]>
Commit | Line | Data |
---|---|---|
457c8996 | 1 | // SPDX-License-Identifier: GPL-2.0-only |
c33fa9f5 | 2 | /* |
3f0acb1e | 3 | * Access kernel or user memory without faulting. |
c33fa9f5 | 4 | */ |
b95f1b31 | 5 | #include <linux/export.h> |
c33fa9f5 | 6 | #include <linux/mm.h> |
7c7fcf76 | 7 | #include <linux/uaccess.h> |
c33fa9f5 IM |
8 | |
9 | /** | |
4f6de12b | 10 | * probe_kernel_read(): safely attempt to read from any location |
c33fa9f5 IM |
11 | * @dst: pointer to the buffer that shall take the data |
12 | * @src: address to read from | |
13 | * @size: size of the data chunk | |
14 | * | |
4f6de12b CH |
15 | * Same as probe_kernel_read_strict() except that for architectures with |
16 | * not fully separated user and kernel address spaces this function also works | |
17 | * for user address tanges. | |
18 | * | |
19 | * DO NOT USE THIS FUNCTION - it is broken on architectures with entirely | |
20 | * separate kernel and user address spaces, and also a bad idea otherwise. | |
21 | */ | |
22 | long __weak probe_kernel_read(void *dst, const void *src, size_t size) | |
23 | __attribute__((alias("__probe_kernel_read"))); | |
24 | ||
25 | /** | |
26 | * probe_kernel_read_strict(): safely attempt to read from kernel-space | |
27 | * @dst: pointer to the buffer that shall take the data | |
28 | * @src: address to read from | |
29 | * @size: size of the data chunk | |
30 | * | |
31 | * Safely read from kernel address @src to the buffer at @dst. If a kernel | |
32 | * fault happens, handle that and return -EFAULT. | |
0ab32b6f AM |
33 | * |
34 | * We ensure that the copy_from_user is executed in atomic context so that | |
c1e8d7c6 | 35 | * do_page_fault() doesn't attempt to take mmap_lock. This makes |
0ab32b6f | 36 | * probe_kernel_read() suitable for use within regions where the caller |
c1e8d7c6 | 37 | * already holds mmap_lock, or other locks which nest inside mmap_lock. |
c33fa9f5 | 38 | */ |
6144a85a | 39 | |
75a1a607 DB |
40 | long __weak probe_kernel_read_strict(void *dst, const void *src, size_t size) |
41 | __attribute__((alias("__probe_kernel_read"))); | |
42 | ||
f29c5041 | 43 | long __probe_kernel_read(void *dst, const void *src, size_t size) |
c33fa9f5 IM |
44 | { |
45 | long ret; | |
b4b8ac52 | 46 | mm_segment_t old_fs = get_fs(); |
c33fa9f5 | 47 | |
b4b8ac52 | 48 | set_fs(KERNEL_DS); |
cd030905 CH |
49 | pagefault_disable(); |
50 | ret = __copy_from_user_inatomic(dst, (__force const void __user *)src, | |
51 | size); | |
52 | pagefault_enable(); | |
b4b8ac52 | 53 | set_fs(old_fs); |
c33fa9f5 | 54 | |
cd030905 CH |
55 | if (ret) |
56 | return -EFAULT; | |
57 | return 0; | |
c33fa9f5 IM |
58 | } |
59 | EXPORT_SYMBOL_GPL(probe_kernel_read); | |
60 | ||
3d708182 MH |
61 | /** |
62 | * probe_user_read(): safely attempt to read from a user-space location | |
63 | * @dst: pointer to the buffer that shall take the data | |
64 | * @src: address to read from. This must be a user address. | |
65 | * @size: size of the data chunk | |
66 | * | |
67 | * Safely read from user address @src to the buffer at @dst. If a kernel fault | |
68 | * happens, handle that and return -EFAULT. | |
69 | */ | |
48c49c0e | 70 | long probe_user_read(void *dst, const void __user *src, size_t size) |
3d708182 MH |
71 | { |
72 | long ret = -EFAULT; | |
73 | mm_segment_t old_fs = get_fs(); | |
74 | ||
75 | set_fs(USER_DS); | |
cd030905 CH |
76 | if (access_ok(src, size)) { |
77 | pagefault_disable(); | |
78 | ret = __copy_from_user_inatomic(dst, src, size); | |
79 | pagefault_enable(); | |
80 | } | |
3d708182 MH |
81 | set_fs(old_fs); |
82 | ||
cd030905 CH |
83 | if (ret) |
84 | return -EFAULT; | |
85 | return 0; | |
3d708182 MH |
86 | } |
87 | EXPORT_SYMBOL_GPL(probe_user_read); | |
88 | ||
c33fa9f5 IM |
89 | /** |
90 | * probe_kernel_write(): safely attempt to write to a location | |
91 | * @dst: address to write to | |
