Linux Audio

Check our new training course

Loading...
v3.5.6
  1#include <linux/module.h>
 
 
 
 
 
  2#include <linux/uaccess.h>
  3#include <linux/kernel.h>
  4#include <linux/errno.h>
 
  5
  6#include <asm/byteorder.h>
  7#include <asm/word-at-a-time.h>
  8
  9#ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
 10#define IS_UNALIGNED(src, dst)	0
 11#else
 12#define IS_UNALIGNED(src, dst)	\
 13	(((long) dst | (long) src) & (sizeof(long) - 1))
 14#endif
 15
 16/*
 17 * Do a strncpy, return length of string without final '\0'.
 18 * 'count' is the user-supplied count (return 'count' if we
 19 * hit it), 'max' is the address space maximum (and we return
 20 * -EFAULT if we hit it).
 21 */
 22static inline long do_strncpy_from_user(char *dst, const char __user *src, long count, unsigned long max)
 
 23{
 24	const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
 25	long res = 0;
 26
 27	/*
 28	 * Truncate 'max' to the user-specified limit, so that
 29	 * we only have one limit we need to check in the loop
 30	 */
 31	if (max > count)
 32		max = count;
 33
 34	if (IS_UNALIGNED(src, dst))
 35		goto byte_at_a_time;
 36
 37	while (max >= sizeof(unsigned long)) {
 38		unsigned long c, data;
 39
 40		/* Fall back to byte-at-a-time if we get a page fault */
 41		if (unlikely(__get_user(c,(unsigned long __user *)(src+res))))
 42			break;
 43		*(unsigned long *)(dst+res) = c;
 
 
 
 
 
 
 
 
 
 
 44		if (has_zero(c, &data, &constants)) {
 45			data = prep_zero_mask(c, data, &constants);
 46			data = create_zero_mask(data);
 
 
 47			return res + find_zero(data);
 48		}
 
 
 
 49		res += sizeof(unsigned long);
 50		max -= sizeof(unsigned long);
 51	}
 52
 53byte_at_a_time:
 54	while (max) {
 55		char c;
 56
 57		if (unlikely(__get_user(c,src+res)))
 58			return -EFAULT;
 59		dst[res] = c;
 60		if (!c)
 61			return res;
 62		res++;
 63		max--;
 64	}
 65
 66	/*
 67	 * Uhhuh. We hit 'max'. But was that the user-specified maximum
 68	 * too? If so, that's ok - we got as much as the user asked for.
 69	 */
 70	if (res >= count)
 71		return res;
 72
 73	/*
 74	 * Nope: we hit the address space limit, and we still had more
 75	 * characters the caller would have wanted. That's an EFAULT.
 76	 */
 
 77	return -EFAULT;
 78}
 79
 80/**
 81 * strncpy_from_user: - Copy a NUL terminated string from userspace.
 82 * @dst:   Destination address, in kernel space.  This buffer must be at
 83 *         least @count bytes long.
 84 * @src:   Source address, in user space.
 85 * @count: Maximum number of bytes to copy, including the trailing NUL.
 86 *
 87 * Copies a NUL-terminated string from userspace to kernel space.
 88 *
 89 * On success, returns the length of the string (not including the trailing
 90 * NUL).
 91 *
 92 * If access to userspace fails, returns -EFAULT (some data may have been
 93 * copied).
 94 *
 95 * If @count is smaller than the length of the string, copies @count bytes
 96 * and returns @count.
 97 */
 98long strncpy_from_user(char *dst, const char __user *src, long count)
 99{
100	unsigned long max_addr, src_addr;
101
 
 
 
102	if (unlikely(count <= 0))
103		return 0;
104
105	max_addr = user_addr_max();
106	src_addr = (unsigned long)src;
 
 
 
 
 
 
 
 
 
 
 
 
107	if (likely(src_addr < max_addr)) {
108		unsigned long max = max_addr - src_addr;
109		return do_strncpy_from_user(dst, src, count, max);
 
 
 
 
 
 
 
 
 
 
 
 
 
110	}
111	return -EFAULT;
112}
113EXPORT_SYMBOL(strncpy_from_user);
v6.13.7
  1// SPDX-License-Identifier: GPL-2.0
  2#include <linux/compiler.h>
  3#include <linux/export.h>
  4#include <linux/fault-inject-usercopy.h>
  5#include <linux/kasan-checks.h>
  6#include <linux/thread_info.h>
  7#include <linux/uaccess.h>
  8#include <linux/kernel.h>
  9#include <linux/errno.h>
 10#include <linux/mm.h>
 11
 12#include <asm/byteorder.h>
 13#include <asm/word-at-a-time.h>
 14
 15#ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
 16#define IS_UNALIGNED(src, dst)	0
 17#else
 18#define IS_UNALIGNED(src, dst)	\
 19	(((long) dst | (long) src) & (sizeof(long) - 1))
 20#endif
 21
 22/*
 23 * Do a strncpy, return length of string without final '\0'.
 24 * 'count' is the user-supplied count (return 'count' if we
 25 * hit it), 'max' is the address space maximum (and we return
 26 * -EFAULT if we hit it).
 27 */
 28static __always_inline long do_strncpy_from_user(char *dst, const char __user *src,
 29					unsigned long count, unsigned long max)
 30{
 31	const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
 32	unsigned long res = 0;
 
