1
2
3
4
5
6
7
8
9
10
11
12#include <linux/mm.h>
13#include <linux/miscdevice.h>
14#include <linux/slab.h>
15#include <linux/vmalloc.h>
16#include <linux/mman.h>
17#include <linux/random.h>
18#include <linux/init.h>
19#include <linux/raw.h>
20#include <linux/tty.h>
21#include <linux/capability.h>
22#include <linux/ptrace.h>
23#include <linux/device.h>
24#include <linux/highmem.h>
25#include <linux/backing-dev.h>
26#include <linux/shmem_fs.h>
27#include <linux/splice.h>
28#include <linux/pfn.h>
29#include <linux/export.h>
30#include <linux/io.h>
31#include <linux/uio.h>
32
33#include <linux/uaccess.h>
34
35#ifdef CONFIG_IA64
36# include <linux/efi.h>
37#endif
38
39#define DEVPORT_MINOR 4
40
41static inline unsigned long size_inside_page(unsigned long start,
42 unsigned long size)
43{
44 unsigned long sz;
45
46 sz = PAGE_SIZE - (start & (PAGE_SIZE - 1));
47
48 return min(sz, size);
49}
50
51#ifndef ARCH_HAS_VALID_PHYS_ADDR_RANGE
52static inline int valid_phys_addr_range(phys_addr_t addr, size_t count)
53{
54 return addr + count <= __pa(high_memory);
55}
56
57static inline int valid_mmap_phys_addr_range(unsigned long pfn, size_t size)
58{
59 return 1;
60}
61#endif
62
63#ifdef CONFIG_STRICT_DEVMEM
64static inline int page_is_allowed(unsigned long pfn)
65{
66 return devmem_is_allowed(pfn);
67}
68static inline int range_is_allowed(unsigned long pfn, unsigned long size)
69{
70 u64 from = ((u64)pfn) << PAGE_SHIFT;
71 u64 to = from + size;
72 u64 cursor = from;
73
74 while (cursor < to) {
75 if (!devmem_is_allowed(pfn))
76 return 0;
77 cursor += PAGE_SIZE;
78 pfn++;
79 }
80 return 1;
81}
82#else
83static inline int page_is_allowed(unsigned long pfn)
84{
85 return 1;
86}
87static inline int range_is_allowed(unsigned long pfn, unsigned long size)
88{
89 return 1;
90}
91#endif
92
93#ifndef unxlate_dev_mem_ptr
94#define unxlate_dev_mem_ptr unxlate_dev_mem_ptr
95void __weak unxlate_dev_mem_ptr(phys_addr_t phys, void *addr)
96{
97}
98#endif
99
100
101
102
103
104static ssize_t read_mem(struct file *file, char __user *buf,
105 size_t count, loff_t *ppos)
106{
107 phys_addr_t p = *ppos;
108 ssize_t read, sz;
109 void *ptr;
110 char *bounce;
111 int err;
112
113 if (p != *ppos)
114 return 0;
115
116 if (!valid_phys_addr_range(p, count))
117 return -EFAULT;
118 read = 0;
119#ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
120
121 if (p < PAGE_SIZE) {
122 sz = size_inside_page(p, count);
123 if (sz > 0) {
124 if (clear_user(buf, sz))
125 return -EFAULT;
126 buf += sz;
127 p += sz;
128 count -= sz;
129 read += sz;
130 }
131 }
132#endif
133
134 bounce = kmalloc(PAGE_SIZE, GFP_KERNEL);
135 if (!bounce)
136 return -ENOMEM;
137
138 while (count > 0) {
139 unsigned long remaining;
140 int allowed, probe;
141
142 sz = size_inside_page(p, count);
143
144 err = -EPERM;
145 allowed = page_is_allowed(p >> PAGE_SHIFT);
146 if (!allowed)
147 goto failed;
148
149 err = -EFAULT;
150 if (allowed == 2) {
151
152 remaining = clear_user(buf, sz);
153 } else {
154
155
156
157
158
159 ptr = xlate_dev_mem_ptr(p);
160 if (!ptr)
161 goto failed;
162
163 probe = probe_kernel_read(bounce, ptr, sz);
164 unxlate_dev_mem_ptr(p, ptr);
165 if (probe)
166 goto failed;
167
168 remaining = copy_to_user(buf, bounce, sz);
169 }
