[thirdparty/linux.git] / mm / maccess.c

// SPDX-License-Identifier: GPL-2.0-only
/*
 * Access kernel or user memory without faulting.
 */
#include <linux/export.h>
#include <linux/mm.h>
#include <linux/uaccess.h>

bool __weak probe_kernel_read_allowed(const void *unsafe_src, size_t size)
{
	return true;
}

#ifdef HAVE_GET_KERNEL_NOFAULT

#define probe_kernel_read_loop(dst, src, len, type, err_label)		\
	while (len >= sizeof(type)) {					\
		__get_kernel_nofault(dst, src, type, err_label);		\
		dst += sizeof(type);					\
		src += sizeof(type);					\
		len -= sizeof(type);					\
	}

long probe_kernel_read(void *dst, const void *src, size_t size)
{
	if (!probe_kernel_read_allowed(src, size))
		return -ERANGE;

	pagefault_disable();
	probe_kernel_read_loop(dst, src, size, u64, Efault);
	probe_kernel_read_loop(dst, src, size, u32, Efault);
	probe_kernel_read_loop(dst, src, size, u16, Efault);
	probe_kernel_read_loop(dst, src, size, u8, Efault);
	pagefault_enable();
	return 0;
Efault:
	pagefault_enable();
	return -EFAULT;
}
EXPORT_SYMBOL_GPL(probe_kernel_read);

#define probe_kernel_write_loop(dst, src, len, type, err_label)		\
	while (len >= sizeof(type)) {					\
		__put_kernel_nofault(dst, src, type, err_label);		\
		dst += sizeof(type);					\
		src += sizeof(type);					\
		len -= sizeof(type);					\
	}

long probe_kernel_write(void *dst, const void *src, size_t size)
{
	pagefault_disable();
	probe_kernel_write_loop(dst, src, size, u64, Efault);
	probe_kernel_write_loop(dst, src, size, u32, Efault);
	probe_kernel_write_loop(dst, src, size, u16, Efault);
	probe_kernel_write_loop(dst, src, size, u8, Efault);
	pagefault_enable();
	return 0;
Efault:
	pagefault_enable();
	return -EFAULT;
}

long strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, long count)
{
	const void *src = unsafe_addr;

	if (unlikely(count <= 0))
		return 0;
	if (!probe_kernel_read_allowed(unsafe_addr, count))
		return -ERANGE;

	pagefault_disable();
	do {
		__get_kernel_nofault(dst, src, u8, Efault);
		dst++;
		src++;
	} while (dst[-1] && src - unsafe_addr < count);
	pagefault_enable();

	dst[-1] = '\0';
	return src - unsafe_addr;
Efault:
	pagefault_enable();
	dst[-1] = '\0';
	return -EFAULT;
}
#else /* HAVE_GET_KERNEL_NOFAULT */
/**
 * probe_kernel_read(): safely attempt to read from kernel-space
 * @dst: pointer to the buffer that shall take the data
 * @src: address to read from
 * @size: size of the data chunk
 *
 * Safely read from kernel address @src to the buffer at @dst.  If a kernel
 * fault happens, handle that and return -EFAULT.  If @src is not a valid kernel
 * address, return -ERANGE.
 *
 * We ensure that the copy_from_user is executed in atomic context so that
 * do_page_fault() doesn't attempt to take mmap_lock.  This makes
 * probe_kernel_read() suitable for use within regions where the caller
 * already holds mmap_lock, or other locks which nest inside mmap_lock.
 */
long probe_kernel_read(void *dst, const void *src, size_t size)
{
	long ret;
	mm_segment_t old_fs = get_fs();

	if (!probe_kernel_read_allowed(src, size))
		return -ERANGE;

	set_fs(KERNEL_DS);
	pagefault_disable();
	ret = __copy_from_user_inatomic(dst, (__force const void __user *)src,
			size);
	pagefault_enable();
	set_fs(old_fs);

	if (ret)
		return -EFAULT;
	return 0;
}
EXPORT_SYMBOL_GPL(probe_kernel_read);

