/*
 * include/asm-xtensa/uaccess.h
 *
 * User space memory access functions
 *
 * These routines provide basic accessing functions to the user memory
 * space for the kernel. This header file provides functions such as:
 *
 * This file is subject to the terms and conditions of the GNU General Public
 * License.  See the file "COPYING" in the main directory of this archive
 * for more details.
 *
 * Copyright (C) 2001 - 2005 Tensilica Inc.
 */

#ifndef _XTENSA_UACCESS_H
#define _XTENSA_UACCESS_H

#include <linux/errno.h>
#ifndef __ASSEMBLY__
#include <linux/prefetch.h>
#endif
#include <asm/types.h>

#define VERIFY_READ    0
#define VERIFY_WRITE   1

#ifdef __ASSEMBLY__

#include <asm/current.h>
#include <asm/asm-offsets.h>
#include <asm/processor.h>

/*
 * These assembly macros mirror the C macros that follow below.  They
 * should always have identical functionality.  See
 * arch/xtensa/kernel/sys.S for usage.
 */

#define KERNEL_DS       0
#define USER_DS         1

#define get_ds          (KERNEL_DS)

/*
 * get_fs reads current->thread.current_ds into a register.
 * On Entry:
 *      <ad>    anything
 *      <sp>    stack
 * On Exit:
 *      <ad>    contains current->thread.current_ds
 */
        .macro  get_fs  ad, sp
        GET_CURRENT(\ad,\sp)
#if THREAD_CURRENT_DS > 1020
        addi    \ad, \ad, TASK_THREAD
        l32i    \ad, \ad, THREAD_CURRENT_DS - TASK_THREAD
#else
        l32i    \ad, \ad, THREAD_CURRENT_DS
#endif
        .endm

/*
 * set_fs sets current->thread.current_ds to some value.
 * On Entry:
 *      <at>    anything (temp register)
 *      <av>    value to write
 *      <sp>    stack
 * On Exit:
 *      <at>    destroyed (actually, current)
 *      <av>    preserved, value to write
 */
        .macro  set_fs  at, av, sp
        GET_CURRENT(\at,\sp)
        s32i    \av, \at, THREAD_CURRENT_DS
        .endm

/*
 * kernel_ok determines whether we should bypass addr/size checking.
 * See the equivalent C-macro version below for clarity.
 * On success, kernel_ok branches to a label indicated by parameter
 * <success>.  This implies that the macro falls through to the next
 * insruction on an error.
 *
 * Note that while this macro can be used independently, we designed
 * in for optimal use in the access_ok macro below (i.e., we fall
 * through on error).
 *
 * On Entry:
 *      <at>            anything (temp register)
 *      <success>       label to branch to on success; implies
 *                      fall-through macro on error
 *      <sp>            stack pointer
 * On Exit:
 *      <at>            destroyed (actually, current->thread.current_ds)
 */

#if ((KERNEL_DS != 0) || (USER_DS == 0))
# error Assembly macro kernel_ok fails
#endif
        .macro  kernel_ok  at, sp, success
        get_fs  \at, \sp
        beqz    \at, \success
        .endm

/*
 * user_ok determines whether the access to user-space memory is allowed.
 * See the equivalent C-macro version below for clarity.
 *
 * On error, user_ok branches to a label indicated by parameter
 * <error>.  This implies that the macro falls through to the next
 * instruction on success.
 *
 * Note that while this macro can be used independently, we designed
 * in for optimal use in the access_ok macro below (i.e., we fall
 * through on success).
 *
 * On Entry:
 *      <aa>    register containing memory address
 *      <as>    register containing memory size
 *      <at>    temp register
 *      <error> label to branch to on error; implies fall-through
 *              macro on success
 * On Exit:
 *      <aa>    preserved
 *      <as>    preserved
 *      <at>    destroyed (actually, (TASK_SIZE + 1 - size))
 */
        .macro  user_ok aa, as, at, error
        movi    \at, __XTENSA_UL_CONST(TASK_SIZE)
        bgeu    \as, \at, \error
        sub     \at, \at, \as
        bgeu    \aa, \at, \error
        .endm

