[PATCH] m32r: security fix of {get,put}_user macros

Update {get,put}_user macros for m32r kernel. - Modify get_user to use __get_user_asm macro, instead of __get_user_x macro. - Remove arch/m32r/lib/{get,put}user.S. - Some cosmetic updates. I would like to thank NIIBE Yutaka for his reporting about the m32r kernel's security problem in {get,put}_user macros. There were no address checking for user space access in {get,put}_user macros. ;-) Signed-off-by: Hirokazu Takata <takata@linux-m32r.org> Cc: NIIBE Yutaka <gniibe@fsij.org> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: Hirokazu Takata <takata@linux-m32r.org> 2006-04-11 01:53:20 -0400
committer: Linus Torvalds <torvalds@g5.osdl.org> 2006-04-11 09:18:34 -0400
commit: 04dfd0de4ec04aaf7d9d42439c972c642a15a75c (patch)
tree: 26f093671aee900dadc7458f774eb9eb9e209b78 /include/asm-m32r/uaccess.h
parent: 7c1c4e541888947947bc46a18a9a5543a259ed62 (diff)
1 files changed, 115 insertions, 151 deletions
diff --git a/include/asm-m32r/uaccess.h b/include/asm-m32r/uaccess.h
index e8ae61956a51..819cc28a94f7 100644
--- a/include/asm-m32r/uaccess.h
+++ b/include/asm-m32r/uaccess.h
@@ -5,17 +5,9 @@
 *  linux/include/asm-m32r/uaccess.h
 *
 *  M32R version.
- *    Copyright (C) 2004  Hirokazu Takata <takata at linux-m32r.org>
+ *    Copyright (C) 2004, 2006  Hirokazu Takata <takata at linux-m32r.org>
 */
-#undef UACCESS_DEBUG
-#ifdef UACCESS_DEBUG
-#define UAPRINTK(args...) printk(args)
-#else
-#define UAPRINTK(args...)
-#endif /* UACCESS_DEBUG */
 /*
 * User space memory access functions
 */
@@ -38,27 +30,29 @@
 #define MAKE_MM_SEG(s)  ((mm_segment_t) { (s) })
 #ifdef CONFIG_MMU
 #define KERNEL_DS       MAKE_MM_SEG(0xFFFFFFFF)
 #define USER_DS         MAKE_MM_SEG(PAGE_OFFSET)
-#else
-#define KERNEL_DS       MAKE_MM_SEG(0xFFFFFFFF)
-#define USER_DS         MAKE_MM_SEG(0xFFFFFFFF)
-#endif /* CONFIG_MMU */
 #define get_ds()        (KERNEL_DS)
-#ifdef CONFIG_MMU
 #define get_fs()        (current_thread_info()->addr_limit)
 #define set_fs(x)       (current_thread_info()->addr_limit = (x))
-#else
+#else /* not CONFIG_MMU */
+#define KERNEL_DS       MAKE_MM_SEG(0xFFFFFFFF)
+#define USER_DS         MAKE_MM_SEG(0xFFFFFFFF)
+#define get_ds()        (KERNEL_DS)
 static inline mm_segment_t get_fs(void)
 {
-  return USER_DS;
+        return USER_DS;
 }
 static inline void set_fs(mm_segment_t s)
 {
 }
-#endif /* CONFIG_MMU */
+#endif /* not CONFIG_MMU */
 #define segment_eq(a,b) ((a).seg == (b).seg)
@@ -83,9 +77,9 @@ static inline void set_fs(mm_segment_t s)
                "       subx    %0, %0\n"                               \
                "       cmpu    %4, %1\n"                               \
                "       subx    %0, %5\n"                               \
-                : "=&r"(flag), "=r"(sum)                                \
+                : "=&r" (flag), "=r" (sum)                              \
-                : "1"(addr), "r"((int)(size)),                          \
+                : "1" (addr), "r" ((int)(size)),                        \
-                  "r"(current_thread_info()->addr_limit.seg), "r"(0)    \
+                  "r" (current_thread_info()->addr_limit.seg), "r" (0)  \
                : "cbit" );                                             \
        flag; })
@@ -113,10 +107,10 @@ static inline void set_fs(mm_segment_t s)
 #else
 static inline int access_ok(int type, const void *addr, unsigned long size)
 {
-  extern unsigned long memory_start, memory_end;
+        extern unsigned long memory_start, memory_end;
-  unsigned long val = (unsigned long)addr;
+        unsigned long val = (unsigned long)addr;
-  return ((val >= memory_start) && ((val + size) < memory_end));
+        return ((val >= memory_start) && ((val + size) < memory_end));
 }
 #endif /* CONFIG_MMU */
@@ -155,39 +149,6 @@ extern int fixup_exception(struct pt_regs *regs);
 * accesses to the same area of user memory).
