~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/lib/strncpy_from_user.c

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /lib/strncpy_from_user.c (Version linux-6.12-rc7) and /lib/strncpy_from_user.c (Version linux-4.16.18)


  1 // SPDX-License-Identifier: GPL-2.0                 1 // SPDX-License-Identifier: GPL-2.0
  2 #include <linux/compiler.h>                         2 #include <linux/compiler.h>
  3 #include <linux/export.h>                           3 #include <linux/export.h>
  4 #include <linux/fault-inject-usercopy.h>       << 
  5 #include <linux/kasan-checks.h>                     4 #include <linux/kasan-checks.h>
  6 #include <linux/thread_info.h>                      5 #include <linux/thread_info.h>
  7 #include <linux/uaccess.h>                          6 #include <linux/uaccess.h>
  8 #include <linux/kernel.h>                           7 #include <linux/kernel.h>
  9 #include <linux/errno.h>                            8 #include <linux/errno.h>
 10 #include <linux/mm.h>                          << 
 11                                                     9 
 12 #include <asm/byteorder.h>                         10 #include <asm/byteorder.h>
 13 #include <asm/word-at-a-time.h>                    11 #include <asm/word-at-a-time.h>
 14                                                    12 
 15 #ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS      13 #ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
 16 #define IS_UNALIGNED(src, dst)  0                  14 #define IS_UNALIGNED(src, dst)  0
 17 #else                                              15 #else
 18 #define IS_UNALIGNED(src, dst)  \                  16 #define IS_UNALIGNED(src, dst)  \
 19         (((long) dst | (long) src) & (sizeof(l     17         (((long) dst | (long) src) & (sizeof(long) - 1))
 20 #endif                                             18 #endif
 21                                                    19 
 22 /*                                                 20 /*
 23  * Do a strncpy, return length of string witho     21  * Do a strncpy, return length of string without final '\0'.
 24  * 'count' is the user-supplied count (return      22  * 'count' is the user-supplied count (return 'count' if we
 25  * hit it), 'max' is the address space maximum     23  * hit it), 'max' is the address space maximum (and we return
 26  * -EFAULT if we hit it).                          24  * -EFAULT if we hit it).
 27  */                                                25  */
 28 static __always_inline long do_strncpy_from_us !!  26 static inline long do_strncpy_from_user(char *dst, const char __user *src, long count, unsigned long max)
 29                                         unsign << 
 30 {                                                  27 {
 31         const struct word_at_a_time constants      28         const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
 32         unsigned long res = 0;                 !!  29         long res = 0;
                                                   >>  30 
                                                   >>  31         /*
                                                   >>  32          * Truncate 'max' to the user-specified limit, so that
                                                   >>  33          * we only have one limit we need to check in the loop
                                                   >>  34          */
                                                   >>  35         if (max > count)
                                                   >>  36                 max = count;
 33                                                    37 
 34         if (IS_UNALIGNED(src, dst))                38         if (IS_UNALIGNED(src, dst))
 35                 goto byte_at_a_time;               39                 goto byte_at_a_time;
 36                                                    40 
 37         while (max >= sizeof(unsigned long)) {     41         while (max >= sizeof(unsigned long)) {
 38                 unsigned long c, data, mask;   !!  42                 unsigned long c, data;
 39                                                    43 
 40                 /* Fall back to byte-at-a-time     44                 /* Fall back to byte-at-a-time if we get a page fault */
 41                 unsafe_get_user(c, (unsigned l     45                 unsafe_get_user(c, (unsigned long __user *)(src+res), byte_at_a_time);
 42                                                    46 
 43                 /*                             !!  47                 *(unsigned long *)(dst+res) = c;
 44                  * Note that we mask out the b << 
 45                  * important to do because str << 
 46                  * the NUL. For those routines << 
 47                  * potentially random bytes af << 
 48                  *                             << 
 49                  * One example of such code is << 
 50                  * as an opaque set of bytes.  << 
 51                  * maps keyed by strings retur << 
 52                  * have multiple entries for s << 
 53                  */                            << 
 54                 if (has_zero(c, &data, &consta     48                 if (has_zero(c, &data, &constants)) {
 55                         data = prep_zero_mask(     49                         data = prep_zero_mask(c, data, &constants);
 56                         data = create_zero_mas     50                         data = create_zero_mask(data);
 57                         mask = zero_bytemask(d << 
 58                         *(unsigned long *)(dst << 
 59                         return res + find_zero     51                         return res + find_zero(data);
 60                 }                                  52                 }
 61                                                << 
 62                 *(unsigned long *)(dst+res) =  << 
 63                                                << 
 64                 res += sizeof(unsigned long);      53                 res += sizeof(unsigned long);
 65                 max -= sizeof(unsigned long);      54                 max -= sizeof(unsigned long);
 66         }                                          55         }
 67                                                    56 
 68 byte_at_a_time:                                    57 byte_at_a_time:
 69         while (max) {                              58         while (max) {
 70                 char c;                            59                 char c;
 71                                                    60 
 72                 unsafe_get_user(c,src+res, efa     61                 unsafe_get_user(c,src+res, efault);
 73                 dst[res] = c;                      62                 dst[res] = c;
 74                 if (!c)                            63                 if (!c)
 75                         return res;                64                         return res;
 76                 res++;                             65                 res++;
 77                 max--;                             66                 max--;
 78         }                                          67         }
 79                                                    68 
 80         /*                                         69         /*
 81          * Uhhuh. We hit 'max'. But was that t     70          * Uhhuh. We hit 'max'. But was that the user-specified maximum
 82          * too? If so, that's ok - we got as m     71          * too? If so, that's ok - we got as much as the user asked for.
