[thirdparty/kernel/stable.git] / mm / maccess.c

// SPDX-License-Identifier: GPL-2.0-only
/*
 * Access kernel memory without faulting.
 */
#include <linux/export.h>
#include <linux/mm.h>
#include <linux/uaccess.h>

/**
 * probe_kernel_read(): safely attempt to read from a location
 * @dst: pointer to the buffer that shall take the data
 * @src: address to read from
 * @size: size of the data chunk
 *
 * Safely read from address @src to the buffer at @dst.  If a kernel fault
 * happens, handle that and return -EFAULT.
 *
 * We ensure that the copy_from_user is executed in atomic context so that
 * do_page_fault() doesn't attempt to take mmap_sem.  This makes
 * probe_kernel_read() suitable for use within regions where the caller
 * already holds mmap_sem, or other locks which nest inside mmap_sem.
 */

long __weak probe_kernel_read(void *dst, const void *src, size_t size)
    __attribute__((alias("__probe_kernel_read")));

long __probe_kernel_read(void *dst, const void *src, size_t size)
{
	long ret;
	mm_segment_t old_fs = get_fs();

	set_fs(KERNEL_DS);
	pagefault_disable();
	ret = __copy_from_user_inatomic(dst,
			(__force const void __user *)src, size);
	pagefault_enable();
	set_fs(old_fs);

	return ret ? -EFAULT : 0;
}
EXPORT_SYMBOL_GPL(probe_kernel_read);

/**
 * probe_kernel_write(): safely attempt to write to a location
 * @dst: address to write to
 * @src: pointer to the data that shall be written
 * @size: size of the data chunk
 *
 * Safely write to address @dst from the buffer at @src.  If a kernel fault
 * happens, handle that and return -EFAULT.
 */
long __weak probe_kernel_write(void *dst, const void *src, size_t size)
    __attribute__((alias("__probe_kernel_write")));

long __probe_kernel_write(void *dst, const void *src, size_t size)
{
	long ret;
	mm_segment_t old_fs = get_fs();

	set_fs(KERNEL_DS);
	pagefault_disable();
	ret = __copy_to_user_inatomic((__force void __user *)dst, src, size);
	pagefault_enable();
	set_fs(old_fs);

	return ret ? -EFAULT : 0;
}
EXPORT_SYMBOL_GPL(probe_kernel_write);

/**
 * strncpy_from_unsafe: - Copy a NUL terminated string from unsafe address.
 * @dst:   Destination address, in kernel space.  This buffer must be at
 *         least @count bytes long.
 * @unsafe_addr: Unsafe address.
 * @count: Maximum number of bytes to copy, including the trailing NUL.
 *
 * Copies a NUL-terminated string from unsafe address to kernel buffer.
 *
 * On success, returns the length of the string INCLUDING the trailing NUL.
 *
 * If access fails, returns -EFAULT (some data may have been copied
 * and the trailing NUL added).
 *
 * If @count is smaller than the length of the string, copies @count-1 bytes,
 * sets the last byte of @dst buffer to NUL and returns @count.
 */
long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count)
{
	mm_segment_t old_fs = get_fs();
	const void *src = unsafe_addr;
	long ret;

	if (unlikely(count <= 0))
		return 0;

	set_fs(KERNEL_DS);
	pagefault_disable();

	do {
		ret = __get_user(*dst++, (const char __user __force *)src++);
	} while (dst[-1] && ret == 0 && src - unsafe_addr < count);

	dst[-1] = '\0';
	pagefault_enable();
	set_fs(old_fs);