 */
-extern void __get_user_1(void);
-extern void __get_user_2(void);
-extern void __get_user_4(void);
-#ifndef MODULE
-#define __get_user_x(size,ret,x,ptr)                                    \
-        __asm__ __volatile__(                                           \
-                "       mv      r0, %0\n"                               \
-                "       mv      r1, %1\n"                               \
-                "       bl __get_user_" #size "\n"                      \
-                "       mv      %0, r0\n"                               \
-                "       mv      %1, r1\n"                               \
-                : "=r"(ret), "=r"(x)                                    \
-                : "0"(ptr)                                              \
-                : "r0", "r1", "r14" )
-#else /* MODULE */
-/*
- * Use "jl" instead of "bl" for MODULE
- */
-#define __get_user_x(size,ret,x,ptr)                                    \
-        __asm__ __volatile__(                                           \
-                "       mv      r0, %0\n"                               \
-                "       mv      r1, %1\n"                               \
-                "       seth    lr, #high(__get_user_" #size ")\n"      \
-                "       or3     lr, lr, #low(__get_user_" #size ")\n"   \
-                "       jl      lr\n"                                   \
-                "       mv      %0, r0\n"                               \
-                "       mv      %1, r1\n"                               \
-                : "=r"(ret), "=r"(x)                                    \
-                : "0"(ptr)                                              \
-                : "r0", "r1", "r14" )
-#endif
 /* Careful: we have to cast the result to the type of the pointer for sign
   reasons */
 /**
@@ -208,20 +169,7 @@ extern void __get_user_4(void);
 * On error, the variable @x is set to zero.
 */
 #define get_user(x,ptr)                                                 \
-({      int __ret_gu;                                                   \
+        __get_user_check((x),(ptr),sizeof(*(ptr)))
-        unsigned long __val_gu;                                         \
-        __chk_user_ptr(ptr);                                            \
-        switch(sizeof (*(ptr))) {                                       \
-        case 1:  __get_user_x(1,__ret_gu,__val_gu,ptr); break;          \
-        case 2:  __get_user_x(2,__ret_gu,__val_gu,ptr); break;          \
-        case 4:  __get_user_x(4,__ret_gu,__val_gu,ptr); break;          \
-        default: __get_user_x(X,__ret_gu,__val_gu,ptr); break;          \
-        }                                                               \
-        (x) = (__typeof__(*(ptr)))__val_gu;                             \
-        __ret_gu;                                                       \
-})
-extern void __put_user_bad(void);
 /**
 * put_user: - Write a simple value into user space.
@@ -240,8 +188,7 @@ extern void __put_user_bad(void);
 * Returns zero on success, or -EFAULT on error.
 */
 #define put_user(x,ptr)                                                 \
-  __put_user_check((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr)))
+        __put_user_check((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr)))
 /**
 * __get_user: - Get a simple variable from user space, with less checking.
@@ -264,8 +211,64 @@ extern void __put_user_bad(void);
 * On error, the variable @x is set to zero.
 */
 #define __get_user(x,ptr) \
-  __get_user_nocheck((x),(ptr),sizeof(*(ptr)))
+        __get_user_nocheck((x),(ptr),sizeof(*(ptr)))
+#define __get_user_nocheck(x,ptr,size)                                  \
+({                                                                      \
+        long __gu_err = 0;                                              \
+        unsigned long __gu_val;                                         \
+        might_sleep();                                                  \
+        __get_user_size(__gu_val,(ptr),(size),__gu_err);                \
+        (x) = (__typeof__(*(ptr)))__gu_val;                             \
+        __gu_err;                                                       \
+})
+#define __get_user_check(x,ptr,size)                                    \
+({                                                                      \
+        long __gu_err = -EFAULT;                                        \
+        unsigned long __gu_val = 0;                                     \
+        const __typeof__(*(ptr)) __user *__gu_addr = (ptr);             \
+        might_sleep();                                                  \
+        if (access_ok(VERIFY_READ,__gu_addr,size))                      \
+                __get_user_size(__gu_val,__gu_addr,(size),__gu_err);    \
+        (x) = (__typeof__(*(ptr)))__gu_val;                             \
+        __gu_err;                                                       \
+})
+extern long __get_user_bad(void);
+#define __get_user_size(x,ptr,size,retval)                              \
+do {                                                                    \
+        retval = 0;                                                     \
+        __chk_user_ptr(ptr);                                            \
+        switch (size) {                                                 \
+          case 1: __get_user_asm(x,ptr,retval,"ub"); break;             \
+          case 2: __get_user_asm(x,ptr,retval,"uh"); break;             \
+          case 4: __get_user_asm(x,ptr,retval,""); break;               \
+          default: (x) = __get_user_bad();                              \
+        }                                                               \
+} while (0)
+#define __get_user_asm(x, addr, err, itype)                             \
+        __asm__ __volatile__(                                           \
+                "       .fillinsn\n"                                    \
+                "1:     ld"itype" %1,@%2\n"                             \
+                "       .fillinsn\n"                                    \
+                "2:\n"                                                  \
+                ".section .fixup,\"ax\"\n"                              \
+                "       .balign 4\n"                                    \
+                "3:     ldi %0,%3\n"                                    \
+                "       seth r14,#high(2b)\n"                           \
+                "       or3 r14,r14,#low(2b)\n"                         \
+                "       jmp r14\n"                                      \
+                ".previous\n"                                           \
+                ".section __ex_table,\"a\"\n"                           \
+                "       .balign 4\n"                                    \
+                "       .long 1b,3b\n"                                  \
+                ".previous"                                             \
+                : "=&r" (err), "=&r" (x)                                \
+                : "r" (addr), "i" (-EFAULT), "0" (err)                  \
+                : "r14", "memory")
 /**
 * __put_user: - Write a simple value into user space, with less checking.
