FreeBSD/Linux Kernel Cross Reference
sys/kern/subr_uio.c
1 /*-
2 * Copyright (c) 1982, 1986, 1991, 1993
3 * The Regents of the University of California. All rights reserved.
4 * (c) UNIX System Laboratories, Inc.
5 * All or some portions of this file are derived from material licensed
6 * to the University of California by American Telephone and Telegraph
7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8 * the permission of UNIX System Laboratories, Inc.
9 *
10 * Copyright (c) 2014 The FreeBSD Foundation
11 *
12 * Portions of this software were developed by Konstantin Belousov
13 * under sponsorship from the FreeBSD Foundation.
14 *
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
17 * are met:
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the distribution.
23 * 4. Neither the name of the University nor the names of its contributors
24 * may be used to endorse or promote products derived from this software
25 * without specific prior written permission.
26 *
27 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 * SUCH DAMAGE.
38 *
39 * @(#)kern_subr.c 8.3 (Berkeley) 1/21/94
40 */
41
42 #include <sys/cdefs.h>
43 __FBSDID("$FreeBSD: releng/10.2/sys/kern/subr_uio.c 274648 2014-11-18 12:53:32Z kib $");
44
45 #include <sys/param.h>
46 #include <sys/systm.h>
47 #include <sys/kernel.h>
48 #include <sys/limits.h>
49 #include <sys/lock.h>
50 #include <sys/mman.h>
51 #include <sys/proc.h>
52 #include <sys/resourcevar.h>
53 #include <sys/rwlock.h>
54 #include <sys/sched.h>
55 #include <sys/sysctl.h>
56 #include <sys/vnode.h>
57
58 #include <vm/vm.h>
59 #include <vm/vm_param.h>
60 #include <vm/vm_extern.h>
61 #include <vm/vm_page.h>
62 #include <vm/vm_pageout.h>
63 #include <vm/vm_map.h>
64
65 SYSCTL_INT(_kern, KERN_IOV_MAX, iov_max, CTLFLAG_RD, SYSCTL_NULL_INT_PTR, UIO_MAXIOV,
66 "Maximum number of elements in an I/O vector; sysconf(_SC_IOV_MAX)");
67
68 static int uiomove_faultflag(void *cp, int n, struct uio *uio, int nofault);
69
70 int
71 copyin_nofault(const void *udaddr, void *kaddr, size_t len)
72 {
73 int error, save;
74
75 save = vm_fault_disable_pagefaults();
76 error = copyin(udaddr, kaddr, len);
77 vm_fault_enable_pagefaults(save);
78 return (error);
79 }
80
81 int
82 copyout_nofault(const void *kaddr, void *udaddr, size_t len)
83 {
84 int error, save;
85
86 save = vm_fault_disable_pagefaults();
87 error = copyout(kaddr, udaddr, len);
88 vm_fault_enable_pagefaults(save);
89 return (error);
90 }
91
92 #define PHYS_PAGE_COUNT(len) (howmany(len, PAGE_SIZE) + 1)
93
94 int
95 physcopyin(void *src, vm_paddr_t dst, size_t len)
96 {
97 vm_page_t m[PHYS_PAGE_COUNT(len)];
98 struct iovec iov[1];
99 struct uio uio;
100 int i;
101
102 iov[0].iov_base = src;
103 iov[0].iov_len = len;
104 uio.uio_iov = iov;
105 uio.uio_iovcnt = 1;
106 uio.uio_offset = 0;
107 uio.uio_resid = len;
108 uio.uio_segflg = UIO_SYSSPACE;
109 uio.uio_rw = UIO_WRITE;
110 for (i = 0; i < PHYS_PAGE_COUNT(len); i++, dst += PAGE_SIZE)
111 m[i] = PHYS_TO_VM_PAGE(dst);
112 return (uiomove_fromphys(m, dst & PAGE_MASK, len, &uio));
113 }
114
115 int
116 physcopyout(vm_paddr_t src, void *dst, size_t len)
117 {
118 vm_page_t m[PHYS_PAGE_COUNT(len)];
119 struct iovec iov[1];
120 struct uio uio;