	return ret ? -EFAULT : src - unsafe_addr;
}
Commit	Line	Data
457c8996	1	// SPDX-License-Identifier: GPL-2.0-only
c33fa9f5 IM	2	/*
	3	* Access kernel memory without faulting.
	4	*/
b95f1b31	5	#include <linux/export.h>
c33fa9f5	6	#include <linux/mm.h>
7c7fcf76	7	#include <linux/uaccess.h>
c33fa9f5 IM	8
	9	/**
	10	* probe_kernel_read(): safely attempt to read from a location
	11	* @dst: pointer to the buffer that shall take the data
	12	* @src: address to read from
	13	* @size: size of the data chunk
	14	*
	15	* Safely read from address @src to the buffer at @dst. If a kernel fault
	16	* happens, handle that and return -EFAULT.
0ab32b6f AM	17	*
	18	* We ensure that the copy_from_user is executed in atomic context so that
	19	* do_page_fault() doesn't attempt to take mmap_sem. This makes
	20	* probe_kernel_read() suitable for use within regions where the caller
	21	* already holds mmap_sem, or other locks which nest inside mmap_sem.
c33fa9f5	22	*/
6144a85a	23
f29c5041	24	long __weak probe_kernel_read(void dst, const void src, size_t size)
6144a85a JW	25	__attribute__((alias("__probe_kernel_read")));
6144a85a JW	26
f29c5041	27	long __probe_kernel_read(void dst, const void src, size_t size)
c33fa9f5 IM	28	{
c33fa9f5 IM	29	long ret;
b4b8ac52	30	mm_segment_t old_fs = get_fs();
c33fa9f5	31
b4b8ac52	32	set_fs(KERNEL_DS);
c33fa9f5 IM	33	pagefault_disable();
	34	ret = __copy_from_user_inatomic(dst,
	35	(__force const void __user *)src, size);
	36	pagefault_enable();
b4b8ac52	37	set_fs(old_fs);
c33fa9f5 IM	38
	39	return ret ? -EFAULT : 0;
	40	}
	41	EXPORT_SYMBOL_GPL(probe_kernel_read);
	42
	43	/**
	44	* probe_kernel_write(): safely attempt to write to a location
	45	* @dst: address to write to
	46	* @src: pointer to the data that shall be written
	47	* @size: size of the data chunk
	48	*
	49	* Safely write to address @dst from the buffer at @src. If a kernel fault
	50	* happens, handle that and return -EFAULT.
	51	*/
f29c5041	52	long __weak probe_kernel_write(void dst, const void src, size_t size)
6144a85a JW	53	__attribute__((alias("__probe_kernel_write")));
6144a85a JW	54
f29c5041	55	long __probe_kernel_write(void dst, const void src, size_t size)
c33fa9f5 IM	56	{
c33fa9f5 IM	57	long ret;
b4b8ac52	58	mm_segment_t old_fs = get_fs();
c33fa9f5	59
b4b8ac52	60	set_fs(KERNEL_DS);
c33fa9f5 IM	61	pagefault_disable();
	62	ret = __copy_to_user_inatomic((__force void __user *)dst, src, size);
	63	pagefault_enable();
b4b8ac52	64	set_fs(old_fs);
c33fa9f5 IM	65
	66	return ret ? -EFAULT : 0;
	67	}
	68	EXPORT_SYMBOL_GPL(probe_kernel_write);
dbb7ee0e AS	69
	70	/**
	71	* strncpy_from_unsafe: - Copy a NUL terminated string from unsafe address.
	72	* @dst: Destination address, in kernel space. This buffer must be at
	73	* least @count bytes long.
f144c390	74	* @unsafe_addr: Unsafe address.
dbb7ee0e AS	75	* @count: Maximum number of bytes to copy, including the trailing NUL.
	76	*
	77	* Copies a NUL-terminated string from unsafe address to kernel buffer.
	78	*
	79	* On success, returns the length of the string INCLUDING the trailing NUL.
	80	*
	81	* If access fails, returns -EFAULT (some data may have been copied
	82	* and the trailing NUL added).
	83	*
	84	* If @count is smaller than the length of the string, copies @count-1 bytes,
	85	* sets the last byte of @dst buffer to NUL and returns @count.
	86	*/
	87	long strncpy_from_unsafe(char dst, const void unsafe_addr, long count)
	88	{
	89	mm_segment_t old_fs = get_fs();
	90	const void *src = unsafe_addr;
	91	long ret;
	92
	93	if (unlikely(count <= 0))
	94	return 0;
	95
	96	set_fs(KERNEL_DS);
	97	pagefault_disable();
	98
	99	do {
bd28b145	100	ret = __get_user(dst++, (const char __user __force )src++);
dbb7ee0e AS	101	} while (dst[-1] && ret == 0 && src - unsafe_addr < count);
	102
	103	dst[-1] = '\0';
	104	pagefault_enable();
	105	set_fs(old_fs);
	106
9dd861d5	107	return ret ? -EFAULT : src - unsafe_addr;
dbb7ee0e	108	}