Linux/lib/strncpy_from

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

1 // SPDX-License-Identifier: GPL-2.0 1 // SPDX-License-Identifier: GPL-2.0 2 #include <linux/compiler.h> 2 #include <linux/compiler.h> 3 #include <linux/export.h> 3 #include <linux/export.h> 4 #include <linux/fault-inject-usercopy.h> << 5 #include <linux/kasan-checks.h> 4 #include <linux/kasan-checks.h> 6 #include <linux/thread_info.h> 5 #include <linux/thread_info.h> 7 #include <linux/uaccess.h> 6 #include <linux/uaccess.h> 8 #include <linux/kernel.h> 7 #include <linux/kernel.h> 9 #include <linux/errno.h> 8 #include <linux/errno.h> 10 #include <linux/mm.h> << 11 9 12 #include <asm/byteorder.h> 10 #include <asm/byteorder.h> 13 #include <asm/word-at-a-time.h> 11 #include <asm/word-at-a-time.h> 14 12 15 #ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS 13 #ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS 16 #define IS_UNALIGNED(src, dst) 0 14 #define IS_UNALIGNED(src, dst) 0 17 #else 15 #else 18 #define IS_UNALIGNED(src, dst) \ 16 #define IS_UNALIGNED(src, dst) \ 19 (((long) dst | (long) src) & (sizeof(l 17 (((long) dst | (long) src) & (sizeof(long) - 1)) 20 #endif 18 #endif 21 19 22 /* 20 /* 23 * Do a strncpy, return length of string witho 21 * Do a strncpy, return length of string without final '\0'. 24 * 'count' is the user-supplied count (return 22 * 'count' is the user-supplied count (return 'count' if we 25 * hit it), 'max' is the address space maximum 23 * hit it), 'max' is the address space maximum (and we return 26 * -EFAULT if we hit it). 24 * -EFAULT if we hit it). 27 */ 25 */ 28 static __always_inline long do_strncpy_from_us !! 26 static inline long do_strncpy_from_user(char *dst, const char __user *src, long count, unsigned long max) 29 unsign << 30 { 27 { 31 const struct word_at_a_time constants 28 const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS; 32 unsigned long res = 0; !! 29 long res = 0; >> 30 >> 31 /* >> 32 * Truncate 'max' to the user-specified limit, so that >> 33 * we only have one limit we need to check in the loop >> 34 */ >> 35 if (max > count) >> 36 max = count; 33 37 34 if (IS_UNALIGNED(src, dst)) 38 if (IS_UNALIGNED(src, dst)) 35 goto byte_at_a_time; 39 goto byte_at_a_time; 36 40 37 while (max >= sizeof(unsigned long)) { 41 while (max >= sizeof(unsigned long)) { 38 unsigned long c, data, mask; !! 42 unsigned long c, data; 39 43 40 /* Fall back to byte-at-a-time 44 /* Fall back to byte-at-a-time if we get a page fault */ 41 unsafe_get_user(c, (unsigned l 45 unsafe_get_user(c, (unsigned long __user *)(src+res), byte_at_a_time); 42 46 43 /* !! 47 *(unsigned long *)(dst+res) = c; 44 * Note that we mask out the b << 45 * important to do because str << 46 * the NUL. For those routines << 47 * potentially random bytes af << 48 * << 49 * One example of such code is << 50 * as an opaque set of bytes. << 51 * maps keyed by strings retur << 52 * have multiple entries for s << 53 */ << 54 if (has_zero(c, &data, &consta 48 if (has_zero(c, &data, &constants)) { 55 data = prep_zero_mask( 49 data = prep_zero_mask(c, data, &constants); 56 data = create_zero_mas 50 data = create_zero_mask(data); 57 mask = zero_bytemask(d << 58 *(unsigned long *)(dst << 59 return res + find_zero 51 return res + find_zero(data); 60 } 52 } 61 << 62 *(unsigned long *)(dst+res) = << 63 << 64 res += sizeof(unsigned long); 53 res += sizeof(unsigned long); 65 max -= sizeof(unsigned long); 54 max -= sizeof(unsigned long); 66 } 55 } 67 56 68 byte_at_a_time: 57 byte_at_a_time: 69 while (max) { 58 while (max) { 70 char c; 59 char c; 71 60 72 unsafe_get_user(c,src+res, efa 61 unsafe_get_user(c,src+res, efault); 73 dst[res] = c; 62 dst[res] = c; 74 if (!c) 63 if (!c) 75 return res; 64 return res; 76 res++; 65 res++; 77 max--; 66 max--; 78 } 67 } 79 68 80 /* 69 /* 81 * Uhhuh. We hit 'max'. But was that t 70 * Uhhuh. We hit 'max'. But was that the user-specified maximum 82 * too? If so, that's ok - we got as m 71 * too? If so, that's ok - we got as much as the user asked for. 83 */ 72 */ 84 if (res >= count) 73 if (res >= count) 85 return res; 74 return res; 86 75 87 /* 76 /* 88 * Nope: we hit the address space limi 77 * Nope: we hit the address space limit, and we still had more 89 * characters the caller would have wa 78 * characters the caller would have wanted. That's an EFAULT. 