121 int i;
122
123 iov[0].iov_base = dst;
124 iov[0].iov_len = len;
125 uio.uio_iov = iov;
126 uio.uio_iovcnt = 1;
127 uio.uio_offset = 0;
128 uio.uio_resid = len;
129 uio.uio_segflg = UIO_SYSSPACE;
130 uio.uio_rw = UIO_READ;
131 for (i = 0; i < PHYS_PAGE_COUNT(len); i++, src += PAGE_SIZE)
132 m[i] = PHYS_TO_VM_PAGE(src);
133 return (uiomove_fromphys(m, src & PAGE_MASK, len, &uio));
134 }
135
136 #undef PHYS_PAGE_COUNT
137
138 int
139 uiomove(void *cp, int n, struct uio *uio)
140 {
141
142 return (uiomove_faultflag(cp, n, uio, 0));
143 }
144
145 int
146 uiomove_nofault(void *cp, int n, struct uio *uio)
147 {
148
149 return (uiomove_faultflag(cp, n, uio, 1));
150 }
151
152 static int
153 uiomove_faultflag(void *cp, int n, struct uio *uio, int nofault)
154 {
155 struct thread *td;
156 struct iovec *iov;
157 size_t cnt;
158 int error, newflags, save;
159
160 td = curthread;
161 error = 0;
162
163 KASSERT(uio->uio_rw == UIO_READ || uio->uio_rw == UIO_WRITE,
164 ("uiomove: mode"));
165 KASSERT(uio->uio_segflg != UIO_USERSPACE || uio->uio_td == td,
166 ("uiomove proc"));
167 if (!nofault)
168 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
169 "Calling uiomove()");
170
171 /* XXX does it make a sense to set TDP_DEADLKTREAT for UIO_SYSSPACE ? */
172 newflags = TDP_DEADLKTREAT;
173 if (uio->uio_segflg == UIO_USERSPACE && nofault) {
174 /*
175 * Fail if a non-spurious page fault occurs.
176 */
177 newflags |= TDP_NOFAULTING | TDP_RESETSPUR;
178 }
179 save = curthread_pflags_set(newflags);
180
181 while (n > 0 && uio->uio_resid) {
182 iov = uio->uio_iov;
183 cnt = iov->iov_len;
184 if (cnt == 0) {
185 uio->uio_iov++;
186 uio->uio_iovcnt--;
187 continue;
188 }
189 if (cnt > n)
190 cnt = n;
191
192 switch (uio->uio_segflg) {
193
194 case UIO_USERSPACE:
195 maybe_yield();
196 if (uio->uio_rw == UIO_READ)
197 error = copyout(cp, iov->iov_base, cnt);
198 else
199 error = copyin(iov->iov_base, cp, cnt);
200 if (error)
201 goto out;
202 break;
203
204 case UIO_SYSSPACE:
205 if (uio->uio_rw == UIO_READ)
206 bcopy(cp, iov->iov_base, cnt);
207 else
208 bcopy(iov->iov_base, cp, cnt);
209 break;
210 case UIO_NOCOPY:
211 break;
212 }
213 iov->iov_base = (char *)iov->iov_base + cnt;
214 iov->iov_len -= cnt;
215 uio->uio_resid -= cnt;
216 uio->uio_offset += cnt;
217 cp = (char *)cp + cnt;
218 n -= cnt;
219 }
220 out:
221 curthread_pflags_restore(save);
222 return (error);
223 }
224
225 /*
226 * Wrapper for uiomove() that validates the arguments against a known-good
227 * kernel buffer. Currently, uiomove accepts a signed (n) argument, which
228 * is almost definitely a bad thing, so we catch that here as well. We
229 * return a runtime failure, but it might be desirable to generate a runtime
230 * assertion failure instead.
231 */
232 int
233 uiomove_frombuf(void *buf, int buflen, struct uio *uio)
234 {
235 size_t offset, n;
236
237 if (uio->uio_offset < 0 || uio->uio_resid < 0 ||
238 (offset = uio->uio_offset) != uio->uio_offset)
239 return (EINVAL);
240 if (buflen <= 0 || offset >= buflen)
241 return (0);
242 if ((n = buflen - offset) > IOSIZE_MAX)
243 return (EINVAL);
244 return (uiomove((char *)buf + offset, n, uio));
245 }
246
247 /*
248 * Give next character to user as result of read.
