2 * linux/drivers/char/mem.c
4 * Copyright (C) 1991, 1992 Linus Torvalds
7 * Jan-11-1998, C. Scott Ananian <cananian@alumni.princeton.edu>
8 * Shared /dev/zero mmapping support, Feb 2000, Kanoj Sarcar <kanoj@sgi.com>
12 #include <linux/miscdevice.h>
13 #include <linux/slab.h>
14 #include <linux/vmalloc.h>
15 #include <linux/mman.h>
16 #include <linux/random.h>
17 #include <linux/init.h>
18 #include <linux/raw.h>
19 #include <linux/tty.h>
20 #include <linux/capability.h>
21 #include <linux/ptrace.h>
22 #include <linux/device.h>
23 #include <linux/highmem.h>
24 #include <linux/crash_dump.h>
25 #include <linux/backing-dev.h>
26 #include <linux/bootmem.h>
27 #include <linux/splice.h>
28 #include <linux/pfn.h>
29 #include <linux/export.h>
31 #include <asm/uaccess.h>
35 # include <linux/efi.h>
38 static inline unsigned long size_inside_page(unsigned long start,
43 sz = PAGE_SIZE - (start & (PAGE_SIZE - 1));
48 #ifndef ARCH_HAS_VALID_PHYS_ADDR_RANGE
49 static inline int valid_phys_addr_range(unsigned long addr, size_t count)
51 return addr + count <= __pa(high_memory);
54 static inline int valid_mmap_phys_addr_range(unsigned long pfn, size_t size)
60 #ifdef CONFIG_STRICT_DEVMEM
61 static inline int page_is_allowed(unsigned long pfn)
63 return devmem_is_allowed(pfn);
65 static inline int range_is_allowed(unsigned long pfn, unsigned long size)
67 u64 from = ((u64)pfn) << PAGE_SHIFT;
72 if (!devmem_is_allowed(pfn)) {
74 "Program %s tried to access /dev/mem between %Lx->%Lx.\n",
75 current->comm, from, to);
84 static inline int page_is_allowed(unsigned long pfn)
88 static inline int range_is_allowed(unsigned long pfn, unsigned long size)
94 void __weak unxlate_dev_mem_ptr(unsigned long phys, void *addr)
99 * This funcion reads the *physical* memory. The f_pos points directly to the
102 static ssize_t read_mem(struct file *file, char __user *buf,
103 size_t count, loff_t *ppos)
105 unsigned long p = *ppos;
109 if (!valid_phys_addr_range(p, count))
112 #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
113 /* we don't have page 0 mapped on sparc and m68k.. */
115 sz = size_inside_page(p, count);
117 if (clear_user(buf, sz))
128 unsigned long remaining;
131 sz = size_inside_page(p, count);
133 allowed = page_is_allowed(p >> PAGE_SHIFT);
137 /* Show zeros for restricted memory. */
138 remaining = clear_user(buf, sz);
141 * On ia64 if a page has been mapped somewhere as
142 * uncached, then it must also be accessed uncached
143 * by the kernel or data corruption may occur.
145 ptr = xlate_dev_mem_ptr(p);
149 remaining = copy_to_user(buf, ptr, sz);
151 unxlate_dev_mem_ptr(p, ptr);
167 static ssize_t write_mem(struct file *file, const char __user *buf,
168 size_t count, loff_t *ppos)
170 unsigned long p = *ppos;
172 unsigned long copied;
175 if (!valid_phys_addr_range(p, count))
180 #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
181 /* we don't have page 0 mapped on sparc and m68k.. */
183 sz = size_inside_page(p, count);
184 /* Hmm. Do something? */
195 sz = size_inside_page(p, count);
197 allowed = page_is_allowed(p >> PAGE_SHIFT);
201 /* Skip actual writing when a page is marked as restricted. */
204 * On ia64 if a page has been mapped somewhere as
205 * uncached, then it must also be accessed uncached
206 * by the kernel or data corruption may occur.
208 ptr = xlate_dev_mem_ptr(p);
215 copied = copy_from_user(ptr, buf, sz);
216 unxlate_dev_mem_ptr(p, ptr);
218 written += sz - copied;
235 int __weak phys_mem_access_prot_allowed(struct file *file,
236 unsigned long pfn, unsigned long size, pgprot_t *vma_prot)
241 #ifndef __HAVE_PHYS_MEM_ACCESS_PROT
244 * Architectures vary in how they handle caching for addresses
245 * outside of main memory.
248 #ifdef pgprot_noncached
249 static int uncached_access(struct file *file, unsigned long addr)
251 #if defined(CONFIG_IA64)
253 * On ia64, we ignore O_DSYNC because we cannot tolerate memory
256 return !(efi_mem_attributes(addr) & EFI_MEMORY_WB);
257 #elif defined(CONFIG_MIPS)
259 extern int __uncached_access(struct file *file,
262 return __uncached_access(file, addr);
266 * Accessing memory above the top the kernel knows about or through a
268 * that was marked O_DSYNC will be done non-cached.
