Blame - mm/maccess.c - linux - Git Browser for ODROID

blob: 253b786b2bf1779bf61c4a675efa83583582b20a [file] [log] [blame]

Thomas Gleixner	457c899	2019-05-19 13:08:55 +0100	[diff] [blame]	1	// SPDX-License-Identifier: GPL-2.0-only
Ingo Molnar	c33fa9f	2008-04-17 20:05:36 +0200	[diff] [blame]	2	/*
Christoph Hellwig	3f0acb1	2020-06-08 21:34:11 -0700	[diff] [blame]	3	* Access kernel or user memory without faulting.
Ingo Molnar	c33fa9f	2008-04-17 20:05:36 +0200	[diff] [blame]	4	*/
Paul Gortmaker	b95f1b31	2011-10-16 02:01:52 -0400	[diff] [blame]	5	#include <linux/export.h>
Ingo Molnar	c33fa9f	2008-04-17 20:05:36 +0200	[diff] [blame]	6	#include <linux/mm.h>
David Howells	7c7fcf7	2010-10-27 17:29:01 +0100	[diff] [blame]	7	#include <linux/uaccess.h>
Ingo Molnar	c33fa9f	2008-04-17 20:05:36 +0200	[diff] [blame]	8
Christoph Hellwig	98a2360	2020-06-08 21:34:50 -0700	[diff] [blame^]	9	bool __weak probe_kernel_read_allowed(const void *unsafe_src, size_t size)
Christoph Hellwig	eab0c60	2020-06-08 21:34:27 -0700	[diff] [blame]	10	{
				11	return true;
				12	}
				13
Ingo Molnar	c33fa9f	2008-04-17 20:05:36 +0200	[diff] [blame]	14	/**
Christoph Hellwig	98a2360	2020-06-08 21:34:50 -0700	[diff] [blame^]	15	* probe_kernel_read(): safely attempt to read from kernel-space
Christoph Hellwig	4f6de12	2020-06-08 21:34:07 -0700	[diff] [blame]	16	* @dst: pointer to the buffer that shall take the data
				17	* @src: address to read from
				18	* @size: size of the data chunk
				19	*
				20	* Safely read from kernel address @src to the buffer at @dst. If a kernel
				21	* fault happens, handle that and return -EFAULT.
Andrew Morton	0ab32b6	2015-11-05 18:46:03 -0800	[diff] [blame]	22	*
				23	* We ensure that the copy_from_user is executed in atomic context so that
Michel Lespinasse	c1e8d7c	2020-06-08 21:33:54 -0700	[diff] [blame]	24	* do_page_fault() doesn't attempt to take mmap_lock. This makes
Andrew Morton	0ab32b6	2015-11-05 18:46:03 -0800	[diff] [blame]	25	* probe_kernel_read() suitable for use within regions where the caller
Michel Lespinasse	c1e8d7c	2020-06-08 21:33:54 -0700	[diff] [blame]	26	* already holds mmap_lock, or other locks which nest inside mmap_lock.
Ingo Molnar	c33fa9f	2008-04-17 20:05:36 +0200	[diff] [blame]	27	*/
Christoph Hellwig	98a2360	2020-06-08 21:34:50 -0700	[diff] [blame^]	28	long probe_kernel_read(void dst, const void src, size_t size)
Ingo Molnar	c33fa9f	2008-04-17 20:05:36 +0200	[diff] [blame]	29	{
				30	long ret;
Jason Wessel	b4b8ac5	2008-02-20 13:33:38 -0600	[diff] [blame]	31	mm_segment_t old_fs = get_fs();
Ingo Molnar	c33fa9f	2008-04-17 20:05:36 +0200	[diff] [blame]	32
Christoph Hellwig	98a2360	2020-06-08 21:34:50 -0700	[diff] [blame^]	33	if (!probe_kernel_read_allowed(src, size))
Christoph Hellwig	eab0c60	2020-06-08 21:34:27 -0700	[diff] [blame]	34	return -EFAULT;
				35
Jason Wessel	b4b8ac5	2008-02-20 13:33:38 -0600	[diff] [blame]	36	set_fs(KERNEL_DS);
Christoph Hellwig	cd03090	2020-06-08 21:34:24 -0700	[diff] [blame]	37	pagefault_disable();
				38	ret = __copy_from_user_inatomic(dst, (__force const void __user *)src,
				39	size);
				40	pagefault_enable();
Jason Wessel	b4b8ac5	2008-02-20 13:33:38 -0600	[diff] [blame]	41	set_fs(old_fs);
Ingo Molnar	c33fa9f	2008-04-17 20:05:36 +0200	[diff] [blame]	42
Christoph Hellwig	cd03090	2020-06-08 21:34:24 -0700	[diff] [blame]	43	if (ret)
				44	return -EFAULT;
				45	return 0;
Ingo Molnar	c33fa9f	2008-04-17 20:05:36 +0200	[diff] [blame]	46	}
Christoph Hellwig	98a2360	2020-06-08 21:34:50 -0700	[diff] [blame^]	47	EXPORT_SYMBOL_GPL(probe_kernel_read);
Ingo Molnar	c33fa9f	2008-04-17 20:05:36 +0200	[diff] [blame]	48
				49	/**
Masami Hiramatsu	3d70818	2019-05-15 14:38:18 +0900	[diff] [blame]	50	* probe_user_read(): safely attempt to read from a user-space location
				51	* @dst: pointer to the buffer that shall take the data
				52	* @src: address to read from. This must be a user address.
