projects / linux-block.git / blame
| Commit | Line | Data |
|---|---|---|
| 457c8996 | 1 | // SPDX-License-Identifier: GPL-2.0-only |
| c33fa9f5 | 2 | /* |
| 3f0acb1e | 3 | * Access kernel or user memory without faulting. |
| c33fa9f5 | 4 | */ |
| b95f1b31 | 5 | #include <linux/export.h> |
| c33fa9f5 | 6 | #include <linux/mm.h> |
| 7c7fcf76 | 7 | #include <linux/uaccess.h> |
| c33fa9f5 | 8 | |
| 98a23609 | 9 | bool __weak probe_kernel_read_allowed(const void *unsafe_src, size_t size) |
| eab0c608 CH |
10 | { |
| 11 | return true; | |
| 12 | } | |
| 13 | ||
| c33fa9f5 | 14 | /** |
| 98a23609 | 15 | * probe_kernel_read(): safely attempt to read from kernel-space |
| 4f6de12b CH |
16 | * @dst: pointer to the buffer that shall take the data |
| 17 | * @src: address to read from | |
| 18 | * @size: size of the data chunk | |
| 19 | * | |
| 20 | * Safely read from kernel address @src to the buffer at @dst. If a kernel | |
| 21 | * fault happens, handle that and return -EFAULT. | |
| 0ab32b6f AM |
22 | * |
| 23 | * We ensure that the copy_from_user is executed in atomic context so that | |
| c1e8d7c6 | 24 | * do_page_fault() doesn't attempt to take mmap_lock. This makes |
| 0ab32b6f | 25 | * probe_kernel_read() suitable for use within regions where the caller |
| c1e8d7c6 | 26 | * already holds mmap_lock, or other locks which nest inside mmap_lock. |
| c33fa9f5 | 27 | */ |
| 98a23609 | 28 | long probe_kernel_read(void *dst, const void *src, size_t size) |
| c33fa9f5 IM |
29 | { |
| 30 | long ret; | |
| b4b8ac52 | 31 | mm_segment_t old_fs = get_fs(); |
| c33fa9f5 | 32 | |
| 98a23609 | 33 | if (!probe_kernel_read_allowed(src, size)) |
| eab0c608 CH |
34 | return -EFAULT; |
| 35 | ||
| b4b8ac52 | 36 | set_fs(KERNEL_DS); |
| cd030905 CH |
37 | pagefault_disable(); |
| 38 | ret = __copy_from_user_inatomic(dst, (__force const void __user *)src, | |
| 39 | size); | |
| 40 | pagefault_enable(); | |
| b4b8ac52 | 41 | set_fs(old_fs); |
| c33fa9f5 | 42 | |
| cd030905 CH |
43 | if (ret) |
| 44 | return -EFAULT; | |
| 45 | return 0; | |
| c33fa9f5 | 46 | } |
| 98a23609 | 47 | EXPORT_SYMBOL_GPL(probe_kernel_read); |
| c33fa9f5 IM |
48 | |
| 49 | /** | |
| 50 | * probe_kernel_write(): safely attempt to write to a location | |
| 51 | * @dst: address to write to | |
| 52 | * @src: pointer to the data that shall be written | |
| 53 | * @size: size of the data chunk | |
| 54 | * | |
| 55 | * Safely write to address @dst from the buffer at @src. If a kernel fault | |
| 56 | * happens, handle that and return -EFAULT. | |
| 57 | */ | |
| 48c49c0e | 58 | long probe_kernel_write(void *dst, const void *src, size_t size) |
| c33fa9f5 IM |
59 | { |
| 60 | long ret; | |
| b4b8ac52 | 61 | mm_segment_t old_fs = get_fs(); |
| c33fa9f5 | 62 | |
| b4b8ac52 | 63 | set_fs(KERNEL_DS); |
| cd030905 CH |
64 | pagefault_disable(); |
| 65 | ret = __copy_to_user_inatomic((__force void __user *)dst, src, size); | |
| 66 | pagefault_enable(); | |
| b4b8ac52 | 67 | set_fs(old_fs); |
| c33fa9f5 | 68 | |
| cd030905 CH |
69 | if (ret) |
| 70 | return -EFAULT; | |
| 71 | return 0; | |
| c33fa9f5 | 72 | } |
| dbb7ee0e | 73 | |
| 4f6de12b | 74 | /** |
| c4cb1644 | 75 | * strncpy_from_kernel_nofault: - Copy a NUL terminated string from unsafe |
| 4f6de12b CH |