@@ -287,11 +290,13 @@ extern void __put_user_bad(void);
 * Returns zero on success, or -EFAULT on error.
 */
 #define __put_user(x,ptr) \
-  __put_user_nocheck((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr)))
+        __put_user_nocheck((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr)))
 #define __put_user_nocheck(x,ptr,size)                                  \
 ({                                                                      \
        long __pu_err;                                                  \
+        might_sleep();                                                  \
        __put_user_size((x),(ptr),(size),__pu_err);                     \
        __pu_err;                                                       \
 })
@@ -308,28 +313,28 @@ extern void __put_user_bad(void);
 })
 #if defined(__LITTLE_ENDIAN__)
-#define __put_user_u64(x, addr, err)                                    \
+#define __put_user_u64(x, addr, err)                                    \
-        __asm__ __volatile__(                                           \
+        __asm__ __volatile__(                                           \
-                "       .fillinsn\n"                                    \
+                "       .fillinsn\n"                                    \
-                "1:     st %L1,@%2\n"                                    \
+                "1:     st %L1,@%2\n"                                   \
-                "       .fillinsn\n"                                    \
+                "       .fillinsn\n"                                    \
-                "2:     st %H1,@(4,%2)\n"                                \
+                "2:     st %H1,@(4,%2)\n"                               \
-                "       .fillinsn\n"                                    \
+                "       .fillinsn\n"                                    \
-                "3:\n"                                                  \
+                "3:\n"                                                  \
-                ".section .fixup,\"ax\"\n"                              \
+                ".section .fixup,\"ax\"\n"                              \
-                "       .balign 4\n"                                    \
+                "       .balign 4\n"                                    \
-                "4:     ldi %0,%3\n"                                    \
+                "4:     ldi %0,%3\n"                                    \
-                "       seth r14,#high(3b)\n"                           \
+                "       seth r14,#high(3b)\n"                           \
-                "       or3 r14,r14,#low(3b)\n"                         \
+                "       or3 r14,r14,#low(3b)\n"                         \
-                "       jmp r14\n"                                      \
+                "       jmp r14\n"                                      \
-                ".previous\n"                                           \
+                ".previous\n"                                           \
-                ".section __ex_table,\"a\"\n"                           \
+                ".section __ex_table,\"a\"\n"                           \
-                "       .balign 4\n"                                    \
+                "       .balign 4\n"                                    \
-                "       .long 1b,4b\n"                                  \
+                "       .long 1b,4b\n"                                  \
-                "       .long 2b,4b\n"                                  \
+                "       .long 2b,4b\n"                                  \
-                ".previous"                                             \
+                ".previous"                                             \
-                : "=&r"(err)                                             \
+                : "=&r" (err)                                           \
-                : "r"(x), "r"(addr), "i"(-EFAULT), "0"(err)             \
+                : "r" (x), "r" (addr), "i" (-EFAULT), "0" (err)         \
                : "r14", "memory")
 #elif defined(__BIG_ENDIAN__)
@@ -353,13 +358,15 @@ extern void __put_user_bad(void);
                "       .long 1b,4b\n"                                  \
                "       .long 2b,4b\n"                                  \
                ".previous"                                             \
-                : "=&r"(err)                                            \
+                : "=&r" (err)                                           \
-                : "r"(x), "r"(addr), "i"(-EFAULT), "0"(err)             \
+                : "r" (x), "r" (addr), "i" (-EFAULT), "0" (err)         \
                : "r14", "memory")
 #else
 #error no endian defined
 #endif
+extern void __put_user_bad(void);
 #define __put_user_size(x,ptr,size,retval)                              \
 do {                                                                    \
        retval = 0;                                                     \
@@ -398,52 +405,8 @@ struct __large_struct { unsigned long buf[100]; };
                "       .balign 4\n"                                    \
                "       .long 1b,3b\n"                                  \
                ".previous"                                             \
-                : "=&r"(err)                                            \
+                : "=&r" (err)                                           \