/*
 * access_ok determines whether a memory access is allowed.  See the
 * equivalent C-macro version below for clarity.
 *
 * On error, access_ok branches to a label indicated by parameter
 * <error>.  This implies that the macro falls through to the next
 * instruction on success.
 *
 * Note that we assume success is the common case, and we optimize the
 * branch fall-through case on success.
 *
 * On Entry:
 *      <aa>    register containing memory address
 *      <as>    register containing memory size
 *      <at>    temp register
 *      <sp>
 *      <error> label to branch to on error; implies fall-through
 *              macro on success
 * On Exit:
 *      <aa>    preserved
 *      <as>    preserved
 *      <at>    destroyed
 */
        .macro  access_ok  aa, as, at, sp, error
        kernel_ok  \at, \sp, .Laccess_ok_\@
        user_ok    \aa, \as, \at, \error
.Laccess_ok_\@:
        .endm

#else /* __ASSEMBLY__ not defined */

#include <linux/sched.h>

/*
 * The fs value determines whether argument validity checking should
 * be performed or not.  If get_fs() == USER_DS, checking is
 * performed, with get_fs() == KERNEL_DS, checking is bypassed.
 *
 * For historical reasons (Data Segment Register?), these macros are
 * grossly misnamed.
 */

#define KERNEL_DS       ((mm_segment_t) { 0 })
#define USER_DS         ((mm_segment_t) { 1 })

#define get_ds()        (KERNEL_DS)
#define get_fs()        (current->thread.current_ds)
#define set_fs(val)     (current->thread.current_ds = (val))

#define segment_eq(a, b)        ((a).seg == (b).seg)

#define __kernel_ok (segment_eq(get_fs(), KERNEL_DS))
#define __user_ok(addr, size) \
                (((size) <= TASK_SIZE)&&((addr) <= TASK_SIZE-(size)))
#define __access_ok(addr, size) (__kernel_ok || __user_ok((addr), (size)))
#define access_ok(type, addr, size) __access_ok((unsigned long)(addr), (size))

/*
 * These are the main single-value transfer routines.  They
 * automatically use the right size if we just have the right pointer
 * type.
 *
 * This gets kind of ugly. We want to return _two_ values in
 * "get_user()" and yet we don't want to do any pointers, because that
 * is too much of a performance impact. Thus we have a few rather ugly
 * macros here, and hide all the uglyness from the user.
 *
 * Careful to not
 * (a) re-use the arguments for side effects (sizeof is ok)
 * (b) require any knowledge of processes at this stage
 */
#define put_user(x, ptr)        __put_user_check((x), (ptr), sizeof(*(ptr)))
#define get_user(x, ptr) __get_user_check((x), (ptr), sizeof(*(ptr)))

/*
 * The "__xxx" versions of the user access functions are versions that
 * do not verify the address space, that must have been done previously
 * with a separate "access_ok()" call (this is used when we do multiple
 * accesses to the same area of user memory).
 */
#define __put_user(x, ptr) __put_user_nocheck((x), (ptr), sizeof(*(ptr)))
#define __get_user(x, ptr) __get_user_nocheck((x), (ptr), sizeof(*(ptr)))


extern long __put_user_bad(void);

#define __put_user_nocheck(x, ptr, size)                \
({                                                      \
        long __pu_err;                                  \
        __put_user_size((x), (ptr), (size), __pu_err);  \
        __pu_err;                                       \
})

#define __put_user_check(x, ptr, size)                                  \
({                                                                      \
        long __pu_err = -EFAULT;                                        \
        __typeof__(*(ptr)) *__pu_addr = (ptr);                          \
        if (access_ok(VERIFY_WRITE, __pu_addr, size))                   \
                __put_user_size((x), __pu_addr, (size), __pu_err);      \
        __pu_err;                                                       \
})

#define __put_user_size(x, ptr, size, retval)                           \
do {                                                                    \
        int __cb;                                                       \
        retval = 0;                                                     \
        switch (size) {                                                 \
        case 1: __put_user_asm(x, ptr, retval, 1, "s8i", __cb);  break; \
        case 2: __put_user_asm(x, ptr, retval, 2, "s16i", __cb); break; \
        case 4: __put_user_asm(x, ptr, retval, 4, "s32i", __cb); break; \
        case 8: {                                                       \
                     __typeof__(*ptr) __v64 = x;                        \
                     retval = __copy_to_user(ptr, &__v64, 8);           \
                     break;                                             \
                }                                                       \
        default: __put_user_bad();                                      \
        }                                                               \
} while (0)


