[mirror_ubuntu-jammy-kernel.git] / mm / maccess.c

// SPDX-License-Identifier: GPL-2.0-only
/*
 * Access kernel or user memory without faulting.
 */
#include <linux/export.h>
#include <linux/mm.h>
#include <linux/uaccess.h>

/**
 * probe_kernel_read(): safely attempt to read from any location
 * @dst: pointer to the buffer that shall take the data
 * @src: address to read from
 * @size: size of the data chunk
 *
 * Same as probe_kernel_read_strict() except that for architectures with
 * not fully separated user and kernel address spaces this function also works
 * for user address tanges.
 *
 * DO NOT USE THIS FUNCTION - it is broken on architectures with entirely
 * separate kernel and user address spaces, and also a bad idea otherwise.
 */
long __weak probe_kernel_read(void *dst, const void *src, size_t size)
    __attribute__((alias("__probe_kernel_read")));

/**
 * probe_kernel_read_strict(): safely attempt to read from kernel-space
 * @dst: pointer to the buffer that shall take the data
 * @src: address to read from
 * @size: size of the data chunk
 *
 * Safely read from kernel address @src to the buffer at @dst.  If a kernel
 * fault happens, handle that and return -EFAULT.
 *
 * We ensure that the copy_from_user is executed in atomic context so that
 * do_page_fault() doesn't attempt to take mmap_lock.  This makes
 * probe_kernel_read() suitable for use within regions where the caller
 * already holds mmap_lock, or other locks which nest inside mmap_lock.
 */

long __weak probe_kernel_read_strict(void *dst, const void *src, size_t size)
    __attribute__((alias("__probe_kernel_read")));

long __probe_kernel_read(void *dst, const void *src, size_t size)
{
	long ret;
	mm_segment_t old_fs = get_fs();

	set_fs(KERNEL_DS);
	pagefault_disable();
	ret = __copy_from_user_inatomic(dst, (__force const void __user *)src,
			size);
	pagefault_enable();
	set_fs(old_fs);

	if (ret)
		return -EFAULT;
	return 0;
}
EXPORT_SYMBOL_GPL(probe_kernel_read);

/**
 * probe_user_read(): safely attempt to read from a user-space location
 * @dst: pointer to the buffer that shall take the data
 * @src: address to read from. This must be a user address.
 * @size: size of the data chunk
 *
 * Safely read from user address @src to the buffer at @dst. If a kernel fault
 * happens, handle that and return -EFAULT.
 */
long probe_user_read(void *dst, const void __user *src, size_t size)
{
	long ret = -EFAULT;
	mm_segment_t old_fs = get_fs();

	set_fs(USER_DS);
	if (access_ok(src, size)) {
		pagefault_disable();
		ret = __copy_from_user_inatomic(dst, src, size);
		pagefault_enable();
	}
	set_fs(old_fs);

	if (ret)
		return -EFAULT;
	return 0;
}
EXPORT_SYMBOL_GPL(probe_user_read);

/**
 * probe_kernel_write(): safely attempt to write to a location
 * @dst: address to write to
 * @src: pointer to the data that shall be written
 * @size: size of the data chunk
 *
 * Safely write to address @dst from the buffer at @src.  If a kernel fault
 * happens, handle that and return -EFAULT.
 */
long probe_kernel_write(void *dst, const void *src, size_t size)
{
	long ret;
	mm_segment_t old_fs = get_fs();

	set_fs(KERNEL_DS);
	pagefault_disable();
	ret = __copy_to_user_inatomic((__force void __user *)dst, src, size);
	pagefault_enable();
	set_fs(old_fs);

	if (ret)
		return -EFAULT;
	return 0;
}

/**
 * probe_user_write(): safely attempt to write to a user-space location
 * @dst: address to write to
 * @src: pointer to the data that shall be written
 * @size: size of the data chunk
 *
 * Safely write to address @dst from the buffer at @src.  If a kernel fault
 * happens, handle that and return -EFAULT.
 */
long probe_user_write(void __user *dst, const void *src, size_t size)
{
	long ret = -EFAULT;
	mm_segment_t old_fs = get_fs();

	set_fs(USER_DS);
	if (access_ok(dst, size)) {
		pagefault_disable();
		ret = __copy_to_user_inatomic(dst, src, size);
		pagefault_enable();
	}
	set_fs(old_fs);

	if (ret)
		return -EFAULT;
	return 0;
}
EXPORT_SYMBOL_GPL(probe_user_write);