-                : "r"(x), "r"(addr), "i"(-EFAULT), "0"(err)             \
+                : "r" (x), "r" (addr), "i" (-EFAULT), "0" (err)         \
-                : "r14", "memory")
-#define __get_user_nocheck(x,ptr,size)                                  \
-({                                                                      \
-        long __gu_err;                                                  \
-        unsigned long __gu_val;                                         \
-        __get_user_size(__gu_val,(ptr),(size),__gu_err);                \
-        (x) = (__typeof__(*(ptr)))__gu_val;                             \
-        __gu_err;                                                       \
-})
-extern long __get_user_bad(void);
-#define __get_user_size(x,ptr,size,retval)                              \
-do {                                                                    \
-        retval = 0;                                                     \
-        __chk_user_ptr(ptr);                                            \
-        switch (size) {                                                 \
-          case 1: __get_user_asm(x,ptr,retval,"ub"); break;             \
-          case 2: __get_user_asm(x,ptr,retval,"uh"); break;             \
-          case 4: __get_user_asm(x,ptr,retval,""); break;               \
-          default: (x) = __get_user_bad();                              \
-        }                                                               \
-} while (0)
-#define __get_user_asm(x, addr, err, itype)                             \
-        __asm__ __volatile__(                                           \
-                "       .fillinsn\n"                                    \
-                "1:     ld"itype" %1,@%2\n"                             \
-                "       .fillinsn\n"                                    \
-                "2:\n"                                                  \
-                ".section .fixup,\"ax\"\n"                              \
-                "       .balign 4\n"                                    \
-                "3:     ldi %0,%3\n"                                    \
-                "       seth r14,#high(2b)\n"                           \
-                "       or3 r14,r14,#low(2b)\n"                         \
-                "       jmp r14\n"                                      \
-                ".previous\n"                                           \
-                ".section __ex_table,\"a\"\n"                           \
-                "       .balign 4\n"                                    \
-                "       .long 1b,3b\n"                                  \
-                ".previous"                                             \
-                : "=&r"(err), "=&r"(x)                                  \
-                : "r"(addr), "i"(-EFAULT), "0"(err)                     \
                : "r14", "memory")
 /*
@@ -453,7 +416,6 @@ do {									\
 * anything, so this is accurate.
 */
 /*
 * Copy To/From Userspace
 */
@@ -511,8 +473,9 @@ do {									\
                "       .long 2b,9b\n"                                  \
                "       .long 3b,9b\n"                                  \
                ".previous\n"                                           \
-                : "=&r"(__dst), "=&r"(__src), "=&r"(size), "=&r"(__c)   \
+                : "=&r" (__dst), "=&r" (__src), "=&r" (size),           \
-                : "0"(to), "1"(from), "2"(size), "3"(size / 4)          \
+                  "=&r" (__c)                                           \
+                : "0" (to), "1" (from), "2" (size), "3" (size / 4)      \
                : "r14", "memory");                                     \
 } while (0)
@@ -573,8 +536,9 @@ do {									\
                "       .long 2b,7b\n"                                  \
                "       .long 3b,7b\n"                                  \
                ".previous\n"                                           \
-                : "=&r"(__dst), "=&r"(__src), "=&r"(size), "=&r"(__c)   \
+                : "=&r" (__dst), "=&r" (__src), "=&r" (size),           \
-                : "0"(to), "1"(from), "2"(size), "3"(size / 4)          \
+                  "=&r" (__c)                                           \
+                : "0" (to), "1" (from), "2" (size), "3" (size / 4)      \
                : "r14", "memory");                                     \
 } while (0)
@@ -676,7 +640,7 @@ unsigned long __generic_copy_from_user(void *, const void __user *, unsigned lon
 #define copy_from_user(to,from,n)                       \
 ({                                                      \
        might_sleep();                                  \
-__generic_copy_from_user((to),(from),(n));      \
+        __generic_copy_from_user((to),(from),(n));      \
 })
 long __must_check strncpy_from_user(char *dst, const char __user *src,
author	Hirokazu Takata <takata@linux-m32r.org>	2006-04-11 01:53:20 -0400
committer	Linus Torvalds <torvalds@g5.osdl.org>	2006-04-11 09:18:34 -0400
commit	04dfd0de4ec04aaf7d9d42439c972c642a15a75c (patch)
tree	26f093671aee900dadc7458f774eb9eb9e209b78 /include/asm-m32r/uaccess.h
parent	7c1c4e541888947947bc46a18a9a5543a259ed62 (diff)

diff --git a/include/asm-m32r/uaccess.h b/include/asm-m32r/uaccess.h index e8ae61956a51..819cc28a94f7 100644 --- a/include/asm-m32r/uaccess.h +++ b/include/asm-m32r/uaccess.h
@@ -5,17 +5,9 @@
5	* linux/include/asm-m32r/uaccess.h	5	* linux/include/asm-m32r/uaccess.h
6	*	6	*
7	* M32R version.	7	* M32R version.