249 */
250 int
251 ureadc(int c, struct uio *uio)
252 {
253 struct iovec *iov;
254 char *iov_base;
255
256 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
257 "Calling ureadc()");
258
259 again:
260 if (uio->uio_iovcnt == 0 || uio->uio_resid == 0)
261 panic("ureadc");
262 iov = uio->uio_iov;
263 if (iov->iov_len == 0) {
264 uio->uio_iovcnt--;
265 uio->uio_iov++;
266 goto again;
267 }
268 switch (uio->uio_segflg) {
269
270 case UIO_USERSPACE:
271 if (subyte(iov->iov_base, c) < 0)
272 return (EFAULT);
273 break;
274
275 case UIO_SYSSPACE:
276 iov_base = iov->iov_base;
277 *iov_base = c;
278 break;
279
280 case UIO_NOCOPY:
281 break;
282 }
283 iov->iov_base = (char *)iov->iov_base + 1;
284 iov->iov_len--;
285 uio->uio_resid--;
286 uio->uio_offset++;
287 return (0);
288 }
289
290 int
291 copyinfrom(const void * __restrict src, void * __restrict dst, size_t len,
292 int seg)
293 {
294 int error = 0;
295
296 switch (seg) {
297 case UIO_USERSPACE:
298 error = copyin(src, dst, len);
299 break;
300 case UIO_SYSSPACE:
301 bcopy(src, dst, len);
302 break;
303 default:
304 panic("copyinfrom: bad seg %d\n", seg);
305 }
306 return (error);
307 }
308
309 int
310 copyinstrfrom(const void * __restrict src, void * __restrict dst, size_t len,
311 size_t * __restrict copied, int seg)
312 {
313 int error = 0;
314
315 switch (seg) {
316 case UIO_USERSPACE:
317 error = copyinstr(src, dst, len, copied);
318 break;
319 case UIO_SYSSPACE:
320 error = copystr(src, dst, len, copied);
321 break;
322 default:
323 panic("copyinstrfrom: bad seg %d\n", seg);
324 }
325 return (error);
326 }
327
328 int
329 copyiniov(const struct iovec *iovp, u_int iovcnt, struct iovec **iov, int error)
330 {
331 u_int iovlen;
332
333 *iov = NULL;
334 if (iovcnt > UIO_MAXIOV)
335 return (error);
336 iovlen = iovcnt * sizeof (struct iovec);
337 *iov = malloc(iovlen, M_IOV, M_WAITOK);
338 error = copyin(iovp, *iov, iovlen);
339 if (error) {
340 free(*iov, M_IOV);
341 *iov = NULL;
342 }
343 return (error);
344 }
345
346 int
347 copyinuio(const struct iovec *iovp, u_int iovcnt, struct uio **uiop)
348 {
349 struct iovec *iov;
350 struct uio *uio;
351 u_int iovlen;
352 int error, i;
353
354 *uiop = NULL;
355 if (iovcnt > UIO_MAXIOV)
356 return (EINVAL);
357 iovlen = iovcnt * sizeof (struct iovec);
358 uio = malloc(iovlen + sizeof *uio, M_IOV, M_WAITOK);
359 iov = (struct iovec *)(uio + 1);
360 error = copyin(iovp, iov, iovlen);
361 if (error) {
362 free(uio, M_IOV);
363 return (error);
364 }
365 uio->uio_iov = iov;
366 uio->uio_iovcnt = iovcnt;
367 uio->uio_segflg = UIO_USERSPACE;
368 uio->uio_offset = -1;
369 uio->uio_resid = 0;
370 for (i = 0; i < iovcnt; i++) {
371 if (iov->iov_len > IOSIZE_MAX - uio->uio_resid) {
372 free(uio, M_IOV);
373 return (EINVAL);
374 }
375 uio->uio_resid += iov->iov_len;
376 iov++;
377 }
378 *uiop = uio;
379 return (0);
380 }
381
382 struct uio *
383 cloneuio(struct uio *uiop)
384 {
385 struct uio *uio;
386 int iovlen;
387
388 iovlen = uiop->uio_iovcnt * sizeof (struct iovec);
389 uio = malloc(iovlen + sizeof *uio, M_IOV, M_WAITOK);
390 *uio = *uiop;
391 uio->uio_iov = (struct iovec *)(uio + 1);
392 bcopy(uiop->uio_iov, uio->uio_iov, iovlen);
393 return (uio);
394 }
395
396 /*
397 * Map some anonymous memory in user space of size sz, rounded up to the page
398 * boundary.
399 */
400 int
401 copyout_map(struct thread *td, vm_offset_t *addr, size_t sz)
402 {
403 struct vmspace *vms;
404 int error;
405 vm_size_t size;
406
407 vms = td->td_proc->p_vmspace;
408
409 /*
410 * Map somewhere after heap in process memory.