92 | * @src: pointer to the data that shall be written | |
93 | * @size: size of the data chunk | |
94 | * | |
95 | * Safely write to address @dst from the buffer at @src. If a kernel fault | |
96 | * happens, handle that and return -EFAULT. | |
97 | */ | |
48c49c0e | 98 | long probe_kernel_write(void *dst, const void *src, size_t size) |
c33fa9f5 IM |
99 | { |
100 | long ret; | |
b4b8ac52 | 101 | mm_segment_t old_fs = get_fs(); |
c33fa9f5 | 102 | |
b4b8ac52 | 103 | set_fs(KERNEL_DS); |
cd030905 CH |
104 | pagefault_disable(); |
105 | ret = __copy_to_user_inatomic((__force void __user *)dst, src, size); | |
106 | pagefault_enable(); | |
b4b8ac52 | 107 | set_fs(old_fs); |
c33fa9f5 | 108 | |
cd030905 CH |
109 | if (ret) |
110 | return -EFAULT; | |
111 | return 0; | |
c33fa9f5 | 112 | } |
dbb7ee0e | 113 | |
1d1585ca DB |
114 | /** |
115 | * probe_user_write(): safely attempt to write to a user-space location | |
116 | * @dst: address to write to | |
117 | * @src: pointer to the data that shall be written | |
118 | * @size: size of the data chunk | |
119 | * | |
120 | * Safely write to address @dst from the buffer at @src. If a kernel fault | |
121 | * happens, handle that and return -EFAULT. | |
122 | */ | |
48c49c0e | 123 | long probe_user_write(void __user *dst, const void *src, size_t size) |
1d1585ca DB |
124 | { |
125 | long ret = -EFAULT; | |
126 | mm_segment_t old_fs = get_fs(); | |
127 | ||
128 | set_fs(USER_DS); | |
cd030905 CH |
129 | if (access_ok(dst, size)) { |
130 | pagefault_disable(); | |
131 | ret = __copy_to_user_inatomic(dst, src, size); | |
132 | pagefault_enable(); | |
133 | } | |
1d1585ca DB |
134 | set_fs(old_fs); |
135 | ||
cd030905 CH |
136 | if (ret) |
137 | return -EFAULT; | |
138 | return 0; | |
1d1585ca DB |
139 | } |
140 | EXPORT_SYMBOL_GPL(probe_user_write); | |
3d708182 | 141 | |
dbb7ee0e AS |
142 | /** |
143 | * strncpy_from_unsafe: - Copy a NUL terminated string from unsafe address. | |
144 | * @dst: Destination address, in kernel space. This buffer must be at | |
145 | * least @count bytes long. | |
f144c390 | 146 | * @unsafe_addr: Unsafe address. |
dbb7ee0e AS |
147 | * @count: Maximum number of bytes to copy, including the trailing NUL. |
148 | * | |
149 | * Copies a NUL-terminated string from unsafe address to kernel buffer. | |
150 | * | |
151 | * On success, returns the length of the string INCLUDING the trailing NUL. | |
152 | * | |
153 | * If access fails, returns -EFAULT (some data may have been copied | |
154 | * and the trailing NUL added). | |
155 | * | |
156 | * If @count is smaller than the length of the string, copies @count-1 bytes, | |
157 | * sets the last byte of @dst buffer to NUL and returns @count. | |
75a1a607 | 158 | * |
c4cb1644 | 159 | * Same as strncpy_from_kernel_nofault() except that for architectures with |
4f6de12b CH |
160 | * not fully separated user and kernel address spaces this function also works |
161 | * for user address tanges. | |
162 | * | |
163 | * DO NOT USE THIS FUNCTION - it is broken on architectures with entirely | |
164 | * separate kernel and user address spaces, and also a bad idea otherwise. | |
dbb7ee0e | 165 | */ |
75a1a607 DB |
166 | long __weak strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count) |
167 | __attribute__((alias("__strncpy_from_unsafe"))); | |
168 | ||
4f6de12b | 169 | /** |
c4cb1644 | 170 | * strncpy_from_kernel_nofault: - Copy a NUL terminated string from unsafe |
4f6de12b CH |
171 | * address. |
172 | * @dst: Destination address, in kernel space. This buffer must be at | |
173 | * least @count bytes long. | |
174 | * @unsafe_addr: Unsafe address. | |
175 | * @count: Maximum number of bytes to copy, including the trailing NUL. | |
176 | * | |
177 | * Copies a NUL-terminated string from unsafe address to kernel buffer. | |
178 | * | |
179 | * On success, returns the length of the string INCLUDING the trailing NUL. | |
180 | * | |
