maccess.c 3.05 KB
Newer Older
1 2 3
/*
 * Access kernel memory without faulting.
 */
4
#include <linux/export.h>
5
#include <linux/mm.h>
6
#include <linux/uaccess.h>
7 8 9 10 11 12 13 14 15

/**
 * probe_kernel_read(): safely attempt to read from a location
 * @dst: pointer to the buffer that shall take the data
 * @src: address to read from
 * @size: size of the data chunk
 *
 * Safely read from address @src to the buffer at @dst.  If a kernel fault
 * happens, handle that and return -EFAULT.
16 17 18 19 20
 *
 * We ensure that the copy_from_user is executed in atomic context so that
 * do_page_fault() doesn't attempt to take mmap_sem.  This makes
 * probe_kernel_read() suitable for use within regions where the caller
 * already holds mmap_sem, or other locks which nest inside mmap_sem.
21
 */
22

23
long __weak probe_kernel_read(void *dst, const void *src, size_t size)
24 25
    __attribute__((alias("__probe_kernel_read")));

26
long __probe_kernel_read(void *dst, const void *src, size_t size)
27 28
{
	long ret;
29
	mm_segment_t old_fs = get_fs();
30

31
	set_fs(KERNEL_DS);
32 33 34 35
	pagefault_disable();
	ret = __copy_from_user_inatomic(dst,
			(__force const void __user *)src, size);
	pagefault_enable();
36
	set_fs(old_fs);
37 38 39 40 41 42 43 44 45 46 47 48 49 50

	return ret ? -EFAULT : 0;
}
EXPORT_SYMBOL_GPL(probe_kernel_read);

/**
 * probe_kernel_write(): safely attempt to write to a location
 * @dst: address to write to
 * @src: pointer to the data that shall be written
 * @size: size of the data chunk
 *
 * Safely write to address @dst from the buffer at @src.  If a kernel fault
 * happens, handle that and return -EFAULT.
 */
51
long __weak probe_kernel_write(void *dst, const void *src, size_t size)
52 53
    __attribute__((alias("__probe_kernel_write")));

54
long __probe_kernel_write(void *dst, const void *src, size_t size)
55 56
{
	long ret;
57
	mm_segment_t old_fs = get_fs();
58

59
	set_fs(KERNEL_DS);
60 61 62
	pagefault_disable();
	ret = __copy_to_user_inatomic((__force void __user *)dst, src, size);
	pagefault_enable();
63
	set_fs(old_fs);
64 65 66 67

	return ret ? -EFAULT : 0;
}
EXPORT_SYMBOL_GPL(probe_kernel_write);
68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98

/**
 * strncpy_from_unsafe: - Copy a NUL terminated string from unsafe address.
 * @dst:   Destination address, in kernel space.  This buffer must be at
 *         least @count bytes long.
 * @src:   Unsafe address.
 * @count: Maximum number of bytes to copy, including the trailing NUL.
 *
 * Copies a NUL-terminated string from unsafe address to kernel buffer.
 *
 * On success, returns the length of the string INCLUDING the trailing NUL.
 *
 * If access fails, returns -EFAULT (some data may have been copied
 * and the trailing NUL added).
 *
 * If @count is smaller than the length of the string, copies @count-1 bytes,
 * sets the last byte of @dst buffer to NUL and returns @count.
 */
long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count)
{
	mm_segment_t old_fs = get_fs();
	const void *src = unsafe_addr;
	long ret;

	if (unlikely(count <= 0))
		return 0;

	set_fs(KERNEL_DS);
	pagefault_disable();

	do {
99
		ret = __get_user(*dst++, (const char __user __force *)src++);
100 101 102 103 104 105
	} while (dst[-1] && ret == 0 && src - unsafe_addr < count);

	dst[-1] = '\0';
	pagefault_enable();
	set_fs(old_fs);

106
	return ret ? -EFAULT : src - unsafe_addr;
107
}