1 #include <linux/module.h>
2 #include <linux/uaccess.h>
3 #include <linux/errno.h>
6 #include <asm/byteorder.h>
8 void copy_from_user_overflow(void)
10 WARN(1, "Buffer overflow detected!\n");
12 EXPORT_SYMBOL(copy_from_user_overflow
);
14 #define REPEAT_BYTE(x) ((~0ul / 0xff) * (x))
16 static inline long find_zero(unsigned long mask
)
31 return (mask
>> 8) ? byte
: byte
+ 1;
34 if (!((unsigned int) mask
)) {
39 if (!(mask
& 0xffff)) {
43 return (mask
& 0xff) ? byte
: byte
+ 1;
47 #ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
48 #define IS_UNALIGNED(src, dst) 0
50 #define IS_UNALIGNED(src, dst) \
51 (((long) dst | (long) src) & (sizeof(long) - 1))
55 * Do a strncpy, return length of string without final '\0'.
56 * 'count' is the user-supplied count (return 'count' if we
57 * hit it), 'max' is the address space maximum (and we return
58 * -EFAULT if we hit it).
60 static inline long do_strncpy_from_user(char *dst
, const char __user
*src
, long count
, unsigned long max
)
62 const unsigned long high_bits
= REPEAT_BYTE(0xfe) + 1;
63 const unsigned long low_bits
= REPEAT_BYTE(0x7f);
67 * Truncate 'max' to the user-specified limit, so that
68 * we only have one limit we need to check in the loop
73 if (IS_UNALIGNED(src
, dst
))
76 while (max
>= sizeof(unsigned long)) {
77 unsigned long c
, v
, rhs
;
79 /* Fall back to byte-at-a-time if we get a page fault */
80 if (unlikely(__get_user(c
,(unsigned long __user
*)(src
+res
))))
83 v
= (c
+ high_bits
) & ~rhs
;
84 *(unsigned long *)(dst
+res
) = c
;
86 v
= (c
& low_bits
) + low_bits
;
88 return res
+ find_zero(v
);
90 res
+= sizeof(unsigned long);
91 max
-= sizeof(unsigned long);
98 if (unlikely(__get_user(c
,src
+res
)))
108 * Uhhuh. We hit 'max'. But was that the user-specified maximum
109 * too? If so, that's ok - we got as much as the user asked for.
115 * Nope: we hit the address space limit, and we still had more
116 * characters the caller would have wanted. That's an EFAULT.
122 * strncpy_from_user: - Copy a NUL terminated string from userspace.
123 * @dst: Destination address, in kernel space. This buffer must be at
124 * least @count bytes long.
125 * @src: Source address, in user space.
126 * @count: Maximum number of bytes to copy, including the trailing NUL.
128 * Copies a NUL-terminated string from userspace to kernel space.
130 * On success, returns the length of the string (not including the trailing
133 * If access to userspace fails, returns -EFAULT (some data may have been
136 * If @count is smaller than the length of the string, copies @count bytes
137 * and returns @count.
139 long strncpy_from_user(char *dst
, const char __user
*src
, long count
)
141 unsigned long max_addr
, src_addr
;
143 if (unlikely(count
<= 0))
146 max_addr
= user_addr_max();
147 src_addr
= (unsigned long)src
;
148 if (likely(src_addr
< max_addr
)) {
149 unsigned long max
= max_addr
- src_addr
;
150 return do_strncpy_from_user(dst
, src
, count
, max
);
154 EXPORT_SYMBOL(strncpy_from_user
);
This page took 0.089613 seconds and 5 git commands to generate.