1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 3 * Copyright (c) 2020 Christoph Hellwig. 4 * 5 * Support for "universal" pointers that can point to either kernel or userspace 6 * memory. 7 */ 8 #ifndef _LINUX_SOCKPTR_H 9 #define _LINUX_SOCKPTR_H 10 11 #include <linux/slab.h> 12 #include <linux/uaccess.h> 13 14 typedef struct { 15 union { 16 void *kernel; 17 void __user *user; 18 }; 19 bool is_kernel : 1; 20 } sockptr_t; 21 sockptr_is_kernel(sockptr_t sockptr)22 static inline bool sockptr_is_kernel(sockptr_t sockptr) 23 { 24 return sockptr.is_kernel; 25 } 26 KERNEL_SOCKPTR(void * p)27 static inline sockptr_t KERNEL_SOCKPTR(void *p) 28 { 29 return (sockptr_t) { .kernel = p, .is_kernel = true }; 30 } 31 USER_SOCKPTR(void __user * p)32 static inline sockptr_t USER_SOCKPTR(void __user *p) 33 { 34 return (sockptr_t) { .user = p }; 35 } 36 sockptr_is_null(sockptr_t sockptr)37 static inline bool sockptr_is_null(sockptr_t sockptr) 38 { 39 if (sockptr_is_kernel(sockptr)) 40 return !sockptr.kernel; 41 return !sockptr.user; 42 } 43 copy_from_sockptr_offset(void * dst,sockptr_t src,size_t offset,size_t size)44 static inline int copy_from_sockptr_offset(void *dst, sockptr_t src, 45 size_t offset, size_t size) 46 { 47 if (!sockptr_is_kernel(src)) 48 return copy_from_user(dst, src.user + offset, size); 49 memcpy(dst, src.kernel + offset, size); 50 return 0; 51 } 52 53 /* Deprecated. 54 * This is unsafe, unless caller checked user provided optlen. 55 * Prefer copy_safe_from_sockptr() instead. 56 */ copy_from_sockptr(void * dst,sockptr_t src,size_t size)57 static inline int copy_from_sockptr(void *dst, sockptr_t src, size_t size) 58 { 59 return copy_from_sockptr_offset(dst, src, 0, size); 60 } 61 62 /** 63 * copy_safe_from_sockptr: copy a struct from sockptr 64 * @dst: Destination address, in kernel space. This buffer must be @ksize 65 * bytes long. 66 * @ksize: Size of @dst struct. 67 * @optval: Source address. (in user or kernel space) 68 * @optlen: Size of @optval data. 69 * 70 * Returns: 71 * * -EINVAL: @optlen < @ksize 72 * * -EFAULT: access to userspace failed. 73 * * 0 : @ksize bytes were copied 74 */ copy_safe_from_sockptr(void * dst,size_t ksize,sockptr_t optval,unsigned int optlen)75 static inline int copy_safe_from_sockptr(void *dst, size_t ksize, 76 sockptr_t optval, unsigned int optlen) 77 { 78 if (optlen < ksize) 79 return -EINVAL; 80 if (copy_from_sockptr(dst, optval, ksize)) 81 return -EFAULT; 82 return 0; 83 } 84 copy_struct_from_sockptr(void * dst,size_t ksize,sockptr_t src,size_t usize)85 static inline int copy_struct_from_sockptr(void *dst, size_t ksize, 86 sockptr_t src, size_t usize) 87 { 88 size_t size = min(ksize, usize); 89 size_t rest = max(ksize, usize) - size; 90 91 if (!sockptr_is_kernel(src)) 92 return copy_struct_from_user(dst, ksize, src.user, size); 93 94 if (usize < ksize) { 95 memset(dst + size, 0, rest); 96 } else if (usize > ksize) { 97 char *p = src.kernel; 98 99 while (rest--) { 100 if (*p++) 101 return -E2BIG; 102 } 103 } 104 memcpy(dst, src.kernel, size); 105 return 0; 106 } 107 copy_to_sockptr_offset(sockptr_t dst,size_t offset,const void * src,size_t size)108 static inline int copy_to_sockptr_offset(sockptr_t dst, size_t offset, 109 const void *src, size_t size) 110 { 111 if (!sockptr_is_kernel(dst)) 112 return copy_to_user(dst.user + offset, src, size); 113 memcpy(dst.kernel + offset, src, size); 114 return 0; 115 } 116 copy_to_sockptr(sockptr_t dst,const void * src,size_t size)117 static inline int copy_to_sockptr(sockptr_t dst, const void *src, size_t size) 118 { 119 return copy_to_sockptr_offset(dst, 0, src, size); 120 } 121 memdup_sockptr_noprof(sockptr_t src,size_t len)122 static inline void *memdup_sockptr_noprof(sockptr_t src, size_t len) 123 { 124 void *p = kmalloc_track_caller_noprof(len, GFP_USER | __GFP_NOWARN); 125 126 if (!p) 127 return ERR_PTR(-ENOMEM); 128 if (copy_from_sockptr(p, src, len)) { 129 kfree(p); 130 return ERR_PTR(-EFAULT); 131 } 132 return p; 133 } 134 #define memdup_sockptr(...) alloc_hooks(memdup_sockptr_noprof(__VA_ARGS__)) 135 memdup_sockptr_nul_noprof(sockptr_t src,size_t len)136 static inline void *memdup_sockptr_nul_noprof(sockptr_t src, size_t len) 137 { 138 char *p = kmalloc_track_caller_noprof(len + 1, GFP_KERNEL); 139 140 if (!p) 141 return ERR_PTR(-ENOMEM); 142 if (copy_from_sockptr(p, src, len)) { 143 kfree(p); 144 return ERR_PTR(-EFAULT); 145 } 146 p[len] = '\0'; 147 return p; 148 } 149 #define memdup_sockptr_nul(...) alloc_hooks(memdup_sockptr_nul_noprof(__VA_ARGS__)) 150 strncpy_from_sockptr(char * dst,sockptr_t src,size_t count)151 static inline long strncpy_from_sockptr(char *dst, sockptr_t src, size_t count) 152 { 153 if (sockptr_is_kernel(src)) { 154 size_t len = min(strnlen(src.kernel, count - 1) + 1, count); 155 156 memcpy(dst, src.kernel, len); 157 return len; 158 } 159 return strncpy_from_user(dst, src.user, count); 160 } 161 check_zeroed_sockptr(sockptr_t src,size_t offset,size_t size)162 static inline int check_zeroed_sockptr(sockptr_t src, size_t offset, 163 size_t size) 164 { 165 if (!sockptr_is_kernel(src)) 166 return check_zeroed_user(src.user + offset, size); 167 return memchr_inv(src.kernel + offset, 0, size) == NULL; 168 } 169 170 #endif /* _LINUX_SOCKPTR_H */ 171