170
171 if (remaining)
172 goto failed;
173
174 buf += sz;
175 p += sz;
176 count -= sz;
177 read += sz;
178 }
179 kfree(bounce);
180
181 *ppos += read;
182 return read;
183
184failed:
185 kfree(bounce);
186 return err;
187}
188
189static ssize_t write_mem(struct file *file, const char __user *buf,
190 size_t count, loff_t *ppos)
191{
192 phys_addr_t p = *ppos;
193 ssize_t written, sz;
194 unsigned long copied;
195 void *ptr;
196
197 if (p != *ppos)
198 return -EFBIG;
199
200 if (!valid_phys_addr_range(p, count))
201 return -EFAULT;
202
203 written = 0;
204
205#ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
206
207 if (p < PAGE_SIZE) {
208 sz = size_inside_page(p, count);
209
210 buf += sz;
211 p += sz;
212 count -= sz;
213 written += sz;
214 }
215#endif
216
217 while (count > 0) {
218 int allowed;
219
220 sz = size_inside_page(p, count);
221
222 allowed = page_is_allowed(p >> PAGE_SHIFT);
223 if (!allowed)
224 return -EPERM;
225
226
227 if (allowed == 1) {
228
229
230
231
232
233 ptr = xlate_dev_mem_ptr(p);
234 if (!ptr) {
235 if (written)
236 break;
237 return -EFAULT;
238 }
239
240 copied = copy_from_user(ptr, buf, sz);
241 unxlate_dev_mem_ptr(p, ptr);
242 if (copied) {
243 written += sz - copied;
244 if (written)
245 break;
246 return -EFAULT;
247 }
248 }
249
250 buf += sz;
251 p += sz;
252 count -= sz;
253 written += sz;
254 }
255
256 *ppos += written;
257 return written;
258}
259
260int __weak phys_mem_access_prot_allowed(struct file *file,
261 unsigned long pfn, unsigned long size, pgprot_t *vma_prot)
262{
263 return 1;
264}
265
266#ifndef __HAVE_PHYS_MEM_ACCESS_PROT
267
268
269
270
271
272
273#ifdef pgprot_noncached
274static int uncached_access(struct file *file, phys_addr_t addr)
275{
276#if defined(CONFIG_IA64)
277
278
279
280
281 return !(efi_mem_attributes(addr) & EFI_MEMORY_WB);
282#elif defined(CONFIG_MIPS)
283 {
284 extern int __uncached_access(struct file *file,
285 unsigned long addr);
286
287 return __uncached_access(file, addr);
288 }
289#else
290
291
292
293
294
295 if (file->f_flags & O_DSYNC)
296 return 1;
297 return addr >= __pa(high_memory);
298#endif
299}
300#endif
301
302static pgprot_t phys_mem_access_prot(struct file *file, unsigned long pfn,
303 unsigned long size, pgprot_t vma_prot)
304{
305#ifdef pgprot_noncached
306 phys_addr_t offset = pfn << PAGE_SHIFT;
307
308 if (uncached_access(file, offset))
309 return pgprot_noncached(vma_prot);
310#endif
311 return vma_prot;
312}
313#endif
314
315#ifndef CONFIG_MMU
316static unsigned long get_unmapped_area_mem(struct file *file,
317 unsigned long addr,
318 unsigned long len,
319 unsigned long pgoff,
320 unsigned long flags)
321{
322 if (!valid_mmap_phys_addr_range(pgoff, len))
323 return (unsigned long) -EINVAL;
324 return pgoff << PAGE_SHIFT;
325}
326
327
328static unsigned memory_mmap_capabilities(struct file *file)
329{
330 return NOMMU_MAP_DIRECT |
331 NOMMU_MAP_READ | NOMMU_MAP_WRITE | NOMMU_MAP_EXEC;
332}
333
334static unsigned zero_mmap_capabilities(struct file *file)
335{
336 return NOMMU_MAP_COPY;
337}
338
339
340static inline int private_mapping_ok(struct vm_area_struct *vma)
341{
342 return vma->vm_flags & VM_MAYSHARE;
343}
344#else
345
346static inline int private_mapping_ok(struct vm_area_struct *vma)
