debuggers.hg

view xen/include/asm-x86/uaccess.h @ 22855:1d1eec7e1fb4

xl: Perform minimal validation of virtual disk file while parsing config file

This patch performs some very basic validation on the virtual disk
file passed through the config file. This validation ensures that we
don't go too far with the initialization like spawn qemu and more
while there could be some potentially fundamental issues.

[ Patch fixed up to work with PHYSTYPE_EMPTY 22808:6ec61438713a -iwj ]

Signed-off-by: Kamala Narasimhan <kamala.narasimhan@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
author Kamala Narasimhan <kamala.narasimhan@gmail.com>
date Tue Jan 25 18:09:49 2011 +0000 (2011-01-25)
parents 2762b6d3149c
children
line source
2 #ifndef __X86_UACCESS_H__
3 #define __X86_UACCESS_H__
5 #include <xen/config.h>
6 #include <xen/compiler.h>
7 #include <xen/errno.h>
8 #include <xen/prefetch.h>
9 #include <asm/asm_defns.h>
10 #include <asm/page.h>
12 #ifdef __x86_64__
13 #include <asm/x86_64/uaccess.h>
14 #else
15 #include <asm/x86_32/uaccess.h>
16 #endif
18 unsigned long copy_to_user(void *to, const void *from, unsigned len);
19 unsigned long copy_from_user(void *to, const void *from, unsigned len);
20 /* Handles exceptions in both to and from, but doesn't do access_ok */
21 unsigned long __copy_to_user_ll(void *to, const void *from, unsigned n);
22 unsigned long __copy_from_user_ll(void *to, const void *from, unsigned n);
24 extern long __get_user_bad(void);
25 extern void __put_user_bad(void);
27 /**
28 * get_user: - Get a simple variable from user space.
29 * @x: Variable to store result.
30 * @ptr: Source address, in user space.
31 *
32 * Context: User context only. This function may sleep.
33 *
34 * This macro copies a single simple variable from user space to kernel
35 * space. It supports simple types like char and int, but not larger
36 * data types like structures or arrays.
37 *
38 * @ptr must have pointer-to-simple-variable type, and the result of
39 * dereferencing @ptr must be assignable to @x without a cast.
40 *
41 * Returns zero on success, or -EFAULT on error.
42 * On error, the variable @x is set to zero.
43 */
44 #define get_user(x,ptr) \
45 __get_user_check((x),(ptr),sizeof(*(ptr)))
47 /**
48 * put_user: - Write a simple value into user space.
49 * @x: Value to copy to user space.
50 * @ptr: Destination address, in user space.
51 *
52 * Context: User context only. This function may sleep.
53 *
54 * This macro copies a single simple value from kernel space to user
55 * space. It supports simple types like char and int, but not larger
56 * data types like structures or arrays.
57 *
58 * @ptr must have pointer-to-simple-variable type, and @x must be assignable
59 * to the result of dereferencing @ptr.
60 *
61 * Returns zero on success, or -EFAULT on error.
62 */
63 #define put_user(x,ptr) \
64 __put_user_check((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr)))
66 /**
67 * __get_user: - Get a simple variable from user space, with less checking.
68 * @x: Variable to store result.
69 * @ptr: Source address, in user space.
70 *
71 * Context: User context only. This function may sleep.
72 *
73 * This macro copies a single simple variable from user space to kernel
74 * space. It supports simple types like char and int, but not larger
75 * data types like structures or arrays.
76 *
77 * @ptr must have pointer-to-simple-variable type, and the result of
78 * dereferencing @ptr must be assignable to @x without a cast.
79 *
80 * Caller must check the pointer with access_ok() before calling this
81 * function.
82 *
83 * Returns zero on success, or -EFAULT on error.
84 * On error, the variable @x is set to zero.
85 */
86 #define __get_user(x,ptr) \
87 __get_user_nocheck((x),(ptr),sizeof(*(ptr)))
89 /**
90 * __put_user: - Write a simple value into user space, with less checking.
91 * @x: Value to copy to user space.
92 * @ptr: Destination address, in user space.
93 *
94 * Context: User context only. This function may sleep.
95 *
96 * This macro copies a single simple value from kernel space to user
97 * space. It supports simple types like char and int, but not larger
98 * data types like structures or arrays.
99 *
100 * @ptr must have pointer-to-simple-variable type, and @x must be assignable
101 * to the result of dereferencing @ptr.
102 *
103 * Caller must check the pointer with access_ok() before calling this
104 * function.
105 *
106 * Returns zero on success, or -EFAULT on error.
107 */
108 #define __put_user(x,ptr) \
109 __put_user_nocheck((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr)))
111 #define __put_user_nocheck(x,ptr,size) \
112 ({ \
113 long __pu_err; \
114 __put_user_size((x),(ptr),(size),__pu_err,-EFAULT); \
115 __pu_err; \
116 })
118 #define __put_user_check(x,ptr,size) \
119 ({ \
120 long __pu_err = -EFAULT; \