/**
 * probe_kernel_write(): safely attempt to write to a location
 * @dst: address to write to
 * @src: pointer to the data that shall be written
 * @size: size of the data chunk
 *
 * Safely write to address @dst from the buffer at @src.  If a kernel fault
 * happens, handle that and return -EFAULT.
 */
long probe_kernel_write(void *dst, const void *src, size_t size)
{
	long ret;
	mm_segment_t old_fs = get_fs();

	set_fs(KERNEL_DS);
	pagefault_disable();
	ret = __copy_to_user_inatomic((__force void __user *)dst, src, size);
	pagefault_enable();
	set_fs(old_fs);

	if (ret)
		return -EFAULT;
	return 0;
}

/**
 * strncpy_from_kernel_nofault: - Copy a NUL terminated string from unsafe
 *				 address.
 * @dst:   Destination address, in kernel space.  This buffer must be at
 *         least @count bytes long.
 * @unsafe_addr: Unsafe address.
 * @count: Maximum number of bytes to copy, including the trailing NUL.
 *
 * Copies a NUL-terminated string from unsafe address to kernel buffer.
 *
 * On success, returns the length of the string INCLUDING the trailing NUL.
 *
 * If access fails, returns -EFAULT (some data may have been copied and the
 * trailing NUL added).  If @unsafe_addr is not a valid kernel address, return
 * -ERANGE.
 *
 * If @count is smaller than the length of the string, copies @count-1 bytes,
 * sets the last byte of @dst buffer to NUL and returns @count.
 */
long strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, long count)
{
	mm_segment_t old_fs = get_fs();
	const void *src = unsafe_addr;
	long ret;

	if (unlikely(count <= 0))
		return 0;
	if (!probe_kernel_read_allowed(unsafe_addr, count))
		return -ERANGE;

	set_fs(KERNEL_DS);
	pagefault_disable();

	do {
		ret = __get_user(*dst++, (const char __user __force *)src++);
	} while (dst[-1] && ret == 0 && src - unsafe_addr < count);

	dst[-1] = '\0';
	pagefault_enable();
	set_fs(old_fs);

	return ret ? -EFAULT : src - unsafe_addr;
}
#endif /* HAVE_GET_KERNEL_NOFAULT */

/**
 * probe_user_read(): safely attempt to read from a user-space location
 * @dst: pointer to the buffer that shall take the data
 * @src: address to read from. This must be a user address.
 * @size: size of the data chunk
 *
 * Safely read from user address @src to the buffer at @dst. If a kernel fault
 * happens, handle that and return -EFAULT.
 */
long probe_user_read(void *dst, const void __user *src, size_t size)
{
	long ret = -EFAULT;
	mm_segment_t old_fs = get_fs();

	set_fs(USER_DS);
	if (access_ok(src, size)) {
		pagefault_disable();
		ret = __copy_from_user_inatomic(dst, src, size);
		pagefault_enable();
	}
	set_fs(old_fs);

	if (ret)
		return -EFAULT;
	return 0;
}
EXPORT_SYMBOL_GPL(probe_user_read);

/**
 * probe_user_write(): safely attempt to write to a user-space location
 * @dst: address to write to
 * @src: pointer to the data that shall be written
 * @size: size of the data chunk
 *
 * Safely write to address @dst from the buffer at @src.  If a kernel fault
 * happens, handle that and return -EFAULT.
 */
long probe_user_write(void __user *dst, const void *src, size_t size)
{
	long ret = -EFAULT;
	mm_segment_t old_fs = get_fs();

	set_fs(USER_DS);
	if (access_ok(dst, size)) {
		pagefault_disable();
		ret = __copy_to_user_inatomic(dst, src, size);
		pagefault_enable();
	}
	set_fs(old_fs);

	if (ret)
		return -EFAULT;
	return 0;
}
EXPORT_SYMBOL_GPL(probe_user_write);