/**
 * strncpy_from_unsafe: - Copy a NUL terminated string from unsafe address.
 * @dst:   Destination address, in kernel space.  This buffer must be at
 *         least @count bytes long.
 * @unsafe_addr: Unsafe address.
 * @count: Maximum number of bytes to copy, including the trailing NUL.
 *
 * Copies a NUL-terminated string from unsafe address to kernel buffer.
 *
 * On success, returns the length of the string INCLUDING the trailing NUL.
 *
 * If access fails, returns -EFAULT (some data may have been copied
 * and the trailing NUL added).
 *
 * If @count is smaller than the length of the string, copies @count-1 bytes,
 * sets the last byte of @dst buffer to NUL and returns @count.
 *
 * Same as strncpy_from_kernel_nofault() except that for architectures with
 * not fully separated user and kernel address spaces this function also works
 * for user address tanges.
 *
 * DO NOT USE THIS FUNCTION - it is broken on architectures with entirely
 * separate kernel and user address spaces, and also a bad idea otherwise.
 */
long __weak strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count)
    __attribute__((alias("__strncpy_from_unsafe")));

/**
 * strncpy_from_kernel_nofault: - Copy a NUL terminated string from unsafe
 *				 address.
 * @dst:   Destination address, in kernel space.  This buffer must be at
 *         least @count bytes long.
 * @unsafe_addr: Unsafe address.
 * @count: Maximum number of bytes to copy, including the trailing NUL.
 *
 * Copies a NUL-terminated string from unsafe address to kernel buffer.
 *
 * On success, returns the length of the string INCLUDING the trailing NUL.
 *
 * If access fails, returns -EFAULT (some data may have been copied
 * and the trailing NUL added).
 *
 * If @count is smaller than the length of the string, copies @count-1 bytes,
 * sets the last byte of @dst buffer to NUL and returns @count.
 */
long __weak strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr,
				       long count)
    __attribute__((alias("__strncpy_from_unsafe")));

long __strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count)
{
	mm_segment_t old_fs = get_fs();
	const void *src = unsafe_addr;
	long ret;

	if (unlikely(count <= 0))
		return 0;

	set_fs(KERNEL_DS);
	pagefault_disable();

	do {
		ret = __get_user(*dst++, (const char __user __force *)src++);
	} while (dst[-1] && ret == 0 && src - unsafe_addr < count);

	dst[-1] = '\0';
	pagefault_enable();
	set_fs(old_fs);

	return ret ? -EFAULT : src - unsafe_addr;
}

/**
 * strncpy_from_user_nofault: - Copy a NUL terminated string from unsafe user
 *				address.
 * @dst:   Destination address, in kernel space.  This buffer must be at
 *         least @count bytes long.
 * @unsafe_addr: Unsafe user address.
 * @count: Maximum number of bytes to copy, including the trailing NUL.
 *
 * Copies a NUL-terminated string from unsafe user address to kernel buffer.
 *
 * On success, returns the length of the string INCLUDING the trailing NUL.
 *
 * If access fails, returns -EFAULT (some data may have been copied
 * and the trailing NUL added).
 *
 * If @count is smaller than the length of the string, copies @count-1 bytes,
 * sets the last byte of @dst buffer to NUL and returns @count.
 */
long strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr,
			      long count)
{
	mm_segment_t old_fs = get_fs();
	long ret;

	if (unlikely(count <= 0))
		return 0;

	set_fs(USER_DS);
	pagefault_disable();
	ret = strncpy_from_user(dst, unsafe_addr, count);
	pagefault_enable();
	set_fs(old_fs);

	if (ret >= count) {
		ret = count;
		dst[ret - 1] = '\0';
	} else if (ret > 0) {
		ret++;
	}

	return ret;
}

/**
 * strnlen_user_nofault: - Get the size of a user string INCLUDING final NUL.
 * @unsafe_addr: The string to measure.
 * @count: Maximum count (including NUL)
 *
 * Get the size of a NUL-terminated string in user space without pagefault.
 *
 * Returns the size of the string INCLUDING the terminating NUL.
 *
 * If the string is too long, returns a number larger than @count. User
 * has to check the return value against "> count".
 * On exception (or invalid count), returns 0.
 *
 * Unlike strnlen_user, this can be used from IRQ handler etc. because
 * it disables pagefaults.
 */
long strnlen_user_nofault(const void __user *unsafe_addr, long count)
{
	mm_segment_t old_fs = get_fs();
	int ret;

