x86: merge 32/64-bit versions of 'strncpy_from_user()' and speed it up

This merges the 32- and 64-bit versions of the x86 strncpy_from_user() by just rewriting it in C rather than the ancient inline asm versions that used lodsb/stosb and had been duplicated for (trivial) differences between the 32-bit and 64-bit versions. While doing that, it also speeds them up by doing the accesses a word at a time. Finally, the new routines also properly handle the case of hitting the end of the address space, which we have never done correctly before (fs/namei.c has a hack around it for that reason). Despite all these improvements, it actually removes more lines than it adds, due to the de-duplication. Also, we no longer export (or define) the legacy __strncpy_from_user() function (that was defined to not do the user permission checks), since it's not actually used anywhere, and the user address space checks are built in to the new code. Other architecture maintainers have been notified that the old hack in fs/namei.c will be going away in the 3.5 merge window, in case they copied the x86 approach of being a bit cavalier about the end of the address space. Cc: linux-arch@vger.kernel.org Cc: Ingo Molnar <mingo@kernel.org> Cc: Peter Anvin" <hpa@zytor.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Linus Torvalds <torvalds@linux-foundation.org> 2012-04-06 17:32:32 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2012-04-11 12:41:28 -0400
commit: 92ae03f2ef99fbc23bfa9080d6b58f25227bd7ef (patch)
tree: bccc4d78e8d7fb56f62189c3c25f73cdf01a5f5a /arch/x86/lib
parent: 79549c6dfda0603dba9a70a53467ce62d9335c33 (diff)
3 files changed, 103 insertions, 136 deletions
diff --git a/arch/x86/lib/usercopy.c b/arch/x86/lib/usercopy.c
index 97be9cb54483..57252c928f56 100644
--- a/arch/x86/lib/usercopy.c
+++ b/arch/x86/lib/usercopy.c
@@ -7,6 +7,8 @@
 #include <linux/highmem.h>
 #include <linux/module.h>
+#include <asm/word-at-a-time.h>
 /*
 * best effort, GUP based copy_from_user() that is NMI-safe
 */
@@ -41,3 +43,104 @@ copy_from_user_nmi(void *to, const void __user *from, unsigned long n)
        return len;
 }
 EXPORT_SYMBOL_GPL(copy_from_user_nmi);
+static inline unsigned long count_bytes(unsigned long mask)
+{
+        mask = (mask - 1) & ~mask;
+        mask >>= 7;
+        return count_masked_bytes(mask);
+}
+/*
+ * Do a strncpy, return length of string without final '\0'.
+ * 'count' is the user-supplied count (return 'count' if we
+ * hit it), 'max' is the address space maximum (and we return
+ * -EFAULT if we hit it).
+ */
+static inline long do_strncpy_from_user(char *dst, const char __user *src, long count, long max)
+{
+        long res = 0;
+        /*
+         * Truncate 'max' to the user-specified limit, so that
+         * we only have one limit we need to check in the loop
+         */
+        if (max > count)
+                max = count;
+        while (max >= sizeof(unsigned long)) {
+                unsigned long c;
+                /* Fall back to byte-at-a-time if we get a page fault */
+                if (unlikely(__get_user(c,(unsigned long __user *)(src+res))))
+                        break;
+                /* This can write a few bytes past the NUL character, but that's ok */
+                *(unsigned long *)(dst+res) = c;
+                c = has_zero(c);
+                if (c)
+                        return res + count_bytes(c);
+                res += sizeof(unsigned long);
+                max -= sizeof(unsigned long);
+        }
+        while (max) {
+                char c;
+                if (unlikely(__get_user(c,src+res)))
+                        return -EFAULT;
+                dst[res] = c;
+                if (!c)
+                        return res;
+                res++;
+                max--;
+        }
+        /*
+         * Uhhuh. We hit 'max'. But was that the user-specified maximum
+         * too? If so, that's ok - we got as much as the user asked for.
+         */
+        if (res >= count)
+                return count;
+        /*
+         * Nope: we hit the address space limit, and we still had more
+         * characters the caller would have wanted. That's an EFAULT.
+         */
+        return -EFAULT;
+}
+/**
+ * strncpy_from_user: - Copy a NUL terminated string from userspace.
+ * @dst:   Destination address, in kernel space.  This buffer must be at
+ *         least @count bytes long.
+ * @src:   Source address, in user space.