/**
 * strncpy_from_user_nofault: - Copy a NUL terminated string from unsafe user
 *				address.
 * @dst:   Destination address, in kernel space.  This buffer must be at
 *         least @count bytes long.
 * @unsafe_addr: Unsafe user address.
 * @count: Maximum number of bytes to copy, including the trailing NUL.
 *
 * Copies a NUL-terminated string from unsafe user address to kernel buffer.
 *
 * On success, returns the length of the string INCLUDING the trailing NUL.
 *
 * If access fails, returns -EFAULT (some data may have been copied
 * and the trailing NUL added).
 *
 * If @count is smaller than the length of the string, copies @count-1 bytes,
 * sets the last byte of @dst buffer to NUL and returns @count.
 */
long strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr,
			      long count)
{
	mm_segment_t old_fs = get_fs();
	long ret;

	if (unlikely(count <= 0))
		return 0;

	set_fs(USER_DS);
	pagefault_disable();
	ret = strncpy_from_user(dst, unsafe_addr, count);
	pagefault_enable();
	set_fs(old_fs);

	if (ret >= count) {
		ret = count;
		dst[ret - 1] = '\0';
	} else if (ret > 0) {
		ret++;
	}

	return ret;
}

/**
 * strnlen_user_nofault: - Get the size of a user string INCLUDING final NUL.
 * @unsafe_addr: The string to measure.
 * @count: Maximum count (including NUL)
 *
 * Get the size of a NUL-terminated string in user space without pagefault.
 *
 * Returns the size of the string INCLUDING the terminating NUL.
 *
 * If the string is too long, returns a number larger than @count. User
 * has to check the return value against "> count".
 * On exception (or invalid count), returns 0.
 *
 * Unlike strnlen_user, this can be used from IRQ handler etc. because
 * it disables pagefaults.
 */
long strnlen_user_nofault(const void __user *unsafe_addr, long count)
{
	mm_segment_t old_fs = get_fs();
	int ret;

	set_fs(USER_DS);
	pagefault_disable();
	ret = strnlen_user(unsafe_addr, count);
	pagefault_enable();
	set_fs(old_fs);