8	* Copyright (C) 2004 Hirokazu Takata <takata at linux-m32r.org>	8	* Copyright (C) 2004, 2006 Hirokazu Takata <takata at linux-m32r.org>
9	*/	9	*/
10		10
11	#undef UACCESS_DEBUG
12
13	#ifdef UACCESS_DEBUG
14	#define UAPRINTK(args...) printk(args)
15	#else
16	#define UAPRINTK(args...)
17	#endif /* UACCESS_DEBUG */
18
19	/*	11	/*
20	* User space memory access functions	12	* User space memory access functions
21	*/	13	*/
@@ -38,27 +30,29 @@
38	#define MAKE_MM_SEG(s) ((mm_segment_t) { (s) })	30	#define MAKE_MM_SEG(s) ((mm_segment_t) { (s) })
39		31
40	#ifdef CONFIG_MMU	32	#ifdef CONFIG_MMU
		33
41	#define KERNEL_DS MAKE_MM_SEG(0xFFFFFFFF)	34	#define KERNEL_DS MAKE_MM_SEG(0xFFFFFFFF)
42	#define USER_DS MAKE_MM_SEG(PAGE_OFFSET)	35	#define USER_DS MAKE_MM_SEG(PAGE_OFFSET)
43	#else
44	#define KERNEL_DS MAKE_MM_SEG(0xFFFFFFFF)
45	#define USER_DS MAKE_MM_SEG(0xFFFFFFFF)
46	#endif /* CONFIG_MMU */
47
48	#define get_ds() (KERNEL_DS)	36	#define get_ds() (KERNEL_DS)
49	#ifdef CONFIG_MMU
50	#define get_fs() (current_thread_info()->addr_limit)	37	#define get_fs() (current_thread_info()->addr_limit)
51	#define set_fs(x) (current_thread_info()->addr_limit = (x))	38	#define set_fs(x) (current_thread_info()->addr_limit = (x))
52	#else	39
		40	#else /* not CONFIG_MMU */
		41
		42	#define KERNEL_DS MAKE_MM_SEG(0xFFFFFFFF)
		43	#define USER_DS MAKE_MM_SEG(0xFFFFFFFF)
		44	#define get_ds() (KERNEL_DS)
		45
53	static inline mm_segment_t get_fs(void)	46	static inline mm_segment_t get_fs(void)
54	{	47	{
55	return USER_DS;	48	return USER_DS;
56	}	49	}
57		50
58	static inline void set_fs(mm_segment_t s)	51	static inline void set_fs(mm_segment_t s)
59	{	52	{
60	}	53	}
61	#endif /* CONFIG_MMU */	54
		55	#endif /* not CONFIG_MMU */
62		56
63	#define segment_eq(a,b) ((a).seg == (b).seg)	57	#define segment_eq(a,b) ((a).seg == (b).seg)
64		58
@@ -83,9 +77,9 @@ static inline void set_fs(mm_segment_t s)
83	" subx %0, %0\n" \	77	" subx %0, %0\n" \
84	" cmpu %4, %1\n" \	78	" cmpu %4, %1\n" \
85	" subx %0, %5\n" \	79	" subx %0, %5\n" \
86	: "=&r"(flag), "=r"(sum) \	80	: "=&r" (flag), "=r" (sum) \
87	: "1"(addr), "r"((int)(size)), \	81	: "1" (addr), "r" ((int)(size)), \
88	"r"(current_thread_info()->addr_limit.seg), "r"(0) \	82	"r" (current_thread_info()->addr_limit.seg), "r" (0) \
89	: "cbit" ); \	83	: "cbit" ); \
90	flag; })	84	flag; })
91		85
@@ -113,10 +107,10 @@ static inline void set_fs(mm_segment_t s)
113	#else	107	#else
114	static inline int access_ok(int type, const void *addr, unsigned long size)	108	static inline int access_ok(int type, const void *addr, unsigned long size)
115	{	109	{
116	extern unsigned long memory_start, memory_end;	110	extern unsigned long memory_start, memory_end;
117	unsigned long val = (unsigned long)addr;	111	unsigned long val = (unsigned long)addr;
118		112
119	return ((val >= memory_start) && ((val + size) < memory_end));	113	return ((val >= memory_start) && ((val + size) < memory_end));
120	}	114	}
121	#endif /* CONFIG_MMU */	115	#endif /* CONFIG_MMU */
122		116
@@ -155,39 +149,6 @@ extern int fixup_exception(struct pt_regs *regs);
155	* accesses to the same area of user memory).	149	* accesses to the same area of user memory).
