1 // SPDX-License-Identifier: GPL-2.0-only
3 * Access kernel or user memory without faulting.
5 #include <linux/export.h>
7 #include <linux/uaccess.h>
9 bool __weak
copy_from_kernel_nofault_allowed(const void *unsafe_src
,
15 #ifdef HAVE_GET_KERNEL_NOFAULT
17 #define copy_from_kernel_nofault_loop(dst, src, len, type, err_label) \
18 while (len >= sizeof(type)) { \
19 __get_kernel_nofault(dst, src, type, err_label); \
20 dst += sizeof(type); \
21 src += sizeof(type); \
22 len -= sizeof(type); \
25 long copy_from_kernel_nofault(void *dst
, const void *src
, size_t size
)
27 if (!copy_from_kernel_nofault_allowed(src
, size
))
31 copy_from_kernel_nofault_loop(dst
, src
, size
, u64
, Efault
);
32 copy_from_kernel_nofault_loop(dst
, src
, size
, u32
, Efault
);
33 copy_from_kernel_nofault_loop(dst
, src
, size
, u16
, Efault
);
34 copy_from_kernel_nofault_loop(dst
, src
, size
, u8
, Efault
);
41 EXPORT_SYMBOL_GPL(copy_from_kernel_nofault
);
43 #define copy_to_kernel_nofault_loop(dst, src, len, type, err_label) \
44 while (len >= sizeof(type)) { \
45 __put_kernel_nofault(dst, src, type, err_label); \
46 dst += sizeof(type); \
47 src += sizeof(type); \
48 len -= sizeof(type); \
51 long copy_to_kernel_nofault(void *dst
, const void *src
, size_t size
)
54 copy_to_kernel_nofault_loop(dst
, src
, size
, u64
, Efault
);
55 copy_to_kernel_nofault_loop(dst
, src
, size
, u32
, Efault
);
56 copy_to_kernel_nofault_loop(dst
, src
, size
, u16
, Efault
);
57 copy_to_kernel_nofault_loop(dst
, src
, size
, u8
, Efault
);
65 long strncpy_from_kernel_nofault(char *dst
, const void *unsafe_addr
, long count
)
67 const void *src
= unsafe_addr
;
69 if (unlikely(count
<= 0))
71 if (!copy_from_kernel_nofault_allowed(unsafe_addr
, count
))
76 __get_kernel_nofault(dst
, src
, u8
, Efault
);
79 } while (dst
[-1] && src
- unsafe_addr
< count
);
83 return src
- unsafe_addr
;
89 #else /* HAVE_GET_KERNEL_NOFAULT */
91 * copy_from_kernel_nofault(): safely attempt to read from kernel-space
92 * @dst: pointer to the buffer that shall take the data
93 * @src: address to read from
94 * @size: size of the data chunk
96 * Safely read from kernel address @src to the buffer at @dst. If a kernel
97 * fault happens, handle that and return -EFAULT. If @src is not a valid kernel
98 * address, return -ERANGE.
100 * We ensure that the copy_from_user is executed in atomic context so that
101 * do_page_fault() doesn't attempt to take mmap_lock. This makes
102 * copy_from_kernel_nofault() suitable for use within regions where the caller
103 * already holds mmap_lock, or other locks which nest inside mmap_lock.
105 long copy_from_kernel_nofault(void *dst
, const void *src
, size_t size
)
108 mm_segment_t old_fs
= get_fs();
110 if (!copy_from_kernel_nofault_allowed(src
, size
))
115 ret
= __copy_from_user_inatomic(dst
, (__force
const void __user
*)src
,
124 EXPORT_SYMBOL_GPL(copy_from_kernel_nofault
);
127 * copy_to_kernel_nofault(): safely attempt to write to a location
128 * @dst: address to write to
129 * @src: pointer to the data that shall be written
130 * @size: size of the data chunk
132 * Safely write to address @dst from the buffer at @src. If a kernel fault
133 * happens, handle that and return -EFAULT.
135 long copy_to_kernel_nofault(void *dst
, const void *src
, size_t size
)
138 mm_segment_t old_fs
= get_fs();
142 ret
= __copy_to_user_inatomic((__force
void __user
*)dst
, src
, size
);
152 * strncpy_from_kernel_nofault: - Copy a NUL terminated string from unsafe
154 * @dst: Destination address, in kernel space. This buffer must be at
155 * least @count bytes long.