	set_fs(USER_DS);
	pagefault_disable();
	ret = strnlen_user(unsafe_addr, count);
	pagefault_enable();
	set_fs(old_fs);

	return ret;
}
Commit	Line	Data
457c8996	1	// SPDX-License-Identifier: GPL-2.0-only
c33fa9f5	2	/*
3f0acb1e	3	* Access kernel or user memory without faulting.
c33fa9f5	4	*/
b95f1b31	5	#include <linux/export.h>
c33fa9f5	6	#include <linux/mm.h>
7c7fcf76	7	#include <linux/uaccess.h>
c33fa9f5 IM	8
c33fa9f5 IM	9	/**
4f6de12b	10	* probe_kernel_read(): safely attempt to read from any location
c33fa9f5 IM	11	* @dst: pointer to the buffer that shall take the data
	12	* @src: address to read from
	13	* @size: size of the data chunk
	14	*
4f6de12b CH	15	* Same as probe_kernel_read_strict() except that for architectures with
	16	* not fully separated user and kernel address spaces this function also works
	17	* for user address tanges.
	18	*
	19	* DO NOT USE THIS FUNCTION - it is broken on architectures with entirely
	20	* separate kernel and user address spaces, and also a bad idea otherwise.
	21	*/
	22	long __weak probe_kernel_read(void dst, const void src, size_t size)
	23	__attribute__((alias("__probe_kernel_read")));
	24
	25	/**
	26	* probe_kernel_read_strict(): safely attempt to read from kernel-space
	27	* @dst: pointer to the buffer that shall take the data
	28	* @src: address to read from
	29	* @size: size of the data chunk
	30	*
	31	* Safely read from kernel address @src to the buffer at @dst. If a kernel
	32	* fault happens, handle that and return -EFAULT.
0ab32b6f AM	33	*
0ab32b6f AM	34	* We ensure that the copy_from_user is executed in atomic context so that
c1e8d7c6	35	* do_page_fault() doesn't attempt to take mmap_lock. This makes
0ab32b6f	36	* probe_kernel_read() suitable for use within regions where the caller
c1e8d7c6	37	* already holds mmap_lock, or other locks which nest inside mmap_lock.
c33fa9f5	38	*/
6144a85a	39
75a1a607 DB	40	long __weak probe_kernel_read_strict(void dst, const void src, size_t size)
	41	__attribute__((alias("__probe_kernel_read")));
	42
f29c5041	43	long __probe_kernel_read(void dst, const void src, size_t size)
c33fa9f5 IM	44	{
c33fa9f5 IM	45	long ret;
b4b8ac52	46	mm_segment_t old_fs = get_fs();
c33fa9f5	47
b4b8ac52	48	set_fs(KERNEL_DS);
cd030905 CH	49	pagefault_disable();
	50	ret = __copy_from_user_inatomic(dst, (__force const void __user *)src,
	51	size);
	52	pagefault_enable();
b4b8ac52	53	set_fs(old_fs);
c33fa9f5	54
cd030905 CH	55	if (ret)
	56	return -EFAULT;
	57	return 0;
c33fa9f5 IM	58	}
	59	EXPORT_SYMBOL_GPL(probe_kernel_read);
	60
3d708182 MH	61	/**
	62	* probe_user_read(): safely attempt to read from a user-space location
	63	* @dst: pointer to the buffer that shall take the data
	64	* @src: address to read from. This must be a user address.
	65	* @size: size of the data chunk
	66	*
	67	* Safely read from user address @src to the buffer at @dst. If a kernel fault
	68	* happens, handle that and return -EFAULT.
	69	*/
48c49c0e	70	long probe_user_read(void dst, const void __user src, size_t size)
3d708182 MH	71	{
	72	long ret = -EFAULT;
	73	mm_segment_t old_fs = get_fs();
	74
	75	set_fs(USER_DS);
cd030905 CH	76	if (access_ok(src, size)) {
	77	pagefault_disable();
	78	ret = __copy_from_user_inatomic(dst, src, size);
	79	pagefault_enable();
	80	}
3d708182 MH	81	set_fs(old_fs);
3d708182 MH	82
cd030905 CH	83	if (ret)
	84	return -EFAULT;
	85	return 0;
3d708182 MH	86	}
	87	EXPORT_SYMBOL_GPL(probe_user_read);
	88
c33fa9f5 IM	89	/**
