[linux.git] / mm / maccess.c

// SPDX-License-Identifier: GPL-2.0-only
/*
 * Access kernel or user memory without faulting.
 */
#include <linux/export.h>
#include <linux/mm.h>
#include <linux/uaccess.h>
#include <asm/tlb.h>

bool __weak copy_from_kernel_nofault_allowed(const void *unsafe_src,
		size_t size)
{
	return true;
}

#define copy_from_kernel_nofault_loop(dst, src, len, type, err_label)	\
	while (len >= sizeof(type)) {					\
		__get_kernel_nofault(dst, src, type, err_label);		\
		dst += sizeof(type);					\
		src += sizeof(type);					\
		len -= sizeof(type);					\
	}

long copy_from_kernel_nofault(void *dst, const void *src, size_t size)
{
	unsigned long align = 0;

	if (!IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS))
		align = (unsigned long)dst | (unsigned long)src;

	if (!copy_from_kernel_nofault_allowed(src, size))
		return -ERANGE;

	pagefault_disable();
	if (!(align & 7))
		copy_from_kernel_nofault_loop(dst, src, size, u64, Efault);
	if (!(align & 3))
		copy_from_kernel_nofault_loop(dst, src, size, u32, Efault);
	if (!(align & 1))
		copy_from_kernel_nofault_loop(dst, src, size, u16, Efault);
	copy_from_kernel_nofault_loop(dst, src, size, u8, Efault);
	pagefault_enable();
	return 0;
Efault:
	pagefault_enable();
	return -EFAULT;
}
EXPORT_SYMBOL_GPL(copy_from_kernel_nofault);

#define copy_to_kernel_nofault_loop(dst, src, len, type, err_label)	\
	while (len >= sizeof(type)) {					\
		__put_kernel_nofault(dst, src, type, err_label);		\
		dst += sizeof(type);					\
		src += sizeof(type);					\
		len -= sizeof(type);					\
	}

long copy_to_kernel_nofault(void *dst, const void *src, size_t size)
{
	unsigned long align = 0;

	if (!IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS))
		align = (unsigned long)dst | (unsigned long)src;

	pagefault_disable();
	if (!(align & 7))
		copy_to_kernel_nofault_loop(dst, src, size, u64, Efault);
	if (!(align & 3))
		copy_to_kernel_nofault_loop(dst, src, size, u32, Efault);
	if (!(align & 1))
		copy_to_kernel_nofault_loop(dst, src, size, u16, Efault);
	copy_to_kernel_nofault_loop(dst, src, size, u8, Efault);
	pagefault_enable();
	return 0;
Efault:
	pagefault_enable();
	return -EFAULT;
}

long strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, long count)
{
	const void *src = unsafe_addr;

	if (unlikely(count <= 0))
		return 0;
	if (!copy_from_kernel_nofault_allowed(unsafe_addr, count))
		return -ERANGE;

	pagefault_disable();
	do {
		__get_kernel_nofault(dst, src, u8, Efault);
		dst++;
		src++;
	} while (dst[-1] && src - unsafe_addr < count);
	pagefault_enable();

	dst[-1] = '\0';
	return src - unsafe_addr;
Efault:
	pagefault_enable();
	dst[0] = '\0';
	return -EFAULT;
}

/**
 * copy_from_user_nofault(): safely attempt to read from a user-space location
 * @dst: pointer to the buffer that shall take the data
 * @src: address to read from. This must be a user address.
 * @size: size of the data chunk
 *
 * Safely read from user address @src to the buffer at @dst. If a kernel fault
 * happens, handle that and return -EFAULT.
 */
long copy_from_user_nofault(void *dst, const void __user *src, size_t size)
{
	long ret = -EFAULT;

	if (!__access_ok(src, size))
		return ret;

	if (!nmi_uaccess_okay())
		return ret;

	pagefault_disable();
	ret = __copy_from_user_inatomic(dst, src, size);
	pagefault_enable();

	if (ret)
		return -EFAULT;
	return 0;
}
EXPORT_SYMBOL_GPL(copy_from_user_nofault);