+ * @count: Maximum number of bytes to copy, including the trailing NUL.
+ *
+ * Copies a NUL-terminated string from userspace to kernel space.
+ *
+ * On success, returns the length of the string (not including the trailing
+ * NUL).
+ *
+ * If access to userspace fails, returns -EFAULT (some data may have been
+ * copied).
+ *
+ * If @count is smaller than the length of the string, copies @count bytes
+ * and returns @count.
+ */
+long
+strncpy_from_user(char *dst, const char __user *src, long count)
+{
+        unsigned long max_addr, src_addr;
+        if (unlikely(count <= 0))
+                return 0;
+        max_addr = current_thread_info()->addr_limit.seg;
+        src_addr = (unsigned long)src;
+        if (likely(src_addr < max_addr)) {
+                unsigned long max = max_addr - src_addr;
+                return do_strncpy_from_user(dst, src, count, max);
+        }
+        return -EFAULT;
+}
+EXPORT_SYMBOL(strncpy_from_user);
diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c
index d9b094ca7aaa..ef2a6a5d78e3 100644
--- a/arch/x86/lib/usercopy_32.c
+++ b/arch/x86/lib/usercopy_32.c
@@ -33,93 +33,6 @@ static inline int __movsl_is_ok(unsigned long a1, unsigned long a2, unsigned lon
        __movsl_is_ok((unsigned long)(a1), (unsigned long)(a2), (n))
 /*
- * Copy a null terminated string from userspace.
- */
-#define __do_strncpy_from_user(dst, src, count, res)                       \
-do {                                                                       \
-        int __d0, __d1, __d2;                                              \
-        might_fault();                                                     \
-        __asm__ __volatile__(                                              \
-                "       testl %1,%1\n"                                     \
-                "       jz 2f\n"                                           \
-                "0:     lodsb\n"                                           \
-                "       stosb\n"                                           \
-                "       testb %%al,%%al\n"                                 \
-                "       jz 1f\n"                                           \
-                "       decl %1\n"                                         \
-                "       jnz 0b\n"                                          \
-                "1:     subl %1,%0\n"                                      \
-                "2:\n"                                                     \
-                ".section .fixup,\"ax\"\n"                                 \
-                "3:     movl %5,%0\n"                                      \
-                "       jmp 2b\n"                                          \
-                ".previous\n"                                              \
-                _ASM_EXTABLE(0b,3b)                                        \
-                : "=&d"(res), "=&c"(count), "=&a" (__d0), "=&S" (__d1),    \
-                  "=&D" (__d2)                                             \
-                : "i"(-EFAULT), "0"(count), "1"(count), "3"(src), "4"(dst) \
-                : "memory");                                               \
-} while (0)
-/**
- * __strncpy_from_user: - Copy a NUL terminated string from userspace, with less checking.
- * @dst:   Destination address, in kernel space.  This buffer must be at
- *         least @count bytes long.
- * @src:   Source address, in user space.
- * @count: Maximum number of bytes to copy, including the trailing NUL.
- *
- * Copies a NUL-terminated string from userspace to kernel space.
- * Caller must check the specified block with access_ok() before calling
- * this function.
- *
- * On success, returns the length of the string (not including the trailing
- * NUL).
- *
- * If access to userspace fails, returns -EFAULT (some data may have been
- * copied).
- *
- * If @count is smaller than the length of the string, copies @count bytes
- * and returns @count.
- */
-long
-__strncpy_from_user(char *dst, const char __user *src, long count)
-{
-        long res;
-        __do_strncpy_from_user(dst, src, count, res);
-        return res;
-}
-EXPORT_SYMBOL(__strncpy_from_user);
-/**
- * strncpy_from_user: - Copy a NUL terminated string from userspace.
- * @dst:   Destination address, in kernel space.  This buffer must be at
- *         least @count bytes long.
- * @src:   Source address, in user space.
- * @count: Maximum number of bytes to copy, including the trailing NUL.
- *
- * Copies a NUL-terminated string from userspace to kernel space.
- *
- * On success, returns the length of the string (not including the trailing
- * NUL).
- *
- * If access to userspace fails, returns -EFAULT (some data may have been
- * copied).
- *
- * If @count is smaller than the length of the string, copies @count bytes
- * and returns @count.