347{
348 return 1;
349}
350#endif
351
352static const struct vm_operations_struct mmap_mem_ops = {
353#ifdef CONFIG_HAVE_IOREMAP_PROT
354 .access = generic_access_phys
355#endif
356};
357
358static int mmap_mem(struct file *file, struct vm_area_struct *vma)
359{
360 size_t size = vma->vm_end - vma->vm_start;
361 phys_addr_t offset = (phys_addr_t)vma->vm_pgoff << PAGE_SHIFT;
362
363
364 if (offset >> PAGE_SHIFT != vma->vm_pgoff)
365 return -EINVAL;
366
367
368 if (offset + (phys_addr_t)size - 1 < offset)
369 return -EINVAL;
370
371 if (!valid_mmap_phys_addr_range(vma->vm_pgoff, size))
372 return -EINVAL;
373
374 if (!private_mapping_ok(vma))
375 return -ENOSYS;
376
377 if (!range_is_allowed(vma->vm_pgoff, size))
378 return -EPERM;
379
380 if (!phys_mem_access_prot_allowed(file, vma->vm_pgoff, size,
381 &vma->vm_page_prot))
382 return -EINVAL;
383
384 vma->vm_page_prot = phys_mem_access_prot(file, vma->vm_pgoff,
385 size,
386 vma->vm_page_prot);
387
388 vma->vm_ops = &mmap_mem_ops;
389
390
391 if (remap_pfn_range(vma,
392 vma->vm_start,
393 vma->vm_pgoff,
394 size,
395 vma->vm_page_prot)) {
396 return -EAGAIN;
397 }
398 return 0;
399}
400
401static int mmap_kmem(struct file *file, struct vm_area_struct *vma)
402{
403 unsigned long pfn;
404
405
406 pfn = __pa((u64)vma->vm_pgoff << PAGE_SHIFT) >> PAGE_SHIFT;
407
408
409
410
411
412
413
414
415 if (!pfn_valid(pfn))
416 return -EIO;
417
418 vma->vm_pgoff = pfn;
419 return mmap_mem(file, vma);
420}
421
422
423
424
425static ssize_t read_kmem(struct file *file, char __user *buf,
426 size_t count, loff_t *ppos)
427{
428 unsigned long p = *ppos;
429 ssize_t low_count, read, sz;
430 char *kbuf;
431 int err = 0;
432
433 read = 0;
434 if (p < (unsigned long) high_memory) {
435 low_count = count;
436 if (count > (unsigned long)high_memory - p)
437 low_count = (unsigned long)high_memory - p;
438
439#ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
440
441 if (p < PAGE_SIZE && low_count > 0) {
442 sz = size_inside_page(p, low_count);
443 if (clear_user(buf, sz))
444 return -EFAULT;
445 buf += sz;
446 p += sz;
447 read += sz;
448 low_count -= sz;
449 count -= sz;
450 }
451#endif
452 while (low_count > 0) {
453 sz = size_inside_page(p, low_count);
454
455
456
457
458
459
460 kbuf = xlate_dev_kmem_ptr((void *)p);
461 if (!virt_addr_valid(kbuf))
462 return -ENXIO;
463
464 if (copy_to_user(buf, kbuf, sz))
465 return -EFAULT;
466 buf += sz;
467 p += sz;
468 read += sz;
469 low_count -= sz;
470 count -= sz;
471 }
472 }
473
474 if (count > 0) {
475 kbuf = (char *)__get_free_page(GFP_KERNEL);
476 if (!kbuf)
477 return -ENOMEM;
478 while (count > 0) {
479 sz = size_inside_page(p, count);
480 if (!is_vmalloc_or_module_addr((void *)p)) {
481 err = -ENXIO;
482 break;
483 }
484 sz = vread(kbuf, (char *)p, sz);
485 if (!sz)
486 break;
487 if (copy_to_user(buf, kbuf, sz)) {
488 err = -EFAULT;
489 break;
490 }
491 count -= sz;
492 buf += sz;
493 read += sz;
494 p += sz;
495 }
496 free_page((unsigned long)kbuf);
497 }
498 *ppos = p;
499 return read ? read : err;
500}
501
502
503static ssize_t do_write_kmem(unsigned long p, const char __user *buf,
504 size_t count, loff_t *ppos)
505{
506 ssize_t written, sz;
507 unsigned long copied;
508
