162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0 262306a36Sopenharmony_ci#include <linux/bitops.h> 362306a36Sopenharmony_ci#include <linux/fault-inject-usercopy.h> 462306a36Sopenharmony_ci#include <linux/instrumented.h> 562306a36Sopenharmony_ci#include <linux/uaccess.h> 662306a36Sopenharmony_ci#include <linux/nospec.h> 762306a36Sopenharmony_ci 862306a36Sopenharmony_ci/* out-of-line parts */ 962306a36Sopenharmony_ci 1062306a36Sopenharmony_ci#ifndef INLINE_COPY_FROM_USER 1162306a36Sopenharmony_ciunsigned long _copy_from_user(void *to, const void __user *from, unsigned long n) 1262306a36Sopenharmony_ci{ 1362306a36Sopenharmony_ci unsigned long res = n; 1462306a36Sopenharmony_ci might_fault(); 1562306a36Sopenharmony_ci if (!should_fail_usercopy() && likely(access_ok(from, n))) { 1662306a36Sopenharmony_ci /* 1762306a36Sopenharmony_ci * Ensure that bad access_ok() speculation will not 1862306a36Sopenharmony_ci * lead to nasty side effects *after* the copy is 1962306a36Sopenharmony_ci * finished: 2062306a36Sopenharmony_ci */ 2162306a36Sopenharmony_ci barrier_nospec(); 2262306a36Sopenharmony_ci instrument_copy_from_user_before(to, from, n); 2362306a36Sopenharmony_ci res = raw_copy_from_user(to, from, n); 2462306a36Sopenharmony_ci instrument_copy_from_user_after(to, from, n, res); 2562306a36Sopenharmony_ci } 2662306a36Sopenharmony_ci if (unlikely(res)) 2762306a36Sopenharmony_ci memset(to + (n - res), 0, res); 2862306a36Sopenharmony_ci return res; 2962306a36Sopenharmony_ci} 3062306a36Sopenharmony_ciEXPORT_SYMBOL(_copy_from_user); 3162306a36Sopenharmony_ci#endif 3262306a36Sopenharmony_ci 3362306a36Sopenharmony_ci#ifndef INLINE_COPY_TO_USER 3462306a36Sopenharmony_ciunsigned long _copy_to_user(void __user *to, const void *from, unsigned long n) 3562306a36Sopenharmony_ci{ 3662306a36Sopenharmony_ci might_fault(); 3762306a36Sopenharmony_ci if (should_fail_usercopy()) 3862306a36Sopenharmony_ci return n; 3962306a36Sopenharmony_ci if (likely(access_ok(to, n))) { 4062306a36Sopenharmony_ci instrument_copy_to_user(to, from, n); 4162306a36Sopenharmony_ci n = raw_copy_to_user(to, from, n); 4262306a36Sopenharmony_ci } 4362306a36Sopenharmony_ci return n; 4462306a36Sopenharmony_ci} 4562306a36Sopenharmony_ciEXPORT_SYMBOL(_copy_to_user); 4662306a36Sopenharmony_ci#endif 4762306a36Sopenharmony_ci 4862306a36Sopenharmony_ci/** 4962306a36Sopenharmony_ci * check_zeroed_user: check if a userspace buffer only contains zero bytes 5062306a36Sopenharmony_ci * @from: Source address, in userspace. 5162306a36Sopenharmony_ci * @size: Size of buffer. 5262306a36Sopenharmony_ci * 5362306a36Sopenharmony_ci * This is effectively shorthand for "memchr_inv(from, 0, size) == NULL" for 5462306a36Sopenharmony_ci * userspace addresses (and is more efficient because we don't care where the 5562306a36Sopenharmony_ci * first non-zero byte is). 5662306a36Sopenharmony_ci * 5762306a36Sopenharmony_ci * Returns: 5862306a36Sopenharmony_ci * * 0: There were non-zero bytes present in the buffer. 5962306a36Sopenharmony_ci * * 1: The buffer was full of zero bytes. 6062306a36Sopenharmony_ci * * -EFAULT: access to userspace failed. 6162306a36Sopenharmony_ci */ 6262306a36Sopenharmony_ciint check_zeroed_user(const void __user *from, size_t size) 6362306a36Sopenharmony_ci{ 6462306a36Sopenharmony_ci unsigned long val; 6562306a36Sopenharmony_ci uintptr_t align = (uintptr_t) from % sizeof(unsigned long); 6662306a36Sopenharmony_ci 6762306a36Sopenharmony_ci if (unlikely(size == 0)) 6862306a36Sopenharmony_ci return 1; 6962306a36Sopenharmony_ci 7062306a36Sopenharmony_ci from -= align; 7162306a36Sopenharmony_ci size += align; 7262306a36Sopenharmony_ci 7362306a36Sopenharmony_ci if (!user_read_access_begin(from, size)) 7462306a36Sopenharmony_ci return -EFAULT; 7562306a36Sopenharmony_ci 7662306a36Sopenharmony_ci unsafe_get_user(val, (unsigned long __user *) from, err_fault); 7762306a36Sopenharmony_ci if (align) 7862306a36Sopenharmony_ci val &= ~aligned_byte_mask(align); 7962306a36Sopenharmony_ci 8062306a36Sopenharmony_ci while (size > sizeof(unsigned long)) { 8162306a36Sopenharmony_ci if (unlikely(val)) 8262306a36Sopenharmony_ci goto done; 8362306a36Sopenharmony_ci 8462306a36Sopenharmony_ci from += sizeof(unsigned long); 8562306a36Sopenharmony_ci size -= sizeof(unsigned long); 8662306a36Sopenharmony_ci 8762306a36Sopenharmony_ci unsafe_get_user(val, (unsigned long __user *) from, err_fault); 8862306a36Sopenharmony_ci } 8962306a36Sopenharmony_ci 9062306a36Sopenharmony_ci if (size < sizeof(unsigned long)) 9162306a36Sopenharmony_ci val &= aligned_byte_mask(size); 9262306a36Sopenharmony_ci 9362306a36Sopenharmony_cidone: 9462306a36Sopenharmony_ci user_read_access_end(); 9562306a36Sopenharmony_ci return (val == 0); 9662306a36Sopenharmony_cierr_fault: 9762306a36Sopenharmony_ci user_read_access_end(); 9862306a36Sopenharmony_ci return -EFAULT; 9962306a36Sopenharmony_ci} 10062306a36Sopenharmony_ciEXPORT_SYMBOL(check_zeroed_user); 101