194dfe88d6
There are three sets of updates for 5.18 in the asm-generic tree: - The set_fs()/get_fs() infrastructure gets removed for good. This was already gone from all major architectures, but now we can finally remove it everywhere, which loses some particularly tricky and error-prone code. There is a small merge conflict against a parisc cleanup, the solution is to use their new version. - The nds32 architecture ends its tenure in the Linux kernel. The hardware is still used and the code is in reasonable shape, but the mainline port is not actively maintained any more, as all remaining users are thought to run vendor kernels that would never be updated to a future release. There are some obvious conflicts against changes to the removed files. - A series from Masahiro Yamada cleans up some of the uapi header files to pass the compile-time checks. -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmI69BsACgkQmmx57+YA GNn/zA//f4d5VTT0ThhRxRWTu9BdThGHoB8TUcY7iOhbsWu0X/913NItRC3UeWNl IdmisaXgVtirg1dcC2pWUmrcHdoWOCEGfK4+Zr2NhSWfuZDWvODHK9pGWk4WLnhe cQgUNBvIuuAMryGtrOBwHPO4TpfCyy2ioeVP36ZfcsWXdDxTrqfaq/56mk3sxIP6 sUTk1UEjut9NG4C9xIIvcSU50R3l6LryQE/H9kyTLtaSvfvTOvprcVYCq0GPmSzo DtQ1Wwa9zbJ+4EqoMiP5RrgQwWvOTg2iRByLU8ytwlX3e/SEF0uihvMv1FQbL8zG G8RhGUOKQSEhaBfc3lIkm8GpOVPh0uHzB6zhn7daVmAWtazRD2Nu59BMjipa+ims a8Z58iHH7jRAnKeEkVZqXKb1CEiUxaQx/IeVPzN4QlwMhDtwrI76LY7ZJ1zCqTGY ENG0yRLav1XselYBslOYXGtOEWcY5EZPWqLyWbp4P9vz2g0Fe0gZxoIOvPmNQc89 QnfXpCt7vm/DGkyO255myu08GOLeMkisVqUIzLDB9avlym5mri7T7vk9abBa2YyO CRpTL5gl1/qKPWuH1UI5mvhT+sbbBE2SUHSuy84btns39ZKKKynwCtdu+hSQkKLE h9pV30Gf1cLTD4JAE0RWlUgOmbBLVp34loTOexQj4MrLM1noOnw= =vtCN -----END PGP SIGNATURE----- Merge tag 'asm-generic-5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic Pull asm-generic updates from Arnd Bergmann: "There are three sets of updates for 5.18 in the asm-generic tree: - The set_fs()/get_fs() infrastructure gets removed for good. This was already gone from all major architectures, but now we can finally remove it everywhere, which loses some particularly tricky and error-prone code. There is a small merge conflict against a parisc cleanup, the solution is to use their new version. - The nds32 architecture ends its tenure in the Linux kernel. The hardware is still used and the code is in reasonable shape, but the mainline port is not actively maintained any more, as all remaining users are thought to run vendor kernels that would never be updated to a future release. - A series from Masahiro Yamada cleans up some of the uapi header files to pass the compile-time checks" * tag 'asm-generic-5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic: (27 commits) nds32: Remove the architecture uaccess: remove CONFIG_SET_FS ia64: remove CONFIG_SET_FS support sh: remove CONFIG_SET_FS support sparc64: remove CONFIG_SET_FS support lib/test_lockup: fix kernel pointer check for separate address spaces uaccess: generalize access_ok() uaccess: fix type mismatch warnings from access_ok() arm64: simplify access_ok() m68k: fix access_ok for coldfire MIPS: use simpler access_ok() MIPS: Handle address errors for accesses above CPU max virtual user address uaccess: add generic __{get,put}_kernel_nofault nios2: drop access_ok() check from __put_user() x86: use more conventional access_ok() definition x86: remove __range_not_ok() sparc64: add __{get,put}_kernel_nofault() nds32: fix access_ok() checks in get/put_user uaccess: fix nios2 and microblaze get_user_8() sparc64: fix building assembly files ...
