1 // SPDX-License-Identifier: GPL-2.0
3 * linux/drivers/char/mem.c
5 * Copyright (C) 1991, 1992 Linus Torvalds
8 * Jan-11-1998, C. Scott Ananian <cananian@alumni.princeton.edu>
9 * Shared /dev/zero mmapping support, Feb 2000, Kanoj Sarcar <kanoj@sgi.com>
13 #include <linux/miscdevice.h>
14 #include <linux/slab.h>
15 #include <linux/vmalloc.h>
16 #include <linux/mman.h>
17 #include <linux/random.h>
18 #include <linux/init.h>
19 #include <linux/tty.h>
20 #include <linux/capability.h>
21 #include <linux/ptrace.h>
22 #include <linux/device.h>
23 #include <linux/highmem.h>
24 #include <linux/backing-dev.h>
25 #include <linux/shmem_fs.h>
26 #include <linux/splice.h>
27 #include <linux/pfn.h>
28 #include <linux/export.h>
30 #include <linux/uio.h>
31 #include <linux/uaccess.h>
32 #include <linux/security.h>
34 #define DEVMEM_MINOR 1
35 #define DEVPORT_MINOR 4
37 static inline unsigned long size_inside_page(unsigned long start,
42 sz = PAGE_SIZE - (start & (PAGE_SIZE - 1));
47 #ifndef ARCH_HAS_VALID_PHYS_ADDR_RANGE
48 static inline int valid_phys_addr_range(phys_addr_t addr, size_t count)
50 return addr + count <= __pa(high_memory);
53 static inline int valid_mmap_phys_addr_range(unsigned long pfn, size_t size)
59 #ifdef CONFIG_STRICT_DEVMEM
60 static inline int page_is_allowed(unsigned long pfn)
62 return devmem_is_allowed(pfn);
64 static inline int range_is_allowed(unsigned long pfn, unsigned long size)
66 u64 from = ((u64)pfn) << PAGE_SHIFT;
71 if (!devmem_is_allowed(pfn))
79 static inline int page_is_allowed(unsigned long pfn)
83 static inline int range_is_allowed(unsigned long pfn, unsigned long size)
89 static inline bool should_stop_iteration(void)
93 return signal_pending(current);
97 * This funcion reads the *physical* memory. The f_pos points directly to the
100 static ssize_t read_mem(struct file *file, char __user *buf,
101 size_t count, loff_t *ppos)
103 phys_addr_t p = *ppos;
112 if (!valid_phys_addr_range(p, count))
115 #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
116 /* we don't have page 0 mapped on sparc and m68k.. */
118 sz = size_inside_page(p, count);
120 if (clear_user(buf, sz))
130 bounce = kmalloc(PAGE_SIZE, GFP_KERNEL);
135 unsigned long remaining;
138 sz = size_inside_page(p, count);
141 allowed = page_is_allowed(p >> PAGE_SHIFT);
147 /* Show zeros for restricted memory. */
148 remaining = clear_user(buf, sz);
151 * On ia64 if a page has been mapped somewhere as
152 * uncached, then it must also be accessed uncached
153 * by the kernel or data corruption may occur.
155 ptr = xlate_dev_mem_ptr(p);
159 probe = copy_from_kernel_nofault(bounce, ptr, sz);
160 unxlate_dev_mem_ptr(p, ptr);
164 remaining = copy_to_user(buf, bounce, sz);
174 if (should_stop_iteration())
187 static ssize_t write_mem(struct file *file, const char __user *buf,
188 size_t count, loff_t *ppos)
190 phys_addr_t p = *ppos;
192 unsigned long copied;
198 if (!valid_phys_addr_range(p, count))
203 #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
204 /* we don't have page 0 mapped on sparc and m68k.. */
206 sz = size_inside_page(p, count);
207 /* Hmm. Do something? */
218 sz = size_inside_page(p, count);
220 allowed = page_is_allowed(p >> PAGE_SHIFT);
224 /* Skip actual writing when a page is marked as restricted. */
227 * On ia64 if a page has been mapped somewhere as
228 * uncached, then it must also be accessed uncached
229 * by the kernel or data corruption may occur.