/**
 * copy_to_user_nofault(): safely attempt to write to a user-space location
 * @dst: address to write to
 * @src: pointer to the data that shall be written
 * @size: size of the data chunk
 *
 * Safely write to address @dst from the buffer at @src.  If a kernel fault
 * happens, handle that and return -EFAULT.
 */
long copy_to_user_nofault(void __user *dst, const void *src, size_t size)
{
	long ret = -EFAULT;

	if (access_ok(dst, size)) {
		pagefault_disable();
		ret = __copy_to_user_inatomic(dst, src, size);
		pagefault_enable();
	}

	if (ret)
		return -EFAULT;
	return 0;
}
EXPORT_SYMBOL_GPL(copy_to_user_nofault);

/**
 * strncpy_from_user_nofault: - Copy a NUL terminated string from unsafe user
 *				address.
 * @dst:   Destination address, in kernel space.  This buffer must be at
 *         least @count bytes long.
 * @unsafe_addr: Unsafe user address.
 * @count: Maximum number of bytes to copy, including the trailing NUL.
 *
 * Copies a NUL-terminated string from unsafe user address to kernel buffer.
 *
 * On success, returns the length of the string INCLUDING the trailing NUL.
 *
 * If access fails, returns -EFAULT (some data may have been copied
 * and the trailing NUL added).
 *
 * If @count is smaller than the length of the string, copies @count-1 bytes,
 * sets the last byte of @dst buffer to NUL and returns @count.
 */
long strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr,
			      long count)
{
	long ret;

	if (unlikely(count <= 0))
		return 0;

	pagefault_disable();
	ret = strncpy_from_user(dst, unsafe_addr, count);
	pagefault_enable();

	if (ret >= count) {
		ret = count;
		dst[ret - 1] = '\0';
	} else if (ret > 0) {
		ret++;
	}

	return ret;
}

/**
 * strnlen_user_nofault: - Get the size of a user string INCLUDING final NUL.
 * @unsafe_addr: The string to measure.
 * @count: Maximum count (including NUL)
 *
 * Get the size of a NUL-terminated string in user space without pagefault.
 *
 * Returns the size of the string INCLUDING the terminating NUL.
 *
 * If the string is too long, returns a number larger than @count. User
 * has to check the return value against "> count".
 * On exception (or invalid count), returns 0.
 *
 * Unlike strnlen_user, this can be used from IRQ handler etc. because
 * it disables pagefaults.
 */
long strnlen_user_nofault(const void __user *unsafe_addr, long count)
{
	int ret;

	pagefault_disable();
	ret = strnlen_user(unsafe_addr, count);
	pagefault_enable();