				53	* @size: size of the data chunk
				54	*
				55	* Safely read from user address @src to the buffer at @dst. If a kernel fault
				56	* happens, handle that and return -EFAULT.
				57	*/
Christoph Hellwig	48c49c0	2020-06-08 21:34:01 -0700	[diff] [blame]	58	long probe_user_read(void dst, const void __user src, size_t size)
Masami Hiramatsu	3d70818	2019-05-15 14:38:18 +0900	[diff] [blame]	59	{
				60	long ret = -EFAULT;
				61	mm_segment_t old_fs = get_fs();
				62
				63	set_fs(USER_DS);
Christoph Hellwig	cd03090	2020-06-08 21:34:24 -0700	[diff] [blame]	64	if (access_ok(src, size)) {
				65	pagefault_disable();
				66	ret = __copy_from_user_inatomic(dst, src, size);
				67	pagefault_enable();
				68	}
Masami Hiramatsu	3d70818	2019-05-15 14:38:18 +0900	[diff] [blame]	69	set_fs(old_fs);
				70
Christoph Hellwig	cd03090	2020-06-08 21:34:24 -0700	[diff] [blame]	71	if (ret)
				72	return -EFAULT;
				73	return 0;
Masami Hiramatsu	3d70818	2019-05-15 14:38:18 +0900	[diff] [blame]	74	}
				75	EXPORT_SYMBOL_GPL(probe_user_read);
				76
				77	/**
Ingo Molnar	c33fa9f	2008-04-17 20:05:36 +0200	[diff] [blame]	78	* probe_kernel_write(): safely attempt to write to a location
				79	* @dst: address to write to
				80	* @src: pointer to the data that shall be written
				81	* @size: size of the data chunk
				82	*
				83	* Safely write to address @dst from the buffer at @src. If a kernel fault
				84	* happens, handle that and return -EFAULT.
				85	*/
Christoph Hellwig	48c49c0	2020-06-08 21:34:01 -0700	[diff] [blame]	86	long probe_kernel_write(void dst, const void src, size_t size)
Ingo Molnar	c33fa9f	2008-04-17 20:05:36 +0200	[diff] [blame]	87	{
				88	long ret;
Jason Wessel	b4b8ac5	2008-02-20 13:33:38 -0600	[diff] [blame]	89	mm_segment_t old_fs = get_fs();
Ingo Molnar	c33fa9f	2008-04-17 20:05:36 +0200	[diff] [blame]	90
Jason Wessel	b4b8ac5	2008-02-20 13:33:38 -0600	[diff] [blame]	91	set_fs(KERNEL_DS);
Christoph Hellwig	cd03090	2020-06-08 21:34:24 -0700	[diff] [blame]	92	pagefault_disable();
				93	ret = __copy_to_user_inatomic((__force void __user *)dst, src, size);
				94	pagefault_enable();
Jason Wessel	b4b8ac5	2008-02-20 13:33:38 -0600	[diff] [blame]	95	set_fs(old_fs);
Ingo Molnar	c33fa9f	2008-04-17 20:05:36 +0200	[diff] [blame]	96
Christoph Hellwig	cd03090	2020-06-08 21:34:24 -0700	[diff] [blame]	97	if (ret)
				98	return -EFAULT;
				99	return 0;
Ingo Molnar	c33fa9f	2008-04-17 20:05:36 +0200	[diff] [blame]	100	}
Alexei Starovoitov	dbb7ee0	2015-08-31 08:57:10 -0700	[diff] [blame]	101
Daniel Borkmann	1d1585c	2019-11-02 00:17:56 +0100	[diff] [blame]	102	/**
				103	* probe_user_write(): safely attempt to write to a user-space location
				104	* @dst: address to write to
				105	* @src: pointer to the data that shall be written
				106	* @size: size of the data chunk
				107	*
				108	* Safely write to address @dst from the buffer at @src. If a kernel fault
				109	* happens, handle that and return -EFAULT.