156	*/	150	*/
157		151
158	extern void __get_user_1(void);
159	extern void __get_user_2(void);
160	extern void __get_user_4(void);
161
162	#ifndef MODULE
163	#define __get_user_x(size,ret,x,ptr) \
164	__asm__ __volatile__( \
165	" mv r0, %0\n" \
166	" mv r1, %1\n" \
167	" bl __get_user_" #size "\n" \
168	" mv %0, r0\n" \
169	" mv %1, r1\n" \
170	: "=r"(ret), "=r"(x) \
171	: "0"(ptr) \
172	: "r0", "r1", "r14" )
173	#else /* MODULE */
174	/*
175	* Use "jl" instead of "bl" for MODULE
176	*/
177	#define __get_user_x(size,ret,x,ptr) \
178	__asm__ __volatile__( \
179	" mv r0, %0\n" \
180	" mv r1, %1\n" \
181	" seth lr, #high(__get_user_" #size ")\n" \
182	" or3 lr, lr, #low(__get_user_" #size ")\n" \
183	" jl lr\n" \
184	" mv %0, r0\n" \
185	" mv %1, r1\n" \
186	: "=r"(ret), "=r"(x) \
187	: "0"(ptr) \
188	: "r0", "r1", "r14" )
189	#endif
190
191	/* Careful: we have to cast the result to the type of the pointer for sign	152	/* Careful: we have to cast the result to the type of the pointer for sign
192	reasons */	153	reasons */
193	/**	154	/**
@@ -208,20 +169,7 @@ extern void __get_user_4(void);
208	* On error, the variable @x is set to zero.	169	* On error, the variable @x is set to zero.
209	*/	170	*/
210	#define get_user(x,ptr) \	171	#define get_user(x,ptr) \
211	({ int __ret_gu; \	172	__get_user_check((x),(ptr),sizeof(*(ptr)))
212	unsigned long __val_gu; \
213	__chk_user_ptr(ptr); \
214	switch(sizeof (*(ptr))) { \
215	case 1: __get_user_x(1,__ret_gu,__val_gu,ptr); break; \
216	case 2: __get_user_x(2,__ret_gu,__val_gu,ptr); break; \
217	case 4: __get_user_x(4,__ret_gu,__val_gu,ptr); break; \
218	default: __get_user_x(X,__ret_gu,__val_gu,ptr); break; \
219	} \
220	(x) = (__typeof__(*(ptr)))__val_gu; \
221	__ret_gu; \
222	})
223
224	extern void __put_user_bad(void);
225		173
226	/**	174	/**
227	* put_user: - Write a simple value into user space.	175	* put_user: - Write a simple value into user space.
@@ -240,8 +188,7 @@ extern void __put_user_bad(void);
240	* Returns zero on success, or -EFAULT on error.	188	* Returns zero on success, or -EFAULT on error.
241	*/	189	*/
242	#define put_user(x,ptr) \	190	#define put_user(x,ptr) \
243	__put_user_check((__typeof__((ptr)))(x),(ptr),sizeof((ptr)))	191	__put_user_check((__typeof__((ptr)))(x),(ptr),sizeof((ptr)))
244
245		192
246	/**	193	/**
247	* __get_user: - Get a simple variable from user space, with less checking.	194	* __get_user: - Get a simple variable from user space, with less checking.
@@ -264,8 +211,64 @@ extern void __put_user_bad(void);
264	* On error, the variable @x is set to zero.	211	* On error, the variable @x is set to zero.
265	*/	212	*/
266	#define __get_user(x,ptr) \	213	#define __get_user(x,ptr) \
267	__get_user_nocheck((x),(ptr),sizeof(*(ptr)))	214	__get_user_nocheck((x),(ptr),sizeof(*(ptr)))
268		215
		216	#define __get_user_nocheck(x,ptr,size) \
		217	({ \
		218	long __gu_err = 0; \
		219	unsigned long __gu_val; \
		220	might_sleep(); \
		221	__get_user_size(__gu_val,(ptr),(size),__gu_err); \
		222	(x) = (__typeof__(*(ptr)))__gu_val; \
		223	__gu_err; \
		224	})
		225
		226	#define __get_user_check(x,ptr,size) \
		227	({ \
		228	long __gu_err = -EFAULT; \
		229	unsigned long __gu_val = 0; \
		230	const __typeof__((ptr)) __user __gu_addr = (ptr); \
		231	might_sleep(); \
		232	if (access_ok(VERIFY_READ,__gu_addr,size)) \
		233	__get_user_size(__gu_val,__gu_addr,(size),__gu_err); \
		234	(x) = (__typeof__(*(ptr)))__gu_val; \
		235	__gu_err; \
		236	})
		237
		238	extern long __get_user_bad(void);
		239
		240	#define __get_user_size(x,ptr,size,retval) \
		241	do { \
		242	retval = 0; \
		243	__chk_user_ptr(ptr); \
		244	switch (size) { \
		245	case 1: __get_user_asm(x,ptr,retval,"ub"); break; \
		246	case 2: __get_user_asm(x,ptr,retval,"uh"); break; \
		247	case 4: __get_user_asm(x,ptr,retval,""); break; \
		248	default: (x) = __get_user_bad(); \
		249	} \
		250	} while (0)
		251
		252	#define __get_user_asm(x, addr, err, itype) \
		253	__asm__ __volatile__( \
		254	" .fillinsn\n" \
		255	"1: ld"itype" %1,@%2\n" \
		256	" .fillinsn\n" \
		257	"2:\n" \
		258	".section .fixup,\"ax\"\n" \
		259	" .balign 4\n" \
		260	"3: ldi %0,%3\n" \
		261	" seth r14,#high(2b)\n" \
		262	" or3 r14,r14,#low(2b)\n" \
		263	" jmp r14\n" \
		264	".previous\n" \
		265	".section __ex_table,\"a\"\n" \
		266	" .balign 4\n" \
		267	" .long 1b,3b\n" \
		268	".previous" \
		269	: "=&r" (err), "=&r" (x) \
		270	: "r" (addr), "i" (-EFAULT), "0" (err) \
		271	: "r14", "memory")
269		272
270	/**	273	/**
271	* __put_user: - Write a simple value into user space, with less checking.	274	* __put_user: - Write a simple value into user space, with less checking.