	90	* probe_kernel_write(): safely attempt to write to a location
	91	* @dst: address to write to
	92	* @src: pointer to the data that shall be written
	93	* @size: size of the data chunk
	94	*
	95	* Safely write to address @dst from the buffer at @src. If a kernel fault
	96	* happens, handle that and return -EFAULT.
	97	*/
48c49c0e	98	long probe_kernel_write(void dst, const void src, size_t size)
c33fa9f5 IM	99	{
c33fa9f5 IM	100	long ret;
b4b8ac52	101	mm_segment_t old_fs = get_fs();
c33fa9f5	102
b4b8ac52	103	set_fs(KERNEL_DS);
cd030905 CH	104	pagefault_disable();
	105	ret = __copy_to_user_inatomic((__force void __user *)dst, src, size);
	106	pagefault_enable();
b4b8ac52	107	set_fs(old_fs);
c33fa9f5	108
cd030905 CH	109	if (ret)
	110	return -EFAULT;
	111	return 0;
c33fa9f5	112	}
dbb7ee0e	113
1d1585ca DB	114	/**
	115	* probe_user_write(): safely attempt to write to a user-space location
	116	* @dst: address to write to
	117	* @src: pointer to the data that shall be written
	118	* @size: size of the data chunk
	119	*
	120	* Safely write to address @dst from the buffer at @src. If a kernel fault
	121	* happens, handle that and return -EFAULT.
	122	*/
48c49c0e	123	long probe_user_write(void __user dst, const void src, size_t size)
1d1585ca DB	124	{
	125	long ret = -EFAULT;
	126	mm_segment_t old_fs = get_fs();
	127
	128	set_fs(USER_DS);
cd030905 CH	129	if (access_ok(dst, size)) {
	130	pagefault_disable();
	131	ret = __copy_to_user_inatomic(dst, src, size);
	132	pagefault_enable();
	133	}
1d1585ca DB	134	set_fs(old_fs);
1d1585ca DB	135
cd030905 CH	136	if (ret)
	137	return -EFAULT;
	138	return 0;
1d1585ca DB	139	}
1d1585ca DB	140	EXPORT_SYMBOL_GPL(probe_user_write);
3d708182	141
dbb7ee0e AS	142	/**
	143	* strncpy_from_unsafe: - Copy a NUL terminated string from unsafe address.
	144	* @dst: Destination address, in kernel space. This buffer must be at
	145	* least @count bytes long.
f144c390	146	* @unsafe_addr: Unsafe address.
dbb7ee0e AS	147	* @count: Maximum number of bytes to copy, including the trailing NUL.
	148	*
	149	* Copies a NUL-terminated string from unsafe address to kernel buffer.
	150	*
	151	* On success, returns the length of the string INCLUDING the trailing NUL.
	152	*
	153	* If access fails, returns -EFAULT (some data may have been copied
	154	* and the trailing NUL added).
	155	*
	156	* If @count is smaller than the length of the string, copies @count-1 bytes,
	157	* sets the last byte of @dst buffer to NUL and returns @count.
75a1a607	158	*
c4cb1644	159	* Same as strncpy_from_kernel_nofault() except that for architectures with
4f6de12b CH	160	* not fully separated user and kernel address spaces this function also works
	161	* for user address tanges.
	162	*
	163	* DO NOT USE THIS FUNCTION - it is broken on architectures with entirely
	164	* separate kernel and user address spaces, and also a bad idea otherwise.
dbb7ee0e	165	*/
75a1a607 DB	166	long __weak strncpy_from_unsafe(char dst, const void unsafe_addr, long count)
	167	__attribute__((alias("__strncpy_from_unsafe")));
	168
4f6de12b	169	/**
c4cb1644	170	* strncpy_from_kernel_nofault: - Copy a NUL terminated string from unsafe
4f6de12b CH	171	* address.
	172	* @dst: Destination address, in kernel space. This buffer must be at
	173	* least @count bytes long.
	174	* @unsafe_addr: Unsafe address.
	175	* @count: Maximum number of bytes to copy, including the trailing NUL.
	176	*
	177	* Copies a NUL-terminated string from unsafe address to kernel buffer.
	178	*
