[linux-block.git] / lib / usercopy.c

// SPDX-License-Identifier: GPL-2.0
#include <linux/bitops.h>
#include <linux/fault-inject-usercopy.h>
#include <linux/instrumented.h>
#include <linux/uaccess.h>
#include <linux/nospec.h>

/* out-of-line parts */

#ifndef INLINE_COPY_FROM_USER
unsigned long _copy_from_user(void *to, const void __user *from, unsigned long n)
{
	unsigned long res = n;
	might_fault();
	if (!should_fail_usercopy() && likely(access_ok(from, n))) {
		/*
		 * Ensure that bad access_ok() speculation will not
		 * lead to nasty side effects *after* the copy is
		 * finished:
		 */
		barrier_nospec();
		instrument_copy_from_user_before(to, from, n);
		res = raw_copy_from_user(to, from, n);
		instrument_copy_from_user_after(to, from, n, res);
	}
	if (unlikely(res))
		memset(to + (n - res), 0, res);
	return res;
}
EXPORT_SYMBOL(_copy_from_user);
#endif

#ifndef INLINE_COPY_TO_USER
unsigned long _copy_to_user(void __user *to, const void *from, unsigned long n)
{
	might_fault();
	if (should_fail_usercopy())
		return n;
	if (likely(access_ok(to, n))) {
		instrument_copy_to_user(to, from, n);
		n = raw_copy_to_user(to, from, n);
	}
	return n;
}
EXPORT_SYMBOL(_copy_to_user);
#endif

/**
 * check_zeroed_user: check if a userspace buffer only contains zero bytes
 * @from: Source address, in userspace.
 * @size: Size of buffer.
 *
 * This is effectively shorthand for "memchr_inv(from, 0, size) == NULL" for
 * userspace addresses (and is more efficient because we don't care where the
 * first non-zero byte is).
 *
 * Returns:
 *  * 0: There were non-zero bytes present in the buffer.
 *  * 1: The buffer was full of zero bytes.
 *  * -EFAULT: access to userspace failed.
 */
int check_zeroed_user(const void __user *from, size_t size)
{
	unsigned long val;
	uintptr_t align = (uintptr_t) from % sizeof(unsigned long);

	if (unlikely(size == 0))
		return 1;

	from -= align;
	size += align;

	if (!user_read_access_begin(from, size))
		return -EFAULT;

	unsafe_get_user(val, (unsigned long __user *) from, err_fault);
	if (align)
		val &= ~aligned_byte_mask(align);

	while (size > sizeof(unsigned long)) {
		if (unlikely(val))
			goto done;

		from += sizeof(unsigned long);
		size -= sizeof(unsigned long);

		unsafe_get_user(val, (unsigned long __user *) from, err_fault);
	}

	if (size < sizeof(unsigned long))
		val &= aligned_byte_mask(size);

done:
	user_read_access_end();
	return (val == 0);
err_fault:
	user_read_access_end();
	return -EFAULT;
}
EXPORT_SYMBOL(check_zeroed_user);
Commit	Line	Data
b2441318	1	// SPDX-License-Identifier: GPL-2.0
f5a1a536	2	#include <linux/bitops.h>
4d0e9df5	3	#include <linux/fault-inject-usercopy.h>
76d6f06c ME	4	#include <linux/instrumented.h>
76d6f06c ME	5	#include <linux/uaccess.h>
74e19ef0	6	#include <linux/nospec.h>
d597580d AV	7
	8	/* out-of-line parts */
	9
	10	#ifndef INLINE_COPY_FROM_USER
	11	unsigned long _copy_from_user(void to, const void __user from, unsigned long n)
	12	{
	13	unsigned long res = n;
9c5f6908	14	might_fault();
4d0e9df5	15	if (!should_fail_usercopy() && likely(access_ok(from, n))) {
74e19ef0 DH	16	/*
	17	* Ensure that bad access_ok() speculation will not
	18	* lead to nasty side effects after the copy is
	19	* finished:
	20	*/
	21	barrier_nospec();
33b75c1d	22	instrument_copy_from_user_before(to, from, n);
d597580d	23	res = raw_copy_from_user(to, from, n);
33b75c1d	24	instrument_copy_from_user_after(to, from, n, res);
9c5f6908	25	}
d597580d AV	26	if (unlikely(res))
	27	memset(to + (n - res), 0, res);
	28	return res;
	29	}
	30	EXPORT_SYMBOL(_copy_from_user);
	31	#endif
	32
	33	#ifndef INLINE_COPY_TO_USER
a0e94598	34	unsigned long _copy_to_user(void __user to, const void from, unsigned long n)
d597580d	35	{
9c5f6908	36	might_fault();
4d0e9df5 AL	37	if (should_fail_usercopy())
4d0e9df5 AL	38	return n;
96d4f267	39	if (likely(access_ok(to, n))) {
76d6f06c	40	instrument_copy_to_user(to, from, n);
d597580d	41	n = raw_copy_to_user(to, from, n);
9c5f6908	42	}
d597580d AV	43	return n;
	44	}
	45	EXPORT_SYMBOL(_copy_to_user);
	46	#endif
f5a1a536 AS	47
	48	/**
	49	* check_zeroed_user: check if a userspace buffer only contains zero bytes
	50	* @from: Source address, in userspace.
	51	* @size: Size of buffer.
	52	*
	53	* This is effectively shorthand for "memchr_inv(from, 0, size) == NULL" for
	54	* userspace addresses (and is more efficient because we don't care where the
	55	* first non-zero byte is).
	56	*
	57	* Returns:
	58	* * 0: There were non-zero bytes present in the buffer.
	59	* * 1: The buffer was full of zero bytes.
	60	* * -EFAULT: access to userspace failed.
	61	*/
	62	int check_zeroed_user(const void __user *from, size_t size)
	63	{
	64	unsigned long val;
	65	uintptr_t align = (uintptr_t) from % sizeof(unsigned long);
	66
	67	if (unlikely(size == 0))
	68	return 1;
	69
	70	from -= align;
	71	size += align;
	72
41cd7805	73	if (!user_read_access_begin(from, size))
f5a1a536 AS	74	return -EFAULT;
	75
	76	unsafe_get_user(val, (unsigned long __user *) from, err_fault);
	77	if (align)
	78	val &= ~aligned_byte_mask(align);
	79
	80	while (size > sizeof(unsigned long)) {
	81	if (unlikely(val))
	82	goto done;
	83
	84	from += sizeof(unsigned long);
	85	size -= sizeof(unsigned long);
	86
	87	unsafe_get_user(val, (unsigned long __user *) from, err_fault);
	88	}
	89
	90	if (size < sizeof(unsigned long))
	91	val &= aligned_byte_mask(size);
	92
	93	done:
41cd7805	94	user_read_access_end();
f5a1a536 AS	95	return (val == 0);
f5a1a536 AS	96	err_fault:
41cd7805	97	user_read_access_end();
f5a1a536 AS	98	return -EFAULT;
	99	}
	100	EXPORT_SYMBOL(check_zeroed_user);