- */
-long
-strncpy_from_user(char *dst, const char __user *src, long count)
-{
-        long res = -EFAULT;
-        if (access_ok(VERIFY_READ, src, 1))
-                __do_strncpy_from_user(dst, src, count, res);
-        return res;
-}
-EXPORT_SYMBOL(strncpy_from_user);
-/*
 * Zero Userspace
 */
diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c
index b7c2849ffb66..0d0326f388c0 100644
--- a/arch/x86/lib/usercopy_64.c
+++ b/arch/x86/lib/usercopy_64.c
@@ -9,55 +9,6 @@
 #include <asm/uaccess.h>
 /*
- * Copy a null terminated string from userspace.
- */
-#define __do_strncpy_from_user(dst,src,count,res)                          \
-do {                                                                       \
-        long __d0, __d1, __d2;                                             \
-        might_fault();                                                     \
-        __asm__ __volatile__(                                              \
-                "       testq %1,%1\n"                                     \
-                "       jz 2f\n"                                           \
-                "0:     lodsb\n"                                           \
-                "       stosb\n"                                           \
-                "       testb %%al,%%al\n"                                 \
-                "       jz 1f\n"                                           \
-                "       decq %1\n"                                         \
-                "       jnz 0b\n"                                          \
-                "1:     subq %1,%0\n"                                      \
-                "2:\n"                                                     \
-                ".section .fixup,\"ax\"\n"                                 \
-                "3:     movq %5,%0\n"                                      \
-                "       jmp 2b\n"                                          \
-                ".previous\n"                                              \
-                _ASM_EXTABLE(0b,3b)                                        \
-                : "=&r"(res), "=&c"(count), "=&a" (__d0), "=&S" (__d1),    \
-                  "=&D" (__d2)                                             \
-                : "i"(-EFAULT), "0"(count), "1"(count), "3"(src), "4"(dst) \
-                : "memory");                                               \
-} while (0)
-long
-__strncpy_from_user(char *dst, const char __user *src, long count)
-{
-        long res;
-        __do_strncpy_from_user(dst, src, count, res);
-        return res;
-}
-EXPORT_SYMBOL(__strncpy_from_user);
-long
-strncpy_from_user(char *dst, const char __user *src, long count)
-{
-        long res = -EFAULT;
-        if (access_ok(VERIFY_READ, src, 1))
-                return __strncpy_from_user(dst, src, count);
-        return res;
-}
-EXPORT_SYMBOL(strncpy_from_user);
-/*
 * Zero Userspace
 */
author	Linus Torvalds <torvalds@linux-foundation.org>	2012-04-06 17:32:32 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2012-04-11 12:41:28 -0400
commit	92ae03f2ef99fbc23bfa9080d6b58f25227bd7ef (patch)
tree	bccc4d78e8d7fb56f62189c3c25f73cdf01a5f5a /arch/x86/lib
parent	79549c6dfda0603dba9a70a53467ce62d9335c33 (diff)

diff --git a/arch/x86/lib/usercopy.c b/arch/x86/lib/usercopy.c index 97be9cb54483..57252c928f56 100644 --- a/arch/x86/lib/usercopy.c +++ b/arch/x86/lib/usercopy.c
@@ -7,6 +7,8 @@
7	#include <linux/highmem.h>	7	#include <linux/highmem.h>
8	#include <linux/module.h>	8	#include <linux/module.h>
9		9
		10	#include <asm/word-at-a-time.h>
		11
10	/*	12	/*
11	* best effort, GUP based copy_from_user() that is NMI-safe	13	* best effort, GUP based copy_from_user() that is NMI-safe
12	*/	14	*/
@@ -41,3 +43,104 @@ copy_from_user_nmi(void to, const void __user from, unsigned long n)
41	return len;	43	return len;
42	}	44	}
43	EXPORT_SYMBOL_GPL(copy_from_user_nmi);	45	EXPORT_SYMBOL_GPL(copy_from_user_nmi);
		46
		47	static inline unsigned long count_bytes(unsigned long mask)
		48	{
		49	mask = (mask - 1) & ~mask;
		50	mask >>= 7;
		51	return count_masked_bytes(mask);
		52	}
		53
		54	/*
		55	* Do a strncpy, return length of string without final '\0'.
		56	* 'count' is the user-supplied count (return 'count' if we
		57	* hit it), 'max' is the address space maximum (and we return
		58	* -EFAULT if we hit it).