90 */ 79 */ 91 efault: 80 efault: 92 return -EFAULT; 81 return -EFAULT; 93 } 82 } 94 83 95 /** 84 /** 96 * strncpy_from_user: - Copy a NUL terminated 85 * strncpy_from_user: - Copy a NUL terminated string from userspace. 97 * @dst: Destination address, in kernel spac 86 * @dst: Destination address, in kernel space. This buffer must be at 98 * least @count bytes long. 87 * least @count bytes long. 99 * @src: Source address, in user space. 88 * @src: Source address, in user space. 100 * @count: Maximum number of bytes to copy, in 89 * @count: Maximum number of bytes to copy, including the trailing NUL. 101 * 90 * 102 * Copies a NUL-terminated string from userspa 91 * Copies a NUL-terminated string from userspace to kernel space. 103 * 92 * 104 * On success, returns the length of the strin 93 * On success, returns the length of the string (not including the trailing 105 * NUL). 94 * NUL). 106 * 95 * 107 * If access to userspace fails, returns -EFAU 96 * If access to userspace fails, returns -EFAULT (some data may have been 108 * copied). 97 * copied). 109 * 98 * 110 * If @count is smaller than the length of the 99 * If @count is smaller than the length of the string, copies @count bytes 111 * and returns @count. 100 * and returns @count. 112 */ 101 */ 113 long strncpy_from_user(char *dst, const char _ 102 long strncpy_from_user(char *dst, const char __user *src, long count) 114 { 103 { 115 unsigned long max_addr, src_addr; 104 unsigned long max_addr, src_addr; 116 105 117 might_fault(); << 118 if (should_fail_usercopy()) << 119 return -EFAULT; << 120 if (unlikely(count <= 0)) 106 if (unlikely(count <= 0)) 121 return 0; 107 return 0; 122 108 123 if (can_do_masked_user_access()) { !! 109 max_addr = user_addr_max(); 124 long retval; !! 110 src_addr = (unsigned long)src; 125 << 126 src = masked_user_access_begin << 127 retval = do_strncpy_from_user( << 128 user_read_access_end(); << 129 return retval; << 130 } << 131 << 132 max_addr = TASK_SIZE_MAX; << 133 src_addr = (unsigned long)untagged_add << 134 if (likely(src_addr < max_addr)) { 111 if (likely(src_addr < max_addr)) { 135 unsigned long max = max_addr - 112 unsigned long max = max_addr - src_addr; 136 long retval; 113 long retval; 137 114 138 /* << 139 * Truncate 'max' to the user- << 140 * we only have one limit we n << 141 */ << 142 if (max > count) << 143 max = count; << 144 << 145 kasan_check_write(dst, count); 115 kasan_check_write(dst, count); 146 check_object_size(dst, count, 116 check_object_size(dst, count, false); 147 if (user_read_access_begin(src !! 117 user_access_begin(); 148 retval = do_strncpy_fr !! 118 retval = do_strncpy_from_user(dst, src, count, max); 149 user_read_access_end() !! 119 user_access_end(); 150 return retval; !! 120 return retval; 151 } << 152 } 121 } 153 return -EFAULT; 122 return -EFAULT; 154 } 123 } 155 EXPORT_SYMBOL(strncpy_from_user); 124 EXPORT_SYMBOL(strncpy_from_user); 156 125

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference
Linux/lib/strncpy_from_user.c

Diff markup

Differences between /lib/strncpy_from_user.c (Version linux-6.12-rc7) and /lib/strncpy_from_user.c (Version linux-4.15.18)

TOMOYO Linux Cross Reference Linux/lib/strncpy_from_user.c

Diff markup

Differences between /lib/strncpy_from_user.c (Version linux-6.12-rc7) and /lib/strncpy_from_user.c (Version linux-4.15.18)

TOMOYO Linux Cross Reference
Linux/lib/strncpy_from_user.c