270 if (file->f_flags & O_DSYNC)
272 return addr >= __pa(high_memory);
277 static pgprot_t phys_mem_access_prot(struct file *file, unsigned long pfn,
278 unsigned long size, pgprot_t vma_prot)
280 #ifdef pgprot_noncached
281 unsigned long offset = pfn << PAGE_SHIFT;
283 if (uncached_access(file, offset))
284 return pgprot_noncached(vma_prot);
291 static unsigned long get_unmapped_area_mem(struct file *file,
297 if (!valid_mmap_phys_addr_range(pgoff, len))
298 return (unsigned long) -EINVAL;
299 return pgoff << PAGE_SHIFT;
302 /* can't do an in-place private mapping if there's no MMU */
303 static inline int private_mapping_ok(struct vm_area_struct *vma)
305 return vma->vm_flags & VM_MAYSHARE;
308 #define get_unmapped_area_mem NULL
310 static inline int private_mapping_ok(struct vm_area_struct *vma)
316 static const struct vm_operations_struct mmap_mem_ops = {
317 #ifdef CONFIG_HAVE_IOREMAP_PROT
318 .access = generic_access_phys
322 static int mmap_mem(struct file *file, struct vm_area_struct *vma)
324 size_t size = vma->vm_end - vma->vm_start;
326 if (!valid_mmap_phys_addr_range(vma->vm_pgoff, size))
329 if (!private_mapping_ok(vma))
332 if (!range_is_allowed(vma->vm_pgoff, size))
335 if (!phys_mem_access_prot_allowed(file, vma->vm_pgoff, size,
339 vma->vm_page_prot = phys_mem_access_prot(file, vma->vm_pgoff,
343 vma->vm_ops = &mmap_mem_ops;
345 /* Remap-pfn-range will mark the range VM_IO and VM_RESERVED */
346 if (remap_pfn_range(vma,
350 vma->vm_page_prot)) {
356 #ifdef CONFIG_DEVKMEM
357 static int mmap_kmem(struct file *file, struct vm_area_struct *vma)
361 /* Turn a kernel-virtual address into a physical page frame */
362 pfn = __pa((u64)vma->vm_pgoff << PAGE_SHIFT) >> PAGE_SHIFT;
365 * RED-PEN: on some architectures there is more mapped memory than
366 * available in mem_map which pfn_valid checks for. Perhaps should add a
369 * RED-PEN: vmalloc is not supported right now.
375 return mmap_mem(file, vma);
379 #ifdef CONFIG_CRASH_DUMP
381 * Read memory corresponding to the old kernel.
383 static ssize_t read_oldmem(struct file *file, char __user *buf,
384 size_t count, loff_t *ppos)
386 unsigned long pfn, offset;
387 size_t read = 0, csize;
391 pfn = *ppos / PAGE_SIZE;
392 if (pfn > saved_max_pfn)
395 offset = (unsigned long)(*ppos % PAGE_SIZE);
396 if (count > PAGE_SIZE - offset)
397 csize = PAGE_SIZE - offset;
401 rc = copy_oldmem_page(pfn, buf, csize, offset, 1);
413 #ifdef CONFIG_DEVKMEM
415 * This function reads the *virtual* memory as seen by the kernel.
417 static ssize_t read_kmem(struct file *file, char __user *buf,
418 size_t count, loff_t *ppos)
420 unsigned long p = *ppos;
421 ssize_t low_count, read, sz;
422 char * kbuf; /* k-addr because vread() takes vmlist_lock rwlock */
426 if (p < (unsigned long) high_memory) {
428 if (count > (unsigned long)high_memory - p)
429 low_count = (unsigned long)high_memory - p;
431 #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
432 /* we don't have page 0 mapped on sparc and m68k.. */
433 if (p < PAGE_SIZE && low_count > 0) {
434 sz = size_inside_page(p, low_count);
435 if (clear_user(buf, sz))
444 while (low_count > 0) {
445 sz = size_inside_page(p, low_count);
448 * On ia64 if a page has been mapped somewhere as
449 * uncached, then it must also be accessed uncached
450 * by the kernel or data corruption may occur
452 kbuf = xlate_dev_kmem_ptr((char *)p);
454 if (copy_to_user(buf, kbuf, sz))
465 kbuf = (char *)__get_free_page(GFP_KERNEL);
469 sz = size_inside_page(p, count);
470 if (!is_vmalloc_or_module_addr((void *)p)) {
474 sz = vread(kbuf, (char *)p, sz);
477 if (copy_to_user(buf, kbuf, sz)) {
486 free_page((unsigned long)kbuf);
489 return read ? read : err;
493 static ssize_t do_write_kmem(unsigned long p, const char __user *buf,
494 size_t count, loff_t *ppos)
497 unsigned long copied;
500 #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
501 /* we don't have page 0 mapped on sparc and m68k.. */
503 sz = size_inside_page(p, count);
504 /* Hmm. Do something? */
515 sz = size_inside_page(p, count);
518 * On ia64 if a page has been mapped somewhere as uncached, then
519 * it must also be accessed uncached by the kernel or data
520 * corruption may occur.
