mm/maccess.c

   1 /*
   2  * Access kernel memory without faulting.
   3  */
   4 #include <linux/export.h>
   5 #include <linux/mm.h>
   6 #include <linux/uaccess.h>
   7
   8 /**
   9  * probe_kernel_read(): safely attempt to read from a location
  10  * @dst: pointer to the buffer that shall take the data
  11  * @src: address to read from
  12  * @size: size of the data chunk
  13  *
  14  * Safely read from address @src to the buffer at @dst.  If a kernel fault
  15  * happens, handle that and return -EFAULT.
  16  */
  17
  18 long __weak probe_kernel_read(void *dst, const void *src, size_t size)
  19     __attribute__((alias("__probe_kernel_read")));
  20
  21 long __probe_kernel_read(void *dst, const void *src, size_t size)
  22 {
  23         long ret;
  24         mm_segment_t old_fs = get_fs();
  25
  26         set_fs(KERNEL_DS);
  27         pagefault_disable();
  28         ret = __copy_from_user_inatomic(dst,
  29                         (__force const void __user *)src, size);
  30         pagefault_enable();
  31         set_fs(old_fs);
  32
  33         return ret ? -EFAULT : 0;
  34 }
  35 EXPORT_SYMBOL_GPL(probe_kernel_read);
  36
  37 /**
  38  * probe_kernel_write(): safely attempt to write to a location
  39  * @dst: address to write to
  40  * @src: pointer to the data that shall be written
  41  * @size: size of the data chunk
  42  *
  43  * Safely write to address @dst from the buffer at @src.  If a kernel fault
  44  * happens, handle that and return -EFAULT.
  45  */
  46 long __weak probe_kernel_write(void *dst, const void *src, size_t size)
  47     __attribute__((alias("__probe_kernel_write")));
  48
  49 long __probe_kernel_write(void *dst, const void *src, size_t size)
  50 {
  51         long ret;
  52         mm_segment_t old_fs = get_fs();
  53
  54         set_fs(KERNEL_DS);
  55         pagefault_disable();
  56         ret = __copy_to_user_inatomic((__force void __user *)dst, src, size);
  57         pagefault_enable();
  58         set_fs(old_fs);
  59
  60         return ret ? -EFAULT : 0;
  61 }
  62 EXPORT_SYMBOL_GPL(probe_kernel_write);
  63
  64 /**
  65  * strncpy_from_unsafe: - Copy a NUL terminated string from unsafe address.
  66  * @dst:   Destination address, in kernel space.  This buffer must be at
  67  *         least @count bytes long.
  68  * @src:   Unsafe address.
  69  * @count: Maximum number of bytes to copy, including the trailing NUL.
  70  *
  71  * Copies a NUL-terminated string from unsafe address to kernel buffer.
  72  *
  73  * On success, returns the length of the string INCLUDING the trailing NUL.
  74  *
  75  * If access fails, returns -EFAULT (some data may have been copied
  76  * and the trailing NUL added).
  77  *
  78  * If @count is smaller than the length of the string, copies @count-1 bytes,
  79  * sets the last byte of @dst buffer to NUL and returns @count.
  80  */
  81 long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count)
  82 {
  83         mm_segment_t old_fs = get_fs();
  84         const void *src = unsafe_addr;
  85         long ret;
  86
  87         if (unlikely(count <= 0))
  88                 return 0;
  89
  90         set_fs(KERNEL_DS);
  91         pagefault_disable();
  92
  93         do {
  94                 ret = __copy_from_user_inatomic(dst++,
  95                                                 (const void __user __force *)src++, 1);
  96         } while (dst[-1] && ret == 0 && src - unsafe_addr < count);
  97
  98         dst[-1] = '\0';
  99         pagefault_enable();
 100         set_fs(old_fs);
 101
 102         return ret < 0 ? ret : src - unsafe_addr;
 103 }