 
 
 
 
 
 
 33
 34	if (IS_UNALIGNED(src, dst))
 35		goto byte_at_a_time;
 36
 37	while (max >= sizeof(unsigned long)) {
 38		unsigned long c, data, mask;
 39
 40		/* Fall back to byte-at-a-time if we get a page fault */
 41		unsafe_get_user(c, (unsigned long __user *)(src+res), byte_at_a_time);
 42
 43		/*
 44		 * Note that we mask out the bytes following the NUL. This is
 45		 * important to do because string oblivious code may read past
 46		 * the NUL. For those routines, we don't want to give them
 47		 * potentially random bytes after the NUL in `src`.
 48		 *
 49		 * One example of such code is BPF map keys. BPF treats map keys
 50		 * as an opaque set of bytes. Without the post-NUL mask, any BPF
 51		 * maps keyed by strings returned from strncpy_from_user() may
 52		 * have multiple entries for semantically identical strings.
 53		 */
 54		if (has_zero(c, &data, &constants)) {
 55			data = prep_zero_mask(c, data, &constants);
 56			data = create_zero_mask(data);
 57			mask = zero_bytemask(data);
 58			*(unsigned long *)(dst+res) = c & mask;
 59			return res + find_zero(data);
 60		}
 61
 62		*(unsigned long *)(dst+res) = c;
 63
 64		res += sizeof(unsigned long);
 65		max -= sizeof(unsigned long);
 66	}
 67
 68byte_at_a_time:
 69	while (max) {
 70		char c;
 71
 72		unsafe_get_user(c,src+res, efault);
 
 73		dst[res] = c;
 74		if (!c)
 75			return res;
 76		res++;
 77		max--;
 78	}
 79
 80	/*
 81	 * Uhhuh. We hit 'max'. But was that the user-specified maximum
 82	 * too? If so, that's ok - we got as much as the user asked for.
 83	 */
 84	if (res >= count)
 85		return res;
 86
 87	/*
 88	 * Nope: we hit the address space limit, and we still had more
 89	 * characters the caller would have wanted. That's an EFAULT.
 90	 */
 91efault:
 92	return -EFAULT;
 93}
 94
 95/**
 96 * strncpy_from_user: - Copy a NUL terminated string from userspace.
 97 * @dst:   Destination address, in kernel space.  This buffer must be at
 98 *         least @count bytes long.
 99 * @src:   Source address, in user space.
100 * @count: Maximum number of bytes to copy, including the trailing NUL.
101 *
102 * Copies a NUL-terminated string from userspace to kernel space.
103 *
104 * On success, returns the length of the string (not including the trailing
105 * NUL).
106 *
107 * If access to userspace fails, returns -EFAULT (some data may have been
108 * copied).
109 *
110 * If @count is smaller than the length of the string, copies @count bytes
111 * and returns @count.
112 */
113long strncpy_from_user(char *dst, const char __user *src, long count)
114{
115	unsigned long max_addr, src_addr;
116
117	might_fault();
118	if (should_fail_usercopy())
119		return -EFAULT;
120	if (unlikely(count <= 0))
121		return 0;
122
123	kasan_check_write(dst, count);
124	check_object_size(dst, count, false);
125
126	if (can_do_masked_user_access()) {
127		long retval;
128
129		src = masked_user_access_begin(src);
130		retval = do_strncpy_from_user(dst, src, count, count);
131		user_read_access_end();
132		return retval;
133	}
134
135	max_addr = TASK_SIZE_MAX;
136	src_addr = (unsigned long)untagged_addr(src);
137	if (likely(src_addr < max_addr)) {
138		unsigned long max = max_addr - src_addr;
139		long retval;
140
141		/*
142		 * Truncate 'max' to the user-specified limit, so that
143		 * we only have one limit we need to check in the loop
144		 */
145		if (max > count)
146			max = count;
147
148		if (user_read_access_begin(src, max)) {
149			retval = do_strncpy_from_user(dst, src, count, max);
150			user_read_access_end();
151			return retval;
152		}
153	}
154	return -EFAULT;
155}
156EXPORT_SYMBOL(strncpy_from_user);