522 ptr = xlate_dev_kmem_ptr((char *)p);
524 copied = copy_from_user(ptr, buf, sz);
526 written += sz - copied;
542 * This function writes to the *virtual* memory as seen by the kernel.
544 static ssize_t write_kmem(struct file *file, const char __user *buf,
545 size_t count, loff_t *ppos)
547 unsigned long p = *ppos;
550 char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
553 if (p < (unsigned long) high_memory) {
554 unsigned long to_write = min_t(unsigned long, count,
555 (unsigned long)high_memory - p);
556 wrote = do_write_kmem(p, buf, to_write, ppos);
557 if (wrote != to_write)
565 kbuf = (char *)__get_free_page(GFP_KERNEL);
567 return wrote ? wrote : -ENOMEM;
569 unsigned long sz = size_inside_page(p, count);
572 if (!is_vmalloc_or_module_addr((void *)p)) {
576 n = copy_from_user(kbuf, buf, sz);
581 vwrite(kbuf, (char *)p, sz);
587 free_page((unsigned long)kbuf);
591 return virtr + wrote ? : err;
595 #ifdef CONFIG_DEVPORT
596 static ssize_t read_port(struct file *file, char __user *buf,
597 size_t count, loff_t *ppos)
599 unsigned long i = *ppos;
600 char __user *tmp = buf;
602 if (!access_ok(VERIFY_WRITE, buf, count))
604 while (count-- > 0 && i < 65536) {
605 if (__put_user(inb(i), tmp) < 0)
614 static ssize_t write_port(struct file *file, const char __user *buf,
615 size_t count, loff_t *ppos)
617 unsigned long i = *ppos;
618 const char __user * tmp = buf;
620 if (!access_ok(VERIFY_READ, buf, count))
622 while (count-- > 0 && i < 65536) {
624 if (__get_user(c, tmp)) {
638 static ssize_t read_null(struct file *file, char __user *buf,
639 size_t count, loff_t *ppos)
644 static ssize_t write_null(struct file *file, const char __user *buf,
645 size_t count, loff_t *ppos)
650 static int pipe_to_null(struct pipe_inode_info *info, struct pipe_buffer *buf,
651 struct splice_desc *sd)
656 static ssize_t splice_write_null(struct pipe_inode_info *pipe, struct file *out,
657 loff_t *ppos, size_t len, unsigned int flags)
659 return splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_null);
662 static ssize_t read_zero(struct file *file, char __user *buf,
663 size_t count, loff_t *ppos)
670 if (!access_ok(VERIFY_WRITE, buf, count))
675 unsigned long unwritten;
676 size_t chunk = count;
678 if (chunk > PAGE_SIZE)
679 chunk = PAGE_SIZE; /* Just for latency reasons */
680 unwritten = __clear_user(buf, chunk);
681 written += chunk - unwritten;
684 if (signal_pending(current))
685 return written ? written : -ERESTARTSYS;
690 return written ? written : -EFAULT;
693 static int mmap_zero(struct file *file, struct vm_area_struct *vma)
698 if (vma->vm_flags & VM_SHARED)
699 return shmem_zero_setup(vma);
703 static ssize_t write_full(struct file *file, const char __user *buf,
704 size_t count, loff_t *ppos)
710 * Special lseek() function for /dev/null and /dev/zero. Most notably, you
711 * can fopen() both devices with "a" now. This was previously impossible.
714 static loff_t null_lseek(struct file *file, loff_t offset, int orig)
716 return file->f_pos = 0;
720 * The memory devices use the full 32/64 bits of the offset, and so we cannot
721 * check against negative addresses: they are ok. The return value is weird,
722 * though, in that case (0).
724 * also note that seeking relative to the "end of file" isn't supported:
725 * it has no meaning, so it returns -EINVAL.