231 ptr = xlate_dev_mem_ptr(p);
238 copied = copy_from_user(ptr, buf, sz);
239 unxlate_dev_mem_ptr(p, ptr);
241 written += sz - copied;
252 if (should_stop_iteration())
260 int __weak phys_mem_access_prot_allowed(struct file *file,
261 unsigned long pfn, unsigned long size, pgprot_t *vma_prot)
266 #ifndef __HAVE_PHYS_MEM_ACCESS_PROT
269 * Architectures vary in how they handle caching for addresses
270 * outside of main memory.
273 #ifdef pgprot_noncached
274 static int uncached_access(struct file *file, phys_addr_t addr)
277 * Accessing memory above the top the kernel knows about or through a
279 * that was marked O_DSYNC will be done non-cached.
281 if (file->f_flags & O_DSYNC)
283 return addr >= __pa(high_memory);
287 static pgprot_t phys_mem_access_prot(struct file *file, unsigned long pfn,
288 unsigned long size, pgprot_t vma_prot)
290 #ifdef pgprot_noncached
291 phys_addr_t offset = pfn << PAGE_SHIFT;
293 if (uncached_access(file, offset))
294 return pgprot_noncached(vma_prot);
301 static unsigned long get_unmapped_area_mem(struct file *file,
307 if (!valid_mmap_phys_addr_range(pgoff, len))
308 return (unsigned long) -EINVAL;
309 return pgoff << PAGE_SHIFT;
312 /* permit direct mmap, for read, write or exec */
313 static unsigned memory_mmap_capabilities(struct file *file)
315 return NOMMU_MAP_DIRECT |
316 NOMMU_MAP_READ | NOMMU_MAP_WRITE | NOMMU_MAP_EXEC;
319 static unsigned zero_mmap_capabilities(struct file *file)
321 return NOMMU_MAP_COPY;
324 /* can't do an in-place private mapping if there's no MMU */
325 static inline int private_mapping_ok(struct vm_area_struct *vma)
327 return is_nommu_shared_mapping(vma->vm_flags);
331 static inline int private_mapping_ok(struct vm_area_struct *vma)
337 static const struct vm_operations_struct mmap_mem_ops = {
338 #ifdef CONFIG_HAVE_IOREMAP_PROT
339 .access = generic_access_phys
343 static int mmap_mem(struct file *file, struct vm_area_struct *vma)
345 size_t size = vma->vm_end - vma->vm_start;
346 phys_addr_t offset = (phys_addr_t)vma->vm_pgoff << PAGE_SHIFT;
348 /* Does it even fit in phys_addr_t? */
349 if (offset >> PAGE_SHIFT != vma->vm_pgoff)
352 /* It's illegal to wrap around the end of the physical address space. */
353 if (offset + (phys_addr_t)size - 1 < offset)
356 if (!valid_mmap_phys_addr_range(vma->vm_pgoff, size))
359 if (!private_mapping_ok(vma))
362 if (!range_is_allowed(vma->vm_pgoff, size))
365 if (!phys_mem_access_prot_allowed(file, vma->vm_pgoff, size,
369 vma->vm_page_prot = phys_mem_access_prot(file, vma->vm_pgoff,
373 vma->vm_ops = &mmap_mem_ops;
375 /* Remap-pfn-range will mark the range VM_IO */
376 if (remap_pfn_range(vma,
380 vma->vm_page_prot)) {
386 static ssize_t read_port(struct file *file, char __user *buf,
387 size_t count, loff_t *ppos)
389 unsigned long i = *ppos;
390 char __user *tmp = buf;
392 if (!access_ok(buf, count))
394 while (count-- > 0 && i < 65536) {
395 if (__put_user(inb(i), tmp) < 0)
404 static ssize_t write_port(struct file *file, const char __user *buf,
405 size_t count, loff_t *ppos)
407 unsigned long i = *ppos;
408 const char __user *tmp = buf;
410 if (!access_ok(buf, count))
412 while (count-- > 0 && i < 65536) {