411 */
412 PROC_LOCK(td->td_proc);
413 *addr = round_page((vm_offset_t)vms->vm_daddr +
414 lim_max(td->td_proc, RLIMIT_DATA));
415 PROC_UNLOCK(td->td_proc);
416
417 /* round size up to page boundry */
418 size = (vm_size_t)round_page(sz);
419
420 error = vm_mmap(&vms->vm_map, addr, size, PROT_READ | PROT_WRITE,
421 VM_PROT_ALL, MAP_PRIVATE | MAP_ANON, OBJT_DEFAULT, NULL, 0);
422
423 return (error);
424 }
425
426 /*
427 * Unmap memory in user space.
428 */
429 int
430 copyout_unmap(struct thread *td, vm_offset_t addr, size_t sz)
431 {
432 vm_map_t map;
433 vm_size_t size;
434
435 if (sz == 0)
436 return (0);
437
438 map = &td->td_proc->p_vmspace->vm_map;
439 size = (vm_size_t)round_page(sz);
440
441 if (vm_map_remove(map, addr, addr + size) != KERN_SUCCESS)
442 return (EINVAL);
443
444 return (0);
445 }
446
447 #ifdef NO_FUEWORD
448 /*
449 * XXXKIB The temporal implementation of fue*() functions which do not
450 * handle usermode -1 properly, mixing it with the fault code. Keep
451 * this until MD code is written. Currently sparc64, mips and arm do
452 * not have proper implementation.
453 */
454
455 int
456 fueword(volatile const void *base, long *val)
457 {
458 long res;
459
460 res = fuword(base);
461 if (res == -1)
462 return (-1);
463 *val = res;
464 return (0);
465 }
466
467 int
468 fueword32(volatile const void *base, int32_t *val)
469 {
470 int32_t res;
471
472 res = fuword32(base);
473 if (res == -1)
474 return (-1);
475 *val = res;
476 return (0);
477 }
478
479 #ifdef _LP64
480 int
481 fueword64(volatile const void *base, int64_t *val)
482 {
483 int32_t res;
484
485 res = fuword64(base);
486 if (res == -1)
487 return (-1);
488 *val = res;
489 return (0);
490 }
491 #endif
492
493 int
494 casueword32(volatile uint32_t *base, uint32_t oldval, uint32_t *oldvalp,
495 uint32_t newval)
496 {
497 int32_t ov;
498
499 ov = casuword32(base, oldval, newval);
500 if (ov == -1)
501 return (-1);
502 *oldvalp = ov;
503 return (0);
504 }
505
506 int
507 casueword(volatile u_long *p, u_long oldval, u_long *oldvalp, u_long newval)
508 {
509 u_long ov;
510
511 ov = casuword(p, oldval, newval);
512 if (ov == -1)
513 return (-1);
514 *oldvalp = ov;
515 return (0);
516 }
517 #else /* NO_FUEWORD */
518 int32_t
519 fuword32(volatile const void *addr)
520 {
521 int rv;
522 int32_t val;
523
524 rv = fueword32(addr, &val);
525 return (rv == -1 ? -1 : val);
526 }
527
528 #ifdef _LP64
529 int64_t
530 fuword64(volatile const void *addr)
531 {
532 int rv;
533 int64_t val;
534
535 rv = fueword64(addr, &val);
536 return (rv == -1 ? -1 : val);
537 }
538 #endif /* _LP64 */
539
540 long
541 fuword(volatile const void *addr)
542 {
543 long val;
544 int rv;
545
546 rv = fueword(addr, &val);
547 return (rv == -1 ? -1 : val);
548 }
549
550 uint32_t
551 casuword32(volatile uint32_t *addr, uint32_t old, uint32_t new)
552 {
553 int rv;
554 uint32_t val;
555
556 rv = casueword32(addr, old, &val, new);
557 return (rv == -1 ? -1 : val);
558 }
559
560 u_long
561 casuword(volatile u_long *addr, u_long old, u_long new)
562 {
563 int rv;
564 u_long val;
565
566 rv = casueword(addr, old, &val, new);
567 return (rv == -1 ? -1 : val);
568 }
569
570 #endif /* NO_FUEWORD */
Cache object: 128b0f685086d015bd9cd22f11ace9ca
|