				110	*/
Christoph Hellwig	48c49c0	2020-06-08 21:34:01 -0700	[diff] [blame]	111	long probe_user_write(void __user dst, const void src, size_t size)
Daniel Borkmann	1d1585c	2019-11-02 00:17:56 +0100	[diff] [blame]	112	{
				113	long ret = -EFAULT;
				114	mm_segment_t old_fs = get_fs();
				115
				116	set_fs(USER_DS);
Christoph Hellwig	cd03090	2020-06-08 21:34:24 -0700	[diff] [blame]	117	if (access_ok(dst, size)) {
				118	pagefault_disable();
				119	ret = __copy_to_user_inatomic(dst, src, size);
				120	pagefault_enable();
				121	}
Daniel Borkmann	1d1585c	2019-11-02 00:17:56 +0100	[diff] [blame]	122	set_fs(old_fs);
				123
Christoph Hellwig	cd03090	2020-06-08 21:34:24 -0700	[diff] [blame]	124	if (ret)
				125	return -EFAULT;
				126	return 0;
Daniel Borkmann	1d1585c	2019-11-02 00:17:56 +0100	[diff] [blame]	127	}
				128	EXPORT_SYMBOL_GPL(probe_user_write);
Masami Hiramatsu	3d70818	2019-05-15 14:38:18 +0900	[diff] [blame]	129
Alexei Starovoitov	dbb7ee0	2015-08-31 08:57:10 -0700	[diff] [blame]	130	/**
Christoph Hellwig	c4cb164	2020-06-08 21:34:17 -0700	[diff] [blame]	131	* strncpy_from_kernel_nofault: - Copy a NUL terminated string from unsafe
Christoph Hellwig	4f6de12	2020-06-08 21:34:07 -0700	[diff] [blame]	132	* address.
				133	* @dst: Destination address, in kernel space. This buffer must be at
				134	* least @count bytes long.
				135	* @unsafe_addr: Unsafe address.
				136	* @count: Maximum number of bytes to copy, including the trailing NUL.
				137	*
				138	* Copies a NUL-terminated string from unsafe address to kernel buffer.
				139	*
				140	* On success, returns the length of the string INCLUDING the trailing NUL.
				141	*
				142	* If access fails, returns -EFAULT (some data may have been copied
				143	* and the trailing NUL added).
				144	*
				145	* If @count is smaller than the length of the string, copies @count-1 bytes,
				146	* sets the last byte of @dst buffer to NUL and returns @count.