181 | * If access fails, returns -EFAULT (some data may have been copied | |
182 | * and the trailing NUL added). | |
183 | * | |
184 | * If @count is smaller than the length of the string, copies @count-1 bytes, | |
185 | * sets the last byte of @dst buffer to NUL and returns @count. | |
186 | */ | |
c4cb1644 | 187 | long __weak strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, |
75a1a607 DB |
188 | long count) |
189 | __attribute__((alias("__strncpy_from_unsafe"))); | |
190 | ||
191 | long __strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count) | |
dbb7ee0e AS |
192 | { |
193 | mm_segment_t old_fs = get_fs(); | |
194 | const void *src = unsafe_addr; | |
195 | long ret; | |
196 | ||
197 | if (unlikely(count <= 0)) | |
198 | return 0; | |
199 | ||
200 | set_fs(KERNEL_DS); | |
201 | pagefault_disable(); | |
202 | ||
203 | do { | |
bd28b145 | 204 | ret = __get_user(*dst++, (const char __user __force *)src++); |
dbb7ee0e AS |
205 | } while (dst[-1] && ret == 0 && src - unsafe_addr < count); |
206 | ||
207 | dst[-1] = '\0'; | |
208 | pagefault_enable(); | |
209 | set_fs(old_fs); | |
210 | ||
9dd861d5 | 211 | return ret ? -EFAULT : src - unsafe_addr; |
dbb7ee0e | 212 | } |
3d708182 MH |
213 | |
214 | /** | |
bd88bb5d | 215 | * strncpy_from_user_nofault: - Copy a NUL terminated string from unsafe user |
3d708182 MH |
216 | * address. |
217 | * @dst: Destination address, in kernel space. This buffer must be at | |
218 | * least @count bytes long. | |
219 | * @unsafe_addr: Unsafe user address. | |
220 | * @count: Maximum number of bytes to copy, including the trailing NUL. | |
221 | * | |
222 | * Copies a NUL-terminated string from unsafe user address to kernel buffer. | |
223 | * | |
224 | * On success, returns the length of the string INCLUDING the trailing NUL. | |
225 | * | |
226 | * If access fails, returns -EFAULT (some data may have been copied | |
227 | * and the trailing NUL added). | |
228 | * | |
229 | * If @count is smaller than the length of the string, copies @count-1 bytes, | |
230 | * sets the last byte of @dst buffer to NUL and returns @count. | |
231 | */ | |
bd88bb5d | 232 | long strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr, |
3d708182 MH |
233 | long count) |
234 | { | |
235 | mm_segment_t old_fs = get_fs(); | |
236 | long ret; | |
237 | ||
238 | if (unlikely(count <= 0)) | |
239 | return 0; | |
240 | ||
241 | set_fs(USER_DS); | |
242 | pagefault_disable(); | |
243 | ret = strncpy_from_user(dst, unsafe_addr, count); | |
244 | pagefault_enable(); | |
245 | set_fs(old_fs); | |
246 | ||
247 | if (ret >= count) { | |
248 | ret = count; | |
249 | dst[ret - 1] = '\0'; | |
250 | } else if (ret > 0) { | |
251 | ret++; | |
252 | } | |
253 | ||
254 | return ret; | |
255 | } | |
256 | ||
257 | /** | |
02dddb16 | 258 | * strnlen_user_nofault: - Get the size of a user string INCLUDING final NUL. |
3d708182 MH |
259 | * @unsafe_addr: The string to measure. |
260 | * @count: Maximum count (including NUL) | |
261 | * | |
262 | * Get the size of a NUL-terminated string in user space without pagefault. | |
263 | * | |
264 | * Returns the size of the string INCLUDING the terminating NUL. | |
265 | * | |
266 | * If the string is too long, returns a number larger than @count. User | |
267 | * has to check the return value against "> count". | |
268 | * On exception (or invalid count), returns 0. | |
269 | * | |
270 | * Unlike strnlen_user, this can be used from IRQ handler etc. because | |
271 | * it disables pagefaults. | |
272 | */ | |
02dddb16 | 273 | long strnlen_user_nofault(const void __user *unsafe_addr, long count) |
3d708182 MH |
274 | { |
275 | mm_segment_t old_fs = get_fs(); | |
276 | int ret; | |
277 | ||
278 | set_fs(USER_DS); | |
279 | pagefault_disable(); | |
280 | ret = strnlen_user(unsafe_addr, count); | |
281 | pagefault_enable(); | |
282 | set_fs(old_fs); | |
283 | ||
284 | return ret; | |
285 | } |