225 lines
5.8 KiB
C
225 lines
5.8 KiB
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* Access kernel or user memory without faulting.
|
|
*/
|
|
#include <linux/export.h>
|
|
#include <linux/mm.h>
|
|
#include <linux/uaccess.h>
|
|
|
|
bool __weak copy_from_kernel_nofault_allowed(const void *unsafe_src,
|
|
size_t size)
|
|
{
|
|
return true;
|
|
}
|
|
|
|
#define copy_from_kernel_nofault_loop(dst, src, len, type, err_label) \
|
|
while (len >= sizeof(type)) { \
|
|
__get_kernel_nofault(dst, src, type, err_label); \
|
|
dst += sizeof(type); \
|
|
src += sizeof(type); \
|
|
len -= sizeof(type); \
|
|
}
|
|
|
|
long copy_from_kernel_nofault(void *dst, const void *src, size_t size)
|
|
{
|
|
unsigned long align = 0;
|
|
|
|
if (!IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS))
|
|
align = (unsigned long)dst | (unsigned long)src;
|
|
|
|
if (!copy_from_kernel_nofault_allowed(src, size))
|
|
return -ERANGE;
|
|
|
|
pagefault_disable();
|
|
if (!(align & 7))
|
|
copy_from_kernel_nofault_loop(dst, src, size, u64, Efault);
|
|
if (!(align & 3))
|
|
copy_from_kernel_nofault_loop(dst, src, size, u32, Efault);
|
|
if (!(align & 1))
|
|
copy_from_kernel_nofault_loop(dst, src, size, u16, Efault);
|
|
copy_from_kernel_nofault_loop(dst, src, size, u8, Efault);
|
|
pagefault_enable();
|
|
return 0;
|
|
Efault:
|
|
pagefault_enable();
|
|
return -EFAULT;
|
|
}
|
|
EXPORT_SYMBOL_GPL(copy_from_kernel_nofault);
|
|
|
|
#define copy_to_kernel_nofault_loop(dst, src, len, type, err_label) \
|
|
while (len >= sizeof(type)) { \
|
|
__put_kernel_nofault(dst, src, type, err_label); \
|
|
dst += sizeof(type); \
|
|
src += sizeof(type); \
|
|
len -= sizeof(type); \
|
|
}
|
|
|
|
long copy_to_kernel_nofault(void *dst, const void *src, size_t size)
|
|
{
|
|
unsigned long align = 0;
|
|
|
|
if (!IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS))
|
|
align = (unsigned long)dst | (unsigned long)src;
|
|
|
|
pagefault_disable();
|
|
if (!(align & 7))
|
|
copy_to_kernel_nofault_loop(dst, src, size, u64, Efault);
|
|
if (!(align & 3))
|
|
copy_to_kernel_nofault_loop(dst, src, size, u32, Efault);
|
|
if (!(align & 1))
|
|
copy_to_kernel_nofault_loop(dst, src, size, u16, Efault);
|
|
copy_to_kernel_nofault_loop(dst, src, size, u8, Efault);
|
|
pagefault_enable();
|
|
return 0;
|
|
Efault:
|
|
pagefault_enable();
|
|
return -EFAULT;
|
|
}
|
|
|
|
long strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, long count)
|
|
{
|
|
const void *src = unsafe_addr;
|
|
|
|
if (unlikely(count <= 0))
|
|
return 0;
|
|
if (!copy_from_kernel_nofault_allowed(unsafe_addr, count))
|
|
return -ERANGE;
|
|
|
|
pagefault_disable();
|
|
do {
|
|
__get_kernel_nofault(dst, src, u8, Efault);
|
|
dst++;
|
|
src++;
|
|
} while (dst[-1] && src - unsafe_addr < count);
|
|
pagefault_enable();
|
|
|
|
dst[-1] = '\0';
|
|
return src - unsafe_addr;
|
|
Efault:
|
|
pagefault_enable();
|
|
dst[-1] = '\0';
|
|
return -EFAULT;
|
|
}
|
|
|
|
/**
|
|
* copy_from_user_nofault(): safely attempt to read from a user-space location
|
|
* @dst: pointer to the buffer that shall take the data
|
|
* @src: address to read from. This must be a user address.
|
|
* @size: size of the data chunk
|
|
*
|
|
* Safely read from user address @src to the buffer at @dst. If a kernel fault
|
|
* happens, handle that and return -EFAULT.