156 * @unsafe_addr: Unsafe address.
157 * @count: Maximum number of bytes to copy, including the trailing NUL.
159 * Copies a NUL-terminated string from unsafe address to kernel buffer.
161 * On success, returns the length of the string INCLUDING the trailing NUL.
163 * If access fails, returns -EFAULT (some data may have been copied and the
164 * trailing NUL added). If @unsafe_addr is not a valid kernel address, return
167 * If @count is smaller than the length of the string, copies @count-1 bytes,
168 * sets the last byte of @dst buffer to NUL and returns @count.
170 long strncpy_from_kernel_nofault(char *dst
, const void *unsafe_addr
, long count
)
172 mm_segment_t old_fs
= get_fs();
173 const void *src
= unsafe_addr
;
176 if (unlikely(count
<= 0))
178 if (!copy_from_kernel_nofault_allowed(unsafe_addr
, count
))
185 ret
= __get_user(*dst
++, (const char __user __force
*)src
++);
186 } while (dst
[-1] && ret
== 0 && src
- unsafe_addr
< count
);
192 return ret
? -EFAULT
: src
- unsafe_addr
;
194 #endif /* HAVE_GET_KERNEL_NOFAULT */
197 * copy_from_user_nofault(): safely attempt to read from a user-space location
198 * @dst: pointer to the buffer that shall take the data
199 * @src: address to read from. This must be a user address.
200 * @size: size of the data chunk
202 * Safely read from user address @src to the buffer at @dst. If a kernel fault
203 * happens, handle that and return -EFAULT.
205 long copy_from_user_nofault(void *dst
, const void __user
*src
, size_t size
)
208 mm_segment_t old_fs
= get_fs();
211 if (access_ok(src
, size
)) {
213 ret
= __copy_from_user_inatomic(dst
, src
, size
);
222 EXPORT_SYMBOL_GPL(copy_from_user_nofault
);
225 * copy_to_user_nofault(): safely attempt to write to a user-space location
226 * @dst: address to write to
227 * @src: pointer to the data that shall be written
228 * @size: size of the data chunk
230 * Safely write to address @dst from the buffer at @src. If a kernel fault
231 * happens, handle that and return -EFAULT.
233 long copy_to_user_nofault(void __user
*dst
, const void *src
, size_t size
)
236 mm_segment_t old_fs
= get_fs();
239 if (access_ok(dst
, size
)) {
241 ret
= __copy_to_user_inatomic(dst
, src
, size
);
250 EXPORT_SYMBOL_GPL(copy_to_user_nofault
);
253 * strncpy_from_user_nofault: - Copy a NUL terminated string from unsafe user
255 * @dst: Destination address, in kernel space. This buffer must be at
256 * least @count bytes long.
257 * @unsafe_addr: Unsafe user address.
258 * @count: Maximum number of bytes to copy, including the trailing NUL.
260 * Copies a NUL-terminated string from unsafe user address to kernel buffer.
262 * On success, returns the length of the string INCLUDING the trailing NUL.
264 * If access fails, returns -EFAULT (some data may have been copied
265 * and the trailing NUL added).
267 * If @count is smaller than the length of the string, copies @count-1 bytes,
268 * sets the last byte of @dst buffer to NUL and returns @count.
270 long strncpy_from_user_nofault(char *dst
, const void __user
*unsafe_addr
,
273 mm_segment_t old_fs
= get_fs();
276 if (unlikely(count
<= 0))
281 ret
= strncpy_from_user(dst
, unsafe_addr
, count
);
288 } else if (ret
> 0) {
296 * strnlen_user_nofault: - Get the size of a user string INCLUDING final NUL.
297 * @unsafe_addr: The string to measure.
298 * @count: Maximum count (including NUL)
300 * Get the size of a NUL-terminated string in user space without pagefault.
302 * Returns the size of the string INCLUDING the terminating NUL.
304 * If the string is too long, returns a number larger than @count. User
305 * has to check the return value against "> count".
306 * On exception (or invalid count), returns 0.
308 * Unlike strnlen_user, this can be used from IRQ handler etc. because
309 * it disables pagefaults.
311 long strnlen_user_nofault(const void __user
*unsafe_addr
, long count
)
313 mm_segment_t old_fs
= get_fs();
318 ret
= strnlen_user(unsafe_addr
, count
);