linux/include/asm-arm/assembler.h
#define USER(x...) \
9999: x; \
.section __ex_table,"a"; \
.align 3; \
.long 9999b,9001f; \
.previous
该定义中有如下数据;
.long 9999b,9001f;
其中9999b对应标号9999处的指令,9001f是9001处的指令,是9999b处指令的修复指令。这样,当标号9999处发生缺页异常时,系统将调用do_page_fault提交物理页面,然后跳到9001继续执行。
如果在驱动程序中不使用copy_from_user而用memcpy来代替,对于上述的情形会产生什么结果呢?当标号9999出发生缺页异常时,系统在“__ex_table”section总将找不到修复地址,因为memcpy没有像copy_from_user那样定义一个“__ex_table”section,此时do_page_fault将通过no_context函数产生Oops。极有可能会看到类似如下信息:
Unable to handle kernel NULL pointer dereference at virtual address 00000fe0
所有为了确保设备驱动程序的安全,应该使用copy_from_user函数而不是memcpy。
下面我们深入分析__arch_copy_from_user函数的实现,该函数是用汇编实现的,定义在linux/arch/arm/lib/uaccess.S文件中。
/* Prototype: unsigned long __arch_copy_from_user(void *to,const void *from,unsigned long n);
* Purpose : copy a block from user memory to kernel memory
* Params : to - kernel memory
* : from - user memory
* : n - number of bytes to copy
* Returns : Number of bytes NOT copied.
*/
.cfu_dest_not_aligned:
rsb ip, ip, #4
cmp ip, #2
USER( ldrbt r3, [r1], #1) @ May fault
strb r3, [r0], #1
USER( ldrgebt r3, [r1], #1) @ May fault
strgeb r3, [r0], #1
USER( ldrgtbt r3, [r1], #1) @ May fault
strgtb r3, [r0], #1
sub r2, r2, ip
b .cfu_dest_aligned
ENTRY(__arch_copy_from_user)
stmfd sp!, {r0, r2, r4 - r7, lr}
cmp r2, #4
blt .cfu_not_enough
PLD( pld [r1, #0] )
PLD( pld [r0, #0] )
ands ip, r0, #3
bne .cfu_dest_not_aligned
.cfu_dest_aligned:
ands ip, r1, #3
bne .cfu_src_not_aligned
/*
* Seeing as there has to be at least 8 bytes to copy, we can
* copy one word, and force a user-mode page fault...
*/
.cfu_0fupi: subs r2, r2, #4
addmi ip, r2, #4
bmi .cfu_0nowords
USER( ldrt r3, [r1], #4)
str r3, [r0], #4
mov ip, r1, lsl #32 - PAGE_SHIFT @ On each page, use a ld/st t instruction
rsb ip, ip, #0
movs ip, ip, lsr #32 - PAGE_SHIFT
beq .cfu_0fupi
/*
* ip = max no. of bytes to copy before needing another "strt" insn
*/
cmp r2, ip
movlt ip, r2
sub r2, r2, ip
subs ip, ip, #32
blt .cfu_0rem8lp
PLD( pld [r1, #28] )
PLD( pld [r0, #28] )
PLD( subs ip, ip, #64 )
PLD( blt .cfu_0cpynopld )
PLD( pld [r1, #60] )
PLD( pld [r0, #60] )
.cfu_0cpy8lp:
PLD( pld [r1, #92] )
PLD( pld [r0, #92] )
.cfu_0cpynopld: ldmia r1!, {r3 - r6} @ Shouldnt fault
stmia r0!, {r3 - r6}
ldmia r1!, {r3 - r6} @ Shouldnt fault
subs ip, ip, #32
stmia r0!, {r3 - r6}
bpl .cfu_0cpy8lp
PLD( cmn ip, #64 )
PLD( bge .cfu_0cpynopld )
PLD( add ip, ip, #64 )
.cfu_0rem8lp: cmn ip, #16
ldmgeia r1!, {r3 - r6} @ Shouldnt fault
stmgeia r0!, {r3 - r6}
tst ip, #8
ldmneia r1!, {r3 - r4} @ Shouldnt fault
stmneia r0!, {r3 - r4}
tst ip, #4
ldrnet r3, [r1], #4 @ Shouldnt fault
strne r3, [r0], #4
ands ip, ip, #3
beq .cfu_0fupi
.cfu_0nowords: teq ip, #0
beq .cfu_finished
.cfu_nowords: cmp ip, #2
USER( ldrbt r3, [r1], #1) @ May fault
strb r3, [r0], #1
USER( ldrgebt r3, [r1], #1) @ May fault
strgeb r3, [r0], #1
USER( ldrgtbt r3, [r1], #1) @ May fault
strgtb r3, [r0], #1
b .cfu_finished
.cfu_not_enough:
movs ip, r2
bne .cfu_nowords
.cfu_finished: mov r0, #0
add sp, sp, #8
LOADREGS(fd,sp!,{r4 - r7, pc})
.cfu_src_not_aligned:
bic r1, r1, #3
USER( ldrt r7, [r1], #4) @ May fault
cmp ip, #2
bgt