		59	*/
		60	static inline long do_strncpy_from_user(char dst, const char __user src, long count, long max)
		61	{
		62	long res = 0;
		63
		64	/*
		65	* Truncate 'max' to the user-specified limit, so that
		66	* we only have one limit we need to check in the loop
		67	*/
		68	if (max > count)
		69	max = count;
		70
		71	while (max >= sizeof(unsigned long)) {
		72	unsigned long c;
		73
		74	/* Fall back to byte-at-a-time if we get a page fault */
		75	if (unlikely(__get_user(c,(unsigned long __user *)(src+res))))
		76	break;
		77	/* This can write a few bytes past the NUL character, but that's ok */
		78	(unsigned long )(dst+res) = c;
		79	c = has_zero(c);
		80	if (c)
		81	return res + count_bytes(c);
		82	res += sizeof(unsigned long);
		83	max -= sizeof(unsigned long);
		84	}
		85
		86	while (max) {
		87	char c;
		88
		89	if (unlikely(__get_user(c,src+res)))
		90	return -EFAULT;
		91	dst[res] = c;
		92	if (!c)
		93	return res;
		94	res++;
		95	max--;
		96	}
		97
		98	/*
		99	* Uhhuh. We hit 'max'. But was that the user-specified maximum
		100	* too? If so, that's ok - we got as much as the user asked for.
		101	*/
		102	if (res >= count)
		103	return count;
		104
		105	/*
		106	* Nope: we hit the address space limit, and we still had more
		107	* characters the caller would have wanted. That's an EFAULT.
		108	*/
		109	return -EFAULT;
		110	}
		111
		112	/**
		113	* strncpy_from_user: - Copy a NUL terminated string from userspace.
		114	* @dst: Destination address, in kernel space. This buffer must be at
		115	* least @count bytes long.
		116	* @src: Source address, in user space.
		117	* @count: Maximum number of bytes to copy, including the trailing NUL.
		118	*
		119	* Copies a NUL-terminated string from userspace to kernel space.
		120	*
		121	* On success, returns the length of the string (not including the trailing
		122	* NUL).
		123	*
		124	* If access to userspace fails, returns -EFAULT (some data may have been
		125	* copied).
		126	*
		127	* If @count is smaller than the length of the string, copies @count bytes
		128	* and returns @count.
		129	*/
		130	long
		131	strncpy_from_user(char dst, const char __user src, long count)
		132	{
		133	unsigned long max_addr, src_addr;
		134
		135	if (unlikely(count <= 0))
		136	return 0;
		137
		138	max_addr = current_thread_info()->addr_limit.seg;
		139	src_addr = (unsigned long)src;
		140	if (likely(src_addr < max_addr)) {
		141	unsigned long max = max_addr - src_addr;
		142	return do_strncpy_from_user(dst, src, count, max);
		143	}
		144	return -EFAULT;
		145	}
		146	EXPORT_SYMBOL(strncpy_from_user);


diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c index d9b094ca7aaa..ef2a6a5d78e3 100644 --- a/arch/x86/lib/usercopy_32.c +++ b/arch/x86/lib/usercopy_32.c
@@ -33,93 +33,6 @@ static inline int __movsl_is_ok(unsigned long a1, unsigned long a2, unsigned lon
33	__movsl_is_ok((unsigned long)(a1), (unsigned long)(a2), (n))	33	__movsl_is_ok((unsigned long)(a1), (unsigned long)(a2), (n))
34		34
35	/*	35	/*
36	* Copy a null terminated string from userspace.
37	*/
38
39	#define __do_strncpy_from_user(dst, src, count, res) \
40	do { \
41	int __d0, __d1, __d2; \
42	might_fault(); \
43	__asm__ __volatile__( \
44	" testl %1,%1\n" \
45	" jz 2f\n" \
46	"0: lodsb\n" \
47	" stosb\n" \
48	" testb %%al,%%al\n" \
49	" jz 1f\n" \
50	" decl %1\n" \
51	" jnz 0b\n" \
52	"1: subl %1,%0\n" \
53	"2:\n" \
54	".section .fixup,\"ax\"\n" \
55	"3: movl %5,%0\n" \
56	" jmp 2b\n" \
57	".previous\n" \
58	_ASM_EXTABLE(0b,3b) \
59	: "=&d"(res), "=&c"(count), "=&a" (__d0), "=&S" (__d1), \
60	"=&D" (__d2) \
61	: "i"(-EFAULT), "0"(count), "1"(count), "3"(src), "4"(dst) \
62	: "memory"); \
63	} while (0)
64
65	/**
66	* __strncpy_from_user: - Copy a NUL terminated string from userspace, with less checking.