	return ret;
}
Commit	Line	Data
457c8996	1	// SPDX-License-Identifier: GPL-2.0-only
c33fa9f5	2	/*
3f0acb1e	3	* Access kernel or user memory without faulting.
c33fa9f5	4	*/
b95f1b31	5	#include <linux/export.h>
c33fa9f5	6	#include <linux/mm.h>
7c7fcf76	7	#include <linux/uaccess.h>
c33fa9f5	8
98a23609	9	bool __weak probe_kernel_read_allowed(const void *unsafe_src, size_t size)
eab0c608 CH	10	{
	11	return true;
	12	}
	13
b58294ea CH	14	#ifdef HAVE_GET_KERNEL_NOFAULT
	15
	16	#define probe_kernel_read_loop(dst, src, len, type, err_label) \
	17	while (len >= sizeof(type)) { \
	18	__get_kernel_nofault(dst, src, type, err_label); \
	19	dst += sizeof(type); \
	20	src += sizeof(type); \
	21	len -= sizeof(type); \
	22	}
	23
	24	long probe_kernel_read(void dst, const void src, size_t size)
	25	{
	26	if (!probe_kernel_read_allowed(src, size))
2a71e81d	27	return -ERANGE;
b58294ea CH	28
	29	pagefault_disable();
	30	probe_kernel_read_loop(dst, src, size, u64, Efault);
	31	probe_kernel_read_loop(dst, src, size, u32, Efault);
	32	probe_kernel_read_loop(dst, src, size, u16, Efault);
	33	probe_kernel_read_loop(dst, src, size, u8, Efault);
	34	pagefault_enable();
	35	return 0;
	36	Efault:
	37	pagefault_enable();
	38	return -EFAULT;
	39	}
	40	EXPORT_SYMBOL_GPL(probe_kernel_read);
	41
	42	#define probe_kernel_write_loop(dst, src, len, type, err_label) \
	43	while (len >= sizeof(type)) { \
	44	__put_kernel_nofault(dst, src, type, err_label); \
	45	dst += sizeof(type); \
	46	src += sizeof(type); \
	47	len -= sizeof(type); \
	48	}
	49
	50	long probe_kernel_write(void dst, const void src, size_t size)
	51	{
	52	pagefault_disable();
	53	probe_kernel_write_loop(dst, src, size, u64, Efault);
	54	probe_kernel_write_loop(dst, src, size, u32, Efault);
	55	probe_kernel_write_loop(dst, src, size, u16, Efault);
	56	probe_kernel_write_loop(dst, src, size, u8, Efault);
	57	pagefault_enable();
	58	return 0;
	59	Efault:
	60	pagefault_enable();
	61	return -EFAULT;
	62	}
	63
	64	long strncpy_from_kernel_nofault(char dst, const void unsafe_addr, long count)
	65	{
	66	const void *src = unsafe_addr;
	67
	68	if (unlikely(count <= 0))
	69	return 0;
	70	if (!probe_kernel_read_allowed(unsafe_addr, count))
2a71e81d	71	return -ERANGE;
b58294ea CH	72
	73	pagefault_disable();
	74	do {
	75	__get_kernel_nofault(dst, src, u8, Efault);
	76	dst++;
	77	src++;
	78	} while (dst[-1] && src - unsafe_addr < count);
	79	pagefault_enable();
	80
	81	dst[-1] = '\0';
	82	return src - unsafe_addr;
	83	Efault:
	84	pagefault_enable();
	85	dst[-1] = '\0';
	86	return -EFAULT;
	87	}
	88	#else /* HAVE_GET_KERNEL_NOFAULT */
c33fa9f5	89	/**
98a23609	90	* probe_kernel_read(): safely attempt to read from kernel-space
4f6de12b CH	91	* @dst: pointer to the buffer that shall take the data
	92	* @src: address to read from
	93	* @size: size of the data chunk
	94	*
	95	* Safely read from kernel address @src to the buffer at @dst. If a kernel
2a71e81d CH	96	* fault happens, handle that and return -EFAULT. If @src is not a valid kernel
2a71e81d CH	97	* address, return -ERANGE.
0ab32b6f AM	98	*
0ab32b6f AM	99	* We ensure that the copy_from_user is executed in atomic context so that
c1e8d7c6	100	* do_page_fault() doesn't attempt to take mmap_lock. This makes
0ab32b6f	101	* probe_kernel_read() suitable for use within regions where the caller
c1e8d7c6	102	* already holds mmap_lock, or other locks which nest inside mmap_lock.
c33fa9f5	103	*/
98a23609	104	long probe_kernel_read(void dst, const void src, size_t size)
c33fa9f5 IM	105	{
