Commit | Line | Data |
---|---|---|
ba423fda CH |
1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
2 | /* | |
3 | * Copyright (c) 2020 Christoph Hellwig. | |
4 | * | |
5 | * Support for "universal" pointers that can point to either kernel or userspace | |
6 | * memory. | |
7 | */ | |
8 | #ifndef _LINUX_SOCKPTR_H | |
9 | #define _LINUX_SOCKPTR_H | |
10 | ||
11 | #include <linux/slab.h> | |
12 | #include <linux/uaccess.h> | |
13 | ||
14 | typedef struct { | |
15 | union { | |
16 | void *kernel; | |
17 | void __user *user; | |
18 | }; | |
19 | bool is_kernel : 1; | |
20 | } sockptr_t; | |
21 | ||
22 | static inline bool sockptr_is_kernel(sockptr_t sockptr) | |
23 | { | |
24 | return sockptr.is_kernel; | |
25 | } | |
26 | ||
27 | static inline sockptr_t KERNEL_SOCKPTR(void *p) | |
28 | { | |
29 | return (sockptr_t) { .kernel = p, .is_kernel = true }; | |
30 | } | |
31 | ||
519a8a6c | 32 | static inline sockptr_t USER_SOCKPTR(void __user *p) |
ba423fda | 33 | { |
519a8a6c | 34 | return (sockptr_t) { .user = p }; |
ba423fda CH |
35 | } |
36 | ||
37 | static inline bool sockptr_is_null(sockptr_t sockptr) | |
38 | { | |
035bfd05 CH |
39 | if (sockptr_is_kernel(sockptr)) |
40 | return !sockptr.kernel; | |
41 | return !sockptr.user; | |
ba423fda CH |
42 | } |
43 | ||
d3c48151 CH |
44 | static inline int copy_from_sockptr_offset(void *dst, sockptr_t src, |
45 | size_t offset, size_t size) | |
ba423fda CH |
46 | { |
47 | if (!sockptr_is_kernel(src)) | |
d3c48151 CH |
48 | return copy_from_user(dst, src.user + offset, size); |
49 | memcpy(dst, src.kernel + offset, size); | |
ba423fda CH |
50 | return 0; |
51 | } | |
52 | ||
6309863b ED |
53 | /* Deprecated. |
54 | * This is unsafe, unless caller checked user provided optlen. | |
55 | * Prefer copy_safe_from_sockptr() instead. | |
56 | */ | |
d3c48151 CH |
57 | static inline int copy_from_sockptr(void *dst, sockptr_t src, size_t size) |
58 | { | |
59 | return copy_from_sockptr_offset(dst, src, 0, size); | |
60 | } | |
61 | ||
6309863b ED |
62 | /** |
63 | * copy_safe_from_sockptr: copy a struct from sockptr | |
64 | * @dst: Destination address, in kernel space. This buffer must be @ksize | |
65 | * bytes long. | |
66 | * @ksize: Size of @dst struct. | |
67 | * @optval: Source address. (in user or kernel space) | |
68 | * @optlen: Size of @optval data. | |
69 | * | |
70 | * Returns: | |
71 | * * -EINVAL: @optlen < @ksize | |
72 | * * -EFAULT: access to userspace failed. | |
73 | * * 0 : @ksize bytes were copied | |
74 | */ | |
75 | static inline int copy_safe_from_sockptr(void *dst, size_t ksize, | |
76 | sockptr_t optval, unsigned int optlen) | |
77 | { | |
78 | if (optlen < ksize) | |
79 | return -EINVAL; | |
80 | return copy_from_sockptr(dst, optval, ksize); | |
81 | } | |
82 | ||
4954f17d DS |
83 | static inline int copy_struct_from_sockptr(void *dst, size_t ksize, |
84 | sockptr_t src, size_t usize) | |
85 | { | |