67	* @dst: Destination address, in kernel space. This buffer must be at
68	* least @count bytes long.
69	* @src: Source address, in user space.
70	* @count: Maximum number of bytes to copy, including the trailing NUL.
71	*
72	* Copies a NUL-terminated string from userspace to kernel space.
73	* Caller must check the specified block with access_ok() before calling
74	* this function.
75	*
76	* On success, returns the length of the string (not including the trailing
77	* NUL).
78	*
79	* If access to userspace fails, returns -EFAULT (some data may have been
80	* copied).
81	*
82	* If @count is smaller than the length of the string, copies @count bytes
83	* and returns @count.
84	*/
85	long
86	__strncpy_from_user(char dst, const char __user src, long count)
87	{
88	long res;
89	__do_strncpy_from_user(dst, src, count, res);
90	return res;
91	}
92	EXPORT_SYMBOL(__strncpy_from_user);
93
94	/**
95	* strncpy_from_user: - Copy a NUL terminated string from userspace.
96	* @dst: Destination address, in kernel space. This buffer must be at
97	* least @count bytes long.
98	* @src: Source address, in user space.
99	* @count: Maximum number of bytes to copy, including the trailing NUL.
100	*
101	* Copies a NUL-terminated string from userspace to kernel space.
102	*
103	* On success, returns the length of the string (not including the trailing
104	* NUL).
105	*
106	* If access to userspace fails, returns -EFAULT (some data may have been
107	* copied).
108	*
109	* If @count is smaller than the length of the string, copies @count bytes
110	* and returns @count.
111	*/
112	long
113	strncpy_from_user(char dst, const char __user src, long count)
114	{
115	long res = -EFAULT;
116	if (access_ok(VERIFY_READ, src, 1))
117	__do_strncpy_from_user(dst, src, count, res);
118	return res;
119	}
120	EXPORT_SYMBOL(strncpy_from_user);
121
122	/*
123	* Zero Userspace	36	* Zero Userspace
124	*/	37	*/
125		38


diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c index b7c2849ffb66..0d0326f388c0 100644 --- a/arch/x86/lib/usercopy_64.c +++ b/arch/x86/lib/usercopy_64.c
@@ -9,55 +9,6 @@
9	#include <asm/uaccess.h>	9	#include <asm/uaccess.h>
10		10
11	/*	11	/*
12	* Copy a null terminated string from userspace.
13	*/
14
15	#define __do_strncpy_from_user(dst,src,count,res) \
16	do { \
17	long __d0, __d1, __d2; \
18	might_fault(); \
19	__asm__ __volatile__( \
20	" testq %1,%1\n" \
21	" jz 2f\n" \
22	"0: lodsb\n" \
23	" stosb\n" \
24	" testb %%al,%%al\n" \
25	" jz 1f\n" \
26	" decq %1\n" \
27	" jnz 0b\n" \
28	"1: subq %1,%0\n" \
29	"2:\n" \
30	".section .fixup,\"ax\"\n" \
31	"3: movq %5,%0\n" \
32	" jmp 2b\n" \
33	".previous\n" \
34	_ASM_EXTABLE(0b,3b) \
35	: "=&r"(res), "=&c"(count), "=&a" (__d0), "=&S" (__d1), \
36	"=&D" (__d2) \
37	: "i"(-EFAULT), "0"(count), "1"(count), "3"(src), "4"(dst) \
38	: "memory"); \
39	} while (0)
40
41	long
42	__strncpy_from_user(char dst, const char __user src, long count)
43	{
44	long res;
45	__do_strncpy_from_user(dst, src, count, res);
46	return res;
47	}
48	EXPORT_SYMBOL(__strncpy_from_user);
49
50	long
51	strncpy_from_user(char dst, const char __user src, long count)
52	{
53	long res = -EFAULT;
54	if (access_ok(VERIFY_READ, src, 1))
55	return __strncpy_from_user(dst, src, count);
56	return res;
57	}
58	EXPORT_SYMBOL(strncpy_from_user);
59
60	/*
61	* Zero Userspace	12	* Zero Userspace
62	*/	13	*/
63		14