c33fa9f5 IM	106	long ret;
b4b8ac52	107	mm_segment_t old_fs = get_fs();
c33fa9f5	108
98a23609	109	if (!probe_kernel_read_allowed(src, size))
2a71e81d	110	return -ERANGE;
eab0c608	111
b4b8ac52	112	set_fs(KERNEL_DS);
cd030905 CH	113	pagefault_disable();
	114	ret = __copy_from_user_inatomic(dst, (__force const void __user *)src,
	115	size);
	116	pagefault_enable();
b4b8ac52	117	set_fs(old_fs);
c33fa9f5	118
cd030905 CH	119	if (ret)
	120	return -EFAULT;
	121	return 0;
c33fa9f5	122	}
98a23609	123	EXPORT_SYMBOL_GPL(probe_kernel_read);
c33fa9f5 IM	124
	125	/**
	126	* probe_kernel_write(): safely attempt to write to a location
	127	* @dst: address to write to
	128	* @src: pointer to the data that shall be written
	129	* @size: size of the data chunk
	130	*
	131	* Safely write to address @dst from the buffer at @src. If a kernel fault
	132	* happens, handle that and return -EFAULT.
	133	*/
48c49c0e	134	long probe_kernel_write(void dst, const void src, size_t size)
c33fa9f5 IM	135	{
c33fa9f5 IM	136	long ret;
b4b8ac52	137	mm_segment_t old_fs = get_fs();
c33fa9f5	138
b4b8ac52	139	set_fs(KERNEL_DS);
cd030905 CH	140	pagefault_disable();
	141	ret = __copy_to_user_inatomic((__force void __user *)dst, src, size);
	142	pagefault_enable();
b4b8ac52	143	set_fs(old_fs);
c33fa9f5	144
cd030905 CH	145	if (ret)
	146	return -EFAULT;
	147	return 0;
c33fa9f5	148	}
dbb7ee0e	149
4f6de12b	150	/**
c4cb1644	151	* strncpy_from_kernel_nofault: - Copy a NUL terminated string from unsafe
4f6de12b CH	152	* address.
	153	* @dst: Destination address, in kernel space. This buffer must be at
	154	* least @count bytes long.
	155	* @unsafe_addr: Unsafe address.
	156	* @count: Maximum number of bytes to copy, including the trailing NUL.
	157	*
	158	* Copies a NUL-terminated string from unsafe address to kernel buffer.
	159	*
	160	* On success, returns the length of the string INCLUDING the trailing NUL.
	161	*
2a71e81d CH	162	* If access fails, returns -EFAULT (some data may have been copied and the
	163	* trailing NUL added). If @unsafe_addr is not a valid kernel address, return
	164	* -ERANGE.
4f6de12b CH	165	*
	166	* If @count is smaller than the length of the string, copies @count-1 bytes,
	167	* sets the last byte of @dst buffer to NUL and returns @count.
	168	*/
eab0c608	169	long strncpy_from_kernel_nofault(char dst, const void unsafe_addr, long count)
dbb7ee0e AS	170	{
	171	mm_segment_t old_fs = get_fs();
	172	const void *src = unsafe_addr;
	173	long ret;
	174
	175	if (unlikely(count <= 0))
	176	return 0;
98a23609	177	if (!probe_kernel_read_allowed(unsafe_addr, count))
2a71e81d	178	return -ERANGE;
dbb7ee0e AS	179
	180	set_fs(KERNEL_DS);
	181	pagefault_disable();
	182
	183	do {
bd28b145	184	ret = __get_user(dst++, (const char __user __force )src++);
dbb7ee0e AS	185	} while (dst[-1] && ret == 0 && src - unsafe_addr < count);
	186
	187	dst[-1] = '\0';
	188	pagefault_enable();
	189	set_fs(old_fs);
	190
9dd861d5	191	return ret ? -EFAULT : src - unsafe_addr;
dbb7ee0e	192	}
b58294ea	193	#endif /* HAVE_GET_KERNEL_NOFAULT */
3d708182	194
fc3562d7 CH	195	/**
	196	* probe_user_read(): safely attempt to read from a user-space location
	197	* @dst: pointer to the buffer that shall take the data
	198	* @src: address to read from. This must be a user address.
	199	* @size: size of the data chunk
	200	*
	201	* Safely read from user address @src to the buffer at @dst. If a kernel fault
	202	* happens, handle that and return -EFAULT.
	203	*/
	204	long probe_user_read(void dst, const void __user src, size_t size)
