maccess.c 3.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108
  1. /*
  2. * Access kernel memory without faulting.
  3. */
  4. #include <linux/export.h>
  5. #include <linux/mm.h>
  6. #include <linux/uaccess.h>
  7. /**
  8. * probe_kernel_read(): safely attempt to read from a location
  9. * @dst: pointer to the buffer that shall take the data
  10. * @src: address to read from
  11. * @size: size of the data chunk
  12. *
  13. * Safely read from address @src to the buffer at @dst. If a kernel fault
  14. * happens, handle that and return -EFAULT.
  15. *
  16. * We ensure that the copy_from_user is executed in atomic context so that
  17. * do_page_fault() doesn't attempt to take mmap_sem. This makes
  18. * probe_kernel_read() suitable for use within regions where the caller
  19. * already holds mmap_sem, or other locks which nest inside mmap_sem.
  20. */
  21. long __weak probe_kernel_read(void *dst, const void *src, size_t size)
  22. __attribute__((alias("__probe_kernel_read")));
  23. long __probe_kernel_read(void *dst, const void *src, size_t size)
  24. {
  25. long ret;
  26. mm_segment_t old_fs = get_fs();
  27. set_fs(KERNEL_DS);
  28. pagefault_disable();
  29. ret = __copy_from_user_inatomic(dst,
  30. (__force const void __user *)src, size);
  31. pagefault_enable();
  32. set_fs(old_fs);
  33. return ret ? -EFAULT : 0;
  34. }
  35. EXPORT_SYMBOL_GPL(probe_kernel_read);
  36. /**
  37. * probe_kernel_write(): safely attempt to write to a location
  38. * @dst: address to write to
  39. * @src: pointer to the data that shall be written
  40. * @size: size of the data chunk
  41. *
  42. * Safely write to address @dst from the buffer at @src. If a kernel fault
  43. * happens, handle that and return -EFAULT.
  44. */
  45. long __weak probe_kernel_write(void *dst, const void *src, size_t size)
  46. __attribute__((alias("__probe_kernel_write")));
  47. long __probe_kernel_write(void *dst, const void *src, size_t size)
  48. {
  49. long ret;
  50. mm_segment_t old_fs = get_fs();
  51. set_fs(KERNEL_DS);
  52. pagefault_disable();
  53. ret = __copy_to_user_inatomic((__force void __user *)dst, src, size);
  54. pagefault_enable();
  55. set_fs(old_fs);
  56. return ret ? -EFAULT : 0;
  57. }
  58. EXPORT_SYMBOL_GPL(probe_kernel_write);
  59. /**
  60. * strncpy_from_unsafe: - Copy a NUL terminated string from unsafe address.
  61. * @dst: Destination address, in kernel space. This buffer must be at
  62. * least @count bytes long.
  63. * @unsafe_addr: Unsafe address.
  64. * @count: Maximum number of bytes to copy, including the trailing NUL.
  65. *
  66. * Copies a NUL-terminated string from unsafe address to kernel buffer.
  67. *
  68. * On success, returns the length of the string INCLUDING the trailing NUL.
  69. *
  70. * If access fails, returns -EFAULT (some data may have been copied
  71. * and the trailing NUL added).
  72. *
  73. * If @count is smaller than the length of the string, copies @count-1 bytes,
  74. * sets the last byte of @dst buffer to NUL and returns @count.
  75. */
  76. long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count)
  77. {
  78. mm_segment_t old_fs = get_fs();
  79. const void *src = unsafe_addr;
  80. long ret;
  81. if (unlikely(count <= 0))
  82. return 0;
  83. set_fs(KERNEL_DS);
  84. pagefault_disable();
  85. do {
  86. ret = __get_user(*dst++, (const char __user __force *)src++);
  87. } while (dst[-1] && ret == 0 && src - unsafe_addr < count);
  88. dst[-1] = '\0';
  89. pagefault_enable();
  90. set_fs(old_fs);
  91. return ret ? -EFAULT : src - unsafe_addr;
  92. }