	return ret;
}

void __copy_overflow(int size, unsigned long count)
{
	WARN(1, "Buffer overflow detected (%d < %lu)!\n", size, count);
}
EXPORT_SYMBOL(__copy_overflow);
Commit	Line	Data
457c8996	1	// SPDX-License-Identifier: GPL-2.0-only
c33fa9f5	2	/*
3f0acb1e	3	* Access kernel or user memory without faulting.
c33fa9f5	4	*/
b95f1b31	5	#include <linux/export.h>
c33fa9f5	6	#include <linux/mm.h>
7c7fcf76	7	#include <linux/uaccess.h>
d319f344	8	#include <asm/tlb.h>
c33fa9f5	9
fe557319 CH	10	bool __weak copy_from_kernel_nofault_allowed(const void *unsafe_src,
fe557319 CH	11	size_t size)
eab0c608 CH	12	{
	13	return true;
	14	}
	15
fe557319	16	#define copy_from_kernel_nofault_loop(dst, src, len, type, err_label) \
b58294ea CH	17	while (len >= sizeof(type)) { \
	18	__get_kernel_nofault(dst, src, type, err_label); \
	19	dst += sizeof(type); \
	20	src += sizeof(type); \
	21	len -= sizeof(type); \
	22	}
	23
fe557319	24	long copy_from_kernel_nofault(void dst, const void src, size_t size)
b58294ea	25	{
2423de2e AB	26	unsigned long align = 0;
	27
	28	if (!IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS))
	29	align = (unsigned long)dst \| (unsigned long)src;
	30
fe557319	31	if (!copy_from_kernel_nofault_allowed(src, size))
2a71e81d	32	return -ERANGE;
b58294ea CH	33
b58294ea CH	34	pagefault_disable();
2423de2e AB	35	if (!(align & 7))
	36	copy_from_kernel_nofault_loop(dst, src, size, u64, Efault);
	37	if (!(align & 3))
	38	copy_from_kernel_nofault_loop(dst, src, size, u32, Efault);
	39	if (!(align & 1))
	40	copy_from_kernel_nofault_loop(dst, src, size, u16, Efault);
fe557319	41	copy_from_kernel_nofault_loop(dst, src, size, u8, Efault);
b58294ea CH	42	pagefault_enable();
	43	return 0;
	44	Efault:
	45	pagefault_enable();
	46	return -EFAULT;
	47	}
fe557319	48	EXPORT_SYMBOL_GPL(copy_from_kernel_nofault);
b58294ea	49
fe557319	50	#define copy_to_kernel_nofault_loop(dst, src, len, type, err_label) \
b58294ea CH	51	while (len >= sizeof(type)) { \
	52	__put_kernel_nofault(dst, src, type, err_label); \
	53	dst += sizeof(type); \
	54	src += sizeof(type); \
	55	len -= sizeof(type); \
	56	}
	57
fe557319	58	long copy_to_kernel_nofault(void dst, const void src, size_t size)
b58294ea	59	{
2423de2e AB	60	unsigned long align = 0;
	61
	62	if (!IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS))
	63	align = (unsigned long)dst \| (unsigned long)src;
	64
b58294ea	65	pagefault_disable();
2423de2e AB	66	if (!(align & 7))
	67	copy_to_kernel_nofault_loop(dst, src, size, u64, Efault);
	68	if (!(align & 3))
	69	copy_to_kernel_nofault_loop(dst, src, size, u32, Efault);
	70	if (!(align & 1))
	71	copy_to_kernel_nofault_loop(dst, src, size, u16, Efault);
fe557319	72	copy_to_kernel_nofault_loop(dst, src, size, u8, Efault);
b58294ea CH	73	pagefault_enable();
	74	return 0;
	75	Efault:
	76	pagefault_enable();
	77	return -EFAULT;
	78	}
	79
	80	long strncpy_from_kernel_nofault(char dst, const void unsafe_addr, long count)
	81	{
	82	const void *src = unsafe_addr;
	83
	84	if (unlikely(count <= 0))
	85	return 0;
fe557319	86	if (!copy_from_kernel_nofault_allowed(unsafe_addr, count))
2a71e81d	87	return -ERANGE;
b58294ea CH	88
	89	pagefault_disable();
	90	do {
	91	__get_kernel_nofault(dst, src, u8, Efault);
	92	dst++;
	93	src++;
	94	} while (dst[-1] && src - unsafe_addr < count);
	95	pagefault_enable();
	96
	97	dst[-1] = '\0';
	98	return src - unsafe_addr;
	99	Efault:
	100	pagefault_enable();
8678ea06	101	dst[0] = '\0';
b58294ea CH	102	return -EFAULT;
b58294ea CH	103	}
3d708182	104
fc3562d7	105	/**
c0ee37e8	106	* copy_from_user_nofault(): safely attempt to read from a user-space location
fc3562d7 CH	107	* @dst: pointer to the buffer that shall take the data
	108	* @src: address to read from. This must be a user address.
	109	* @size: size of the data chunk
	110	*
	111	* Safely read from user address @src to the buffer at @dst. If a kernel fault
