Commit | Line | Data |
---|---|---|
b2441318 | 1 | // SPDX-License-Identifier: GPL-2.0 |
bf3c2d6d RV |
2 | #include <linux/compiler.h> |
3 | #include <linux/export.h> | |
4d0e9df5 | 4 | #include <linux/fault-inject-usercopy.h> |
1771c6e1 | 5 | #include <linux/kasan-checks.h> |
bf90e56e | 6 | #include <linux/thread_info.h> |
2922585b DM |
7 | #include <linux/uaccess.h> |
8 | #include <linux/kernel.h> | |
9 | #include <linux/errno.h> | |
903f433f | 10 | #include <linux/mm.h> |
2922585b DM |
11 | |
12 | #include <asm/byteorder.h> | |
36126f8f | 13 | #include <asm/word-at-a-time.h> |
2922585b DM |
14 | |
15 | #ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS | |
16 | #define IS_UNALIGNED(src, dst) 0 | |
17 | #else | |
18 | #define IS_UNALIGNED(src, dst) \ | |
19 | (((long) dst | (long) src) & (sizeof(long) - 1)) | |
20 | #endif | |
21 | ||
22 | /* | |
23 | * Do a strncpy, return length of string without final '\0'. | |
24 | * 'count' is the user-supplied count (return 'count' if we | |
25 | * hit it), 'max' is the address space maximum (and we return | |
26 | * -EFAULT if we hit it). | |
27 | */ | |
29da93fe PZ |
28 | static inline long do_strncpy_from_user(char *dst, const char __user *src, |
29 | unsigned long count, unsigned long max) | |
2922585b | 30 | { |
36126f8f | 31 | const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS; |
29da93fe | 32 | unsigned long res = 0; |
2922585b | 33 | |
2922585b DM |
34 | if (IS_UNALIGNED(src, dst)) |
35 | goto byte_at_a_time; | |
36 | ||
37 | while (max >= sizeof(unsigned long)) { | |
36126f8f | 38 | unsigned long c, data; |
2922585b DM |
39 | |
40 | /* Fall back to byte-at-a-time if we get a page fault */ | |
1bd4403d LT |
41 | unsafe_get_user(c, (unsigned long __user *)(src+res), byte_at_a_time); |
42 | ||
2922585b | 43 | *(unsigned long *)(dst+res) = c; |
36126f8f LT |
44 | if (has_zero(c, &data, &constants)) { |
45 | data = prep_zero_mask(c, data, &constants); | |
46 | data = create_zero_mask(data); | |
47 | return res + find_zero(data); | |
2922585b DM |
48 | } |
49 | res += sizeof(unsigned long); | |
50 | max -= sizeof(unsigned long); | |
51 | } | |
52 | ||
53 | byte_at_a_time: | |
54 | while (max) { | |
55 | char c; | |
56 | ||
1bd4403d | 57 | unsafe_get_user(c,src+res, efault); |
2922585b DM |
58 | dst[res] = c; |
59 | if (!c) | |
60 | return res; | |
61 | res++; | |
62 | max--; | |
63 | } | |
64 | ||
65 | /* | |
66 | * Uhhuh. We hit 'max'. But was that the user-specified maximum | |
67 | * too? If so, that's ok - we got as much as the user asked for. | |
68 | */ | |
69 | if (res >= count) | |
70 | return res; | |
71 | ||
72 | /* | |
73 | * Nope: we hit the address space limit, and we still had more | |
74 | * characters the caller would have wanted. That's an EFAULT. | |
75 | */ | |
1bd4403d | 76 | efault: |
2922585b DM |
77 | return -EFAULT; |
78 | } | |
79 | ||
80 | /** | |
81 | * strncpy_from_user: - Copy a NUL terminated string from userspace. | |
82 | * @dst: Destination address, in kernel space. This buffer must be at | |
83 | * least @count bytes long. | |
84 | * @src: Source address, in user space. | |
85 | * @count: Maximum number of bytes to copy, including the trailing NUL. | |
86 | * | |
87 | * Copies a NUL-terminated string from userspace to kernel space. | |
88 | * | |
89 | * On success, returns the length of the string (not including the trailing | |
90 | * NUL). | |
91 | * | |
92 | * If access to userspace fails, returns -EFAULT (some data may have been | |
93 | * copied). | |
94 | * | |
95 | * If @count is smaller than the length of the string, copies @count bytes | |
96 | * and returns @count. | |
97 | */ | |
98 | long strncpy_from_user(char *dst, const char __user *src, long count) | |
99 | { | |
100 | unsigned long max_addr, src_addr; | |
101 | ||
07887358 | 102 | might_fault(); |
4d0e9df5 AL |
103 | if (should_fail_usercopy()) |
104 | return -EFAULT; | |
2922585b DM |
105 | if (unlikely(count <= 0)) |
106 | return 0; | |
107 | ||
108 | max_addr = user_addr_max(); | |
903f433f | 109 | src_addr = (unsigned long)untagged_addr(src); |
2922585b DM |
110 | if (likely(src_addr < max_addr)) { |
111 | unsigned long max = max_addr - src_addr; | |
9fd4470f LT |
112 | long retval; |
113 | ||
ab10ae1c CL |
114 | /* |
115 | * Truncate 'max' to the user-specified limit, so that | |
116 | * we only have one limit we need to check in the loop | |
117 | */ | |
118 | if (max > count) | |
119 | max = count; | |
120 | ||
1771c6e1 | 121 | kasan_check_write(dst, count); |
bf90e56e | 122 | check_object_size(dst, count, false); |
41cd7805 | 123 | if (user_read_access_begin(src, max)) { |
594cc251 | 124 | retval = do_strncpy_from_user(dst, src, count, max); |
41cd7805 | 125 | user_read_access_end(); |
594cc251 LT |
126 | return retval; |
127 | } | |
2922585b DM |
128 | } |
129 | return -EFAULT; | |
130 | } | |
131 | EXPORT_SYMBOL(strncpy_from_user); |