 83          */                                        72          */
 84         if (res >= count)                          73         if (res >= count)
 85                 return res;                        74                 return res;
 86                                                    75 
 87         /*                                         76         /*
 88          * Nope: we hit the address space limi     77          * Nope: we hit the address space limit, and we still had more
 89          * characters the caller would have wa     78          * characters the caller would have wanted. That's an EFAULT.
 90          */                                        79          */
 91 efault:                                            80 efault:
 92         return -EFAULT;                            81         return -EFAULT;
 93 }                                                  82 }
 94                                                    83 
 95 /**                                                84 /**
 96  * strncpy_from_user: - Copy a NUL terminated      85  * strncpy_from_user: - Copy a NUL terminated string from userspace.
 97  * @dst:   Destination address, in kernel spac     86  * @dst:   Destination address, in kernel space.  This buffer must be at
 98  *         least @count bytes long.                87  *         least @count bytes long.
 99  * @src:   Source address, in user space.          88  * @src:   Source address, in user space.
100  * @count: Maximum number of bytes to copy, in     89  * @count: Maximum number of bytes to copy, including the trailing NUL.
101  *                                                 90  *
102  * Copies a NUL-terminated string from userspa     91  * Copies a NUL-terminated string from userspace to kernel space.
103  *                                                 92  *
104  * On success, returns the length of the strin     93  * On success, returns the length of the string (not including the trailing
105  * NUL).                                           94  * NUL).
106  *                                                 95  *
107  * If access to userspace fails, returns -EFAU     96  * If access to userspace fails, returns -EFAULT (some data may have been
108  * copied).                                        97  * copied).
109  *                                                 98  *
110  * If @count is smaller than the length of the     99  * If @count is smaller than the length of the string, copies @count bytes
111  * and returns @count.                            100  * and returns @count.
112  */                                               101  */
113 long strncpy_from_user(char *dst, const char _    102 long strncpy_from_user(char *dst, const char __user *src, long count)
114 {                                                 103 {
115         unsigned long max_addr, src_addr;         104         unsigned long max_addr, src_addr;
116                                                   105 
117         might_fault();                         << 
118         if (should_fail_usercopy())            << 
119                 return -EFAULT;                << 
120         if (unlikely(count <= 0))                 106         if (unlikely(count <= 0))
121                 return 0;                         107                 return 0;
122                                                   108 
123         if (can_do_masked_user_access()) {     !! 109         max_addr = user_addr_max();
124                 long retval;                   !! 110         src_addr = (unsigned long)src;
125                                                << 
126                 src = masked_user_access_begin << 
127                 retval = do_strncpy_from_user( << 
128                 user_read_access_end();        << 
129                 return retval;                 << 
130         }                                      << 
131                                                << 
132         max_addr = TASK_SIZE_MAX;              << 
133         src_addr = (unsigned long)untagged_add << 
134         if (likely(src_addr < max_addr)) {        111         if (likely(src_addr < max_addr)) {
135                 unsigned long max = max_addr -    112                 unsigned long max = max_addr - src_addr;
136                 long retval;                      113                 long retval;
137                                                   114 
138                 /*                             << 
139                  * Truncate 'max' to the user- << 
140                  * we only have one limit we n << 
141                  */                            << 
142                 if (max > count)               << 
143                         max = count;           << 
144                                                << 
145                 kasan_check_write(dst, count);    115                 kasan_check_write(dst, count);
146                 check_object_size(dst, count,     116                 check_object_size(dst, count, false);
147                 if (user_read_access_begin(src !! 117                 user_access_begin();
148                         retval = do_strncpy_fr !! 118                 retval = do_strncpy_from_user(dst, src, count, max);
149                         user_read_access_end() !! 119                 user_access_end();
150                         return retval;         !! 120                 return retval;
151                 }                              << 
152         }                                         121         }
153         return -EFAULT;                           122         return -EFAULT;
154 }                                                 123 }
155 EXPORT_SYMBOL(strncpy_from_user);                 124 EXPORT_SYMBOL(strncpy_from_user);
156                                                   125 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php