415 if (__get_user(c, tmp)) {
428 static ssize_t read_null(struct file *file, char __user *buf,
429 size_t count, loff_t *ppos)
434 static ssize_t write_null(struct file *file, const char __user *buf,
435 size_t count, loff_t *ppos)
440 static ssize_t read_iter_null(struct kiocb *iocb, struct iov_iter *to)
445 static ssize_t write_iter_null(struct kiocb *iocb, struct iov_iter *from)
447 size_t count = iov_iter_count(from);
448 iov_iter_advance(from, count);
452 static int pipe_to_null(struct pipe_inode_info *info, struct pipe_buffer *buf,
453 struct splice_desc *sd)
458 static ssize_t splice_write_null(struct pipe_inode_info *pipe, struct file *out,
459 loff_t *ppos, size_t len, unsigned int flags)
461 return splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_null);
464 static int uring_cmd_null(struct io_uring_cmd *ioucmd, unsigned int issue_flags)
469 static ssize_t read_iter_zero(struct kiocb *iocb, struct iov_iter *iter)
473 while (iov_iter_count(iter)) {
474 size_t chunk = iov_iter_count(iter), n;
476 if (chunk > PAGE_SIZE)
477 chunk = PAGE_SIZE; /* Just for latency reasons */
478 n = iov_iter_zero(chunk, iter);
479 if (!n && iov_iter_count(iter))
480 return written ? written : -EFAULT;
482 if (signal_pending(current))
483 return written ? written : -ERESTARTSYS;
486 if (iocb->ki_flags & IOCB_NOWAIT)
487 return written ? written : -EAGAIN;
493 static ssize_t read_zero(struct file *file, char __user *buf,
494 size_t count, loff_t *ppos)
499 size_t chunk = min_t(size_t, count, PAGE_SIZE);
502 left = clear_user(buf + cleared, chunk);
503 if (unlikely(left)) {
504 cleared += (chunk - left);
512 if (signal_pending(current))
520 static int mmap_zero(struct file *file, struct vm_area_struct *vma)
525 if (vma->vm_flags & VM_SHARED)
526 return shmem_zero_setup(vma);
527 vma_set_anonymous(vma);
531 static unsigned long get_unmapped_area_zero(struct file *file,
532 unsigned long addr, unsigned long len,
533 unsigned long pgoff, unsigned long flags)
536 if (flags & MAP_SHARED) {
538 * mmap_zero() will call shmem_zero_setup() to create a file,
539 * so use shmem's get_unmapped_area in case it can be huge;
540 * and pass NULL for file as in mmap.c's get_unmapped_area(),
541 * so as not to confuse shmem with our handle on "/dev/zero".
543 return shmem_get_unmapped_area(NULL, addr, len, pgoff, flags);
546 /* Otherwise flags & MAP_PRIVATE: with no shmem object beneath it */
547 return current->mm->get_unmapped_area(file, addr, len, pgoff, flags);
553 static ssize_t write_full(struct file *file, const char __user *buf,
554 size_t count, loff_t *ppos)
560 * Special lseek() function for /dev/null and /dev/zero. Most notably, you
561 * can fopen() both devices with "a" now. This was previously impossible.
564 static loff_t null_lseek(struct file *file, loff_t offset, int orig)
566 return file->f_pos = 0;
570 * The memory devices use the full 32/64 bits of the offset, and so we cannot
571 * check against negative addresses: they are ok. The return value is weird,
572 * though, in that case (0).
574 * also note that seeking relative to the "end of file" isn't supported:
575 * it has no meaning, so it returns -EINVAL.