	179	* On success, returns the length of the string INCLUDING the trailing NUL.
	180	*
	181	* If access fails, returns -EFAULT (some data may have been copied
	182	* and the trailing NUL added).
	183	*
	184	* If @count is smaller than the length of the string, copies @count-1 bytes,
	185	* sets the last byte of @dst buffer to NUL and returns @count.
	186	*/
c4cb1644	187	long __weak strncpy_from_kernel_nofault(char dst, const void unsafe_addr,
75a1a607 DB	188	long count)
	189	__attribute__((alias("__strncpy_from_unsafe")));
	190
	191	long __strncpy_from_unsafe(char dst, const void unsafe_addr, long count)
dbb7ee0e AS	192	{
	193	mm_segment_t old_fs = get_fs();
	194	const void *src = unsafe_addr;
	195	long ret;
	196
	197	if (unlikely(count <= 0))
	198	return 0;
	199
	200	set_fs(KERNEL_DS);
	201	pagefault_disable();
	202
	203	do {
bd28b145	204	ret = __get_user(dst++, (const char __user __force )src++);
dbb7ee0e AS	205	} while (dst[-1] && ret == 0 && src - unsafe_addr < count);
	206
	207	dst[-1] = '\0';
	208	pagefault_enable();
	209	set_fs(old_fs);
	210
9dd861d5	211	return ret ? -EFAULT : src - unsafe_addr;
dbb7ee0e	212	}
3d708182 MH	213
3d708182 MH	214	/**
bd88bb5d	215	* strncpy_from_user_nofault: - Copy a NUL terminated string from unsafe user
3d708182 MH	216	* address.
	217	* @dst: Destination address, in kernel space. This buffer must be at
	218	* least @count bytes long.
	219	* @unsafe_addr: Unsafe user address.
	220	* @count: Maximum number of bytes to copy, including the trailing NUL.
	221	*
	222	* Copies a NUL-terminated string from unsafe user address to kernel buffer.
	223	*
	224	* On success, returns the length of the string INCLUDING the trailing NUL.
	225	*
	226	* If access fails, returns -EFAULT (some data may have been copied
	227	* and the trailing NUL added).
	228	*
	229	* If @count is smaller than the length of the string, copies @count-1 bytes,
	230	* sets the last byte of @dst buffer to NUL and returns @count.
	231	*/
bd88bb5d	232	long strncpy_from_user_nofault(char dst, const void __user unsafe_addr,
3d708182 MH	233	long count)
	234	{
	235	mm_segment_t old_fs = get_fs();
	236	long ret;
	237
	238	if (unlikely(count <= 0))
	239	return 0;
	240
	241	set_fs(USER_DS);
	242	pagefault_disable();
	243	ret = strncpy_from_user(dst, unsafe_addr, count);
	244	pagefault_enable();
	245	set_fs(old_fs);
	246
	247	if (ret >= count) {
	248	ret = count;
	249	dst[ret - 1] = '\0';
	250	} else if (ret > 0) {
	251	ret++;
	252	}
	253
	254	return ret;
	255	}
	256
	257	/**
02dddb16	258	* strnlen_user_nofault: - Get the size of a user string INCLUDING final NUL.
3d708182 MH	259	* @unsafe_addr: The string to measure.
	260	* @count: Maximum count (including NUL)
	261	*
	262	* Get the size of a NUL-terminated string in user space without pagefault.
	263	*
	264	* Returns the size of the string INCLUDING the terminating NUL.
	265	*
	266	* If the string is too long, returns a number larger than @count. User
	267	* has to check the return value against "> count".
	268	* On exception (or invalid count), returns 0.
	269	*
	270	* Unlike strnlen_user, this can be used from IRQ handler etc. because
	271	* it disables pagefaults.
	272	*/
02dddb16	273	long strnlen_user_nofault(const void __user *unsafe_addr, long count)
3d708182 MH	274	{
	275	mm_segment_t old_fs = get_fs();
	276	int ret;
	277
	278	set_fs(USER_DS);
	279	pagefault_disable();
	280	ret = strnlen_user(unsafe_addr, count);
	281	pagefault_enable();
	282	set_fs(old_fs);
	283
	284	return ret;
	285	}