entry
	516	{
	517	unsigned long insn, fixup;
	518	};
	519
	520	/* Returns 0 if exception not found and fixup.unit otherwise. */
	521
	522	extern unsigned long search_exception_table(unsigned long addr);
	523	extern void sort_exception_table(void);
	524
	525	/* Returns the new pc */
	526	#define fixup_exception(map_reg, fixup_unit, pc) \
	527	({ \
	528	fixup_unit; \
	529	})
	530
	531	#endif /* __ASSEMBLY__ */
	532	#endif /* _XTENSA_UACCESS_H */