509 written = 0;
510#ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
511
512 if (p < PAGE_SIZE) {
513 sz = size_inside_page(p, count);
514
515 buf += sz;
516 p += sz;
517 count -= sz;
518 written += sz;
519 }
520#endif
521
522 while (count > 0) {
523 void *ptr;
524
525 sz = size_inside_page(p, count);
526
527
528
529
530
531
532 ptr = xlate_dev_kmem_ptr((void *)p);
533 if (!virt_addr_valid(ptr))
534 return -ENXIO;
535
536 copied = copy_from_user(ptr, buf, sz);
537 if (copied) {
538 written += sz - copied;
539 if (written)
540 break;
541 return -EFAULT;
542 }
543 buf += sz;
544 p += sz;
545 count -= sz;
546 written += sz;
547 }
548
549 *ppos += written;
550 return written;
551}
552
553
554
555
556static ssize_t write_kmem(struct file *file, const char __user *buf,
557 size_t count, loff_t *ppos)
558{
559 unsigned long p = *ppos;
560 ssize_t wrote = 0;
561 ssize_t virtr = 0;
562 char *kbuf;
563 int err = 0;
564
565 if (p < (unsigned long) high_memory) {
566 unsigned long to_write = min_t(unsigned long, count,
567 (unsigned long)high_memory - p);
568 wrote = do_write_kmem(p, buf, to_write, ppos);
569 if (wrote != to_write)
570 return wrote;
571 p += wrote;
572 buf += wrote;
573 count -= wrote;
574 }
575
576 if (count > 0) {
577 kbuf = (char *)__get_free_page(GFP_KERNEL);
578 if (!kbuf)
579 return wrote ? wrote : -ENOMEM;
580 while (count > 0) {
581 unsigned long sz = size_inside_page(p, count);
582 unsigned long n;
583
584 if (!is_vmalloc_or_module_addr((void *)p)) {
585 err = -ENXIO;
586 break;
587 }
588 n = copy_from_user(kbuf, buf, sz);
589 if (n) {
590 err = -EFAULT;
591 break;
592 }
593 vwrite(kbuf, (char *)p, sz);
594 count -= sz;
595 buf += sz;
596 virtr += sz;
597 p += sz;
598 }
599 free_page((unsigned long)kbuf);
600 }
601
602 *ppos = p;
603 return virtr + wrote ? : err;
604}
605
606static ssize_t read_port(struct file *file, char __user *buf,
607 size_t count, loff_t *ppos)
608{
609 unsigned long i = *ppos;
610 char __user *tmp = buf;
611
612 if (!access_ok(buf, count))
613 return -EFAULT;
614 while (count-- > 0 && i < 65536) {
615 if (__put_user(inb(i), tmp) < 0)
616 return -EFAULT;
617 i++;
618 tmp++;
619 }
620 *ppos = i;
621 return tmp-buf;
622}
623
624static ssize_t write_port(struct file *file, const char __user *buf,
625 size_t count, loff_t *ppos)
626{
627 unsigned long i = *ppos;
628 const char __user *tmp = buf;
629
630 if (!access_ok(buf, count))
631 return -EFAULT;
632 while (count-- > 0 && i < 65536) {
633 char c;
634
635 if (__get_user(c, tmp)) {
636 if (tmp > buf)
637 break;
638 return -EFAULT;
639 }
640 outb(c, i);
641 i++;
642 tmp++;
643 }
644 *ppos = i;
645 return tmp-buf;
646}
647
648static ssize_t read_null(struct file *file, char __user *buf,
649 size_t count, loff_t *ppos)
650{
651 return 0;
652}
653
654static ssize_t write_null(struct file *file, const char __user *buf,
655 size_t count, loff_t *ppos)
656{
657 return count;
658}
659
660static ssize_t read_iter_null(struct kiocb *iocb, struct iov_iter *to)
661{
662 return 0;
663}
664
665static ssize_t write_iter_null(struct kiocb *iocb, struct iov_iter *from)
666{
667 size_t count = iov_iter_count(from);
668 iov_iter_advance(from, count);
669 return count;
670}
671