121 __typeof__(*(ptr)) __user *__pu_addr = (ptr); \
122 if (access_ok(__pu_addr,size)) \
123 __put_user_size((x),__pu_addr,(size),__pu_err,-EFAULT); \
124 __pu_err; \
125 })
127 #define __get_user_nocheck(x,ptr,size) \
128 ({ \
129 long __gu_err; \
130 __get_user_size((x),(ptr),(size),__gu_err,-EFAULT); \
131 __gu_err; \
132 })
134 #define __get_user_check(x,ptr,size) \
135 ({ \
136 long __gu_err; \
137 __typeof__(*(ptr)) __user *__gu_addr = (ptr); \
138 __get_user_size((x),__gu_addr,(size),__gu_err,-EFAULT); \
139 if (!access_ok(__gu_addr,size)) __gu_err = -EFAULT; \
140 __gu_err; \
141 })
143 struct __large_struct { unsigned long buf[100]; };
144 #define __m(x) (*(const struct __large_struct *)(x))
146 /*
147 * Tell gcc we read from memory instead of writing: this is because
148 * we do not write to any memory gcc knows about, so there are no
149 * aliasing issues.
150 */
151 #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \
152 __asm__ __volatile__( \
153 "1: mov"itype" %"rtype"1,%2\n" \
154 "2:\n" \
155 ".section .fixup,\"ax\"\n" \
156 "3: mov %3,%0\n" \
157 " jmp 2b\n" \
158 ".previous\n" \
159 _ASM_EXTABLE(1b, 3b) \
160 : "=r"(err) \
161 : ltype (x), "m"(__m(addr)), "i"(errret), "0"(err))
163 #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \
164 __asm__ __volatile__( \
165 "1: mov"itype" %2,%"rtype"1\n" \
166 "2:\n" \
167 ".section .fixup,\"ax\"\n" \
168 "3: mov %3,%0\n" \
169 " xor"itype" %"rtype"1,%"rtype"1\n" \
170 " jmp 2b\n" \
171 ".previous\n" \
172 _ASM_EXTABLE(1b, 3b) \
173 : "=r"(err), ltype (x) \
174 : "m"(__m(addr)), "i"(errret), "0"(err))
176 /**
177 * __copy_to_user: - Copy a block of data into user space, with less checking
178 * @to: Destination address, in user space.
179 * @from: Source address, in kernel space.
180 * @n: Number of bytes to copy.
181 *
182 * Context: User context only. This function may sleep.
183 *
184 * Copy data from kernel space to user space. Caller must check
185 * the specified block with access_ok() before calling this function.
186 *
187 * Returns number of bytes that could not be copied.
188 * On success, this will be zero.
189 */
190 static always_inline unsigned long
191 __copy_to_user(void __user *to, const void *from, unsigned long n)
192 {
193 if (__builtin_constant_p(n)) {
194 unsigned long ret;
196 switch (n) {
197 case 1:
198 __put_user_size(*(const u8 *)from, (u8 __user *)to, 1, ret, 1);
199 return ret;
200 case 2:
201 __put_user_size(*(const u16 *)from, (u16 __user *)to, 2, ret, 2);
202 return ret;
203 case 4:
204 __put_user_size(*(const u32 *)from, (u32 __user *)to, 4, ret, 4);
205 return ret;
206 case 8:
207 __put_user_size(*(const u64 *)from, (u64 __user *)to, 8, ret, 8);
208 return ret;
209 }
210 }
211 return __copy_to_user_ll(to, from, n);
212 }
214 /**
215 * __copy_from_user: - Copy a block of data from user space, with less checking
216 * @to: Destination address, in kernel space.
217 * @from: Source address, in user space.
218 * @n: Number of bytes to copy.
219 *
220 * Context: User context only. This function may sleep.
221 *
222 * Copy data from user space to kernel space. Caller must check
223 * the specified block with access_ok() before calling this function.
224 *
225 * Returns number of bytes that could not be copied.
226 * On success, this will be zero.
227 *
228 * If some data could not be copied, this function will pad the copied
229 * data to the requested size using zero bytes.
230 */
231 static always_inline unsigned long
232 __copy_from_user(void *to, const void __user *from, unsigned long n)
233 {
234 if (__builtin_constant_p(n)) {
235 unsigned long ret;
237 switch (n) {
238 case 1:
239 __get_user_size(*(u8 *)to, from, 1, ret, 1);
240 return ret;
241 case 2:
242 __get_user_size(*(u16 *)to, from, 2, ret, 2);
243 return ret;
244 case 4:
245 __get_user_size(*(u32 *)to, from, 4, ret, 4);
246 return ret;
247 case 8:
248 __get_user_size(*(u64*)to, from, 8, ret, 8);
249 return ret;
250 }
251 }
252 return __copy_from_user_ll(to, from, n);
253 }
255 /*
256 * The exception table consists of pairs of addresses: the first is the
257 * address of an instruction that is allowed to fault, and the second is
258 * the address at which the program should continue. No registers are
259 * modified, so it is entirely up to the continuation code to figure out
260 * what to do.
261 *
262 * All the routines below use bits of fixup code that are out of line
263 * with the main instruction path. This means when everything is well,
264 * we don't even have to jump over them. Further, they do not intrude
265 * on our cache or tlb entries.
266 */
268 struct exception_table_entry
269 {
270 s32 addr, cont;
271 };
273 extern unsigned long search_exception_table(unsigned long);
274 extern void sort_exception_tables(void);
276 #endif /* __X86_UACCESS_H__ */