	205	{
	206	long ret = -EFAULT;
	207	mm_segment_t old_fs = get_fs();
	208
	209	set_fs(USER_DS);
	210	if (access_ok(src, size)) {
	211	pagefault_disable();
	212	ret = __copy_from_user_inatomic(dst, src, size);
	213	pagefault_enable();
	214	}
	215	set_fs(old_fs);
	216
	217	if (ret)
	218	return -EFAULT;
	219	return 0;
	220	}
	221	EXPORT_SYMBOL_GPL(probe_user_read);
	222
	223	/**
	224	* probe_user_write(): safely attempt to write to a user-space location
	225	* @dst: address to write to
	226	* @src: pointer to the data that shall be written
	227	* @size: size of the data chunk
	228	*
	229	* Safely write to address @dst from the buffer at @src. If a kernel fault
	230	* happens, handle that and return -EFAULT.
	231	*/
	232	long probe_user_write(void __user dst, const void src, size_t size)
	233	{
	234	long ret = -EFAULT;
	235	mm_segment_t old_fs = get_fs();
	236
	237	set_fs(USER_DS);
	238	if (access_ok(dst, size)) {
	239	pagefault_disable();
	240	ret = __copy_to_user_inatomic(dst, src, size);
	241	pagefault_enable();
	242	}
	243	set_fs(old_fs);
	244
	245	if (ret)
	246	return -EFAULT;
	247	return 0;
	248	}
	249	EXPORT_SYMBOL_GPL(probe_user_write);
	250
3d708182	251	/**
bd88bb5d	252	* strncpy_from_user_nofault: - Copy a NUL terminated string from unsafe user
3d708182 MH	253	* address.
	254	* @dst: Destination address, in kernel space. This buffer must be at
	255	* least @count bytes long.
	256	* @unsafe_addr: Unsafe user address.
	257	* @count: Maximum number of bytes to copy, including the trailing NUL.
	258	*
	259	* Copies a NUL-terminated string from unsafe user address to kernel buffer.
	260	*
	261	* On success, returns the length of the string INCLUDING the trailing NUL.
	262	*
	263	* If access fails, returns -EFAULT (some data may have been copied
	264	* and the trailing NUL added).
	265	*
	266	* If @count is smaller than the length of the string, copies @count-1 bytes,
	267	* sets the last byte of @dst buffer to NUL and returns @count.
	268	*/
bd88bb5d	269	long strncpy_from_user_nofault(char dst, const void __user unsafe_addr,
3d708182 MH	270	long count)
	271	{
	272	mm_segment_t old_fs = get_fs();
	273	long ret;
	274
	275	if (unlikely(count <= 0))
	276	return 0;
	277
	278	set_fs(USER_DS);
	279	pagefault_disable();
	280	ret = strncpy_from_user(dst, unsafe_addr, count);
	281	pagefault_enable();
	282	set_fs(old_fs);
	283
	284	if (ret >= count) {
	285	ret = count;
	286	dst[ret - 1] = '\0';
	287	} else if (ret > 0) {
	288	ret++;
	289	}
	290
	291	return ret;
	292	}
	293
	294	/**
02dddb16	295	* strnlen_user_nofault: - Get the size of a user string INCLUDING final NUL.
3d708182 MH	296	* @unsafe_addr: The string to measure.
	297	* @count: Maximum count (including NUL)
	298	*
	299	* Get the size of a NUL-terminated string in user space without pagefault.
	300	*
	301	* Returns the size of the string INCLUDING the terminating NUL.
	302	*
	303	* If the string is too long, returns a number larger than @count. User
	304	* has to check the return value against "> count".
	305	* On exception (or invalid count), returns 0.
	306	*
	307	* Unlike strnlen_user, this can be used from IRQ handler etc. because
	308	* it disables pagefaults.
	309	*/
02dddb16	310	long strnlen_user_nofault(const void __user *unsafe_addr, long count)
3d708182 MH	311	{
	312	mm_segment_t old_fs = get_fs();
	313	int ret;
	314
	315	set_fs(USER_DS);
	316	pagefault_disable();
	317	ret = strnlen_user(unsafe_addr, count);
	318	pagefault_enable();
	319	set_fs(old_fs);
	320
	321	return ret;
	322	}