672static int pipe_to_null(struct pipe_inode_info *info, struct pipe_buffer *buf,
673 struct splice_desc *sd)
674{
675 return sd->len;
676}
677
678static ssize_t splice_write_null(struct pipe_inode_info *pipe, struct file *out,
679 loff_t *ppos, size_t len, unsigned int flags)
680{
681 return splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_null);
682}
683
684static ssize_t read_iter_zero(struct kiocb *iocb, struct iov_iter *iter)
685{
686 size_t written = 0;
687
688 while (iov_iter_count(iter)) {
689 size_t chunk = iov_iter_count(iter), n;
690
691 if (chunk > PAGE_SIZE)
692 chunk = PAGE_SIZE;
693 n = iov_iter_zero(chunk, iter);
694 if (!n && iov_iter_count(iter))
695 return written ? written : -EFAULT;
696 written += n;
697 if (signal_pending(current))
698 return written ? written : -ERESTARTSYS;
699 cond_resched();
700 }
701 return written;
702}
703
704static int mmap_zero(struct file *file, struct vm_area_struct *vma)
705{
706#ifndef CONFIG_MMU
707 return -ENOSYS;
708#endif
709 if (vma->vm_flags & VM_SHARED)
710 return shmem_zero_setup(vma);
711 vma_set_anonymous(vma);
712 return 0;
713}
714
715static unsigned long get_unmapped_area_zero(struct file *file,
716 unsigned long addr, unsigned long len,
717 unsigned long pgoff, unsigned long flags)
718{
719#ifdef CONFIG_MMU
720 if (flags & MAP_SHARED) {
721
722
723
724
725
726
727 return shmem_get_unmapped_area(NULL, addr, len, pgoff, flags);
728 }
729
730
731 return current->mm->get_unmapped_area(file, addr, len, pgoff, flags);
732#else
733 return -ENOSYS;
734#endif
735}
736
737static ssize_t write_full(struct file *file, const char __user *buf,
738 size_t count, loff_t *ppos)
739{
740 return -ENOSPC;
741}
742
743
744
745
746
747
748static loff_t null_lseek(struct file *file, loff_t offset, int orig)
749{
750 return file->f_pos = 0;
751}
752
753
754
755
756
757
758
759
760
761static loff_t memory_lseek(struct file *file, loff_t offset, int orig)
762{
763 loff_t ret;
764
765 inode_lock(file_inode(file));
766 switch (orig) {
767 case SEEK_CUR:
768 offset += file->f_pos;
769
770 case SEEK_SET:
771
772 if ((unsigned long long)offset >= -MAX_ERRNO) {
773 ret = -EOVERFLOW;
774 break;
775 }
776 file->f_pos = offset;
777 ret = file->f_pos;
778 force_successful_syscall_return();
779 break;
780 default:
781 ret = -EINVAL;
782 }
783 inode_unlock(file_inode(file));
784 return ret;
785}
786
787static int open_port(struct inode *inode, struct file *filp)
788{
789 return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
790}
791
792#define zero_lseek null_lseek
793#define full_lseek null_lseek
794#define write_zero write_null
795#define write_iter_zero write_iter_null
796#define open_mem open_port
797#define open_kmem open_mem
798
799static const struct file_operations __maybe_unused mem_fops = {
800 .llseek = memory_lseek,
801 .read = read_mem,
802 .write = write_mem,
803 .mmap = mmap_mem,
804 .open = open_mem,
805#ifndef CONFIG_MMU
806 .get_unmapped_area = get_unmapped_area_mem,
807 .mmap_capabilities = memory_mmap_capabilities,
808#endif
809};
810
811static const struct file_operations __maybe_unused kmem_fops = {
812 .llseek = memory_lseek,
813 .read = read_kmem,
814 .write = write_kmem,
815 .mmap = mmap_kmem,
816 .open = open_kmem,
817#ifndef CONFIG_MMU
