Merge tag 'ras_core_for_v6.3_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...
[linux-block.git] / lib / strncpy_from_user.c
CommitLineData
b2441318 1// SPDX-License-Identifier: GPL-2.0
bf3c2d6d
RV
2#include <linux/compiler.h>
3#include <linux/export.h>
4d0e9df5 4#include <linux/fault-inject-usercopy.h>
1771c6e1 5#include <linux/kasan-checks.h>
bf90e56e 6#include <linux/thread_info.h>
2922585b
DM
7#include <linux/uaccess.h>
8#include <linux/kernel.h>
9#include <linux/errno.h>
903f433f 10#include <linux/mm.h>
2922585b
DM
11
12#include <asm/byteorder.h>
36126f8f 13#include <asm/word-at-a-time.h>
2922585b
DM
14
15#ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
16#define IS_UNALIGNED(src, dst) 0
17#else
18#define IS_UNALIGNED(src, dst) \
19 (((long) dst | (long) src) & (sizeof(long) - 1))
20#endif
21
22/*
23 * Do a strncpy, return length of string without final '\0'.
24 * 'count' is the user-supplied count (return 'count' if we
25 * hit it), 'max' is the address space maximum (and we return
26 * -EFAULT if we hit it).
27 */
226d44ac 28static __always_inline long do_strncpy_from_user(char *dst, const char __user *src,
29da93fe 29 unsigned long count, unsigned long max)
2922585b 30{
36126f8f 31 const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
29da93fe 32 unsigned long res = 0;
2922585b 33
2922585b
DM
34 if (IS_UNALIGNED(src, dst))
35 goto byte_at_a_time;
36
37 while (max >= sizeof(unsigned long)) {
6fa6d280 38 unsigned long c, data, mask;
2922585b
DM
39
40 /* Fall back to byte-at-a-time if we get a page fault */
1bd4403d
LT
41 unsafe_get_user(c, (unsigned long __user *)(src+res), byte_at_a_time);
42
6fa6d280
DX
43 /*
44 * Note that we mask out the bytes following the NUL. This is
45 * important to do because string oblivious code may read past
46 * the NUL. For those routines, we don't want to give them
47 * potentially random bytes after the NUL in `src`.
48 *
49 * One example of such code is BPF map keys. BPF treats map keys
50 * as an opaque set of bytes. Without the post-NUL mask, any BPF
51 * maps keyed by strings returned from strncpy_from_user() may
52 * have multiple entries for semantically identical strings.
53 */
36126f8f
LT
54 if (has_zero(c, &data, &constants)) {
55 data = prep_zero_mask(c, data, &constants);
56 data = create_zero_mask(data);
6fa6d280
DX
57 mask = zero_bytemask(data);
58 *(unsigned long *)(dst+res) = c & mask;
36126f8f 59 return res + find_zero(data);
2922585b 60 }
6fa6d280
DX
61
62 *(unsigned long *)(dst+res) = c;
63
2922585b
DM
64 res += sizeof(unsigned long);
65 max -= sizeof(unsigned long);
66 }
67
68byte_at_a_time:
69 while (max) {
70 char c;
71
1bd4403d 72 unsafe_get_user(c,src+res, efault);
2922585b
DM
73 dst[res] = c;
74 if (!c)
75 return res;
76 res++;
77 max--;
78 }
79
80 /*
81 * Uhhuh. We hit 'max'. But was that the user-specified maximum
82 * too? If so, that's ok - we got as much as the user asked for.
83 */
84 if (res >= count)
85 return res;
86
87 /*
88 * Nope: we hit the address space limit, and we still had more
89 * characters the caller would have wanted. That's an EFAULT.
90 */
1bd4403d 91efault:
2922585b
DM
92 return -EFAULT;
93}
94
95/**
96 * strncpy_from_user: - Copy a NUL terminated string from userspace.
97 * @dst: Destination address, in kernel space. This buffer must be at
98 * least @count bytes long.
99 * @src: Source address, in user space.
100 * @count: Maximum number of bytes to copy, including the trailing NUL.
101 *
102 * Copies a NUL-terminated string from userspace to kernel space.
103 *
104 * On success, returns the length of the string (not including the trailing
105 * NUL).
106 *
107 * If access to userspace fails, returns -EFAULT (some data may have been
108 * copied).
109 *
110 * If @count is smaller than the length of the string, copies @count bytes
111 * and returns @count.
112 */
113long strncpy_from_user(char *dst, const char __user *src, long count)
114{
115 unsigned long max_addr, src_addr;
116
07887358 117 might_fault();
4d0e9df5
AL
118 if (should_fail_usercopy())
119 return -EFAULT;
2922585b
DM
120 if (unlikely(count <= 0))
121 return 0;
122
967747bb 123 max_addr = TASK_SIZE_MAX;
903f433f 124 src_addr = (unsigned long)untagged_addr(src);
2922585b
DM
125 if (likely(src_addr < max_addr)) {
126 unsigned long max = max_addr - src_addr;
9fd4470f
LT
127 long retval;
128
ab10ae1c
CL
129 /*
130 * Truncate 'max' to the user-specified limit, so that
131 * we only have one limit we need to check in the loop
132 */
133 if (max > count)
134 max = count;
135
1771c6e1 136 kasan_check_write(dst, count);
bf90e56e 137 check_object_size(dst, count, false);
41cd7805 138 if (user_read_access_begin(src, max)) {
594cc251 139 retval = do_strncpy_from_user(dst, src, count, max);
41cd7805 140 user_read_access_end();
594cc251
LT
141 return retval;
142 }
2922585b
DM
143 }
144 return -EFAULT;
145}
146EXPORT_SYMBOL(strncpy_from_user);