				147	*/
Christoph Hellwig	eab0c60	2020-06-08 21:34:27 -0700	[diff] [blame]	148	long strncpy_from_kernel_nofault(char dst, const void unsafe_addr, long count)
				149	{
Alexei Starovoitov	dbb7ee0	2015-08-31 08:57:10 -0700	[diff] [blame]	150	mm_segment_t old_fs = get_fs();
				151	const void *src = unsafe_addr;
				152	long ret;
				153
				154	if (unlikely(count <= 0))
				155	return 0;
Christoph Hellwig	98a2360	2020-06-08 21:34:50 -0700	[diff] [blame^]	156	if (!probe_kernel_read_allowed(unsafe_addr, count))
Christoph Hellwig	eab0c60	2020-06-08 21:34:27 -0700	[diff] [blame]	157	return -EFAULT;
Alexei Starovoitov	dbb7ee0	2015-08-31 08:57:10 -0700	[diff] [blame]	158
				159	set_fs(KERNEL_DS);
				160	pagefault_disable();
				161
				162	do {
Linus Torvalds	bd28b14	2016-05-22 17:21:27 -0700	[diff] [blame]	163	ret = __get_user(dst++, (const char __user __force )src++);
Alexei Starovoitov	dbb7ee0	2015-08-31 08:57:10 -0700	[diff] [blame]	164	} while (dst[-1] && ret == 0 && src - unsafe_addr < count);
				165
				166	dst[-1] = '\0';
				167	pagefault_enable();
				168	set_fs(old_fs);
				169
Rasmus Villemoes	9dd861d	2015-11-05 18:50:11 -0800	[diff] [blame]	170	return ret ? -EFAULT : src - unsafe_addr;
Alexei Starovoitov	dbb7ee0	2015-08-31 08:57:10 -0700	[diff] [blame]	171	}
Masami Hiramatsu	3d70818	2019-05-15 14:38:18 +0900	[diff] [blame]	172
				173	/**
Christoph Hellwig	bd88bb5	2020-06-08 21:34:14 -0700	[diff] [blame]	174	* strncpy_from_user_nofault: - Copy a NUL terminated string from unsafe user
Masami Hiramatsu	3d70818	2019-05-15 14:38:18 +0900	[diff] [blame]	175	* address.
				176	* @dst: Destination address, in kernel space. This buffer must be at
				177	* least @count bytes long.
				178	* @unsafe_addr: Unsafe user address.
				179	* @count: Maximum number of bytes to copy, including the trailing NUL.
				180	*
				181	* Copies a NUL-terminated string from unsafe user address to kernel buffer.
				182	*
				183	* On success, returns the length of the string INCLUDING the trailing NUL.
				184	*
				185	* If access fails, returns -EFAULT (some data may have been copied
				186	* and the trailing NUL added).
				187	*
				188	* If @count is smaller than the length of the string, copies @count-1 bytes,
				189	* sets the last byte of @dst buffer to NUL and returns @count.
				190	*/
Christoph Hellwig	bd88bb5	2020-06-08 21:34:14 -0700	[diff] [blame]	191	long strncpy_from_user_nofault(char dst, const void __user unsafe_addr,
Masami Hiramatsu	3d70818	2019-05-15 14:38:18 +0900	[diff] [blame]	192	long count)
				193	{
				194	mm_segment_t old_fs = get_fs();
				195	long ret;
				196
				197	if (unlikely(count <= 0))
				198	return 0;
				199
				200	set_fs(USER_DS);
				201	pagefault_disable();
				202	ret = strncpy_from_user(dst, unsafe_addr, count);
				203	pagefault_enable();
				204	set_fs(old_fs);
				205
				206	if (ret >= count) {
				207	ret = count;
				208	dst[ret - 1] = '\0';
				209	} else if (ret > 0) {
				210	ret++;
				211	}
				212
				213	return ret;
				214	}
				215
				216	/**
Christoph Hellwig	02dddb1	2020-06-08 21:34:20 -0700	[diff] [blame]	217	* strnlen_user_nofault: - Get the size of a user string INCLUDING final NUL.
Masami Hiramatsu	3d70818	2019-05-15 14:38:18 +0900	[diff] [blame]	218	* @unsafe_addr: The string to measure.
				219	* @count: Maximum count (including NUL)
				220	*
				221	* Get the size of a NUL-terminated string in user space without pagefault.
				222	*
				223	* Returns the size of the string INCLUDING the terminating NUL.
				224	*
				225	* If the string is too long, returns a number larger than @count. User
				226	* has to check the return value against "> count".
				227	* On exception (or invalid count), returns 0.
				228	*
				229	* Unlike strnlen_user, this can be used from IRQ handler etc. because
				230	* it disables pagefaults.
				231	*/
Christoph Hellwig	02dddb1	2020-06-08 21:34:20 -0700	[diff] [blame]	232	long strnlen_user_nofault(const void __user *unsafe_addr, long count)
Masami Hiramatsu	3d70818	2019-05-15 14:38:18 +0900	[diff] [blame]	233	{
				234	mm_segment_t old_fs = get_fs();
				235	int ret;
				236
				237	set_fs(USER_DS);
				238	pagefault_disable();
				239	ret = strnlen_user(unsafe_addr, count);
				240	pagefault_enable();
				241	set_fs(old_fs);
				242
				243	return ret;
				244	}