818 .get_unmapped_area = get_unmapped_area_mem,
819 .mmap_capabilities = memory_mmap_capabilities,
820#endif
821};
822
823static const struct file_operations null_fops = {
824 .llseek = null_lseek,
825 .read = read_null,
826 .write = write_null,
827 .read_iter = read_iter_null,
828 .write_iter = write_iter_null,
829 .splice_write = splice_write_null,
830};
831
832static const struct file_operations __maybe_unused port_fops = {
833 .llseek = memory_lseek,
834 .read = read_port,
835 .write = write_port,
836 .open = open_port,
837};
838
839static const struct file_operations zero_fops = {
840 .llseek = zero_lseek,
841 .write = write_zero,
842 .read_iter = read_iter_zero,
843 .write_iter = write_iter_zero,
844 .mmap = mmap_zero,
845 .get_unmapped_area = get_unmapped_area_zero,
846#ifndef CONFIG_MMU
847 .mmap_capabilities = zero_mmap_capabilities,
848#endif
849};
850
851static const struct file_operations full_fops = {
852 .llseek = full_lseek,
853 .read_iter = read_iter_zero,
854 .write = write_full,
855};
856
857static const struct memdev {
858 const char *name;
859 umode_t mode;
860 const struct file_operations *fops;
861 fmode_t fmode;
862} devlist[] = {
863#ifdef CONFIG_DEVMEM
864 [1] = { "mem", 0, &mem_fops, FMODE_UNSIGNED_OFFSET },
865#endif
866#ifdef CONFIG_DEVKMEM
867 [2] = { "kmem", 0, &kmem_fops, FMODE_UNSIGNED_OFFSET },
868#endif
869 [3] = { "null", 0666, &null_fops, 0 },
870#ifdef CONFIG_DEVPORT
871 [4] = { "port", 0, &port_fops, 0 },
872#endif
873 [5] = { "zero", 0666, &zero_fops, 0 },
874 [7] = { "full", 0666, &full_fops, 0 },
875 [8] = { "random", 0666, &random_fops, 0 },
876 [9] = { "urandom", 0666, &urandom_fops, 0 },
877#ifdef CONFIG_PRINTK
878 [11] = { "kmsg", 0644, &kmsg_fops, 0 },
879#endif
880};
881
882static int memory_open(struct inode *inode, struct file *filp)
883{
884 int minor;
885 const struct memdev *dev;
886
887 minor = iminor(inode);
888 if (minor >= ARRAY_SIZE(devlist))
889 return -ENXIO;
890
891 dev = &devlist[minor];
892 if (!dev->fops)
893 return -ENXIO;
894
895 filp->f_op = dev->fops;
896 filp->f_mode |= dev->fmode;
897
898 if (dev->fops->open)
899 return dev->fops->open(inode, filp);
900
901 return 0;
902}
903
904static const struct file_operations memory_fops = {
905 .open = memory_open,
906 .llseek = noop_llseek,
907};
908
909static char *mem_devnode(struct device *dev, umode_t *mode)
910{
911 if (mode && devlist[MINOR(dev->devt)].mode)
912 *mode = devlist[MINOR(dev->devt)].mode;
913 return NULL;
914}
915
916static struct class *mem_class;
917
918static int __init chr_dev_init(void)
919{
920 int minor;
921
922 if (register_chrdev(MEM_MAJOR, "mem", &memory_fops))
923 printk("unable to get major %d for memory devs\n", MEM_MAJOR);
924
925 mem_class = class_create(THIS_MODULE, "mem");
926 if (IS_ERR(mem_class))
927 return PTR_ERR(mem_class);
928
929 mem_class->devnode = mem_devnode;
930 for (minor = 1; minor < ARRAY_SIZE(devlist); minor++) {
931 if (!devlist[minor].name)
932 continue;
933
934
935
936
937 if ((minor == DEVPORT_MINOR) && !arch_has_dev_port())
938 continue;
939
940 device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor),
941 NULL, devlist[minor].name);
942 }
943
944 return tty_init();
945}
946
947fs_initcall(chr_dev_init);
948