/*
 * Consider a case of a user single load/store would cause both an
 * unaligned exception and an MMU-related exception (unaligned
 * exceptions happen first):
 *
 * User code passes a bad variable ptr to a system call.
 * Kernel tries to access the variable.
 * Unaligned exception occurs.
 * Unaligned exception handler tries to make aligned accesses.
 * Double exception occurs for MMU-related cause (e.g., page not mapped).
 * do_page_fault() thinks the fault address belongs to the kernel, not the
 * user, and panics.
 *
 * The kernel currently prohibits user unaligned accesses.  We use the
 * __check_align_* macros to check for unaligned addresses before
 * accessing user space so we don't crash the kernel.  Both
 * __put_user_asm and __get_user_asm use these alignment macros, so
 * macro-specific labels such as 0f, 1f, %0, %2, and %3 must stay in
 * sync.
 */

#define __check_align_1  ""

#define __check_align_2                         \
        "   _bbci.l %3,  0, 1f          \n"     \
        "   movi    %0, %4              \n"     \
        "   _j      2f                  \n"

#define __check_align_4                         \
        "   _bbsi.l %3,  0, 0f          \n"     \
        "   _bbci.l %3,  1, 1f          \n"     \
        "0: movi    %0, %4              \n"     \
        "   _j      2f                  \n"


/*
 * We don't tell gcc that we are accessing memory, but this is OK
 * because we do not write to any memory gcc knows about, so there
 * are no aliasing issues.
 *
 * WARNING: If you modify this macro at all, verify that the
 * __check_align_* macros still work.
 */
#define __put_user_asm(x, addr, err, align, insn, cb)   \
__asm__ __volatile__(                                   \
        __check_align_##align                           \
        "1: "insn"  %2, %3, 0           \n"             \
        "2:                             \n"             \
        "   .section  .fixup,\"ax\"     \n"             \
        "   .align 4                    \n"             \
        "4:                             \n"             \
        "   .long  2b                   \n"             \
        "5:                             \n"             \
        "   l32r   %1, 4b               \n"             \
        "   movi   %0, %4               \n"             \
        "   jx     %1                   \n"             \
        "   .previous                   \n"             \
        "   .section  __ex_table,\"a\"  \n"             \
        "   .long       1b, 5b          \n"             \
        "   .previous"                                  \
        :"=r" (err), "=r" (cb)                          \
        :"r" ((int)(x)), "r" (addr), "i" (-EFAULT), "0" (err))

#define __get_user_nocheck(x, ptr, size)                        \
({                                                              \
        long __gu_err, __gu_val;                                \
        __get_user_size(__gu_val, (ptr), (size), __gu_err);     \
        (x) = (__force __typeof__(*(ptr)))__gu_val;             \
        __gu_err;                                               \
})

#define __get_user_check(x, ptr, size)                                  \
({                                                                      \
        long __gu_err = -EFAULT, __gu_val = 0;                          \
        const __typeof__(*(ptr)) *__gu_addr = (ptr);                    \
        if (access_ok(VERIFY_READ, __gu_addr, size))                    \
                __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \
        (x) = (__force __typeof__(*(ptr)))__gu_val;                     \
        __gu_err;                                                       \
})

extern long __get_user_bad(void);

#define __get_user_size(x, ptr, size, retval)                           \
do {                                                                    \
        int __cb;                                                       \
        retval = 0;                                                     \
        switch (size) {                                                 \
        case 1: __get_user_asm(x, ptr, retval, 1, "l8ui", __cb);  break;\
        case 2: __get_user_asm(x, ptr, retval, 2, "l16ui", __cb); break;\
        case 4: __get_user_asm(x, ptr, retval, 4, "l32i", __cb);  break;\
        case 8: retval = __copy_from_user(&x, ptr, 8);    break;        \
        default: (x) = __get_user_bad();                                \
        }                                                               \
} while (0)