|
|
*/
|
|
long copy_from_user_nofault(void *dst, const void __user *src, size_t size)
|
|
{
|
|
long ret = -EFAULT;
|
|
if (access_ok(src, size)) {
|
|
pagefault_disable();
|
|
ret = __copy_from_user_inatomic(dst, src, size);
|
|
pagefault_enable();
|
|
}
|
|
|
|
if (ret)
|
|
return -EFAULT;
|
|
return 0;
|
|
}
|
|
EXPORT_SYMBOL_GPL(copy_from_user_nofault);
|
|
|
|
/**
|
|
* copy_to_user_nofault(): safely attempt to write to a user-space location
|
|
* @dst: address to write to
|
|
* @src: pointer to the data that shall be written
|
|
* @size: size of the data chunk
|
|
*
|
|
* Safely write to address @dst from the buffer at @src. If a kernel fault
|
|
* happens, handle that and return -EFAULT.
|
|
*/
|
|
long copy_to_user_nofault(void __user *dst, const void *src, size_t size)
|
|
{
|
|
long ret = -EFAULT;
|
|
|
|
if (access_ok(dst, size)) {
|
|
pagefault_disable();
|
|
ret = __copy_to_user_inatomic(dst, src, size);
|
|
pagefault_enable();
|
|
}
|
|
|
|
if (ret)
|
|
return -EFAULT;
|
|
return 0;
|
|
}
|
|
EXPORT_SYMBOL_GPL(copy_to_user_nofault);
|
|
|
|
/**
|
|
* strncpy_from_user_nofault: - Copy a NUL terminated string from unsafe user
|
|
* address.
|
|
* @dst: Destination address, in kernel space. This buffer must be at
|
|
* least @count bytes long.
|
|
* @unsafe_addr: Unsafe user address.
|
|
* @count: Maximum number of bytes to copy, including the trailing NUL.
|
|
*
|
|
* Copies a NUL-terminated string from unsafe user address to kernel buffer.
|
|
*
|
|
* On success, returns the length of the string INCLUDING the trailing NUL.
|
|
*
|
|
* If access fails, returns -EFAULT (some data may have been copied
|
|
* and the trailing NUL added).
|
|
*
|
|
* If @count is smaller than the length of the string, copies @count-1 bytes,
|
|
* sets the last byte of @dst buffer to NUL and returns @count.
|
|
*/
|
|
long strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr,
|
|
long count)
|
|
{
|
|
long ret;
|
|
|
|
if (unlikely(count <= 0))
|
|
return 0;
|
|
|
|
pagefault_disable();
|
|
ret = strncpy_from_user(dst, unsafe_addr, count);
|
|
pagefault_enable();
|
|
|
|
if (ret >= count) {
|
|
ret = count;
|
|
dst[ret - 1] = '\0';
|
|
} else if (ret > 0) {
|
|
ret++;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
/**
|
|
* strnlen_user_nofault: - Get the size of a user string INCLUDING final NUL.
|
|
* @unsafe_addr: The string to measure.
|
|
* @count: Maximum count (including NUL)
|
|
*
|
|
* Get the size of a NUL-terminated string in user space without pagefault.
|
|
*
|
|
* Returns the size of the string INCLUDING the terminating NUL.
|
|
*
|
|
* If the string is too long, returns a number larger than @count. User
|
|
* has to check the return value against "> count".
|
|
* On exception (or invalid count), returns 0.
|
|
*
|
|
* Unlike strnlen_user, this can be used from IRQ handler etc. because
|
|
* it disables pagefaults.
|
|
*/
|
|
long strnlen_user_nofault(const void __user *unsafe_addr, long count)
|
|
{
|
|
int ret;
|
|
|
|
pagefault_disable();
|
|
ret = strnlen_user(unsafe_addr, count);
|
|
pagefault_enable();
|
|
|
|
return ret;
|
|
}
|
|
|
|
void __copy_overflow(int size, unsigned long count)
|
|
{
|
|
WARN(1, "Buffer overflow detected (%d < %lu)!\n", size, count);
|
|
}
|
|
EXPORT_SYMBOL(__copy_overflow);
|