76 | * address. |
| 77 | * @dst: Destination address, in kernel space. This buffer must be at | |
| 78 | * least @count bytes long. | |
| 79 | * @unsafe_addr: Unsafe address. | |
| 80 | * @count: Maximum number of bytes to copy, including the trailing NUL. | |
| 81 | * | |
| 82 | * Copies a NUL-terminated string from unsafe address to kernel buffer. | |
| 83 | * | |
| 84 | * On success, returns the length of the string INCLUDING the trailing NUL. | |
| 85 | * | |
| 86 | * If access fails, returns -EFAULT (some data may have been copied | |
| 87 | * and the trailing NUL added). | |
| 88 | * | |
| 89 | * If @count is smaller than the length of the string, copies @count-1 bytes, | |
| 90 | * sets the last byte of @dst buffer to NUL and returns @count. | |
| 91 | */ | |
| eab0c608 | 92 | long strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, long count) |
| dbb7ee0e AS |
93 | { |
| 94 | mm_segment_t old_fs = get_fs(); | |
| 95 | const void *src = unsafe_addr; | |
| 96 | long ret; | |
| 97 | ||
| 98 | if (unlikely(count <= 0)) | |
| 99 | return 0; | |
| 98a23609 | 100 | if (!probe_kernel_read_allowed(unsafe_addr, count)) |
| eab0c608 | 101 | return -EFAULT; |
| dbb7ee0e AS |
102 | |
| 103 | set_fs(KERNEL_DS); | |
| 104 | pagefault_disable(); | |
| 105 | ||
| 106 | do { | |
| bd28b145 | 107 | ret = __get_user(*dst++, (const char __user __force *)src++); |
| dbb7ee0e AS |
108 | } while (dst[-1] && ret == 0 && src - unsafe_addr < count); |
| 109 | ||
| 110 | dst[-1] = '\0'; | |
| 111 | pagefault_enable(); | |
| 112 | set_fs(old_fs); | |
| 113 | ||
| 9dd861d5 | 114 | return ret ? -EFAULT : src - unsafe_addr; |
| dbb7ee0e | 115 | } |
| 3d708182 | 116 | |
| fc3562d7 CH |
117 | /** |
| 118 | * probe_user_read(): safely attempt to read from a user-space location | |
| 119 | * @dst: pointer to the buffer that shall take the data | |
| 120 | * @src: address to read from. This must be a user address. | |
| 121 | * @size: size of the data chunk | |
| 122 | * | |
| 123 | * Safely read from user address @src to the buffer at @dst. If a kernel fault | |
| 124 | * happens, handle that and return -EFAULT. | |
| 125 | */ | |
| 126 | long probe_user_read(void *dst, const void __user *src, size_t size) | |
| 127 | { | |
| 128 | long ret = -EFAULT; | |
| 129 | mm_segment_t old_fs = get_fs(); | |
| 130 | ||
| 131 | set_fs(USER_DS); | |
| 132 | if (access_ok(src, size)) { | |
| 133 | pagefault_disable(); | |
| 134 | ret = __copy_from_user_inatomic(dst, src, size); | |
| 135 | pagefault_enable(); | |
| 136 | } | |
| 137 | set_fs(old_fs); | |
| 138 | ||
| 139 | if (ret) | |
| 140 | return -EFAULT; | |
| 141 | return 0; | |
| 142 | } | |
| 143 | EXPORT_SYMBOL_GPL(probe_user_read); | |
| 144 | ||
| 145 | /** | |
| 146 | * probe_user_write(): safely attempt to write to a user-space location | |
| 147 | * @dst: address to write to | |
| 148 | * @src: pointer to the data that shall be written | |
| 149 | * @size: size of the data chunk | |
| 150 | * | |
| 151 | * Safely write to address @dst from the buffer at @src. If a kernel fault | |
| 152 | * happens, handle that and return -EFAULT. | |
| 153 | */ | |
| 154 | long probe_user_write(void __user *dst, const void *src, size_t size) | |
| 155 | { | |
| 156 | long ret = -EFAULT; | |