@@ -287,11 +290,13 @@ extern void __put_user_bad(void);
287	* Returns zero on success, or -EFAULT on error.	290	* Returns zero on success, or -EFAULT on error.
288	*/	291	*/
289	#define __put_user(x,ptr) \	292	#define __put_user(x,ptr) \
290	__put_user_nocheck((__typeof__((ptr)))(x),(ptr),sizeof((ptr)))	293	__put_user_nocheck((__typeof__((ptr)))(x),(ptr),sizeof((ptr)))
		294
291		295
292	#define __put_user_nocheck(x,ptr,size) \	296	#define __put_user_nocheck(x,ptr,size) \
293	({ \	297	({ \
294	long __pu_err; \	298	long __pu_err; \
		299	might_sleep(); \
295	__put_user_size((x),(ptr),(size),__pu_err); \	300	__put_user_size((x),(ptr),(size),__pu_err); \
296	__pu_err; \	301	__pu_err; \
297	})	302	})
@@ -308,28 +313,28 @@ extern void __put_user_bad(void);
308	})	313	})
309		314
310	#if defined(__LITTLE_ENDIAN__)	315	#if defined(__LITTLE_ENDIAN__)
311	#define __put_user_u64(x, addr, err) \	316	#define __put_user_u64(x, addr, err) \
312	__asm__ __volatile__( \	317	__asm__ __volatile__( \
313	" .fillinsn\n" \	318	" .fillinsn\n" \
314	"1: st %L1,@%2\n" \	319	"1: st %L1,@%2\n" \
315	" .fillinsn\n" \	320	" .fillinsn\n" \
316	"2: st %H1,@(4,%2)\n" \	321	"2: st %H1,@(4,%2)\n" \
317	" .fillinsn\n" \	322	" .fillinsn\n" \
318	"3:\n" \	323	"3:\n" \
319	".section .fixup,\"ax\"\n" \	324	".section .fixup,\"ax\"\n" \
320	" .balign 4\n" \	325	" .balign 4\n" \
321	"4: ldi %0,%3\n" \	326	"4: ldi %0,%3\n" \
322	" seth r14,#high(3b)\n" \	327	" seth r14,#high(3b)\n" \
323	" or3 r14,r14,#low(3b)\n" \	328	" or3 r14,r14,#low(3b)\n" \
324	" jmp r14\n" \	329	" jmp r14\n" \
325	".previous\n" \	330	".previous\n" \
326	".section __ex_table,\"a\"\n" \	331	".section __ex_table,\"a\"\n" \
327	" .balign 4\n" \	332	" .balign 4\n" \
328	" .long 1b,4b\n" \	333	" .long 1b,4b\n" \
329	" .long 2b,4b\n" \	334	" .long 2b,4b\n" \
330	".previous" \	335	".previous" \
331	: "=&r"(err) \	336	: "=&r" (err) \
332	: "r"(x), "r"(addr), "i"(-EFAULT), "0"(err) \	337	: "r" (x), "r" (addr), "i" (-EFAULT), "0" (err) \
333	: "r14", "memory")	338	: "r14", "memory")
334		339
335	#elif defined(__BIG_ENDIAN__)	340	#elif defined(__BIG_ENDIAN__)
@@ -353,13 +358,15 @@ extern void __put_user_bad(void);
353	" .long 1b,4b\n" \	358	" .long 1b,4b\n" \
354	" .long 2b,4b\n" \	359	" .long 2b,4b\n" \
355	".previous" \	360	".previous" \
356	: "=&r"(err) \	361	: "=&r" (err) \
357	: "r"(x), "r"(addr), "i"(-EFAULT), "0"(err) \	362	: "r" (x), "r" (addr), "i" (-EFAULT), "0" (err) \
358	: "r14", "memory")	363	: "r14", "memory")
359	#else	364	#else
360	#error no endian defined	365	#error no endian defined
361	#endif	366	#endif
362		367
		368	extern void __put_user_bad(void);
		369
363	#define __put_user_size(x,ptr,size,retval) \	370	#define __put_user_size(x,ptr,size,retval) \
364	do { \	371	do { \
365	retval = 0; \	372	retval = 0; \
@@ -398,52 +405,8 @@ struct __large_struct { unsigned long buf[100]; };
398	" .balign 4\n" \	405	" .balign 4\n" \
399	" .long 1b,3b\n" \	406	" .long 1b,3b\n" \
400	".previous" \	407	".previous" \
401	: "=&r"(err) \	408	: "=&r" (err) \