86 | size_t size = min(ksize, usize); | |
87 | size_t rest = max(ksize, usize) - size; | |
88 | ||
89 | if (!sockptr_is_kernel(src)) | |
90 | return copy_struct_from_user(dst, ksize, src.user, size); | |
91 | ||
92 | if (usize < ksize) { | |
93 | memset(dst + size, 0, rest); | |
94 | } else if (usize > ksize) { | |
95 | char *p = src.kernel; | |
96 | ||
97 | while (rest--) { | |
98 | if (*p++) | |
99 | return -E2BIG; | |
100 | } | |
101 | } | |
102 | memcpy(dst, src.kernel, size); | |
103 | return 0; | |
104 | } | |
105 | ||
d3c48151 CH |
106 | static inline int copy_to_sockptr_offset(sockptr_t dst, size_t offset, |
107 | const void *src, size_t size) | |
ba423fda CH |
108 | { |
109 | if (!sockptr_is_kernel(dst)) | |
d3c48151 CH |
110 | return copy_to_user(dst.user + offset, src, size); |
111 | memcpy(dst.kernel + offset, src, size); | |
ba423fda CH |
112 | return 0; |
113 | } | |
114 | ||
4ff09db1 MKL |
115 | static inline int copy_to_sockptr(sockptr_t dst, const void *src, size_t size) |
116 | { | |
117 | return copy_to_sockptr_offset(dst, 0, src, size); | |
118 | } | |
119 | ||
2c321f3f | 120 | static inline void *memdup_sockptr_noprof(sockptr_t src, size_t len) |
ba423fda | 121 | { |
2c321f3f | 122 | void *p = kmalloc_track_caller_noprof(len, GFP_USER | __GFP_NOWARN); |
ba423fda CH |
123 | |
124 | if (!p) | |
125 | return ERR_PTR(-ENOMEM); | |
126 | if (copy_from_sockptr(p, src, len)) { | |
127 | kfree(p); | |
128 | return ERR_PTR(-EFAULT); | |
129 | } | |
130 | return p; | |
131 | } | |
2c321f3f | 132 | #define memdup_sockptr(...) alloc_hooks(memdup_sockptr_noprof(__VA_ARGS__)) |
ba423fda | 133 | |
2c321f3f | 134 | static inline void *memdup_sockptr_nul_noprof(sockptr_t src, size_t len) |
ba423fda | 135 | { |
2c321f3f | 136 | char *p = kmalloc_track_caller_noprof(len + 1, GFP_KERNEL); |
ba423fda CH |
137 | |
138 | if (!p) | |
139 | return ERR_PTR(-ENOMEM); | |
140 | if (copy_from_sockptr(p, src, len)) { | |
141 | kfree(p); | |
142 | return ERR_PTR(-EFAULT); | |
143 | } | |
144 | p[len] = '\0'; | |
145 | return p; | |
146 | } | |
2c321f3f | 147 | #define memdup_sockptr_nul(...) alloc_hooks(memdup_sockptr_nul_noprof(__VA_ARGS__)) |
ba423fda | 148 | |
ba423fda CH |
149 | static inline long strncpy_from_sockptr(char *dst, sockptr_t src, size_t count) |
150 | { | |
151 | if (sockptr_is_kernel(src)) { | |
152 | size_t len = min(strnlen(src.kernel, count - 1) + 1, count); | |
153 | ||
154 | memcpy(dst, src.kernel, len); | |
155 | return len; | |
156 | } | |
157 | return strncpy_from_user(dst, src.user, count); | |
158 | } | |
159 | ||
88527790 JK |
160 | static inline int check_zeroed_sockptr(sockptr_t src, size_t offset, |
161 | size_t size) | |
162 | { | |
163 | if (!sockptr_is_kernel(src)) | |
164 | return check_zeroed_user(src.user + offset, size); | |
165 | return memchr_inv(src.kernel + offset, 0, size) == NULL; | |
166 | } | |
167 | ||
ba423fda | 168 | #endif /* _LINUX_SOCKPTR_H */ |