| 157 | mm_segment_t old_fs = get_fs(); | |
| 158 | ||
| 159 | set_fs(USER_DS); | |
| 160 | if (access_ok(dst, size)) { | |
| 161 | pagefault_disable(); | |
| 162 | ret = __copy_to_user_inatomic(dst, src, size); | |
| 163 | pagefault_enable(); | |
| 164 | } | |
| 165 | set_fs(old_fs); | |
| 166 | ||
| 167 | if (ret) | |
| 168 | return -EFAULT; | |
| 169 | return 0; | |
| 170 | } | |
| 171 | EXPORT_SYMBOL_GPL(probe_user_write); | |
| 172 | ||
| 3d708182 | 173 | /** |
| bd88bb5d | 174 | * strncpy_from_user_nofault: - Copy a NUL terminated string from unsafe user |
| 3d708182 MH |
175 | * address. |
| 176 | * @dst: Destination address, in kernel space. This buffer must be at | |
| 177 | * least @count bytes long. | |
| 178 | * @unsafe_addr: Unsafe user address. | |
| 179 | * @count: Maximum number of bytes to copy, including the trailing NUL. | |
| 180 | * | |
| 181 | * Copies a NUL-terminated string from unsafe user address to kernel buffer. | |
| 182 | * | |
| 183 | * On success, returns the length of the string INCLUDING the trailing NUL. | |
| 184 | * | |
| 185 | * If access fails, returns -EFAULT (some data may have been copied | |
| 186 | * and the trailing NUL added). | |
| 187 | * | |
| 188 | * If @count is smaller than the length of the string, copies @count-1 bytes, | |
| 189 | * sets the last byte of @dst buffer to NUL and returns @count. | |
| 190 | */ | |
| bd88bb5d | 191 | long strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr, |
| 3d708182 MH |
192 | long count) |
| 193 | { | |
| 194 | mm_segment_t old_fs = get_fs(); | |
| 195 | long ret; | |
| 196 | ||
| 197 | if (unlikely(count <= 0)) | |
| 198 | return 0; | |
| 199 | ||
| 200 | set_fs(USER_DS); | |
| 201 | pagefault_disable(); | |
| 202 | ret = strncpy_from_user(dst, unsafe_addr, count); | |
| 203 | pagefault_enable(); | |
| 204 | set_fs(old_fs); | |
| 205 | ||
| 206 | if (ret >= count) { | |
| 207 | ret = count; | |
| 208 | dst[ret - 1] = '\0'; | |
| 209 | } else if (ret > 0) { | |
| 210 | ret++; | |
| 211 | } | |
| 212 | ||
| 213 | return ret; | |
| 214 | } | |
| 215 | ||
| 216 | /** | |
| 02dddb16 | 217 | * strnlen_user_nofault: - Get the size of a user string INCLUDING final NUL. |
| 3d708182 MH |
218 | * @unsafe_addr: The string to measure. |
| 219 | * @count: Maximum count (including NUL) | |
| 220 | * | |
| 221 | * Get the size of a NUL-terminated string in user space without pagefault. | |
| 222 | * | |
| 223 | * Returns the size of the string INCLUDING the terminating NUL. | |
| 224 | * | |
| 225 | * If the string is too long, returns a number larger than @count. User | |
| 226 | * has to check the return value against "> count". | |
| 227 | * On exception (or invalid count), returns 0. | |
| 228 | * | |
| 229 | * Unlike strnlen_user, this can be used from IRQ handler etc. because | |
| 230 | * it disables pagefaults. | |
| 231 | */ | |
| 02dddb16 | 232 | long strnlen_user_nofault(const void __user *unsafe_addr, long count) |
| 3d708182 MH |
233 | { |
| 234 | mm_segment_t old_fs = get_fs(); | |
| 235 | int ret; | |
| 236 | ||
| 237 | set_fs(USER_DS); | |
| 238 | pagefault_disable(); | |
| 239 | ret = strnlen_user(unsafe_addr, count); | |
| 240 | pagefault_enable(); | |
| 241 | set_fs(old_fs); | |
| 242 | ||
| 243 | return ret; | |
| 244 | } |