	112	* happens, handle that and return -EFAULT.
	113	*/
c0ee37e8	114	long copy_from_user_nofault(void dst, const void __user src, size_t size)
fc3562d7 CH	115	{
fc3562d7 CH	116	long ret = -EFAULT;
d319f344 AS	117
	118	if (!__access_ok(src, size))
	119	return ret;
	120
	121	if (!nmi_uaccess_okay())
	122	return ret;
	123
	124	pagefault_disable();
	125	ret = __copy_from_user_inatomic(dst, src, size);
	126	pagefault_enable();
fc3562d7 CH	127
	128	if (ret)
	129	return -EFAULT;
	130	return 0;
	131	}
c0ee37e8	132	EXPORT_SYMBOL_GPL(copy_from_user_nofault);
fc3562d7 CH	133
fc3562d7 CH	134	/**
c0ee37e8	135	* copy_to_user_nofault(): safely attempt to write to a user-space location
fc3562d7 CH	136	* @dst: address to write to
	137	* @src: pointer to the data that shall be written
	138	* @size: size of the data chunk
	139	*
	140	* Safely write to address @dst from the buffer at @src. If a kernel fault
	141	* happens, handle that and return -EFAULT.
	142	*/
c0ee37e8	143	long copy_to_user_nofault(void __user dst, const void src, size_t size)
fc3562d7 CH	144	{
fc3562d7 CH	145	long ret = -EFAULT;
fc3562d7	146
fc3562d7 CH	147	if (access_ok(dst, size)) {
	148	pagefault_disable();
	149	ret = __copy_to_user_inatomic(dst, src, size);
	150	pagefault_enable();
	151	}
fc3562d7 CH	152
	153	if (ret)
	154	return -EFAULT;
	155	return 0;
	156	}
c0ee37e8	157	EXPORT_SYMBOL_GPL(copy_to_user_nofault);
fc3562d7	158
3d708182	159	/**
bd88bb5d	160	* strncpy_from_user_nofault: - Copy a NUL terminated string from unsafe user
3d708182 MH	161	* address.
	162	* @dst: Destination address, in kernel space. This buffer must be at
	163	* least @count bytes long.
	164	* @unsafe_addr: Unsafe user address.
	165	* @count: Maximum number of bytes to copy, including the trailing NUL.
	166	*
	167	* Copies a NUL-terminated string from unsafe user address to kernel buffer.
	168	*
	169	* On success, returns the length of the string INCLUDING the trailing NUL.
	170	*
	171	* If access fails, returns -EFAULT (some data may have been copied
	172	* and the trailing NUL added).
	173	*
	174	* If @count is smaller than the length of the string, copies @count-1 bytes,
	175	* sets the last byte of @dst buffer to NUL and returns @count.
	176	*/
bd88bb5d	177	long strncpy_from_user_nofault(char dst, const void __user unsafe_addr,
3d708182 MH	178	long count)
3d708182 MH	179	{
3d708182 MH	180	long ret;
	181
	182	if (unlikely(count <= 0))
	183	return 0;
	184
3d708182 MH	185	pagefault_disable();
	186	ret = strncpy_from_user(dst, unsafe_addr, count);
	187	pagefault_enable();
3d708182 MH	188
	189	if (ret >= count) {
	190	ret = count;
	191	dst[ret - 1] = '\0';
	192	} else if (ret > 0) {
	193	ret++;
	194	}
	195
	196	return ret;
	197	}
	198
	199	/**
02dddb16	200	* strnlen_user_nofault: - Get the size of a user string INCLUDING final NUL.
3d708182 MH	201	* @unsafe_addr: The string to measure.
	202	* @count: Maximum count (including NUL)
	203	*
	204	* Get the size of a NUL-terminated string in user space without pagefault.
	205	*
	206	* Returns the size of the string INCLUDING the terminating NUL.
	207	*
	208	* If the string is too long, returns a number larger than @count. User
	209	* has to check the return value against "> count".
	210	* On exception (or invalid count), returns 0.
	211	*
	212	* Unlike strnlen_user, this can be used from IRQ handler etc. because
	213	* it disables pagefaults.
	214	*/
02dddb16	215	long strnlen_user_nofault(const void __user *unsafe_addr, long count)
3d708182	216	{
3d708182 MH	217	int ret;
3d708182 MH	218
3d708182 MH	219	pagefault_disable();
	220	ret = strnlen_user(unsafe_addr, count);
	221	pagefault_enable();
3d708182 MH	222
	223	return ret;
	224	}
ad7489d5 CL	225
	226	void __copy_overflow(int size, unsigned long count)
	227	{
	228	WARN(1, "Buffer overflow detected (%d < %lu)!\n", size, count);
	229	}
	230	EXPORT_SYMBOL(__copy_overflow);