577 static loff_t memory_lseek(struct file *file, loff_t offset, int orig)
581 inode_lock(file_inode(file));
584 offset += file->f_pos;
587 /* to avoid userland mistaking f_pos=-9 as -EBADF=-9 */
588 if ((unsigned long long)offset >= -MAX_ERRNO) {
592 file->f_pos = offset;
594 force_successful_syscall_return();
599 inode_unlock(file_inode(file));
603 static int open_port(struct inode *inode, struct file *filp)
607 if (!capable(CAP_SYS_RAWIO))
610 rc = security_locked_down(LOCKDOWN_DEV_MEM);
614 if (iminor(inode) != DEVMEM_MINOR)
618 * Use a unified address space to have a single point to manage
619 * revocations when drivers want to take over a /dev/mem mapped
622 filp->f_mapping = iomem_get_mapping();
627 #define zero_lseek null_lseek
628 #define full_lseek null_lseek
629 #define write_zero write_null
630 #define write_iter_zero write_iter_null
631 #define splice_write_zero splice_write_null
632 #define open_mem open_port
634 static const struct file_operations __maybe_unused mem_fops = {
635 .llseek = memory_lseek,
641 .get_unmapped_area = get_unmapped_area_mem,
642 .mmap_capabilities = memory_mmap_capabilities,
646 static const struct file_operations null_fops = {
647 .llseek = null_lseek,
650 .read_iter = read_iter_null,
651 .write_iter = write_iter_null,
652 .splice_write = splice_write_null,
653 .uring_cmd = uring_cmd_null,
656 static const struct file_operations __maybe_unused port_fops = {
657 .llseek = memory_lseek,
663 static const struct file_operations zero_fops = {
664 .llseek = zero_lseek,
666 .read_iter = read_iter_zero,
668 .write_iter = write_iter_zero,
669 .splice_read = copy_splice_read,
670 .splice_write = splice_write_zero,
672 .get_unmapped_area = get_unmapped_area_zero,
674 .mmap_capabilities = zero_mmap_capabilities,
678 static const struct file_operations full_fops = {
679 .llseek = full_lseek,
680 .read_iter = read_iter_zero,
682 .splice_read = copy_splice_read,
685 static const struct memdev {
687 const struct file_operations *fops;
692 [DEVMEM_MINOR] = { "mem", &mem_fops, FMODE_UNSIGNED_OFFSET, 0 },
694 [3] = { "null", &null_fops, FMODE_NOWAIT, 0666 },
695 #ifdef CONFIG_DEVPORT
696 [4] = { "port", &port_fops, 0, 0 },
698 [5] = { "zero", &zero_fops, FMODE_NOWAIT, 0666 },
699 [7] = { "full", &full_fops, 0, 0666 },
700 [8] = { "random", &random_fops, FMODE_NOWAIT, 0666 },
701 [9] = { "urandom", &urandom_fops, FMODE_NOWAIT, 0666 },
703 [11] = { "kmsg", &kmsg_fops, 0, 0644 },
707 static int memory_open(struct inode *inode, struct file *filp)
710 const struct memdev *dev;
712 minor = iminor(inode);
713 if (minor >= ARRAY_SIZE(devlist))
716 dev = &devlist[minor];
720 filp->f_op = dev->fops;
721 filp->f_mode |= dev->fmode;
724 return dev->fops->open(inode, filp);
729 static const struct file_operations memory_fops = {
731 .llseek = noop_llseek,
734 static char *mem_devnode(const struct device *dev, umode_t *mode)
736 if (mode && devlist[MINOR(dev->devt)].mode)
737 *mode = devlist[MINOR(dev->devt)].mode;
741 static const struct class mem_class = {
743 .devnode = mem_devnode,
746 static int __init chr_dev_init(void)
751 if (register_chrdev(MEM_MAJOR, "mem", &memory_fops))
752 printk("unable to get major %d for memory devs\n", MEM_MAJOR);
754 retval = class_register(&mem_class);
758 for (minor = 1; minor < ARRAY_SIZE(devlist); minor++) {
759 if (!devlist[minor].name)
765 if ((minor == DEVPORT_MINOR) && !arch_has_dev_port())
768 device_create(&mem_class, NULL, MKDEV(MEM_MAJOR, minor),
769 NULL, devlist[minor].name);
775 fs_initcall(chr_dev_init);
projects / releases.git / blob