727 static loff_t memory_lseek(struct file *file, loff_t offset, int orig)
731 mutex_lock(&file->f_path.dentry->d_inode->i_mutex);
734 offset += file->f_pos;
736 /* to avoid userland mistaking f_pos=-9 as -EBADF=-9 */
737 if ((unsigned long long)offset >= ~0xFFFULL) {
741 file->f_pos = offset;
743 force_successful_syscall_return();
748 mutex_unlock(&file->f_path.dentry->d_inode->i_mutex);
752 static int open_port(struct inode * inode, struct file * filp)
754 return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
757 #define zero_lseek null_lseek
758 #define full_lseek null_lseek
759 #define write_zero write_null
760 #define read_full read_zero
761 #define open_mem open_port
762 #define open_kmem open_mem
763 #define open_oldmem open_mem
765 static const struct file_operations mem_fops = {
766 .llseek = memory_lseek,
771 .get_unmapped_area = get_unmapped_area_mem,
774 #ifdef CONFIG_DEVKMEM
775 static const struct file_operations kmem_fops = {
776 .llseek = memory_lseek,
781 .get_unmapped_area = get_unmapped_area_mem,
785 static const struct file_operations null_fops = {
786 .llseek = null_lseek,
789 .splice_write = splice_write_null,
792 #ifdef CONFIG_DEVPORT
793 static const struct file_operations port_fops = {
794 .llseek = memory_lseek,
801 static const struct file_operations zero_fops = {
802 .llseek = zero_lseek,
809 * capabilities for /dev/zero
810 * - permits private mappings, "copies" are taken of the source of zeros
811 * - no writeback happens
813 static struct backing_dev_info zero_bdi = {
815 .capabilities = BDI_CAP_MAP_COPY | BDI_CAP_NO_ACCT_AND_WRITEBACK,
818 static const struct file_operations full_fops = {
819 .llseek = full_lseek,
824 #ifdef CONFIG_CRASH_DUMP
825 static const struct file_operations oldmem_fops = {
828 .llseek = default_llseek,
832 static ssize_t kmsg_writev(struct kiocb *iocb, const struct iovec *iv,
833 unsigned long count, loff_t pos)
837 ssize_t ret = -EFAULT;
838 size_t len = iov_length(iv, count);
840 line = kmalloc(len + 1, GFP_KERNEL);
845 * copy all vectors into a single string, to ensure we do
846 * not interleave our log line with other printk calls
849 for (i = 0; i < count; i++) {
850 if (copy_from_user(p, iv[i].iov_base, iv[i].iov_len))
856 ret = printk("%s", line);
857 /* printk can add a prefix */
865 static const struct file_operations kmsg_fops = {
866 .aio_write = kmsg_writev,
867 .llseek = noop_llseek,
870 static const struct memdev {
873 const struct file_operations *fops;
874 struct backing_dev_info *dev_info;
876 [1] = { "mem", 0, &mem_fops, &directly_mappable_cdev_bdi },
877 #ifdef CONFIG_DEVKMEM
878 [2] = { "kmem", 0, &kmem_fops, &directly_mappable_cdev_bdi },
880 [3] = { "null", 0666, &null_fops, NULL },
881 #ifdef CONFIG_DEVPORT
882 [4] = { "port", 0, &port_fops, NULL },
884 [5] = { "zero", 0666, &zero_fops, &zero_bdi },
885 [7] = { "full", 0666, &full_fops, NULL },
886 [8] = { "random", 0666, &random_fops, NULL },
887 [9] = { "urandom", 0666, &urandom_fops, NULL },
888 [11] = { "kmsg", 0, &kmsg_fops, NULL },
889 #ifdef CONFIG_CRASH_DUMP
890 [12] = { "oldmem", 0, &oldmem_fops, NULL },
894 static int memory_open(struct inode *inode, struct file *filp)
897 const struct memdev *dev;
899 minor = iminor(inode);
900 if (minor >= ARRAY_SIZE(devlist))
903 dev = &devlist[minor];
907 filp->f_op = dev->fops;
909 filp->f_mapping->backing_dev_info = dev->dev_info;
911 /* Is /dev/mem or /dev/kmem ? */
912 if (dev->dev_info == &directly_mappable_cdev_bdi)
913 filp->f_mode |= FMODE_UNSIGNED_OFFSET;
916 return dev->fops->open(inode, filp);
921 static const struct file_operations memory_fops = {
923 .llseek = noop_llseek,
926 static char *mem_devnode(struct device *dev, mode_t *mode)
928 if (mode && devlist[MINOR(dev->devt)].mode)
929 *mode = devlist[MINOR(dev->devt)].mode;
933 static struct class *mem_class;
935 static int __init chr_dev_init(void)
940 err = bdi_init(&zero_bdi);
944 if (register_chrdev(MEM_MAJOR, "mem", &memory_fops))
945 printk("unable to get major %d for memory devs\n", MEM_MAJOR);
947 mem_class = class_create(THIS_MODULE, "mem");
948 if (IS_ERR(mem_class))
949 return PTR_ERR(mem_class);
951 mem_class->devnode = mem_devnode;
952 for (minor = 1; minor < ARRAY_SIZE(devlist); minor++) {
953 if (!devlist[minor].name)
955 device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor),
956 NULL, devlist[minor].name);
962 fs_initcall(chr_dev_init);