/*
 * WARNING: If you modify this macro at all, verify that the
 * __check_align_* macros still work.
 */
#define __get_user_asm(x, addr, err, align, insn, cb) \
__asm__ __volatile__(                   \
        __check_align_##align                   \
        "1: "insn"  %2, %3, 0           \n"     \
        "2:                             \n"     \
        "   .section  .fixup,\"ax\"     \n"     \
        "   .align 4                    \n"     \
        "4:                             \n"     \
        "   .long  2b                   \n"     \
        "5:                             \n"     \
        "   l32r   %1, 4b               \n"     \
        "   movi   %2, 0                \n"     \
        "   movi   %0, %4               \n"     \
        "   jx     %1                   \n"     \
        "   .previous                   \n"     \
        "   .section  __ex_table,\"a\"  \n"     \
        "   .long       1b, 5b          \n"     \
        "   .previous"                          \
        :"=r" (err), "=r" (cb), "=r" (x)        \
        :"r" (addr), "i" (-EFAULT), "0" (err))


/*
 * Copy to/from user space
 */

/*
 * We use a generic, arbitrary-sized copy subroutine.  The Xtensa
 * architecture would cause heavy code bloat if we tried to inline
 * these functions and provide __constant_copy_* equivalents like the
 * i386 versions.  __xtensa_copy_user is quite efficient.  See the
 * .fixup section of __xtensa_copy_user for a discussion on the
 * X_zeroing equivalents for Xtensa.
 */

extern unsigned __xtensa_copy_user(void *to, const void *from, unsigned n);
#define __copy_user(to, from, size) __xtensa_copy_user(to, from, size)


static inline unsigned long
__generic_copy_from_user_nocheck(void *to, const void *from, unsigned long n)
{
        return __copy_user(to, from, n);
}

static inline unsigned long
__generic_copy_to_user_nocheck(void *to, const void *from, unsigned long n)
{
        return __copy_user(to, from, n);
}

static inline unsigned long
__generic_copy_to_user(void *to, const void *from, unsigned long n)
{
        prefetch(from);
        if (access_ok(VERIFY_WRITE, to, n))
                return __copy_user(to, from, n);
        return n;
}

static inline unsigned long
__generic_copy_from_user(void *to, const void *from, unsigned long n)
{
        prefetchw(to);
        if (access_ok(VERIFY_READ, from, n))
                return __copy_user(to, from, n);
        else
                memset(to, 0, n);
        return n;
}

#define copy_to_user(to, from, n) __generic_copy_to_user((to), (from), (n))
#define copy_from_user(to, from, n) __generic_copy_from_user((to), (from), (n))
#define __copy_to_user(to, from, n) \
        __generic_copy_to_user_nocheck((to), (from), (n))
#define __copy_from_user(to, from, n) \
        __generic_copy_from_user_nocheck((to), (from), (n))
#define __copy_to_user_inatomic __copy_to_user
#define __copy_from_user_inatomic __copy_from_user


/*
 * We need to return the number of bytes not cleared.  Our memset()
 * returns zero if a problem occurs while accessing user-space memory.
 * In that event, return no memory cleared.  Otherwise, zero for
 * success.
 */

static inline unsigned long
__xtensa_clear_user(void *addr, unsigned long size)
{
        if ( ! memset(addr, 0, size) )
                return size;
        return 0;
}

static inline unsigned long
clear_user(void *addr, unsigned long size)
{
        if (access_ok(VERIFY_WRITE, addr, size))
                return __xtensa_clear_user(addr, size);
        return size ? -EFAULT : 0;
}

#define __clear_user  __xtensa_clear_user


extern long __strncpy_user(char *, const char *, long);
#define __strncpy_from_user __strncpy_user

static inline long
strncpy_from_user(char *dst, const char *src, long count)
{
        if (access_ok(VERIFY_READ, src, 1))
                return __strncpy_from_user(dst, src, count);
        return -EFAULT;
}


#define strlen_user(str) strnlen_user((str), TASK_SIZE - 1)

/*
 * Return the size of a string (including the ending 0!)
 */
extern long __strnlen_user(const char *, long);

static inline long strnlen_user(const char *str, long len)
{
        unsigned long top = __kernel_ok ? ~0UL : TASK_SIZE - 1;

        if ((unsigned long)str > top)
                return 0;
        return __strnlen_user(str, len);
}


struct exception_table_entry
{
        unsigned long insn, fixup;
};

/* Returns 0 if exception not found and fixup.unit otherwise.  */

extern unsigned long search_exception_table(unsigned long addr);
extern void sort_exception_table(void);

/* Returns the new pc */
#define fixup_exception(map_reg, fixup_unit, pc)                \
({                                                              \
        fixup_unit;                                             \
})

#endif  /* __ASSEMBLY__ */
#endif  /* _XTENSA_UACCESS_H */