402	: "r"(x), "r"(addr), "i"(-EFAULT), "0"(err) \	409	: "r" (x), "r" (addr), "i" (-EFAULT), "0" (err) \
403	: "r14", "memory")
404
405	#define __get_user_nocheck(x,ptr,size) \
406	({ \
407	long __gu_err; \
408	unsigned long __gu_val; \
409	__get_user_size(__gu_val,(ptr),(size),__gu_err); \
410	(x) = (__typeof__(*(ptr)))__gu_val; \
411	__gu_err; \
412	})
413
414	extern long __get_user_bad(void);
415
416	#define __get_user_size(x,ptr,size,retval) \
417	do { \
418	retval = 0; \
419	__chk_user_ptr(ptr); \
420	switch (size) { \
421	case 1: __get_user_asm(x,ptr,retval,"ub"); break; \
422	case 2: __get_user_asm(x,ptr,retval,"uh"); break; \
423	case 4: __get_user_asm(x,ptr,retval,""); break; \
424	default: (x) = __get_user_bad(); \
425	} \
426	} while (0)
427
428	#define __get_user_asm(x, addr, err, itype) \
429	__asm__ __volatile__( \
430	" .fillinsn\n" \
431	"1: ld"itype" %1,@%2\n" \
432	" .fillinsn\n" \
433	"2:\n" \
434	".section .fixup,\"ax\"\n" \
435	" .balign 4\n" \
436	"3: ldi %0,%3\n" \
437	" seth r14,#high(2b)\n" \
438	" or3 r14,r14,#low(2b)\n" \
439	" jmp r14\n" \
440	".previous\n" \
441	".section __ex_table,\"a\"\n" \
442	" .balign 4\n" \
443	" .long 1b,3b\n" \
444	".previous" \
445	: "=&r"(err), "=&r"(x) \
446	: "r"(addr), "i"(-EFAULT), "0"(err) \
447	: "r14", "memory")	410	: "r14", "memory")
448		411
449	/*	412	/*
@@ -453,7 +416,6 @@ do { \
453	* anything, so this is accurate.	416	* anything, so this is accurate.
454	*/	417	*/
455		418
456
457	/*	419	/*
458	* Copy To/From Userspace	420	* Copy To/From Userspace
459	*/	421	*/
@@ -511,8 +473,9 @@ do { \
511	" .long 2b,9b\n" \	473	" .long 2b,9b\n" \
512	" .long 3b,9b\n" \	474	" .long 3b,9b\n" \
513	".previous\n" \	475	".previous\n" \
514	: "=&r"(__dst), "=&r"(__src), "=&r"(size), "=&r"(__c) \	476	: "=&r" (__dst), "=&r" (__src), "=&r" (size), \
515	: "0"(to), "1"(from), "2"(size), "3"(size / 4) \	477	"=&r" (__c) \
		478	: "0" (to), "1" (from), "2" (size), "3" (size / 4) \
516	: "r14", "memory"); \	479	: "r14", "memory"); \
517	} while (0)	480	} while (0)
518		481
@@ -573,8 +536,9 @@ do { \
573	" .long 2b,7b\n" \	536	" .long 2b,7b\n" \
574	" .long 3b,7b\n" \	537	" .long 3b,7b\n" \
575	".previous\n" \	538	".previous\n" \
576	: "=&r"(__dst), "=&r"(__src), "=&r"(size), "=&r"(__c) \	539	: "=&r" (__dst), "=&r" (__src), "=&r" (size), \
577	: "0"(to), "1"(from), "2"(size), "3"(size / 4) \	540	"=&r" (__c) \
		541	: "0" (to), "1" (from), "2" (size), "3" (size / 4) \
578	: "r14", "memory"); \	542	: "r14", "memory"); \
579	} while (0)	543	} while (0)
580		544
@@ -676,7 +640,7 @@ unsigned long __generic_copy_from_user(void , const void __user , unsigned lon
676	#define copy_from_user(to,from,n) \	640	#define copy_from_user(to,from,n) \
677	({ \	641	({ \
678	might_sleep(); \	642	might_sleep(); \
679	__generic_copy_from_user((to),(from),(n)); \	643	__generic_copy_from_user((to),(from),(n)); \
680	})	644	})
681		645
682	long __must_check strncpy_from_user(char dst, const char __user src,	646	long __must_check strncpy_from_user(char dst, const char __user src,